The middleware makes sure any request to specified paths would have been preflighted if it was sent by a browser. We don't want random websites to be able to execute actual GraphQL operations from a user's browser unless our CORS policy supports it. It's not good enough just to ensure that the browser can't read the response from the operation; we also want to prevent CSRF, where the attacker can cause side effects with an operation or can measure the timing of a read operation. Our goal is to ensure that we don't run the context function or execute the GraphQL operation until the browser has evaluated the CORS policy, which means we want all operations to be pre-flighted. We can do that by only processing operations that have at least one header set that appears to be manually set by the JS code rather than by the browser automatically. POST requests generally have a content-type `application/json`, which is sufficient to trigger preflighting. So we take extra care with requests that specify no content-type or that specify one of the three non-preflighted content types. For those operations, we require one of a set of specific headers to be set. By ensuring that every operation either has a custom content-type or sets one of these headers, we know we won't execute operations at the request of origins who our CORS policy will block.

Somewhat more radical filters designed to decimate malicious requests during a denial-of-service (DoS) attack by chopping their connection well before your Rack app wastes any significant resources on them – ouch! The filters have been proven to work against certain DoS attacks, however, they might also block IPs behind proxies or VPNs. Make sure you have understood how the filters are triggered and consider this middleware a last resort only to be enabled during an attack.

A Ruby client library that provides a unified interface for managing servers via Redfish API across multiple hardware vendors (Dell, HPE, Supermicro, etc.) with automatic vendor detection and adaptation

Manage AI vector embeddings in C with Ruby integration

Creates rails engines from OpenAPI specification files

Rails Previews is a Rails engine that allows you to preview the pieces that make up your views, specifically: partials, view components, and react-on-rails components

...specifically for use with Chromatic

Rails Validation API provides a powerful for validating request parameters in Rails applications. Features include automatic validator loading based on controller/action names, nested parameter validation, custom error handling, and seamless integration with Rails controllers through concerns. Perfect for API applications requiring robust parameter validation with minimal boilerplate code.

Parses a CSV reading log.

Rendering of ISO 690 XML

Ruby Skeleton Generator based in templates

Extends Ridgepole to support TiDB's AUTO_RANDOM column attribute for seamless schema management

Automate tasks that require a _real_ browser

Just the bare minimum of what's needed to create bi-directional chat bots using Roda as backend, sucker_punch and Clockwork for async and timed jobs.

Roleback provides a simple DSL to define RBAC rules for your application.

Ruby on Rails core development support

Client for Rspamd's HTTP API

Tools to improve debugging in RSpec

A RSpec extension that automatically retries intermittently failing examples to reduce test flakiness and improve reliability in your test suite.

Bots can use different tools to solve any number of tasks. Bots can be powered by OpenAI.