Automatically generate REST APIs for Core Data models.

The middleware makes sure any request to specified paths would have been preflighted if it was sent by a browser. We don't want random websites to be able to execute actual GraphQL operations from a user's browser unless our CORS policy supports it. It's not good enough just to ensure that the browser can't read the response from the operation; we also want to prevent CSRF, where the attacker can cause side effects with an operation or can measure the timing of a read operation. Our goal is to ensure that we don't run the context function or execute the GraphQL operation until the browser has evaluated the CORS policy, which means we want all operations to be pre-flighted. We can do that by only processing operations that have at least one header set that appears to be manually set by the JS code rather than by the browser automatically. POST requests generally have a content-type `application/json`, which is sufficient to trigger preflighting. So we take extra care with requests that specify no content-type or that specify one of the three non-preflighted content types. For those operations, we require one of a set of specific headers to be set. By ensuring that every operation either has a custom content-type or sets one of these headers, we know we won't execute operations at the request of origins who our CORS policy will block.

Generate curl commands that approximate rack requests.

Get the Currently running Rack::Request from anywhere inside the request-thread

Switch rack logger

Rack middleware to change temporary directory of file upload

WebDAV handler for Rack.

Somewhat more radical filters designed to decimate malicious requests during a denial-of-service (DoS) attack by chopping their connection well before your Rack app wastes any significant resources on them – ouch! The filters have been proven to work against certain DoS attacks, however, they might also block IPs behind proxies or VPNs. Make sure you have understood how the filters are triggered and consider this middleware a last resort only to be enabled during an attack.

Deduce Ingest API

Play a selection from Die Fledermaus with every request.

Adds an optional delay to rack responses

This is particularly useful in case of varnish caches, preventing them from logging you in as a random person.

Rack Middleware for detecting robots

A rack middleware to show gray-scaled favicon on development

Disable CSS3 animations and filter out external JavaScript downloads. Helpful for reliable testing with Capybara.

A Ruby clone of the awesome Webdis Redis web API

Rack middleware to disable CSS animations sitewide. Useful for making acceptance tests quicker and more deterministic.

Rack middleware for Discord Interaction validation.

Longer description. Optional.

Analyze timing and process info from your Rack stack.