Blogengine based on rack applications

A canonical URL tag for better SEO and to prevent search engines from crawling different hosts

Enables creating batch requests to Rack apps. Requests can reference each other. Makes life easier for API consumers and builders.

Cleanse your racks

Deal with Cloudflare features in Rack-based apps.

Rack middleware for declaratively setting the HTTP ContentSecurityPolicy (W3C CSP Level 2/3) security header to help prevent against XSS and other browser based attacks.

The middleware makes sure any request to specified paths would have been preflighted if it was sent by a browser. We don't want random websites to be able to execute actual GraphQL operations from a user's browser unless our CORS policy supports it. It's not good enough just to ensure that the browser can't read the response from the operation; we also want to prevent CSRF, where the attacker can cause side effects with an operation or can measure the timing of a read operation. Our goal is to ensure that we don't run the context function or execute the GraphQL operation until the browser has evaluated the CORS policy, which means we want all operations to be pre-flighted. We can do that by only processing operations that have at least one header set that appears to be manually set by the JS code rather than by the browser automatically. POST requests generally have a content-type `application/json`, which is sufficient to trigger preflighting. So we take extra care with requests that specify no content-type or that specify one of the three non-preflighted content types. For those operations, we require one of a set of specific headers to be set. By ensuring that every operation either has a custom content-type or sets one of these headers, we know we won't execute operations at the request of origins who our CORS policy will block.

Rack middleware for Discord Interaction validation.

Per-domain filter for Rack.

A middleware to process wrong encoded URLs in Rack applications.

Rack middleware for signed encrypted session cookie. It's fully compatible with Rack::Session::Cookie, not only safe but also easy to use

Rails aware Rack middleware for Entra ID authentication.

Middleware which lets you to execute arbitrary code just for a certain fraction of requests

http accept language handler

Provides a middleware for parsing json from request bodies to be accessed from request params

Rack middleware for authentication using JSON Web Tokens using the jwt_claims and json_web_token gems.

JWT authentication middleware with multi-tenant support, company validation, and subdomain isolation.

Rack::LocaleRootRedirect uses Rack:Accept to map '/' to a path based on the `Accept-Language` HTTP header.

A Rack middleware that provides an endpoint to start the New Relic agent.

Rack::NonCache is a rack middleware that disables HTTP browser caching.