diff --git a/lib/pact_broker/app.rb b/lib/pact_broker/app.rb index 9f0bfc9c6..5b34bcc6d 100644 --- a/lib/pact_broker/app.rb +++ b/lib/pact_broker/app.rb @@ -118,7 +118,9 @@ def prepare_app def configure_middleware # NOTE THAT NONE OF THIS IS PROTECTED BY AUTH - is that ok? - @app_builder.use Rack::Protection, except: [:path_traversal, :remote_token, :session_hijacking, :http_origin] + if configuration.use_rack_protection + @app_builder.use Rack::Protection, except: [:path_traversal, :remote_token, :session_hijacking, :http_origin] + end @app_builder.use Rack::PactBroker::InvalidUriProtection @app_builder.use Rack::PactBroker::StoreBaseURL @app_builder.use Rack::PactBroker::AddPactBrokerVersionHeader diff --git a/lib/pact_broker/configuration.rb b/lib/pact_broker/configuration.rb index 89545646d..ce69edd80 100644 --- a/lib/pact_broker/configuration.rb +++ b/lib/pact_broker/configuration.rb @@ -32,7 +32,7 @@ class Configuration :base_equality_only_on_content_that_affects_verification_results ] - attr_accessor :log_dir, :database_connection, :auto_migrate_db, :auto_migrate_db_data, :use_hal_browser, :html_pact_renderer + attr_accessor :log_dir, :database_connection, :auto_migrate_db, :auto_migrate_db_data, :use_hal_browser, :html_pact_renderer, :use_rack_protection attr_accessor :validate_database_connection_config, :enable_diagnostic_endpoints, :version_parser, :sha_generator attr_accessor :use_case_sensitive_resource_names, :order_versions_by_date attr_accessor :check_for_potential_duplicate_pacticipant_names @@ -62,6 +62,7 @@ def self.default_configuration config.log_dir = File.expand_path("./log") config.auto_migrate_db = true config.auto_migrate_db_data = true + config.use_rack_protection = true config.use_hal_browser = true config.validate_database_connection_config = true config.enable_diagnostic_endpoints = true