Description
Adds Rack middleware protections against common web attacks for Ruby applications, including apps built with Rails or other Rack-compatible frameworks. It is useful for adding defense layers around requests before application code handles them.
Security middleware must be configured for the actual app. Review headers, sessions, CSRF behavior, proxies, and exceptions instead of assuming defaults cover every deployment.