{"id":20051636,"url":"https://github.com/ring-clojure/ring-defaults","last_synced_at":"2025-05-14T11:10:37.670Z","repository":{"id":709079,"uuid":"20530674","full_name":"ring-clojure/ring-defaults","owner":"ring-clojure","description":"A library to provide sensible Ring middleware defaults","archived":false,"fork":false,"pushed_at":"2025-01-24T17:47:47.000Z","size":94,"stargazers_count":348,"open_issues_count":1,"forks_count":29,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-13T23:25:27.399Z","etag":null,"topics":["clojure","middleware","ring"],"latest_commit_sha":null,"homepage":"","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ring-clojure.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-05T15:34:08.000Z","updated_at":"2025-05-05T21:33:14.000Z","dependencies_parsed_at":"2024-06-18T20:03:53.348Z","dependency_job_id":"ab34af77-c1a8-4329-9269-449e6c51e5bf","html_url":"https://github.com/ring-clojure/ring-defaults","commit_stats":{"total_commits":113,"total_committers":11,"mean_commits":"10.272727272727273","dds":0.09734513274336287,"last_synced_commit":"4e86ff53d93533f709cf550e426dcf692c0ed01c"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ring-clojure%2Fring-defaults","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ring-clojure%2Fring-defaults/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ring-clojure%2Fring-defaults/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ring-clojure%2Fring-defaults/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ring-clojure","download_url":"https://codeload.github.com/ring-clojure/ring-defaults/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254057379,"owners_count":22007543,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","middleware","ring"],"created_at":"2024-11-13T12:05:02.697Z","updated_at":"2025-05-14T11:10:32.642Z","avatar_url":"https://github.com/ring-clojure.png","language":"Clojure","readme":"# Ring-Defaults [![Build Status](https://github.com/ring-clojure/ring-defaults/actions/workflows/test.yml/badge.svg)](https://github.com/ring-clojure/ring-defaults/actions/workflows/test.yml)\n\nKnowing what middleware to add to a Ring application, and in what\norder, can be difficult and prone to error.\n\nThis library attempts to automate the process, by providing sensible\nand secure default configurations of Ring middleware for both websites\nand HTTP APIs.\n\n## Installation\n\nAdd the following dependency to your deps.edn file:\n\n    ring/ring-defaults {:mvn/version \"0.6.0\"}\n\nOr to your Leiningen project file:\n\n    [ring/ring-defaults \"0.6.0\"]\n\n## Basic Usage\n\nThe `wrap-defaults` middleware sets up standard Ring middleware based\non a supplied configuration:\n\n```clojure\n(require '[ring.middleware.defaults :refer :all])\n\n(def site\n  (wrap-defaults handler site-defaults))\n```\n\nThere are four configurations included with the middleware\n\n- `api-defaults`\n- `site-defaults`\n- `secure-api-defaults`\n- `secure-site-defaults`\n\nThe \"api\" defaults will add support for urlencoded parameters, but not\nmuch else.\n\nThe \"site\" defaults add support for parameters, cookies, sessions,\nstatic resources, file uploads, and a bunch of browser-specific\nsecurity headers.\n\nThe \"secure\" defaults force SSL. Unencrypted HTTP URLs are redirected\nto the equivalent HTTPS URL, and various headers and flags are sent to\nprevent the browser sending sensitive information over insecure\nchannels.\n\n## Proxies\n\nIf your app is sitting behind a load balancer or reverse proxy, as is\noften the case in cloud-based deployments, you'll want to set `:proxy`\nto `true`:\n\n```clojure\n(assoc secure-site-defaults :proxy true)\n```\n\nThis is particularly important when your site is secured with SSL, as\nthe SSL redirect middleware will get caught in a redirect loop if it\ncan't determine the correct URL scheme of the request.\n\n## Customizing\n\nThe default configurations are just maps of options, and can be\ncustomized to suit your needs. For example, if you wanted the normal\nsite defaults, but without session support, you could use:\n\n```clojure\n(wrap-defaults handler (assoc site-defaults :session false))\n```\n\nThe following configuration keys are supported:\n\n- `:cookies` - Set to true to parse cookies from the request.\n\n- `:params` -\n  A map of options that describes how to parse parameters from the\n  request.\n\n  - `:keywordize` -\n    Set to true to turn the parameter keys into keywords.\n\n  - `:multipart` -\n    Set to true to parse urlencoded parameters in the query string and\n    the request body, or supply a map of options to pass to the\n    standard Ring [multipart-params][1] middleware.\n\n  - `:nested` -\n    Set to true to allow nested parameters via the standard Ring\n    [nested-params][2] middleware\n\n  - `:urlencoded` -\n    Set to true to parse urlencoded parameters in the query string and\n    the request body.\n\n- `:proxy` -\n  Set to true if the application is running behind a reverse proxy or\n  load balancer.\n\n- `:responses` -\n  A map of options to augment the responses from your application.\n\n  - `:absolute-redirects` -\n    Any redirects to relative URLs will be turned into redirects to\n    absolute URLs, to better conform to the HTTP spec.\n\n  - `:content-types` -\n    Adds the standard Ring [content-type][3] middleware.\n\n  - `:default-charset` -\n    Adds a default charset to any text content-type lacking a charset.\n\n  - `:not-modified-responses` -\n    Adds the standard Ring [not-modified][4] middleware.\n\n- `:security` -\n  Options for security related behaviors and headers.\n\n  - `:anti-forgery` -\n    Set to true to add CSRF protection via the [ring-anti-forgery][5]\n    library, or supply a map of options to be passed to the middleware.\n\n  - `:content-type-options` -\n    Prevents attacks based around media-type confusion. See:\n    [wrap-content-type-options][6].\n\n  - `:frame-options` -\n    Prevents your site from being placed in frames or iframes. See:\n    [wrap-frame-options][7].\n\n  - `:hsts` -\n    If true, enable HTTP Strict Transport Security. See: [wrap-hsts][8].\n\n  - `:ssl-redirect` -\n    If true, redirect all HTTP requests to the equivalent HTTPS URL. A\n    map with an `:ssl-port` option may be set instead, if the HTTPS\n    server is on a non-standard port. See: [wrap-ssl-redirect][9].\n\n  - `:xss-protection` -\n    **Deprecated** Enable the X-XSS-Protection header. This is [no\n    longer considered best practice][13] and should be avoided.\n    See: [wrap-xss-protection][10].\n\n- `:session` -\n  A map of options for configuring session handling via the Ring\n  [session][11] middleware.\n\n  - `:flash` - If set to true, the Ring [flash][12] middleware is added.\n\n  - `:store` - The Ring session store to use for storing sessions.\n\n- `:static` -\n  A map of options to configure how to find static content.\n\n  - `:files` -\n    A string or a map of options to be passed to the [file][14]\n    middleware, where the `:root` key is passed as the first argument,\n    and the rest of the map is passed as options. May also be a\n    collection of the above. Usually the `:resources` option below is\n    more useful.\n\n  - `:resources` -\n    A string or a map of options to be passed to the [resource][15]\n    middleware, where the `:root` key is passed as the first argument,\n    and the rest of the map is passed as options. May also be a\n    collection of the above.\n\n- `:websocket`\n   A map of options to configure websocket behavior.\n\n   - `:keepalive` -\n     If true, periodically pings the client to keep the connection\n     alive via the [websocket keepalive][16] middleware. A map of\n     options may also be passed to set the `:period` of the keepalive in\n     milliseconds.\n\n\n[1]: https://ring-clojure.github.io/ring/ring.middleware.multipart-params.html\n[2]: https://ring-clojure.github.io/ring/ring.middleware.nested-params.html\n[3]: https://ring-clojure.github.io/ring/ring.middleware.content-type.html\n[4]: https://ring-clojure.github.io/ring/ring.middleware.not-modified.html\n[5]: https://github.com/ring-clojure/ring-anti-forgery\n[6]: https://ring-clojure.github.io/ring-headers/ring.middleware.x-headers.html#var-wrap-content-type-options\n[7]: https://ring-clojure.github.io/ring-headers/ring.middleware.x-headers.html#var-wrap-frame-options\n[8]: https://ring-clojure.github.io/ring-ssl/ring.middleware.ssl.html#var-wrap-hsts\n[9]: https://ring-clojure.github.io/ring-ssl/ring.middleware.ssl.html#var-wrap-ssl-redirect\n[10]: https://ring-clojure.github.io/ring-headers/ring.middleware.x-headers.html#var-wrap-xss-protection\n[11]: https://ring-clojure.github.io/ring/ring.middleware.session.html\n[12]: https://ring-clojure.github.io/ring/ring.middleware.flash.html\n[13]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection\n[14]: https://ring-clojure.github.io/ring/ring.middleware.file.html\n[15]: https://ring-clojure.github.io/ring/ring.middleware.resource.html\n[16]: https://ring-clojure.github.io/ring-websocket-middleware/ring.websocket.keepalive.html\n\n## License\n\nCopyright © 2024 James Reeves\n\nDistributed under the MIT License, the same as Ring.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fring-clojure%2Fring-defaults","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fring-clojure%2Fring-defaults","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fring-clojure%2Fring-defaults/lists"}