rack-blacklist_cookies
Advanced tools
Rack middleware for removing cookies on the request and response at a route level.
Rack::BlacklistCookies is a rack middleware that will block certain cookies from an HTTP request, as well as strip certain cookies from an HTTP response.
It does this by examining the Cookies headers on the request, and the Set-Cookie headers on the response, and
stripping out any cookie that has been explicitly blacklisted in the configuration. It also let's you do that on a
per route basis, allowing you to selectively strip certain cookies only for certain routes in your application.
This may be useful in situations where you want to continue setting cookies generally but want to apply a finer set of rules to either the request or the response.
Add this line to your application's Gemfile:
gem 'rack-blacklist_cookies'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rack-blacklist_cookies
All this gem needs to run is a simple configuration file.
You can blacklist on either the request or the response by setting pairs of "/url-string" => ["list", "of", "cookies"]
values.
Take the following config as an example:
Rack::BlacklistCookies.configure do |config|
config.request_blacklist = {
"/some-url" => ["cookie_to_blacklist", "another_blacklisted_cookie"]
}
config.response_blacklist = {
"/" => ["do_not_set_this_cookie_on_homepage_response"]
}
end
This will ensure requests getting into your application on the URL /some-url will not have the cookies
cookie_to_blacklist and another_blacklisted_cookie. Similarly, even if your web application returns a cookie with
the name do_not_set_this_cookie_on_homepage_response for requests to /, that cookie will not make it into the client
as the middleware will strip it out.
As this is a Rack middleware, it will respect and correctly ignore any ?querystring and #bookmark params in the URL.
If you are using this middleware with Rails, a typical place to set up the gem is in the config/initializers folder.
Don't forget to add the middleware to config/application.rb as well.
config.middleware.insert 0, Rack::BlacklistCookies
After checking out the repo, run bundle install to install dependencies. Then, run rake spec to run the tests.
Bug reports and pull requests are welcome on GitHub at https://github.com/notonthehighstreet/rack-blacklist_cookies. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
The gem is available as open source under the terms of the MIT License.
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.
Security News
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.