diff options
author | Eileen M. Uchitelle <eileencodes@users.noreply.github.com> | 2018-12-17 11:41:15 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-17 11:41:15 -0500 |
commit | 528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309 (patch) | |
tree | 04b25f1e0daf1e3f4bf71705bd08fa5dfa51c870 /actionpack/CHANGELOG.md | |
parent | 048e3172f51db1fddd03b89f676d96a443539a13 (diff) | |
parent | 02b931c764cca4c3f67b1decfc046bfb46dc510c (diff) | |
download | rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.gz rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.bz2 rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.zip |
Merge pull request #33145 from gsamokovarov/host-authorization
Guard against DNS rebinding attacks by whitelisting hosts
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 1bc376c0f9..13fbbafc0c 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,13 @@ +* Introduce ActionDispatch::HostAuthorization + + This is a new middleware that guards against DNS rebinding attacks by + white-listing the allowed hosts a request can be made to. + + Each host is checked with the case operator (`#===`) to support `RegExp`, + `Proc`, `IPAddr` and custom objects as host allowances. + + *Genadi Samokovarov* + * Allow using `parsed_body` in `ActionController::TestCase`. In addition to `ActionDispatch::IntegrationTest`, allow using |