diff options
author | Andrew White <pixeltrix@users.noreply.github.com> | 2018-10-23 07:35:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-23 07:35:51 +0100 |
commit | 759b3af0c6fc9fb502031a05b281736602ff8e5f (patch) | |
tree | 97962a0b7a59310e2299da20dd94c5d39a1b74d1 /actionpack/CHANGELOG.md | |
parent | c2f8df67f34e233ff3f7f058d492217c5ad3eff1 (diff) | |
parent | a150a026591b7b9dcaba5a2ef5fce02f7d990aba (diff) | |
download | rails-759b3af0c6fc9fb502031a05b281736602ff8e5f.tar.gz rails-759b3af0c6fc9fb502031a05b281736602ff8e5f.tar.bz2 rails-759b3af0c6fc9fb502031a05b281736602ff8e5f.zip |
Merge pull request #34286 from rails/fix-csp-dynamic-sources
Fix CSP dynamic sources
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 3858c211ea..5554d4e6b8 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,30 @@ +* Use request object for context if there's no controller + + There is no controller instance when using a redirect route or a + mounted rack application so pass the request object as the context + when resolving dynamic CSP sources in this scenario. + + Fixes #34200. + + *Andrew White* + +* Apply mapping to symbols returned from dynamic CSP sources + + Previously if a dynamic source returned a symbol such as :self it + would be converted to a string implicity, e.g: + + policy.default_src -> { :self } + + would generate the header: + + Content-Security-Policy: default-src self + + and now it generates: + + Content-Security-Policy: default-src 'self' + + *Andrew White* + * Add `ActionController::Parameters#each_value`. *Lukáš Zapletal* |