aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_pack.rb
diff options
context:
space:
mode:
authorBradley Buda <bradleybuda@gmail.com>2014-08-19 14:29:26 -0700
committerBradley Buda <bradleybuda@gmail.com>2014-08-19 15:28:07 -0700
commit69fc0e1b5e6a3227576d67587c386142ef65854e (patch)
tree252a9f1cf5badc0945eaed8abbbb94c5c0a44700 /actionpack/lib/action_pack.rb
parent4751a8c51ff4b9766dcf8324347477095b7f940d (diff)
downloadrails-69fc0e1b5e6a3227576d67587c386142ef65854e.tar.gz
rails-69fc0e1b5e6a3227576d67587c386142ef65854e.tar.bz2
rails-69fc0e1b5e6a3227576d67587c386142ef65854e.zip
Auth token mask from breach-mitigation-rails gem
This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks.
Diffstat (limited to 'actionpack/lib/action_pack.rb')
0 files changed, 0 insertions, 0 deletions