diff options
| author | Genadi Samokovarov <gsamokovarov@gmail.com> | 2019-01-29 18:47:55 +0200 |
|---|---|---|
| committer | Genadi Samokovarov <gsamokovarov@gmail.com> | 2019-02-03 10:58:10 +0200 |
| commit | ca62dfeede0c5352baf6c65688c71b9cd909c831 (patch) | |
| tree | 6f0e9b85ba73f70bfc0b99b41ee2491a0f691ef8 /actionpack | |
| parent | 8309cd2c68f548987b8447475c7735a19714baaa (diff) | |
| download | rails-ca62dfeede0c5352baf6c65688c71b9cd909c831.tar.gz rails-ca62dfeede0c5352baf6c65688c71b9cd909c831.tar.bz2 rails-ca62dfeede0c5352baf6c65688c71b9cd909c831.zip | |
Cleanup the whitelisting references after #33145
During the development of #33145, I have named a few concepts in the
code as `whitelisted`. We decided to stay away from the term and I
adjusted most of the code afterwards, but here are the cases I forgot to
change.
I also found a case in the API guide that we could have cleaned up as
well.
[ci skip]
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/host_authorization.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/dispatch/host_authorization_test.rb | 6 |
3 files changed, 6 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 1d2f6b09c3..fa345818f0 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -14,7 +14,7 @@ * Introduce ActionDispatch::HostAuthorization This is a new middleware that guards against DNS rebinding attacks by - white-listing the allowed hosts a request can be made to. + explicitly permitting the hosts a request can be made to. Each host is checked with the case operator (`#===`) to support `RegExp`, `Proc`, `IPAddr` and custom objects as host allowances. diff --git a/actionpack/lib/action_dispatch/middleware/host_authorization.rb b/actionpack/lib/action_dispatch/middleware/host_authorization.rb index 447b70112a..b7dff1df41 100644 --- a/actionpack/lib/action_dispatch/middleware/host_authorization.rb +++ b/actionpack/lib/action_dispatch/middleware/host_authorization.rb @@ -3,8 +3,8 @@ require "action_dispatch/http/request" module ActionDispatch - # This middleware guards from DNS rebinding attacks by white-listing the - # hosts a request can be sent to. + # This middleware guards from DNS rebinding attacks by explicitly permitting + # the hosts a request can be sent to. # # When a request comes to an unauthorized host, the +response_app+ # application will be executed and rendered. If no +response_app+ is given, a diff --git a/actionpack/test/dispatch/host_authorization_test.rb b/actionpack/test/dispatch/host_authorization_test.rb index dae7b08ec1..5263dd2597 100644 --- a/actionpack/test/dispatch/host_authorization_test.rb +++ b/actionpack/test/dispatch/host_authorization_test.rb @@ -15,7 +15,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_match "Blocked host: www.example.com", response.body end - test "passes all requests to if the whitelist is empty" do + test "allows all requests if hosts is empty" do @app = ActionDispatch::HostAuthorization.new(App, nil) get "/" @@ -24,7 +24,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_equal "Success", body end - test "passes requests to allowed host" do + test "hosts can be a single element array" do @app = ActionDispatch::HostAuthorization.new(App, %w(www.example.com)) get "/" @@ -33,7 +33,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_equal "Success", body end - test "the whitelist could be a single element" do + test "hosts can be a string" do @app = ActionDispatch::HostAuthorization.new(App, "www.example.com") get "/" |