diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2015-10-02 14:45:31 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2015-10-02 14:45:31 -0700 |
commit | 37423e4ff883ad5584bab983aceb4b2b759a1fd8 (patch) | |
tree | 93dc7b22fc418927258ab290e9a48cb649bc1a0f /railties/CHANGELOG.md | |
parent | 55e6d2f0e344a5396f6d6448146efeb949a1c222 (diff) | |
download | rails-37423e4ff883ad5584bab983aceb4b2b759a1fd8.tar.gz rails-37423e4ff883ad5584bab983aceb4b2b759a1fd8.tar.bz2 rails-37423e4ff883ad5584bab983aceb4b2b759a1fd8.zip |
removing Rack::Runtime from the default stack.
The runtime header is a potential target for timing attacks since it
returns the amount of time spent on the server (eliminating network
speed). Total time is also not accurate for streaming responses.
The middleware can be added back via:
```ruby
config.middleware.ues ::Rack::Runtime
```
Diffstat (limited to 'railties/CHANGELOG.md')
-rw-r--r-- | railties/CHANGELOG.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 3e45a09dec..6822507630 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,6 @@ +* Removed Rack::Runtime from the default stack. It can be added back via + `config.middleware.use ::Rack::Runtime`. + * Add fail fast to `bin/rails test` Adding `--fail-fast` or `-f` when running tests will interrupt the run on |