aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--actionpack/CHANGELOG.md2
-rw-r--r--actionpack/lib/action_dispatch/middleware/host_authorization.rb4
-rw-r--r--actionpack/test/dispatch/host_authorization_test.rb6
-rw-r--r--guides/source/api_app.md2
-rw-r--r--railties/CHANGELOG.md4
-rw-r--r--railties/test/application/configuration_test.rb2
6 files changed, 10 insertions, 10 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1d2f6b09c3..fa345818f0 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -14,7 +14,7 @@
* Introduce ActionDispatch::HostAuthorization
This is a new middleware that guards against DNS rebinding attacks by
- white-listing the allowed hosts a request can be made to.
+ explicitly permitting the hosts a request can be made to.
Each host is checked with the case operator (`#===`) to support `RegExp`,
`Proc`, `IPAddr` and custom objects as host allowances.
diff --git a/actionpack/lib/action_dispatch/middleware/host_authorization.rb b/actionpack/lib/action_dispatch/middleware/host_authorization.rb
index 447b70112a..b7dff1df41 100644
--- a/actionpack/lib/action_dispatch/middleware/host_authorization.rb
+++ b/actionpack/lib/action_dispatch/middleware/host_authorization.rb
@@ -3,8 +3,8 @@
require "action_dispatch/http/request"
module ActionDispatch
- # This middleware guards from DNS rebinding attacks by white-listing the
- # hosts a request can be sent to.
+ # This middleware guards from DNS rebinding attacks by explicitly permitting
+ # the hosts a request can be sent to.
#
# When a request comes to an unauthorized host, the +response_app+
# application will be executed and rendered. If no +response_app+ is given, a
diff --git a/actionpack/test/dispatch/host_authorization_test.rb b/actionpack/test/dispatch/host_authorization_test.rb
index dae7b08ec1..5263dd2597 100644
--- a/actionpack/test/dispatch/host_authorization_test.rb
+++ b/actionpack/test/dispatch/host_authorization_test.rb
@@ -15,7 +15,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
assert_match "Blocked host: www.example.com", response.body
end
- test "passes all requests to if the whitelist is empty" do
+ test "allows all requests if hosts is empty" do
@app = ActionDispatch::HostAuthorization.new(App, nil)
get "/"
@@ -24,7 +24,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
assert_equal "Success", body
end
- test "passes requests to allowed host" do
+ test "hosts can be a single element array" do
@app = ActionDispatch::HostAuthorization.new(App, %w(www.example.com))
get "/"
@@ -33,7 +33,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest
assert_equal "Success", body
end
- test "the whitelist could be a single element" do
+ test "hosts can be a string" do
@app = ActionDispatch::HostAuthorization.new(App, "www.example.com")
get "/"
diff --git a/guides/source/api_app.md b/guides/source/api_app.md
index 85367c50e7..870f5f7b87 100644
--- a/guides/source/api_app.md
+++ b/guides/source/api_app.md
@@ -374,7 +374,7 @@ controller modules by default:
- `ActionController::Renderers::All`: Support for `render :json` and friends.
- `ActionController::ConditionalGet`: Support for `stale?`.
- `ActionController::BasicImplicitRender`: Makes sure to return an empty response, if there isn't an explicit one.
-- `ActionController::StrongParameters`: Support for parameters white-listing in combination with Active Model mass assignment.
+- `ActionController::StrongParameters`: Support for parameters filtering in combination with Active Model mass assignment.
- `ActionController::DataStreaming`: Support for `send_file` and `send_data`.
- `AbstractController::Callbacks`: Support for `before_action` and
similar helpers.
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index e55217c5c4..19f4de8a1d 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -75,7 +75,7 @@
In other environments `Rails.application.config.hosts` is empty and no
`Host` header checks will be done. If you want to guard against header
- attacks on production, you have to manually whitelist the allowed hosts
+ attacks on production, you have to manually permit the allowed hosts
with:
Rails.application.config.hosts << "product.com"
@@ -88,7 +88,7 @@
# `beta1.product.com`.
Rails.application.config.hosts << /.*\.product\.com/
- A special case is supported that allows you to whitelist all sub-domains:
+ A special case is supported that allows you to permit all sub-domains:
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 9da3956dda..7006b0855f 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -2289,7 +2289,7 @@ module ApplicationTests
MESSAGE
end
- test "the host whitelist includes .localhost in development" do
+ test "hosts include .localhost in development" do
app "development"
assert_includes Rails.application.config.hosts, ".localhost"
end