diff options
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 740c6db06f..13fbbafc0c 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,31 @@ +* Introduce ActionDispatch::HostAuthorization + + This is a new middleware that guards against DNS rebinding attacks by + white-listing the allowed hosts a request can be made to. + + Each host is checked with the case operator (`#===`) to support `RegExp`, + `Proc`, `IPAddr` and custom objects as host allowances. + + *Genadi Samokovarov* + +* Allow using `parsed_body` in `ActionController::TestCase`. + + In addition to `ActionDispatch::IntegrationTest`, allow using + `parsed_body` in `ActionController::TestCase`: + + ``` + class SomeControllerTest < ActionController::TestCase + def test_some_action + post :action, body: { foo: 'bar' } + assert_equal({ "foo" => "bar" }, response.parsed_body) + end + end + ``` + + Fixes #34676. + + *Tobias Bühlmann* + * Raise an error on root route naming conflicts. Raises an ArgumentError when multiple root routes are defined in the |