aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* stop using an options hash with the cookie jarAaron Patterson2015-08-051-1/+1
* move env access to the request object.Aaron Patterson2015-08-051-2/+2
* [ci skip] it should be protect_from_forgeryAditya Kapoor2015-07-271-1/+1
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-06-051-1/+1
|\
| * [ci skip] Upcase `is`yui-knk2015-05-251-1/+1
* | Spelling/typo/grammatical fixes [ci skip]karanarora2015-05-231-1/+1
|/
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-05-081-1/+1
|\
| * Add missing "of" to RequestForgeryProtection doc.Hendy Tanata2015-04-271-1/+1
* | Updated request_forgery_protection docs [ci skip]Prathamesh Sonpatki2015-04-281-5/+6
|/
* Add note regarding CSRF for APIs, as a use-case for skipping it [ci skip]Zachary Scott2015-04-121-0/+4
* Apply comments from @jeremy regarding why HTML and Javascript requestsZachary Scott2015-04-121-0/+5
* update request_forgery_protection docs [ci skip]Vladimir Lyzo2015-04-121-7/+8
* Try only to decode stringsRafael Mendonça França2015-02-181-2/+4
* Handle non-string authenticity tokensVille Lautanala2015-02-121-1/+1
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-1/+8
* Improve protect_from_forgery documentation. [ci skip].Josef Šimánek2015-01-061-3/+3
* Document all options for protect_from_forgery.Josef Šimánek2015-01-041-8/+2
* Merge pull request #18102 from arthurnn/nodoc_constantArthur Nogueira Neves2014-12-191-0/+1
* Use AS secure_compare for CSRF token comparisonGuillermo Iguaran2014-10-231-2/+2
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-3/+65
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-3/+65
* | Uppercase HTML in docs.Hendy Tanata2014-08-081-2/+2
|/
* Fix protect_from_forgery docsDavid Albert2014-07-271-1/+1
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-1/+1
* Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-1/+7
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-2/+7
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
* NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+3
* [ci skip] document protect_against_forgery? methodWeston Platter2013-05-101-0/+1
* This cache is not neededSantiago Pastorino2013-02-211-2/+1
* Use composition to figure out the forgery protection strategySantiago Pastorino2013-02-211-9/+27
* Fix #9168 Initialize NullCookieJar with all options needed for KeyGeneratorAndrey Chernih2013-02-081-1/+1
* Merge pull request #9032 from firmhouse/head-breaks-csrfSantiago Pastorino2013-01-281-2/+2
|\
| * Added request.head? to forgery protection codeMichiel Sikkes2013-01-221-2/+2
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-3/+4
|/
* use `_action` instead of `_filter` callbacksFrancesco Rodriguez2012-12-071-6/+6
* Sign cookies using key deriverSantiago Pastorino2012-11-031-4/+4
* Multiple changes to 1,9 hash syntaxAvnerCohen2012-10-271-3/+3
* Build fix for ActionMailerArun Agrawal2012-09-141-0/+1
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-22/+70
* load active_support/core_ext/class/attribute in active_support/railsXavier Noria2012-08-021-1/+0
* copy editing [ci skip]Vijay Dev2012-06-141-4/+7
* on CSRF whitelisting the argument for :if must be a symbolDaniel Lopes2012-06-071-1/+1
* fix typos on the CSRF whitelisting docDaniel Lopes2012-06-071-3/+3
* Document the CSRF whitelisting on get requestsDaniel Lopes2012-06-071-5/+16
* Removing ==Examples and last blank lines of docs from actionpackFrancesco Rodriguez2012-05-151-2/+0
* CSRF messages are no longer controlled by 422.html because InvalidAuthenticit...Tony Primerano2012-03-281-1/+0
* configure how unverified request will be handledSergey Nartimov2012-03-091-2/+18
* removed warning because logger.warn differentiate the waringsKarunakar (Ruby)2012-01-051-1/+1
* Change log level for CSRF token verification warningMike Dillon2011-09-101-1/+1