aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Prepend the CSRF filter to make it much more difficult to execute application...Michael Koziarski2011-02-231-1/+1
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-10/+9
* Add explicit statement that verify_authenticity_token can be turned off for a...Ryan Bigg2010-11-271-3/+7
* revises implementation and documentation of csrf_meta_tags, and aliases csrf_...Xavier Noria2010-09-111-2/+2
* Revert "Setup explicit requires for files with exceptions. Removed them from ...José Valim2010-09-021-1/+0
* Setup explicit requires for files with exceptions. Removed them from autoload...Łukasz Strzałkowski2010-09-021-0/+1
* Reflect how CSRF protection now works and refer to the Security Guide for mor...Joost Baaij2010-08-261-36/+18
* Fix a bunch of minor spelling mistakesEvgeniy Dolzhenko2010-06-111-1/+1
* Changes made while working on upgrading cells to Rails 3wycats2010-06-021-0/+1
* Clean up the config object in ActionPack. Create config_accessor which just d...José Valim2010-04-221-74/+44
* ActionController::Base.request_forgery_protection_token should actually be th...Carl Lerche2010-03-111-1/+1
* Move request forgery protection configuration to the AC config objectCarl Lerche2010-03-081-4/+41
* Convert to class_attributeJeremy Kemper2010-02-011-2/+4
* Use extlib_inheritable_accessor in request_forgery_protection.rb.Carl Lerche2009-12-291-1/+1
* Merge Session stuff into RackConvenienceJoshua Peek2009-12-201-16/+16
* Extract form_authenticity_param instance method so it's overridable in subcla...Jeremy Kemper2009-11-171-0/+5
* Reorganize CSRF a bitYehuda Katz2009-10-281-33/+23
* Rename /base to /metal and make base.rb and metal.rb top-level to reflect the...Yehuda Katz2009-08-061-0/+118