index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
lib
/
action_controller
/
metal
/
request_forgery_protection.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
normalizes indentation and whitespace across the project
Xavier Noria
2016-08-06
1
-20
/
+20
*
applies new string literal convention in actionpack/lib
Xavier Noria
2016-08-06
1
-6
/
+6
*
Fix incorrect indentation in method comment [ci skip]
Junya Ogura
2016-07-21
1
-3
/
+3
*
Respect `log_warning_on_csrf_failure` setting for all CSRF failures
Matthew Caruana Galizia
2016-05-23
1
-1
/
+3
*
Discart the schema and host information when building the per-form token
Rafael Mendonça França
2016-04-20
1
-1
/
+2
*
Pass over all Rails 5 warnings, to make sure:
Vipul A M
2016-04-12
1
-1
/
+1
*
Improve the performance of string xor operation
shik
2016-02-15
1
-1
/
+2
*
speed up string xor operation and reduce object allocations
Aaron Patterson
2016-02-08
1
-1
/
+2
*
add option for per-form CSRF tokens
Ben Toews
2016-01-04
1
-11
/
+54
*
Change the `protect_from_forgery` prepend default to `false`
eileencodes
2015-12-07
1
-7
/
+7
*
Add option to verify Origin header in CSRF checks
Ben Toews
2015-11-25
1
-2
/
+28
*
[ci skip] Fix document of `ActionController::RequestForgeryProtection`
yui-knk
2015-09-28
1
-0
/
+2
*
Use rack.session_options instead of directly change env
Juanito Fatas
2015-09-16
1
-1
/
+1
*
fewer direct env manipulations
Aaron Patterson
2015-09-15
1
-1
/
+1
*
Another place to use a request object in NullSessionHash
Ronak Jangir
2015-08-23
1
-3
/
+3
*
add a setter for the cookie jar
Aaron Patterson
2015-08-06
1
-1
/
+1
*
remove `@host` ivar
Aaron Patterson
2015-08-05
1
-7
/
+1
*
remove @secure ivar
Aaron Patterson
2015-08-05
1
-2
/
+1
*
CookieJar does not need the key_generator parameter anymore
Aaron Patterson
2015-08-05
1
-2
/
+1
*
stop using an options hash with the cookie jar
Aaron Patterson
2015-08-05
1
-1
/
+1
*
move env access to the request object.
Aaron Patterson
2015-08-05
1
-2
/
+2
*
[ci skip] it should be protect_from_forgery
Aditya Kapoor
2015-07-27
1
-1
/
+1
*
Merge branch 'master' of github.com:rails/docrails
Vijay Dev
2015-06-05
1
-1
/
+1
|
\
|
*
[ci skip] Upcase `is`
yui-knk
2015-05-25
1
-1
/
+1
*
|
Spelling/typo/grammatical fixes [ci skip]
karanarora
2015-05-23
1
-1
/
+1
|
/
*
Merge branch 'master' of github.com:rails/docrails
Vijay Dev
2015-05-08
1
-1
/
+1
|
\
|
*
Add missing "of" to RequestForgeryProtection doc.
Hendy Tanata
2015-04-27
1
-1
/
+1
*
|
Updated request_forgery_protection docs [ci skip]
Prathamesh Sonpatki
2015-04-28
1
-5
/
+6
|
/
*
Add note regarding CSRF for APIs, as a use-case for skipping it [ci skip]
Zachary Scott
2015-04-12
1
-0
/
+4
*
Apply comments from @jeremy regarding why HTML and Javascript requests
Zachary Scott
2015-04-12
1
-0
/
+5
*
update request_forgery_protection docs [ci skip]
Vladimir Lyzo
2015-04-12
1
-7
/
+8
*
Try only to decode strings
Rafael Mendonça França
2015-02-18
1
-2
/
+4
*
Handle non-string authenticity tokens
Ville Lautanala
2015-02-12
1
-1
/
+1
*
Add prepend option to protect_from_forgery.
Josef Šimánek
2015-01-08
1
-1
/
+8
*
Improve protect_from_forgery documentation. [ci skip].
Josef Šimánek
2015-01-06
1
-3
/
+3
*
Document all options for protect_from_forgery.
Josef Šimánek
2015-01-04
1
-8
/
+2
*
Merge pull request #18102 from arthurnn/nodoc_constant
Arthur Nogueira Neves
2014-12-19
1
-0
/
+1
*
Use AS secure_compare for CSRF token comparison
Guillermo Iguaran
2014-10-23
1
-2
/
+2
*
Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-token
Jeremy Kemper
2014-08-19
1
-3
/
+65
|
\
|
*
Auth token mask from breach-mitigation-rails gem
Bradley Buda
2014-08-19
1
-3
/
+65
*
|
Uppercase HTML in docs.
Hendy Tanata
2014-08-08
1
-2
/
+2
|
/
*
Fix protect_from_forgery docs
David Albert
2014-07-27
1
-1
/
+1
*
Moved 'params[request_forgery_protection_token]' into its own method and impr...
Tom Kadwill
2014-05-06
1
-1
/
+1
*
Make CSRF failure logging optional/configurable.
John Barton (joho)
2014-03-05
1
-1
/
+7
*
Clearly limit new CSRF protection to GET requests
Jeremy Kemper
2013-12-17
1
-2
/
+7
*
CSRF protection from cross-origin <script> tags
Jeremy Kemper
2013-12-17
1
-13
/
+61
*
NullSessionHash#destroy should be a no-op
Jonathan Baudanza
2013-09-18
1
-0
/
+3
*
[ci skip] document protect_against_forgery? method
Weston Platter
2013-05-10
1
-0
/
+1
*
This cache is not needed
Santiago Pastorino
2013-02-21
1
-2
/
+1
*
Use composition to figure out the forgery protection strategy
Santiago Pastorino
2013-02-21
1
-9
/
+27
[next]