aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Change log level for CSRF token verification warningMike Dillon2011-09-101-1/+1
* Changed a few instances of of words in the API docs written in British Englis...Oemuer Oezkir2011-07-241-1/+1
* TODO fix explicitly loading exceptations, autoload removedVishnu Atrai2011-07-111-0/+1
* document handle_unverified_request methodVijay Dev2011-07-021-0/+2
* update doc about resetting the session in case of authenticity token mismatchVijay Dev2011-07-011-6/+5
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-251-3/+3
|\
| * Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-3/+3
* | Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...Jon Leighton2011-05-231-1/+1
|/
* Warn if we cannot verify CSRF token authenticityJosé Valim2011-05-091-1/+4
* Prepend the CSRF filter to make it much more difficult to execute application...Michael Koziarski2011-02-231-1/+1
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-10/+9
* Add explicit statement that verify_authenticity_token can be turned off for a...Ryan Bigg2010-11-271-3/+7
* revises implementation and documentation of csrf_meta_tags, and aliases csrf_...Xavier Noria2010-09-111-2/+2
* Revert "Setup explicit requires for files with exceptions. Removed them from ...José Valim2010-09-021-1/+0
* Setup explicit requires for files with exceptions. Removed them from autoload...Łukasz Strzałkowski2010-09-021-0/+1
* Reflect how CSRF protection now works and refer to the Security Guide for mor...Joost Baaij2010-08-261-36/+18
* Fix a bunch of minor spelling mistakesEvgeniy Dolzhenko2010-06-111-1/+1
* Changes made while working on upgrading cells to Rails 3wycats2010-06-021-0/+1
* Clean up the config object in ActionPack. Create config_accessor which just d...José Valim2010-04-221-74/+44
* ActionController::Base.request_forgery_protection_token should actually be th...Carl Lerche2010-03-111-1/+1
* Move request forgery protection configuration to the AC config objectCarl Lerche2010-03-081-4/+41
* Convert to class_attributeJeremy Kemper2010-02-011-2/+4
* Use extlib_inheritable_accessor in request_forgery_protection.rb.Carl Lerche2009-12-291-1/+1
* Merge Session stuff into RackConvenienceJoshua Peek2009-12-201-16/+16
* Extract form_authenticity_param instance method so it's overridable in subcla...Jeremy Kemper2009-11-171-0/+5
* Reorganize CSRF a bitYehuda Katz2009-10-281-33/+23
* Rename /base to /metal and make base.rb and metal.rb top-level to reflect the...Yehuda Katz2009-08-061-0/+118