aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-121-1/+1
* Improve the performance of string xor operationshik2016-02-151-1/+2
* speed up string xor operation and reduce object allocationsAaron Patterson2016-02-081-1/+2
* add option for per-form CSRF tokensBen Toews2016-01-041-11/+54
* Change the `protect_from_forgery` prepend default to `false`eileencodes2015-12-071-7/+7
* Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+28
* [ci skip] Fix document of `ActionController::RequestForgeryProtection`yui-knk2015-09-281-0/+2
* Use rack.session_options instead of directly change envJuanito Fatas2015-09-161-1/+1
* fewer direct env manipulationsAaron Patterson2015-09-151-1/+1
* Another place to use a request object in NullSessionHash Ronak Jangir2015-08-231-3/+3
* add a setter for the cookie jarAaron Patterson2015-08-061-1/+1
* remove `@host` ivarAaron Patterson2015-08-051-7/+1
* remove @secure ivarAaron Patterson2015-08-051-2/+1
* CookieJar does not need the key_generator parameter anymoreAaron Patterson2015-08-051-2/+1
* stop using an options hash with the cookie jarAaron Patterson2015-08-051-1/+1
* move env access to the request object.Aaron Patterson2015-08-051-2/+2
* [ci skip] it should be protect_from_forgeryAditya Kapoor2015-07-271-1/+1
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-06-051-1/+1
|\
| * [ci skip] Upcase `is`yui-knk2015-05-251-1/+1
* | Spelling/typo/grammatical fixes [ci skip]karanarora2015-05-231-1/+1
|/
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-05-081-1/+1
|\
| * Add missing "of" to RequestForgeryProtection doc.Hendy Tanata2015-04-271-1/+1
* | Updated request_forgery_protection docs [ci skip]Prathamesh Sonpatki2015-04-281-5/+6
|/
* Add note regarding CSRF for APIs, as a use-case for skipping it [ci skip]Zachary Scott2015-04-121-0/+4
* Apply comments from @jeremy regarding why HTML and Javascript requestsZachary Scott2015-04-121-0/+5
* update request_forgery_protection docs [ci skip]Vladimir Lyzo2015-04-121-7/+8
* Try only to decode stringsRafael Mendonça França2015-02-181-2/+4
* Handle non-string authenticity tokensVille Lautanala2015-02-121-1/+1
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-1/+8
* Improve protect_from_forgery documentation. [ci skip].Josef Šimánek2015-01-061-3/+3
* Document all options for protect_from_forgery.Josef Šimánek2015-01-041-8/+2
* Merge pull request #18102 from arthurnn/nodoc_constantArthur Nogueira Neves2014-12-191-0/+1
* Use AS secure_compare for CSRF token comparisonGuillermo Iguaran2014-10-231-2/+2
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-3/+65
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-3/+65
* | Uppercase HTML in docs.Hendy Tanata2014-08-081-2/+2
|/
* Fix protect_from_forgery docsDavid Albert2014-07-271-1/+1
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-1/+1
* Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-1/+7
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-2/+7
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
* NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+3
* [ci skip] document protect_against_forgery? methodWeston Platter2013-05-101-0/+1
* This cache is not neededSantiago Pastorino2013-02-211-2/+1
* Use composition to figure out the forgery protection strategySantiago Pastorino2013-02-211-9/+27
* Fix #9168 Initialize NullCookieJar with all options needed for KeyGeneratorAndrey Chernih2013-02-081-1/+1
* Merge pull request #9032 from firmhouse/head-breaks-csrfSantiago Pastorino2013-01-281-2/+2
|\
| * Added request.head? to forgery protection codeMichiel Sikkes2013-01-221-2/+2
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-3/+4
|/
* use `_action` instead of `_filter` callbacksFrancesco Rodriguez2012-12-071-6/+6