index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
lib
/
action_controller
/
metal
/
request_forgery_protection.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Use match? where we don't need MatchData
Akira Matsuda
2019-07-29
1
-1
/
+1
*
Enable `Layout/EmptyLinesAroundAccessModifier` cop
Ryuta Kamizono
2019-06-13
1
-2
/
+0
*
Suggest 'strict-origin' Referrer-Policy header
Tom Richards
2019-03-17
1
-1
/
+1
*
Convert over the rest of the whitelist references
Kevin Deisz
2018-08-24
1
-1
/
+1
*
Fix rubocop offenses
bogdanvlviv
2018-08-15
1
-1
/
+1
*
Merge pull request #31640 from gingerlime/patch-1
Richard Schneeman
2018-08-10
1
-4
/
+11
|
\
|
*
fixes #27157 CSRF protection documentation
gingerlime
2018-01-05
1
-4
/
+11
*
|
Rails guides are now served over https
Paul McMahon
2018-07-24
1
-1
/
+1
*
|
Avoid unused capture in `non_xhr_javascript_response?`
Ryuta Kamizono
2018-05-31
1
-1
/
+1
*
|
Include application/javascript when checking content_type
Gabriel Jaldon
2018-05-27
1
-1
/
+1
*
|
Speed up xor_byte_strings by 70%
Jeremy Evans
2018-05-18
1
-3
/
+8
*
|
Improve the null origin error message
Patrik Bóna
2018-04-09
1
-1
/
+1
*
|
Remove usage of strip_heredoc in the framework in favor of <<~
Rafael Mendonça França
2018-02-16
1
-2
/
+1
|
/
*
Add missing require for `strip_heredoc`
Peter Wagenet
2018-01-04
1
-0
/
+1
*
Merge pull request #30780 from JackMc/fix-chrome-referrer-invalidauthenticity...
Sean Griffin
2017-12-07
1
-0
/
+10
|
\
|
*
Add a better error message when a "null" Origin header occurs
Jack McCracken
2017-11-03
1
-0
/
+10
*
|
Merge pull request #24510 from vipulnsward/make-variable_size_secure_compare-...
Rafael Mendonça França
2017-11-25
1
-2
/
+2
|
\
\
|
*
|
Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,
Vipul A M
2017-06-07
1
-2
/
+2
*
|
|
Update incorrect backtick usage in RDoc to teletype
T.J. Schuck
2017-11-22
1
-3
/
+3
*
|
|
Show `RequestForgeryProtection` methods in api doc [ci skip]
yuuji.yaginuma
2017-11-05
1
-0
/
+1
|
|
/
|
/
|
*
|
[Action Pack] require => require_relative
Akira Matsuda
2017-10-21
1
-1
/
+1
*
|
Use tt in doc for ActionPack [ci skip]
Yoshiyuki Hirano
2017-08-26
1
-1
/
+1
*
|
Use frozen string literal in actionpack/
Kir Shatrov
2017-07-29
1
-0
/
+2
*
|
Add ActionController::Base.skip_forgery_protection
Lisa Ugray
2017-07-10
1
-0
/
+9
*
|
Protect from forgery by default
Lisa Ugray
2017-07-10
1
-0
/
+4
*
|
[Action Controller] require => require_relative
Akira Matsuda
2017-07-01
1
-1
/
+1
|
/
*
Improve logging when Origin header doesn't match
Jon Leighton
2017-04-06
1
-1
/
+5
*
[docs] fix ActionController documentation
Hrvoje Šimić
2017-03-12
1
-5
/
+5
*
Privatize unneededly protected methods in Action Pack
Akira Matsuda
2016-12-24
1
-23
/
+23
*
normalizes indentation and whitespace across the project
Xavier Noria
2016-08-06
1
-20
/
+20
*
applies new string literal convention in actionpack/lib
Xavier Noria
2016-08-06
1
-6
/
+6
*
Fix incorrect indentation in method comment [ci skip]
Junya Ogura
2016-07-21
1
-3
/
+3
*
Respect `log_warning_on_csrf_failure` setting for all CSRF failures
Matthew Caruana Galizia
2016-05-23
1
-1
/
+3
*
Discart the schema and host information when building the per-form token
Rafael Mendonça França
2016-04-20
1
-1
/
+2
*
Pass over all Rails 5 warnings, to make sure:
Vipul A M
2016-04-12
1
-1
/
+1
*
Improve the performance of string xor operation
shik
2016-02-15
1
-1
/
+2
*
speed up string xor operation and reduce object allocations
Aaron Patterson
2016-02-08
1
-1
/
+2
*
add option for per-form CSRF tokens
Ben Toews
2016-01-04
1
-11
/
+54
*
Change the `protect_from_forgery` prepend default to `false`
eileencodes
2015-12-07
1
-7
/
+7
*
Add option to verify Origin header in CSRF checks
Ben Toews
2015-11-25
1
-2
/
+28
*
[ci skip] Fix document of `ActionController::RequestForgeryProtection`
yui-knk
2015-09-28
1
-0
/
+2
*
Use rack.session_options instead of directly change env
Juanito Fatas
2015-09-16
1
-1
/
+1
*
fewer direct env manipulations
Aaron Patterson
2015-09-15
1
-1
/
+1
*
Another place to use a request object in NullSessionHash
Ronak Jangir
2015-08-23
1
-3
/
+3
*
add a setter for the cookie jar
Aaron Patterson
2015-08-06
1
-1
/
+1
*
remove `@host` ivar
Aaron Patterson
2015-08-05
1
-7
/
+1
*
remove @secure ivar
Aaron Patterson
2015-08-05
1
-2
/
+1
*
CookieJar does not need the key_generator parameter anymore
Aaron Patterson
2015-08-05
1
-2
/
+1
*
stop using an options hash with the cookie jar
Aaron Patterson
2015-08-05
1
-1
/
+1
*
move env access to the request object.
Aaron Patterson
2015-08-05
1
-2
/
+2
[next]