aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Try only to decode stringsRafael Mendonça França2015-02-181-2/+4
* Handle non-string authenticity tokensVille Lautanala2015-02-121-1/+1
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-1/+8
* Improve protect_from_forgery documentation. [ci skip].Josef Šimánek2015-01-061-3/+3
* Document all options for protect_from_forgery.Josef Šimánek2015-01-041-8/+2
* Merge pull request #18102 from arthurnn/nodoc_constantArthur Nogueira Neves2014-12-191-0/+1
* Use AS secure_compare for CSRF token comparisonGuillermo Iguaran2014-10-231-2/+2
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-3/+65
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-3/+65
* | Uppercase HTML in docs.Hendy Tanata2014-08-081-2/+2
|/
* Fix protect_from_forgery docsDavid Albert2014-07-271-1/+1
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-1/+1
* Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-1/+7
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-2/+7
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
* NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+3
* [ci skip] document protect_against_forgery? methodWeston Platter2013-05-101-0/+1
* This cache is not neededSantiago Pastorino2013-02-211-2/+1
* Use composition to figure out the forgery protection strategySantiago Pastorino2013-02-211-9/+27
* Fix #9168 Initialize NullCookieJar with all options needed for KeyGeneratorAndrey Chernih2013-02-081-1/+1
* Merge pull request #9032 from firmhouse/head-breaks-csrfSantiago Pastorino2013-01-281-2/+2
|\
| * Added request.head? to forgery protection codeMichiel Sikkes2013-01-221-2/+2
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-3/+4
|/
* use `_action` instead of `_filter` callbacksFrancesco Rodriguez2012-12-071-6/+6
* Sign cookies using key deriverSantiago Pastorino2012-11-031-4/+4
* Multiple changes to 1,9 hash syntaxAvnerCohen2012-10-271-3/+3
* Build fix for ActionMailerArun Agrawal2012-09-141-0/+1
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-22/+70
* load active_support/core_ext/class/attribute in active_support/railsXavier Noria2012-08-021-1/+0
* copy editing [ci skip]Vijay Dev2012-06-141-4/+7
* on CSRF whitelisting the argument for :if must be a symbolDaniel Lopes2012-06-071-1/+1
* fix typos on the CSRF whitelisting docDaniel Lopes2012-06-071-3/+3
* Document the CSRF whitelisting on get requestsDaniel Lopes2012-06-071-5/+16
* Removing ==Examples and last blank lines of docs from actionpackFrancesco Rodriguez2012-05-151-2/+0
* CSRF messages are no longer controlled by 422.html because InvalidAuthenticit...Tony Primerano2012-03-281-1/+0
* configure how unverified request will be handledSergey Nartimov2012-03-091-2/+18
* removed warning because logger.warn differentiate the waringsKarunakar (Ruby)2012-01-051-1/+1
* Change log level for CSRF token verification warningMike Dillon2011-09-101-1/+1
* Changed a few instances of of words in the API docs written in British Englis...Oemuer Oezkir2011-07-241-1/+1
* TODO fix explicitly loading exceptations, autoload removedVishnu Atrai2011-07-111-0/+1
* document handle_unverified_request methodVijay Dev2011-07-021-0/+2
* update doc about resetting the session in case of authenticity token mismatchVijay Dev2011-07-011-6/+5
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-251-3/+3
|\
| * Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-3/+3
* | Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...Jon Leighton2011-05-231-1/+1
|/
* Warn if we cannot verify CSRF token authenticityJosé Valim2011-05-091-1/+4
* Prepend the CSRF filter to make it much more difficult to execute application...Michael Koziarski2011-02-231-1/+1
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-10/+9
* Add explicit statement that verify_authenticity_token can be turned off for a...Ryan Bigg2010-11-271-3/+7
* revises implementation and documentation of csrf_meta_tags, and aliases csrf_...Xavier Noria2010-09-111-2/+2