index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
lib
/
action_controller
/
metal
/
request_forgery_protection.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
This cache is not needed
Santiago Pastorino
2013-02-21
1
-2
/
+1
*
Use composition to figure out the forgery protection strategy
Santiago Pastorino
2013-02-21
1
-9
/
+27
*
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
Andrey Chernih
2013-02-08
1
-1
/
+1
*
Merge pull request #9032 from firmhouse/head-breaks-csrf
Santiago Pastorino
2013-01-28
1
-2
/
+2
|
\
|
*
Added request.head? to forgery protection code
Michiel Sikkes
2013-01-22
1
-2
/
+2
*
|
Integrate Action Pack with Rack 1.5
Carlos Antonio da Silva
2013-01-25
1
-3
/
+4
|
/
*
use `_action` instead of `_filter` callbacks
Francesco Rodriguez
2012-12-07
1
-6
/
+6
*
Sign cookies using key deriver
Santiago Pastorino
2012-11-03
1
-4
/
+4
*
Multiple changes to 1,9 hash syntax
AvnerCohen
2012-10-27
1
-3
/
+3
*
Build fix for ActionMailer
Arun Agrawal
2012-09-14
1
-0
/
+1
*
Implement :null_session CSRF protection method
Sergey Nartimov
2012-09-13
1
-22
/
+70
*
load active_support/core_ext/class/attribute in active_support/rails
Xavier Noria
2012-08-02
1
-1
/
+0
*
copy editing [ci skip]
Vijay Dev
2012-06-14
1
-4
/
+7
*
on CSRF whitelisting the argument for :if must be a symbol
Daniel Lopes
2012-06-07
1
-1
/
+1
*
fix typos on the CSRF whitelisting doc
Daniel Lopes
2012-06-07
1
-3
/
+3
*
Document the CSRF whitelisting on get requests
Daniel Lopes
2012-06-07
1
-5
/
+16
*
Removing ==Examples and last blank lines of docs from actionpack
Francesco Rodriguez
2012-05-15
1
-2
/
+0
*
CSRF messages are no longer controlled by 422.html because InvalidAuthenticit...
Tony Primerano
2012-03-28
1
-1
/
+0
*
configure how unverified request will be handled
Sergey Nartimov
2012-03-09
1
-2
/
+18
*
removed warning because logger.warn differentiate the warings
Karunakar (Ruby)
2012-01-05
1
-1
/
+1
*
Change log level for CSRF token verification warning
Mike Dillon
2011-09-10
1
-1
/
+1
*
Changed a few instances of of words in the API docs written in British Englis...
Oemuer Oezkir
2011-07-24
1
-1
/
+1
*
TODO fix explicitly loading exceptations, autoload removed
Vishnu Atrai
2011-07-11
1
-0
/
+1
*
document handle_unverified_request method
Vijay Dev
2011-07-02
1
-0
/
+2
*
update doc about resetting the session in case of authenticity token mismatch
Vijay Dev
2011-07-01
1
-6
/
+5
*
Merge branch 'master' of git://github.com/lifo/docrails
Xavier Noria
2011-05-25
1
-3
/
+3
|
\
|
*
Remove extra white spaces on ActionPack docs.
Sebastian Martinez
2011-05-23
1
-3
/
+3
*
|
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...
Jon Leighton
2011-05-23
1
-1
/
+1
|
/
*
Warn if we cannot verify CSRF token authenticity
José Valim
2011-05-09
1
-1
/
+4
*
Prepend the CSRF filter to make it much more difficult to execute application...
Michael Koziarski
2011-02-23
1
-1
/
+1
*
Change the CSRF whitelisting to only apply to get requests
Michael Koziarski
2011-02-08
1
-10
/
+9
*
Add explicit statement that verify_authenticity_token can be turned off for a...
Ryan Bigg
2010-11-27
1
-3
/
+7
*
revises implementation and documentation of csrf_meta_tags, and aliases csrf_...
Xavier Noria
2010-09-11
1
-2
/
+2
*
Revert "Setup explicit requires for files with exceptions. Removed them from ...
José Valim
2010-09-02
1
-1
/
+0
*
Setup explicit requires for files with exceptions. Removed them from autoload...
Łukasz Strzałkowski
2010-09-02
1
-0
/
+1
*
Reflect how CSRF protection now works and refer to the Security Guide for mor...
Joost Baaij
2010-08-26
1
-36
/
+18
*
Fix a bunch of minor spelling mistakes
Evgeniy Dolzhenko
2010-06-11
1
-1
/
+1
*
Changes made while working on upgrading cells to Rails 3
wycats
2010-06-02
1
-0
/
+1
*
Clean up the config object in ActionPack. Create config_accessor which just d...
José Valim
2010-04-22
1
-74
/
+44
*
ActionController::Base.request_forgery_protection_token should actually be th...
Carl Lerche
2010-03-11
1
-1
/
+1
*
Move request forgery protection configuration to the AC config object
Carl Lerche
2010-03-08
1
-4
/
+41
*
Convert to class_attribute
Jeremy Kemper
2010-02-01
1
-2
/
+4
*
Use extlib_inheritable_accessor in request_forgery_protection.rb.
Carl Lerche
2009-12-29
1
-1
/
+1
*
Merge Session stuff into RackConvenience
Joshua Peek
2009-12-20
1
-16
/
+16
*
Extract form_authenticity_param instance method so it's overridable in subcla...
Jeremy Kemper
2009-11-17
1
-0
/
+5
*
Reorganize CSRF a bit
Yehuda Katz
2009-10-28
1
-33
/
+23
*
Rename /base to /metal and make base.rb and metal.rb top-level to reflect the...
Yehuda Katz
2009-08-06
1
-0
/
+118