aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Use match? where we don't need MatchDataAkira Matsuda2019-07-291-1/+1
* Enable `Layout/EmptyLinesAroundAccessModifier` copRyuta Kamizono2019-06-131-2/+0
* Suggest 'strict-origin' Referrer-Policy headerTom Richards2019-03-171-1/+1
* Convert over the rest of the whitelist referencesKevin Deisz2018-08-241-1/+1
* Fix rubocop offensesbogdanvlviv2018-08-151-1/+1
* Merge pull request #31640 from gingerlime/patch-1Richard Schneeman2018-08-101-4/+11
|\
| * fixes #27157 CSRF protection documentationgingerlime2018-01-051-4/+11
* | Rails guides are now served over httpsPaul McMahon2018-07-241-1/+1
* | Avoid unused capture in `non_xhr_javascript_response?`Ryuta Kamizono2018-05-311-1/+1
* | Include application/javascript when checking content_typeGabriel Jaldon2018-05-271-1/+1
* | Speed up xor_byte_strings by 70%Jeremy Evans2018-05-181-3/+8
* | Improve the null origin error messagePatrik Bóna2018-04-091-1/+1
* | Remove usage of strip_heredoc in the framework in favor of <<~Rafael Mendonça França2018-02-161-2/+1
|/
* Add missing require for `strip_heredoc`Peter Wagenet2018-01-041-0/+1
* Merge pull request #30780 from JackMc/fix-chrome-referrer-invalidauthenticity...Sean Griffin2017-12-071-0/+10
|\
| * Add a better error message when a "null" Origin header occursJack McCracken2017-11-031-0/+10
* | Merge pull request #24510 from vipulnsward/make-variable_size_secure_compare-...Rafael Mendonça França2017-11-251-2/+2
|\ \
| * | Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,Vipul A M2017-06-071-2/+2
* | | Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-221-3/+3
* | | Show `RequestForgeryProtection` methods in api doc [ci skip]yuuji.yaginuma2017-11-051-0/+1
| |/ |/|
* | [Action Pack] require => require_relativeAkira Matsuda2017-10-211-1/+1
* | Use tt in doc for ActionPack [ci skip]Yoshiyuki Hirano2017-08-261-1/+1
* | Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
* | Add ActionController::Base.skip_forgery_protectionLisa Ugray2017-07-101-0/+9
* | Protect from forgery by defaultLisa Ugray2017-07-101-0/+4
* | [Action Controller] require => require_relativeAkira Matsuda2017-07-011-1/+1
|/
* Improve logging when Origin header doesn't matchJon Leighton2017-04-061-1/+5
* [docs] fix ActionController documentationHrvoje Šimić2017-03-121-5/+5
* Privatize unneededly protected methods in Action PackAkira Matsuda2016-12-241-23/+23
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-20/+20
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-6/+6
* Fix incorrect indentation in method comment [ci skip]Junya Ogura2016-07-211-3/+3
* Respect `log_warning_on_csrf_failure` setting for all CSRF failuresMatthew Caruana Galizia2016-05-231-1/+3
* Discart the schema and host information when building the per-form tokenRafael Mendonça França2016-04-201-1/+2
* Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-121-1/+1
* Improve the performance of string xor operationshik2016-02-151-1/+2
* speed up string xor operation and reduce object allocationsAaron Patterson2016-02-081-1/+2
* add option for per-form CSRF tokensBen Toews2016-01-041-11/+54
* Change the `protect_from_forgery` prepend default to `false`eileencodes2015-12-071-7/+7
* Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+28
* [ci skip] Fix document of `ActionController::RequestForgeryProtection`yui-knk2015-09-281-0/+2
* Use rack.session_options instead of directly change envJuanito Fatas2015-09-161-1/+1
* fewer direct env manipulationsAaron Patterson2015-09-151-1/+1
* Another place to use a request object in NullSessionHash Ronak Jangir2015-08-231-3/+3
* add a setter for the cookie jarAaron Patterson2015-08-061-1/+1
* remove `@host` ivarAaron Patterson2015-08-051-7/+1
* remove @secure ivarAaron Patterson2015-08-051-2/+1
* CookieJar does not need the key_generator parameter anymoreAaron Patterson2015-08-051-2/+1
* stop using an options hash with the cookie jarAaron Patterson2015-08-051-1/+1
* move env access to the request object.Aaron Patterson2015-08-051-2/+2