aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
Commit message (Expand)AuthorAgeFilesLines
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
* Add ActionController::Base.skip_forgery_protectionLisa Ugray2017-07-101-0/+9
* Protect from forgery by defaultLisa Ugray2017-07-101-0/+4
* [Action Controller] require => require_relativeAkira Matsuda2017-07-011-1/+1
* Improve logging when Origin header doesn't matchJon Leighton2017-04-061-1/+5
* [docs] fix ActionController documentationHrvoje Šimić2017-03-121-5/+5
* Privatize unneededly protected methods in Action PackAkira Matsuda2016-12-241-23/+23
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-20/+20
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-6/+6
* Fix incorrect indentation in method comment [ci skip]Junya Ogura2016-07-211-3/+3
* Respect `log_warning_on_csrf_failure` setting for all CSRF failuresMatthew Caruana Galizia2016-05-231-1/+3
* Discart the schema and host information when building the per-form tokenRafael Mendonça França2016-04-201-1/+2
* Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-121-1/+1
* Improve the performance of string xor operationshik2016-02-151-1/+2
* speed up string xor operation and reduce object allocationsAaron Patterson2016-02-081-1/+2
* add option for per-form CSRF tokensBen Toews2016-01-041-11/+54
* Change the `protect_from_forgery` prepend default to `false`eileencodes2015-12-071-7/+7
* Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+28
* [ci skip] Fix document of `ActionController::RequestForgeryProtection`yui-knk2015-09-281-0/+2
* Use rack.session_options instead of directly change envJuanito Fatas2015-09-161-1/+1
* fewer direct env manipulationsAaron Patterson2015-09-151-1/+1
* Another place to use a request object in NullSessionHash Ronak Jangir2015-08-231-3/+3
* add a setter for the cookie jarAaron Patterson2015-08-061-1/+1
* remove `@host` ivarAaron Patterson2015-08-051-7/+1
* remove @secure ivarAaron Patterson2015-08-051-2/+1
* CookieJar does not need the key_generator parameter anymoreAaron Patterson2015-08-051-2/+1
* stop using an options hash with the cookie jarAaron Patterson2015-08-051-1/+1
* move env access to the request object.Aaron Patterson2015-08-051-2/+2
* [ci skip] it should be protect_from_forgeryAditya Kapoor2015-07-271-1/+1
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-06-051-1/+1
|\
| * [ci skip] Upcase `is`yui-knk2015-05-251-1/+1
* | Spelling/typo/grammatical fixes [ci skip]karanarora2015-05-231-1/+1
|/
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-05-081-1/+1
|\
| * Add missing "of" to RequestForgeryProtection doc.Hendy Tanata2015-04-271-1/+1
* | Updated request_forgery_protection docs [ci skip]Prathamesh Sonpatki2015-04-281-5/+6
|/
* Add note regarding CSRF for APIs, as a use-case for skipping it [ci skip]Zachary Scott2015-04-121-0/+4
* Apply comments from @jeremy regarding why HTML and Javascript requestsZachary Scott2015-04-121-0/+5
* update request_forgery_protection docs [ci skip]Vladimir Lyzo2015-04-121-7/+8
* Try only to decode stringsRafael Mendonça França2015-02-181-2/+4
* Handle non-string authenticity tokensVille Lautanala2015-02-121-1/+1
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-1/+8
* Improve protect_from_forgery documentation. [ci skip].Josef Šimánek2015-01-061-3/+3
* Document all options for protect_from_forgery.Josef Šimánek2015-01-041-8/+2
* Merge pull request #18102 from arthurnn/nodoc_constantArthur Nogueira Neves2014-12-191-0/+1
* Use AS secure_compare for CSRF token comparisonGuillermo Iguaran2014-10-231-2/+2
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-3/+65
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-3/+65
* | Uppercase HTML in docs.Hendy Tanata2014-08-081-2/+2
|/
* Fix protect_from_forgery docsDavid Albert2014-07-271-1/+1
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-1/+1