| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | |
| | | |
[ci skip]
|
|\ \ \
| | | |
| | | | |
Don't include Active Storage migrations in new apps
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
When a user tries to create a new attachment or blog and the matching table is missing from the database
(`active_storage_attachments` and `active_storage_blobs` by default), an informative error is displayed
that invites users to run the `active_storage:install` task.
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add headless browser support in api docs [ci skip]
|
| | | | |
|
| |/ /
|/| | |
|
|/ / |
|
|\ \
| | |
| | | |
Initial support for running Rails on FIPS-certified systems
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
implementation
and defaults to `Digest::MD5`.
Replaced calls to `::Digest::MD5.hexdigest` with calls to `ActiveSupport::Digest.hexdigest`.
|
| | |
| | |
| | |
| | | |
Follow up of #31432.
|
| | |
| | |
| | |
| | | |
haven't specified manually another server.
|
| | |
| | |
| | |
| | | |
default headers set.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
JackMc/fix-chrome-referrer-invalidauthenticitytoken
Fix issue #30658 by checking explicitly for 'null' referrer
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Matches Hash#each behaviour as used in Rails 4.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow up of 3c442b6df91e291ebbf17f37444414bf5f10fbe6
Without this require, it will fail when run CSP test alone.
Ref: https://travis-ci.org/rails/rails/jobs/311715758#L2976
|
| |/ /
|/| |
| | | |
Use Object#deep_dup to safely duplicate policy values
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Not everyone uses iTerm2 and whereas Terminal.app on a mac just ignores
that and outputs the path, other terminals like those on Ubuntu do not.
A friendlier default is one that works by default.
Closes #31159
Closes #30957
|
| | | |
|
| | |
| | |
| | |
| | | |
See discussion in #31251
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Fixes #31220.
|
| | | |
|
| | |
| | |
| | |
| | | |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
vipulnsward/make-variable_size_secure_compare-public
Make variable_size_secure_compare public
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to make it not leak length information even for variable length string.
Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`,
and started raising `ArgumentError` in case of length mismatch of passed strings.
|
|\ \ \ \
| | | | |
| | | | | |
Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
|
| | | | |
| | | | |
| | | | | |
Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead.
[ci skip]
|
|/ / / /
| | | |
| | | | |
[ci skip]
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
## Summary
RuboCop 0.51.0 was released.
https://github.com/bbatsov/rubocop/releases/tag/v0.51.0
And rubocop-0-51 channel is available in Code Climate.
https://github.com/codeclimate/codeclimate-rubocop/issues/109
This PR will bump RuboCop to 0.51.0 and fixes the following new
offenses.
```console
% bundle exec rubocop
Inspecting 2358 files
(snip)
Offenses:
actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C:
Prefer double-quoted strings unless you need single quotes to avoid
extra backslashes for escaping.
[key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')]
^^^^
activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer
double-quoted strings unless you need single quotes to avoid extra
backslashes for escaping.
assert_raise(LoadError) { require 'no_this_file_don\'t_exist' }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
2358 files inspected, 2 offenses detected
```
|
|\ \ \ \
| | | | |
| | | | | |
Fix typoes on ActionDispatch::HTTP::FilterParameters
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Make `assert_recognizes` to traverse mounted engines
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Before this commit paths of mounted engines are not traversed
when `assert_recognizes` is called, causing strange test results.
This commit enable to traverse mounted paths.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Unlike `resize_window`, `resize_window_to` has three arguments.
https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143
Therefore, if pass only width and height just like `resize_window`,
`ArgumentError`will be raised.
To prevent this, explicitly pass window handler.
Follow up of #31046
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
y-yagi/show_request_forgery_protection_methods_in_api_doc
Show `RequestForgeryProtection` methods in api doc [ci skip]
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Several methods of `RequestForgeryProtection` are not showed in the api
doc even though `:doc:` is specified.
(e.g. `form_authenticity_param`)
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
These methods are listed in the doc of v4.1.
http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html
This is due to the influence of `:nodoc:` added in #18102, methods after
`CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc.
Therefore, in order to show the method like originally, added `startdoc`
after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix Capybara::Webkit::Driver#resize_window deprecation warning
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
>[DEPRECATION] Capybara::Webkit::Driver#resize_window is
deprecated. Please use Capybara::Window#resize_to instead.
|
|/ / / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[ci skip]Fix typo in comments.
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Long source lines cause line wrapping in the extracted
source section of the rescue handler page which can make
the line numbers not match up with the source lines.
|