aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_forgery_protection_test.rb
Commit message (Expand)AuthorAgeFilesLines
* Migrating xhr methods to keyword arguments syntaxKir Shatrov2015-02-011-7/+7
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-10/+10
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-0/+60
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-5/+6
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-5/+6
* | Remove unneeded comment in test.Timm2014-06-161-1/+1
* | Nokogiri leaves '<' unescaped, so the assert_select looking for '&lt;' will n...Timm2014-06-161-2/+3
* | Fixed Nokogiri::CSS::SyntaxErrors.Timm2014-06-151-2/+2
|/
* Avoid hardcoded value in teardown.Zuhao Wan2014-05-281-3/+6
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-5/+26
* Remove wrapper div for inputs in button_toRafael Mendonça França2014-04-171-1/+1
* Update Request forgery tests to remove input wrappign divRafael Mendonça França2014-04-171-5/+5
* Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-0/+16
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-0/+10
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-9/+69
* NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+10
* Fix #9168 Initialize NullCookieJar with all options needed for KeyGeneratorAndrey Chernih2013-02-081-0/+35
* Added a test that shows that a HEAD request does not normally pass CSRF prote...Michiel Sikkes2013-01-221-0/+4
* deprecate `assert_blank` and `assert_present`.Yves Senn2013-01-051-1/+1
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-10/+6
* no need to pass an empty block to button_to helperSergey Nartimov2012-05-301-2/+2
* Cover one more case in auth_token and remote formsPiotr Sarnacki2012-03-281-0/+7
* config.action_view.embed_authenticity_token_in_remote_forms is true by defaultPiotr Sarnacki2012-03-281-19/+14
* Added config.action_view.embed_authenticity_token_in_remote_formsPiotr Sarnacki2012-03-281-2/+48
* fixed - warning: ambiguous first argument; put parentheses or even spacesSandeep2012-03-161-1/+1
* Allow you to force the authenticity_token to be rendered even on remote forms...David Heinemeier Hansson2012-03-141-0/+11
* Do not include the authenticity token in forms where remote: true as ajax for...David Heinemeier Hansson2012-03-141-0/+13
* configure how unverified request will be handledSergey Nartimov2012-03-091-2/+2
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-1/+14
* Remove not used requires from csrf helper file and testCarlos Antonio da Silva2012-01-211-7/+0
* Remove rescue_action from compatibility module and testsCarlos Antonio da Silva2012-01-171-2/+0
* Use ensure instead of rescueMike Dillon2011-09-101-1/+1
* Add test for warning and CHANGELOG entryMike Dillon2011-09-101-0/+16
* Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...Jon Leighton2011-05-231-3/+3
* Test csrf token param name customizationDavid Lee2011-05-101-7/+18
* Make csrf_meta_tags use the tag helperJames Robinson2011-04-081-5/+3
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-136/+75
* put authenticity_token option in parity w/ remoteDan Pickett2011-02-061-2/+2
* Added tests for form_for and an authenticity_token option. Added docs for for...Timothy N. Tsvetkov2011-02-051-0/+18
* authenticity_token option for form_tag [#2988 state:resolved]Jakub Kuźma2011-01-091-0/+18
* Fix indentation.Emilio Tagua2010-09-271-19/+18
* get csrf_meta_tag back to the generated layout in deference to existing print...Xavier Noria2010-09-141-1/+1
* revises implementation and documentation of csrf_meta_tags, and aliases csrf_...Xavier Noria2010-09-111-2/+6
* code gardening: we have assert_(nil|blank|present), more concise, with better...Xavier Noria2010-08-171-1/+1
* Test that csrf meta content is html-escaped, tooJeremy Kemper2010-02-041-1/+2
* Revert dumb testJeremy Kemper2010-02-041-2/+2
* HTML-escape csrf meta contentsJeremy Kemper2010-02-041-2/+2
* Expose CSRF param name alsoJeremy Kemper2010-02-041-1/+1
* Expose CSRF tag for UJS adaptersJeremy Kemper2010-02-041-1/+15
* Move form_remote_tag and remote_form_for into prototype_legacy_helperJoshua Peek2010-01-301-27/+18