index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
test
/
controller
/
request_forgery_protection_test.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Migrating xhr methods to keyword arguments syntax
Kir Shatrov
2015-02-01
1
-7
/
+7
*
Switch to kwargs in ActionController::TestCase and ActionDispatch::Integration
Kir Shatrov
2015-01-29
1
-10
/
+10
*
Add prepend option to protect_from_forgery.
Josef Šimánek
2015-01-08
1
-0
/
+60
*
Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-token
Jeremy Kemper
2014-08-19
1
-5
/
+6
|
\
|
*
Auth token mask from breach-mitigation-rails gem
Bradley Buda
2014-08-19
1
-5
/
+6
*
|
Remove unneeded comment in test.
Timm
2014-06-16
1
-1
/
+1
*
|
Nokogiri leaves '<' unescaped, so the assert_select looking for '<' will n...
Timm
2014-06-16
1
-2
/
+3
*
|
Fixed Nokogiri::CSS::SyntaxErrors.
Timm
2014-06-15
1
-2
/
+2
|
/
*
Avoid hardcoded value in teardown.
Zuhao Wan
2014-05-28
1
-3
/
+6
*
Moved 'params[request_forgery_protection_token]' into its own method and impr...
Tom Kadwill
2014-05-06
1
-5
/
+26
*
Remove wrapper div for inputs in button_to
Rafael Mendonça França
2014-04-17
1
-1
/
+1
*
Update Request forgery tests to remove input wrappign div
Rafael Mendonça França
2014-04-17
1
-5
/
+5
*
Make CSRF failure logging optional/configurable.
John Barton (joho)
2014-03-05
1
-0
/
+16
*
Clearly limit new CSRF protection to GET requests
Jeremy Kemper
2013-12-17
1
-0
/
+10
*
CSRF protection from cross-origin <script> tags
Jeremy Kemper
2013-12-17
1
-9
/
+69
*
NullSessionHash#destroy should be a no-op
Jonathan Baudanza
2013-09-18
1
-0
/
+10
*
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
Andrey Chernih
2013-02-08
1
-0
/
+35
*
Added a test that shows that a HEAD request does not normally pass CSRF prote...
Michiel Sikkes
2013-01-22
1
-0
/
+4
*
deprecate `assert_blank` and `assert_present`.
Yves Senn
2013-01-05
1
-1
/
+1
*
Implement :null_session CSRF protection method
Sergey Nartimov
2012-09-13
1
-10
/
+6
*
no need to pass an empty block to button_to helper
Sergey Nartimov
2012-05-30
1
-2
/
+2
*
Cover one more case in auth_token and remote forms
Piotr Sarnacki
2012-03-28
1
-0
/
+7
*
config.action_view.embed_authenticity_token_in_remote_forms is true by default
Piotr Sarnacki
2012-03-28
1
-19
/
+14
*
Added config.action_view.embed_authenticity_token_in_remote_forms
Piotr Sarnacki
2012-03-28
1
-2
/
+48
*
fixed - warning: ambiguous first argument; put parentheses or even spaces
Sandeep
2012-03-16
1
-1
/
+1
*
Allow you to force the authenticity_token to be rendered even on remote forms...
David Heinemeier Hansson
2012-03-14
1
-0
/
+11
*
Do not include the authenticity token in forms where remote: true as ajax for...
David Heinemeier Hansson
2012-03-14
1
-0
/
+13
*
configure how unverified request will be handled
Sergey Nartimov
2012-03-09
1
-2
/
+2
*
Add config.default_method_for_update to support PATCH
David Lee
2012-02-22
1
-1
/
+14
*
Remove not used requires from csrf helper file and test
Carlos Antonio da Silva
2012-01-21
1
-7
/
+0
*
Remove rescue_action from compatibility module and tests
Carlos Antonio da Silva
2012-01-17
1
-2
/
+0
*
Use ensure instead of rescue
Mike Dillon
2011-09-10
1
-1
/
+1
*
Add test for warning and CHANGELOG entry
Mike Dillon
2011-09-10
1
-0
/
+16
*
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...
Jon Leighton
2011-05-23
1
-3
/
+3
*
Test csrf token param name customization
David Lee
2011-05-10
1
-7
/
+18
*
Make csrf_meta_tags use the tag helper
James Robinson
2011-04-08
1
-5
/
+3
*
Change the CSRF whitelisting to only apply to get requests
Michael Koziarski
2011-02-08
1
-136
/
+75
*
put authenticity_token option in parity w/ remote
Dan Pickett
2011-02-06
1
-2
/
+2
*
Added tests for form_for and an authenticity_token option. Added docs for for...
Timothy N. Tsvetkov
2011-02-05
1
-0
/
+18
*
authenticity_token option for form_tag [#2988 state:resolved]
Jakub Kuźma
2011-01-09
1
-0
/
+18
*
Fix indentation.
Emilio Tagua
2010-09-27
1
-19
/
+18
*
get csrf_meta_tag back to the generated layout in deference to existing print...
Xavier Noria
2010-09-14
1
-1
/
+1
*
revises implementation and documentation of csrf_meta_tags, and aliases csrf_...
Xavier Noria
2010-09-11
1
-2
/
+6
*
code gardening: we have assert_(nil|blank|present), more concise, with better...
Xavier Noria
2010-08-17
1
-1
/
+1
*
Test that csrf meta content is html-escaped, too
Jeremy Kemper
2010-02-04
1
-1
/
+2
*
Revert dumb test
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
HTML-escape csrf meta contents
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
Expose CSRF param name also
Jeremy Kemper
2010-02-04
1
-1
/
+1
*
Expose CSRF tag for UJS adapters
Jeremy Kemper
2010-02-04
1
-1
/
+15
*
Move form_remote_tag and remote_form_for into prototype_legacy_helper
Joshua Peek
2010-01-30
1
-27
/
+18
[next]