index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
test
/
controller
/
request_forgery_protection_test.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Avoid hardcoded value in teardown.
Zuhao Wan
2014-05-28
1
-3
/
+6
*
Moved 'params[request_forgery_protection_token]' into its own method and impr...
Tom Kadwill
2014-05-06
1
-5
/
+26
*
Remove wrapper div for inputs in button_to
Rafael Mendonça França
2014-04-17
1
-1
/
+1
*
Update Request forgery tests to remove input wrappign div
Rafael Mendonça França
2014-04-17
1
-5
/
+5
*
Make CSRF failure logging optional/configurable.
John Barton (joho)
2014-03-05
1
-0
/
+16
*
Clearly limit new CSRF protection to GET requests
Jeremy Kemper
2013-12-17
1
-0
/
+10
*
CSRF protection from cross-origin <script> tags
Jeremy Kemper
2013-12-17
1
-9
/
+69
*
NullSessionHash#destroy should be a no-op
Jonathan Baudanza
2013-09-18
1
-0
/
+10
*
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
Andrey Chernih
2013-02-08
1
-0
/
+35
*
Added a test that shows that a HEAD request does not normally pass CSRF prote...
Michiel Sikkes
2013-01-22
1
-0
/
+4
*
deprecate `assert_blank` and `assert_present`.
Yves Senn
2013-01-05
1
-1
/
+1
*
Implement :null_session CSRF protection method
Sergey Nartimov
2012-09-13
1
-10
/
+6
*
no need to pass an empty block to button_to helper
Sergey Nartimov
2012-05-30
1
-2
/
+2
*
Cover one more case in auth_token and remote forms
Piotr Sarnacki
2012-03-28
1
-0
/
+7
*
config.action_view.embed_authenticity_token_in_remote_forms is true by default
Piotr Sarnacki
2012-03-28
1
-19
/
+14
*
Added config.action_view.embed_authenticity_token_in_remote_forms
Piotr Sarnacki
2012-03-28
1
-2
/
+48
*
fixed - warning: ambiguous first argument; put parentheses or even spaces
Sandeep
2012-03-16
1
-1
/
+1
*
Allow you to force the authenticity_token to be rendered even on remote forms...
David Heinemeier Hansson
2012-03-14
1
-0
/
+11
*
Do not include the authenticity token in forms where remote: true as ajax for...
David Heinemeier Hansson
2012-03-14
1
-0
/
+13
*
configure how unverified request will be handled
Sergey Nartimov
2012-03-09
1
-2
/
+2
*
Add config.default_method_for_update to support PATCH
David Lee
2012-02-22
1
-1
/
+14
*
Remove not used requires from csrf helper file and test
Carlos Antonio da Silva
2012-01-21
1
-7
/
+0
*
Remove rescue_action from compatibility module and tests
Carlos Antonio da Silva
2012-01-17
1
-2
/
+0
*
Use ensure instead of rescue
Mike Dillon
2011-09-10
1
-1
/
+1
*
Add test for warning and CHANGELOG entry
Mike Dillon
2011-09-10
1
-0
/
+16
*
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and...
Jon Leighton
2011-05-23
1
-3
/
+3
*
Test csrf token param name customization
David Lee
2011-05-10
1
-7
/
+18
*
Make csrf_meta_tags use the tag helper
James Robinson
2011-04-08
1
-5
/
+3
*
Change the CSRF whitelisting to only apply to get requests
Michael Koziarski
2011-02-08
1
-136
/
+75
*
put authenticity_token option in parity w/ remote
Dan Pickett
2011-02-06
1
-2
/
+2
*
Added tests for form_for and an authenticity_token option. Added docs for for...
Timothy N. Tsvetkov
2011-02-05
1
-0
/
+18
*
authenticity_token option for form_tag [#2988 state:resolved]
Jakub Kuźma
2011-01-09
1
-0
/
+18
*
Fix indentation.
Emilio Tagua
2010-09-27
1
-19
/
+18
*
get csrf_meta_tag back to the generated layout in deference to existing print...
Xavier Noria
2010-09-14
1
-1
/
+1
*
revises implementation and documentation of csrf_meta_tags, and aliases csrf_...
Xavier Noria
2010-09-11
1
-2
/
+6
*
code gardening: we have assert_(nil|blank|present), more concise, with better...
Xavier Noria
2010-08-17
1
-1
/
+1
*
Test that csrf meta content is html-escaped, too
Jeremy Kemper
2010-02-04
1
-1
/
+2
*
Revert dumb test
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
HTML-escape csrf meta contents
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
Expose CSRF param name also
Jeremy Kemper
2010-02-04
1
-1
/
+1
*
Expose CSRF tag for UJS adapters
Jeremy Kemper
2010-02-04
1
-1
/
+15
*
Move form_remote_tag and remote_form_for into prototype_legacy_helper
Joshua Peek
2010-01-30
1
-27
/
+18
*
Fix test bleed
Jeremy Kemper
2009-11-18
1
-1
/
+1
*
Extract form_authenticity_param instance method so it's overridable in subcla...
Jeremy Kemper
2009-11-17
1
-1
/
+19
*
Cleanup route reloading in tests. Prefer with_routing over using ActionContro...
Joshua Peek
2009-08-16
1
-5
/
+1
*
Don't check authenticity tokens for any AJAX requests
Ross Kaffenburger and Bryan Helmkamp
2009-04-15
1
-5
/
+6
*
Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.
Jeremy Kemper
2009-03-08
1
-9
/
+9
*
Change the forgery token implementation to just be a simple random string.
Michael Koziarski
2008-11-23
1
-87
/
+6
*
Merge branch 'master' into testing
Jeremy Kemper
2008-11-15
1
-52
/
+66
|
\
|
*
Changed request forgery protection to only worry about HTML-formatted content...
Jeff Cohen
2008-11-13
1
-52
/
+66
[next]