index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
test
/
controller
/
request_forgery_protection_test.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Add `Style/EmptyLines` in `.rubocop.yml` and remove extra empty lines
Ryuta Kamizono
2016-08-07
1
-1
/
+0
*
applies remaining conventions across the project
Xavier Noria
2016-08-06
1
-1
/
+0
*
normalizes indentation and whitespace across the project
Xavier Noria
2016-08-06
1
-10
/
+10
*
modernizes hash syntax in actionpack
Xavier Noria
2016-08-06
1
-13
/
+13
*
applies new string literal convention in actionpack/test
Xavier Noria
2016-08-06
1
-70
/
+70
*
Make sure the tests setup are made correctly
Rafael Mendonça França
2016-07-17
1
-9
/
+9
*
Respect `log_warning_on_csrf_failure` setting for all CSRF failures
Matthew Caruana Galizia
2016-05-23
1
-0
/
+31
*
Discart the schema and host information when building the per-form token
Rafael Mendonça França
2016-04-20
1
-0
/
+13
*
Make per form token work when method is not provided
Rafael Mendonça França
2016-02-22
1
-2
/
+16
*
Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed them...
Vipul A M
2016-02-22
1
-70
/
+38
*
Fixed passing of delete method on button_to tag, creating wrong form csrf token
Vipul A M
2016-02-21
1
-0
/
+44
*
add option for per-form CSRF tokens
Ben Toews
2016-01-04
1
-0
/
+172
*
Change the `protect_from_forgery` prepend default to `false`
eileencodes
2015-12-07
1
-2
/
+2
*
Add option to verify Origin header in CSRF checks
Ben Toews
2015-11-25
1
-0
/
+45
*
Remove mocha from ActionPack tests
Marcin Olichwirowicz
2015-09-05
1
-1
/
+0
*
Get rid of mocha tests - part 2
Marcin Olichwirowicz
2015-08-25
1
-8
/
+24
*
Get rid of mocha tests - part 1
Marcin Olichwirowicz
2015-08-24
1
-33
/
+46
*
Stop using deprecated `render :text` in test
Prem Sichanugrist
2015-07-17
1
-1
/
+1
*
let the superclass build the request and response
Aaron Patterson
2015-07-08
1
-2
/
+1
*
Deprecate `:nothing` option for render method
Mehmet Emin İNAÇ
2015-05-28
1
-3
/
+3
*
Removed unused code from request_forgery_protection tests
Prathamesh Sonpatki
2015-04-26
1
-17
/
+0
*
Handle non-string authenticity tokens
Ville Lautanala
2015-02-12
1
-0
/
+7
*
Migrating xhr methods to keyword arguments syntax
Kir Shatrov
2015-02-01
1
-7
/
+7
*
Switch to kwargs in ActionController::TestCase and ActionDispatch::Integration
Kir Shatrov
2015-01-29
1
-10
/
+10
*
Add prepend option to protect_from_forgery.
Josef Šimánek
2015-01-08
1
-0
/
+60
*
Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-token
Jeremy Kemper
2014-08-19
1
-5
/
+6
|
\
|
*
Auth token mask from breach-mitigation-rails gem
Bradley Buda
2014-08-19
1
-5
/
+6
*
|
Remove unneeded comment in test.
Timm
2014-06-16
1
-1
/
+1
*
|
Nokogiri leaves '<' unescaped, so the assert_select looking for '<' will n...
Timm
2014-06-16
1
-2
/
+3
*
|
Fixed Nokogiri::CSS::SyntaxErrors.
Timm
2014-06-15
1
-2
/
+2
|
/
*
Avoid hardcoded value in teardown.
Zuhao Wan
2014-05-28
1
-3
/
+6
*
Moved 'params[request_forgery_protection_token]' into its own method and impr...
Tom Kadwill
2014-05-06
1
-5
/
+26
*
Remove wrapper div for inputs in button_to
Rafael Mendonça França
2014-04-17
1
-1
/
+1
*
Update Request forgery tests to remove input wrappign div
Rafael Mendonça França
2014-04-17
1
-5
/
+5
*
Make CSRF failure logging optional/configurable.
John Barton (joho)
2014-03-05
1
-0
/
+16
*
Clearly limit new CSRF protection to GET requests
Jeremy Kemper
2013-12-17
1
-0
/
+10
*
CSRF protection from cross-origin <script> tags
Jeremy Kemper
2013-12-17
1
-9
/
+69
*
NullSessionHash#destroy should be a no-op
Jonathan Baudanza
2013-09-18
1
-0
/
+10
*
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
Andrey Chernih
2013-02-08
1
-0
/
+35
*
Added a test that shows that a HEAD request does not normally pass CSRF prote...
Michiel Sikkes
2013-01-22
1
-0
/
+4
*
deprecate `assert_blank` and `assert_present`.
Yves Senn
2013-01-05
1
-1
/
+1
*
Implement :null_session CSRF protection method
Sergey Nartimov
2012-09-13
1
-10
/
+6
*
no need to pass an empty block to button_to helper
Sergey Nartimov
2012-05-30
1
-2
/
+2
*
Cover one more case in auth_token and remote forms
Piotr Sarnacki
2012-03-28
1
-0
/
+7
*
config.action_view.embed_authenticity_token_in_remote_forms is true by default
Piotr Sarnacki
2012-03-28
1
-19
/
+14
*
Added config.action_view.embed_authenticity_token_in_remote_forms
Piotr Sarnacki
2012-03-28
1
-2
/
+48
*
fixed - warning: ambiguous first argument; put parentheses or even spaces
Sandeep
2012-03-16
1
-1
/
+1
*
Allow you to force the authenticity_token to be rendered even on remote forms...
David Heinemeier Hansson
2012-03-14
1
-0
/
+11
*
Do not include the authenticity token in forms where remote: true as ajax for...
David Heinemeier Hansson
2012-03-14
1
-0
/
+13
*
configure how unverified request will be handled
Sergey Nartimov
2012-03-09
1
-2
/
+2
[next]