index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
test
/
controller
/
request_forgery_protection_test.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Use assert_predicate and assert_not_predicate
Daniel Colson
2018-01-25
1
-1
/
+1
*
Add a better error message when a "null" Origin header occurs
Jack McCracken
2017-11-03
1
-0
/
+13
*
Add key rotation cookies middleware
Michael Coyne
2017-09-24
1
-1
/
+3
*
Use frozen string literal in actionpack/
Kir Shatrov
2017-07-29
1
-0
/
+2
*
Add ActionController::Base.skip_forgery_protection
Lisa Ugray
2017-07-10
1
-0
/
+30
*
Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"
Matthew Draper
2017-07-02
1
-1
/
+0
*
Enforce frozen string in Rubocop
Kir Shatrov
2017-07-01
1
-0
/
+1
*
Default embed_authenticity_token_in_remote_forms to nil.
Kasper Timm Hansen
2017-04-16
1
-0
/
+90
*
Improve logging when Origin header doesn't match
Jon Leighton
2017-04-06
1
-0
/
+11
*
Privatize unneededly protected methods in Action Pack tests
Akira Matsuda
2016-12-23
1
-1
/
+1
*
Add three new rubocop rules
Rafael Mendonça França
2016-08-16
1
-16
/
+16
*
Add `Style/EmptyLines` in `.rubocop.yml` and remove extra empty lines
Ryuta Kamizono
2016-08-07
1
-1
/
+0
*
applies remaining conventions across the project
Xavier Noria
2016-08-06
1
-1
/
+0
*
normalizes indentation and whitespace across the project
Xavier Noria
2016-08-06
1
-10
/
+10
*
modernizes hash syntax in actionpack
Xavier Noria
2016-08-06
1
-13
/
+13
*
applies new string literal convention in actionpack/test
Xavier Noria
2016-08-06
1
-70
/
+70
*
Make sure the tests setup are made correctly
Rafael Mendonça França
2016-07-17
1
-9
/
+9
*
Respect `log_warning_on_csrf_failure` setting for all CSRF failures
Matthew Caruana Galizia
2016-05-23
1
-0
/
+31
*
Discart the schema and host information when building the per-form token
Rafael Mendonça França
2016-04-20
1
-0
/
+13
*
Make per form token work when method is not provided
Rafael Mendonça França
2016-02-22
1
-2
/
+16
*
Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed them...
Vipul A M
2016-02-22
1
-70
/
+38
*
Fixed passing of delete method on button_to tag, creating wrong form csrf token
Vipul A M
2016-02-21
1
-0
/
+44
*
add option for per-form CSRF tokens
Ben Toews
2016-01-04
1
-0
/
+172
*
Change the `protect_from_forgery` prepend default to `false`
eileencodes
2015-12-07
1
-2
/
+2
*
Add option to verify Origin header in CSRF checks
Ben Toews
2015-11-25
1
-0
/
+45
*
Remove mocha from ActionPack tests
Marcin Olichwirowicz
2015-09-05
1
-1
/
+0
*
Get rid of mocha tests - part 2
Marcin Olichwirowicz
2015-08-25
1
-8
/
+24
*
Get rid of mocha tests - part 1
Marcin Olichwirowicz
2015-08-24
1
-33
/
+46
*
Stop using deprecated `render :text` in test
Prem Sichanugrist
2015-07-17
1
-1
/
+1
*
let the superclass build the request and response
Aaron Patterson
2015-07-08
1
-2
/
+1
*
Deprecate `:nothing` option for render method
Mehmet Emin İNAÇ
2015-05-28
1
-3
/
+3
*
Removed unused code from request_forgery_protection tests
Prathamesh Sonpatki
2015-04-26
1
-17
/
+0
*
Handle non-string authenticity tokens
Ville Lautanala
2015-02-12
1
-0
/
+7
*
Migrating xhr methods to keyword arguments syntax
Kir Shatrov
2015-02-01
1
-7
/
+7
*
Switch to kwargs in ActionController::TestCase and ActionDispatch::Integration
Kir Shatrov
2015-01-29
1
-10
/
+10
*
Add prepend option to protect_from_forgery.
Josef Šimánek
2015-01-08
1
-0
/
+60
*
Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-token
Jeremy Kemper
2014-08-19
1
-5
/
+6
|
\
|
*
Auth token mask from breach-mitigation-rails gem
Bradley Buda
2014-08-19
1
-5
/
+6
*
|
Remove unneeded comment in test.
Timm
2014-06-16
1
-1
/
+1
*
|
Nokogiri leaves '<' unescaped, so the assert_select looking for '<' will n...
Timm
2014-06-16
1
-2
/
+3
*
|
Fixed Nokogiri::CSS::SyntaxErrors.
Timm
2014-06-15
1
-2
/
+2
|
/
*
Avoid hardcoded value in teardown.
Zuhao Wan
2014-05-28
1
-3
/
+6
*
Moved 'params[request_forgery_protection_token]' into its own method and impr...
Tom Kadwill
2014-05-06
1
-5
/
+26
*
Remove wrapper div for inputs in button_to
Rafael Mendonça França
2014-04-17
1
-1
/
+1
*
Update Request forgery tests to remove input wrappign div
Rafael Mendonça França
2014-04-17
1
-5
/
+5
*
Make CSRF failure logging optional/configurable.
John Barton (joho)
2014-03-05
1
-0
/
+16
*
Clearly limit new CSRF protection to GET requests
Jeremy Kemper
2013-12-17
1
-0
/
+10
*
CSRF protection from cross-origin <script> tags
Jeremy Kemper
2013-12-17
1
-9
/
+69
*
NullSessionHash#destroy should be a no-op
Jonathan Baudanza
2013-09-18
1
-0
/
+10
*
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
Andrey Chernih
2013-02-08
1
-0
/
+35
[next]