aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_forgery_protection_test.rb
Commit message (Expand)AuthorAgeFilesLines
* Include application/javascript when checking content_typeGabriel Jaldon2018-05-271-0/+5
* Use assert_predicate and assert_not_predicateDaniel Colson2018-01-251-1/+1
* Add a better error message when a "null" Origin header occursJack McCracken2017-11-031-0/+13
* Add key rotation cookies middlewareMichael Coyne2017-09-241-1/+3
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
* Add ActionController::Base.skip_forgery_protectionLisa Ugray2017-07-101-0/+30
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
* Default embed_authenticity_token_in_remote_forms to nil.Kasper Timm Hansen2017-04-161-0/+90
* Improve logging when Origin header doesn't matchJon Leighton2017-04-061-0/+11
* Privatize unneededly protected methods in Action Pack testsAkira Matsuda2016-12-231-1/+1
* Add three new rubocop rulesRafael Mendonça França2016-08-161-16/+16
* Add `Style/EmptyLines` in `.rubocop.yml` and remove extra empty linesRyuta Kamizono2016-08-071-1/+0
* applies remaining conventions across the projectXavier Noria2016-08-061-1/+0
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-10/+10
* modernizes hash syntax in actionpackXavier Noria2016-08-061-13/+13
* applies new string literal convention in actionpack/testXavier Noria2016-08-061-70/+70
* Make sure the tests setup are made correctlyRafael Mendonça França2016-07-171-9/+9
* Respect `log_warning_on_csrf_failure` setting for all CSRF failuresMatthew Caruana Galizia2016-05-231-0/+31
* Discart the schema and host information when building the per-form tokenRafael Mendonça França2016-04-201-0/+13
* Make per form token work when method is not providedRafael Mendonça França2016-02-221-2/+16
* Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed them...Vipul A M2016-02-221-70/+38
* Fixed passing of delete method on button_to tag, creating wrong form csrf tokenVipul A M2016-02-211-0/+44
* add option for per-form CSRF tokensBen Toews2016-01-041-0/+172
* Change the `protect_from_forgery` prepend default to `false`eileencodes2015-12-071-2/+2
* Add option to verify Origin header in CSRF checksBen Toews2015-11-251-0/+45
* Remove mocha from ActionPack testsMarcin Olichwirowicz2015-09-051-1/+0
* Get rid of mocha tests - part 2Marcin Olichwirowicz2015-08-251-8/+24
* Get rid of mocha tests - part 1Marcin Olichwirowicz2015-08-241-33/+46
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-171-1/+1
* let the superclass build the request and responseAaron Patterson2015-07-081-2/+1
* Deprecate `:nothing` option for render methodMehmet Emin İNAÇ2015-05-281-3/+3
* Removed unused code from request_forgery_protection testsPrathamesh Sonpatki2015-04-261-17/+0
* Handle non-string authenticity tokensVille Lautanala2015-02-121-0/+7
* Migrating xhr methods to keyword arguments syntaxKir Shatrov2015-02-011-7/+7
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-10/+10
* Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-0/+60
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-5/+6
|\
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-5/+6
* | Remove unneeded comment in test.Timm2014-06-161-1/+1
* | Nokogiri leaves '<' unescaped, so the assert_select looking for '&lt;' will n...Timm2014-06-161-2/+3
* | Fixed Nokogiri::CSS::SyntaxErrors.Timm2014-06-151-2/+2
|/
* Avoid hardcoded value in teardown.Zuhao Wan2014-05-281-3/+6
* Moved 'params[request_forgery_protection_token]' into its own method and impr...Tom Kadwill2014-05-061-5/+26
* Remove wrapper div for inputs in button_toRafael Mendonça França2014-04-171-1/+1
* Update Request forgery tests to remove input wrappign divRafael Mendonça França2014-04-171-5/+5
* Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-0/+16
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-0/+10
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-9/+69
* NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+10