| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator | Andrey Chernih | 2013-02-08 | 1 | -0/+35 |
| * | Added a test that shows that a HEAD request does not normally pass CSRF prote... | Michiel Sikkes | 2013-01-22 | 1 | -0/+4 |
| * | deprecate `assert_blank` and `assert_present`. | Yves Senn | 2013-01-05 | 1 | -1/+1 |
| * | Implement :null_session CSRF protection method | Sergey Nartimov | 2012-09-13 | 1 | -10/+6 |
| * | no need to pass an empty block to button_to helper | Sergey Nartimov | 2012-05-30 | 1 | -2/+2 |
| * | Cover one more case in auth_token and remote forms | Piotr Sarnacki | 2012-03-28 | 1 | -0/+7 |
| * | config.action_view.embed_authenticity_token_in_remote_forms is true by default | Piotr Sarnacki | 2012-03-28 | 1 | -19/+14 |
| * | Added config.action_view.embed_authenticity_token_in_remote_forms | Piotr Sarnacki | 2012-03-28 | 1 | -2/+48 |
| * | fixed - warning: ambiguous first argument; put parentheses or even spaces | Sandeep | 2012-03-16 | 1 | -1/+1 |
| * | Allow you to force the authenticity_token to be rendered even on remote forms... | David Heinemeier Hansson | 2012-03-14 | 1 | -0/+11 |
| * | Do not include the authenticity token in forms where remote: true as ajax for... | David Heinemeier Hansson | 2012-03-14 | 1 | -0/+13 |
| * | configure how unverified request will be handled | Sergey Nartimov | 2012-03-09 | 1 | -2/+2 |
| * | Add config.default_method_for_update to support PATCH | David Lee | 2012-02-22 | 1 | -1/+14 |
| * | Remove not used requires from csrf helper file and test | Carlos Antonio da Silva | 2012-01-21 | 1 | -7/+0 |
| * | Remove rescue_action from compatibility module and tests | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+0 |
| * | Use ensure instead of rescue | Mike Dillon | 2011-09-10 | 1 | -1/+1 |
| * | Add test for warning and CHANGELOG entry | Mike Dillon | 2011-09-10 | 1 | -0/+16 |
| * | Replace references to ActiveSupport::SecureRandom with just SecureRandom, and... | Jon Leighton | 2011-05-23 | 1 | -3/+3 |
| * | Test csrf token param name customization | David Lee | 2011-05-10 | 1 | -7/+18 |
| * | Make csrf_meta_tags use the tag helper | James Robinson | 2011-04-08 | 1 | -5/+3 |
| * | Change the CSRF whitelisting to only apply to get requests | Michael Koziarski | 2011-02-08 | 1 | -136/+75 |
| * | put authenticity_token option in parity w/ remote | Dan Pickett | 2011-02-06 | 1 | -2/+2 |
| * | Added tests for form_for and an authenticity_token option. Added docs for for... | Timothy N. Tsvetkov | 2011-02-05 | 1 | -0/+18 |
| * | authenticity_token option for form_tag [#2988 state:resolved] | Jakub Kuźma | 2011-01-09 | 1 | -0/+18 |
| * | Fix indentation. | Emilio Tagua | 2010-09-27 | 1 | -19/+18 |
| * | get csrf_meta_tag back to the generated layout in deference to existing print... | Xavier Noria | 2010-09-14 | 1 | -1/+1 |
| * | revises implementation and documentation of csrf_meta_tags, and aliases csrf_... | Xavier Noria | 2010-09-11 | 1 | -2/+6 |
| * | code gardening: we have assert_(nil|blank|present), more concise, with better... | Xavier Noria | 2010-08-17 | 1 | -1/+1 |
| * | Test that csrf meta content is html-escaped, too | Jeremy Kemper | 2010-02-04 | 1 | -1/+2 |
| * | Revert dumb test | Jeremy Kemper | 2010-02-04 | 1 | -2/+2 |
| * | HTML-escape csrf meta contents | Jeremy Kemper | 2010-02-04 | 1 | -2/+2 |
| * | Expose CSRF param name also | Jeremy Kemper | 2010-02-04 | 1 | -1/+1 |
| * | Expose CSRF tag for UJS adapters | Jeremy Kemper | 2010-02-04 | 1 | -1/+15 |
| * | Move form_remote_tag and remote_form_for into prototype_legacy_helper | Joshua Peek | 2010-01-30 | 1 | -27/+18 |
| * | Fix test bleed | Jeremy Kemper | 2009-11-18 | 1 | -1/+1 |
| * | Extract form_authenticity_param instance method so it's overridable in subcla... | Jeremy Kemper | 2009-11-17 | 1 | -1/+19 |
| * | Cleanup route reloading in tests. Prefer with_routing over using ActionContro... | Joshua Peek | 2009-08-16 | 1 | -5/+1 |
| * | Don't check authenticity tokens for any AJAX requests | Ross Kaffenburger and Bryan Helmkamp | 2009-04-15 | 1 | -5/+6 |
| * | Ruby 1.9 compat: rename deprecated assert_raises to assert_raise. | Jeremy Kemper | 2009-03-08 | 1 | -9/+9 |
| * | Change the forgery token implementation to just be a simple random string. | Michael Koziarski | 2008-11-23 | 1 | -87/+6 |
| * | Merge branch 'master' into testing | Jeremy Kemper | 2008-11-15 | 1 | -52/+66 |
| |\ |
|
| | * | Changed request forgery protection to only worry about HTML-formatted content... | Jeff Cohen | 2008-11-13 | 1 | -52/+66 |
| * | | Move controller assertions from base TestCase to AC:: and AV::TestCase | Jeremy Kemper | 2008-11-07 | 1 | -5/+5 |
| |/ |
|
| * | Merge branch 'master' of git@github.com:rails/rails | rick | 2008-05-13 | 1 | -0/+24 |
| |\ |
|
| | * | Bug: Earlier Check for Session in Forgery Protection | Peter Jones | 2008-05-11 | 1 | -0/+24 |
| * | | change ActionController::RequestForgeryProtection to use Mime::Type#verify_re... | rick | 2008-05-06 | 1 | -3/+45 |
| * | | Change the request forgery protection to go by Content-Type instead of reques... | rick | 2008-05-06 | 1 | -4/+25 |
| |/ |
|
| * | Don't append the forgery token to an ajax request if it's serializing a form,... | Michael Koziarski | 2008-01-08 | 1 | -0/+9 |
| * | require abstract_unit directly since test is in load path | Jeremy Kemper | 2008-01-05 | 1 | -1/+1 |
| * | Ruby 1.9 compat, consistent load paths | Jeremy Kemper | 2007-10-02 | 1 | -1/+1 |
