| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Change Active Storage destroy callbacks | kami-zh | 2018-01-09 | 1 | -0/+6 |
| | | | | | | There is concern that only blob are deleted depending on the `before_destroy` definition order which throws abort. | ||||
| * | Force content disposition to attachment for specific content types | Rosa Gutierrez | 2018-01-05 | 1 | -0/+8 |
| | | | | | | | | | | | | | | | In this way we avoid HTML, XML, SVG and other files that can be rendered by the browser to be served inline by default. Depending on the origin from where these files are served, this might lead to XSS vulnerabilities, and in the best case, to more realistic phishing attacks and open redirects. We force it rather than falling back to it when other disposition is not provided. Otherwise it would be possible for someone to force inline just by passing `disposition=inline` in the URL. The list of content types to be served as attachments is configurable. | ||||
| * | Preparing for 5.2.0.beta2 release | Rafael Mendonça França | 2017-11-28 | 1 | -0/+7 |
| | | |||||
| * | Preparing for 5.2.0.beta1 release | Rafael Mendonça França | 2017-11-27 | 1 | -0/+2 |
| | | |||||
| * | Initialize changelog | David Heinemeier Hansson | 2017-07-31 | 1 | -0/+3 |
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |