Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | rails -> Rails [ci skip] | Santosh Wadghule | 2016-07-12 | 1 | -1/+1 |
| | |||||
* | cometic updates to security guide - fixes #25058 [ci skip] | Mateusz Konieczny | 2016-05-27 | 1 | -1/+1 |
| | |||||
* | Merge pull request #25052 from matkoniecz/2008_is_not_recent | Jon Moss | 2016-05-17 | 1 | -3/+1 |
|\ | | | | | update to make it less obvious that this guide is from 2008/2009 | ||||
| * | update to make it less obvious that this guide is from 2008/2009 | Mateusz Konieczny | 2016-05-17 | 1 | -3/+1 |
| | | | | | | | | | | malicious ads are neither new nor unusual live HTTP headers project is dead - see https://www.mozdev.org/bugs/show_bug.cgi?id=25944 | ||||
* | | Safari 4 supports http only cookie (#25053) | Mateusz Konieczny | 2016-05-17 | 1 | -1/+1 |
| | | | | | | | | | | * Update documentation about Safari 4 supporting http only cookie - Source: www.greebo.net/2009/06/09/httponly-in-safari-40-release/ via http://stackoverflow.com/questions/528405/which-browsers-do-support-httponly-cookies | ||||
* | | Fix security guide capitalization errors | Jon Moss | 2016-05-16 | 1 | -15/+15 |
|/ | | | | | | | | | Would have submitted to docrails, but this guide was just changed today, and docrails doesn't have the most updated version :grimacing: cc @vipulnsward [ci skip] | ||||
* | Update the Rails security guide | Ralin Chimev | 2016-05-16 | 1 | -2/+2 |
| | | | | | | | | | | | Bring up-to-date the information about the session id in the Sessions section. The guide currently says that the session id is a md5 hash while the implementation uses a random hex string. Fixes #25032. [ci skip] | ||||
* | [ci skip] Parameter filter performs regular expression partial matching | Andrew Babichev | 2016-03-31 | 1 | -0/+2 |
| | |||||
* | Remove reference to unmaintained plugin/gem | Olivier Lacan | 2016-03-23 | 1 | -1/+1 |
| | | | | | | | | | [restful-authentication](https://rubygems.org/gems/restful-authentication/versions/1.2.1) hasn't been updated since September 6th, 2012 so it might not be a great idea to recommend that Rails users try it out. Devise seems like a much more popular and secure solution that automatically resets sessions on sign in and out so it's a great example in this case. /cc @tenderlove @josevalim | ||||
* | Change 'a HTTP' to 'an HTTP' [ci skip] | Santosh Wadghule | 2016-03-03 | 1 | -3/+3 |
| | |||||
* | Fixed grammatical errors in rails docs [ci skip] | Matt Michnal | 2016-02-09 | 1 | -2/+2 |
| | | | | | | Fixed errors in rails migrations docs [ci skip] Fixed errors in rails security docs [ci skip] | ||||
* | [ci skip] Fix grammar | Abhishek Jain | 2016-02-09 | 1 | -1/+1 |
| | |||||
* | use rails secret in rails guides | Ryo Hashimoto | 2016-02-03 | 1 | -1/+1 |
| | |||||
* | ApplicationRecord documentation pass | Genadi Samokovarov | 2015-12-17 | 1 | -1/+1 |
| | | | | | | | This is a pass over the documentation which fills the missing gaps of `ApplicationRecord`. [ci skip] | ||||
* | Fix a couple of grammatical errors in security.md | Existent Ltd | 2015-12-16 | 1 | -2/+2 |
| | |||||
* | Merge branch 'master' of github.com:rails/docrails | Vijay Dev | 2015-10-31 | 1 | -1/+1 |
|\ | |||||
| * | Improved `KeyError` messages on bang version, since commit ↵ | amitkumarsuroliya | 2015-10-11 | 1 | -1/+1 |
| | | | | | | | | https://github.com/rails/rails/commit/e768c519fb6015e00961702a5165c6dab548a954 bang version produces `KeyError` [ci skip] | ||||
* | | Improve readability in CSRF section of guide | Andy Lampert | 2015-10-07 | 1 | -4/+3 |
| | | |||||
* | | [ci skip] Change 'an URL' to 'a URL' as URL doesn't have a vowel sound | tanmay3011 | 2015-10-06 | 1 | -2/+2 |
| | | |||||
* | | Update text on CSS Injection / Myspace | Sean Collins | 2015-10-03 | 1 | -5/+3 |
|/ | | | | [skip ci] | ||||
* | Clarify CSRF <script> purpose and protection. Note how to deal with your own ↵ | Jeremy Daer | 2015-09-16 | 1 | -1/+3 |
| | | | | | | | | <script> tags. Ref #21618 [ci skip] | ||||
* | Improved explanation of the <script> tag CSRF behavior | Anshul Agrawal | 2015-09-14 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' of github.com:rails/rails | Vijay Dev | 2015-08-24 | 1 | -20/+20 |
|\ | | | | | | | | | Conflicts: guides/source/security.md | ||||
| * | Add bold to lists' titles [ci skip] | Alexey Markov | 2015-08-21 | 1 | -6/+6 |
| | | |||||
| * | Small fixes [ci skip] | Alexey Markov | 2015-08-20 | 1 | -12/+6 |
| | | |||||
| * | Small fixes [ci skip] | Alexey Markov | 2015-08-17 | 1 | -6/+5 |
| | | |||||
| * | Tiny documentation fixes [ci skip] | Robin Dupret | 2015-08-11 | 1 | -1/+6 |
| | | |||||
| * | [ci skip] Typo fixed | Dhia Eddine Chouchane | 2015-08-06 | 1 | -1/+1 |
| | | |||||
| * | Outdated information about session storage updated [ci skip] | Dhia Eddine Chouchane | 2015-08-06 | 1 | -2/+4 |
| | | | | | | | | The guide contains information about Rails 2 storing mechanism, but not Rails 4. Enhanced the accuracy and coherence of information (There was a part saying "Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore." while there was no mention of EncryptedCookieStore before) | ||||
* | | add commas removed earlier [ci skip] | Vijay Dev | 2015-08-24 | 1 | -1/+1 |
| | | |||||
* | | [ci skip] Fix to `a, b and c` format | yui-knk | 2015-07-25 | 1 | -1/+1 |
| | | |||||
* | | [ci skip] Fix minor typo | yui-knk | 2015-07-24 | 1 | -1/+1 |
| | | | | | | | | | | * Remove `,` * Fix `<`; -> `<` | ||||
* | | [ci skip] Minor fix | yui-knk | 2015-07-24 | 1 | -1/+1 |
|/ | | | | | * add a space * add a `.` | ||||
* | Add to Security guides the secrets.yml | Mauro George | 2015-07-06 | 1 | -0/+23 |
| | | | | [ci skip] | ||||
* | [ci skip] Replace dead link about HttpOnly cookies. | Yoong Kang Lim | 2015-05-28 | 1 | -1/+1 |
| | |||||
* | Rails documentation standard is american english. [ci skip] | karanarora | 2015-05-20 | 1 | -1/+1 |
| | |||||
* | updating the links, they were removed in cc30f5f9 [ci skip] | Ankit Gupta | 2015-05-19 | 1 | -0/+1 |
| | | | | new links as per pull request comment #20160 (OWASP guides) | ||||
* | Dead blog/site links [ci skip] | Ankit Gupta | 2015-05-14 | 1 | -1/+1 |
| | |||||
* | promote :except option instead of :only for before action docs [ci skip] | Faruk AYDIN | 2015-05-09 | 1 | -1/+1 |
| | |||||
* | [skip ci] Fix typos in actionpack changelog and security guide | Anton Davydov | 2015-05-07 | 1 | -1/+1 |
| | |||||
* | Merge pull request #19446 from ↵ | Zachary Scott | 2015-04-14 | 1 | -4/+6 |
|\ | | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip] | ||||
| * | [ci skip] Fix for Security Guide - Captcha Section | Anderson Dadario | 2015-03-22 | 1 | -4/+6 |
| | | |||||
* | | Remove old and not working link. [ci skip] | Santosh Wadghule | 2015-03-28 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #18503 from vipulnsward/guides-in-on | Xavier Noria | 2015-01-14 | 1 | -1/+1 |
|\ | | | | | Changed `IN` to `ON` in markdown renderer condition | ||||
| * | - Changed `IN` to `ON` in markdown renderer condition | Vipul A M | 2015-01-14 | 1 | -1/+1 |
| | | | | | | | | - Changed `IN` to `ON` in all note sentences in guides. | ||||
* | | Guides: Removing reference to blog that is not updated anymore [ci skip] | Andrey Nering | 2015-01-13 | 1 | -1/+0 |
|/ | |||||
* | Avoid displaying new lines inside note paragraphs | Robin Dupret | 2015-01-03 | 1 | -1/+8 |
| | | | | | | | | | | | | | Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip] | ||||
* | warn about reading guides in GitHub | Xavier Noria | 2014-12-23 | 1 | -0/+2 |
| | | | | References #18148. | ||||
* | Do not use line breaks on notes [ci skip] | Andrey Nering | 2014-12-22 | 1 | -6/+1 |
| | | | | References #18138 | ||||
* | s/a unobtrusive/an unobtrusive [ci skip] | Zachary Scott | 2014-12-22 | 1 | -1/+1 |
| |