aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
Commit message (Collapse)AuthorAgeFilesLines
* rails -> Rails [ci skip]Santosh Wadghule2016-07-121-1/+1
|
* cometic updates to security guide - fixes #25058 [ci skip]Mateusz Konieczny2016-05-271-1/+1
|
* Merge pull request #25052 from matkoniecz/2008_is_not_recentJon Moss2016-05-171-3/+1
|\ | | | | update to make it less obvious that this guide is from 2008/2009
| * update to make it less obvious that this guide is from 2008/2009Mateusz Konieczny2016-05-171-3/+1
| | | | | | | | | | malicious ads are neither new nor unusual live HTTP headers project is dead - see https://www.mozdev.org/bugs/show_bug.cgi?id=25944
* | Safari 4 supports http only cookie (#25053)Mateusz Konieczny2016-05-171-1/+1
| | | | | | | | | | * Update documentation about Safari 4 supporting http only cookie - Source: www.greebo.net/2009/06/09/httponly-in-safari-40-release/ via http://stackoverflow.com/questions/528405/which-browsers-do-support-httponly-cookies
* | Fix security guide capitalization errorsJon Moss2016-05-161-15/+15
|/ | | | | | | | | Would have submitted to docrails, but this guide was just changed today, and docrails doesn't have the most updated version :grimacing: cc @vipulnsward [ci skip]
* Update the Rails security guideRalin Chimev2016-05-161-2/+2
| | | | | | | | | | | Bring up-to-date the information about the session id in the Sessions section. The guide currently says that the session id is a md5 hash while the implementation uses a random hex string. Fixes #25032. [ci skip]
* [ci skip] Parameter filter performs regular expression partial matchingAndrew Babichev2016-03-311-0/+2
|
* Remove reference to unmaintained plugin/gemOlivier Lacan2016-03-231-1/+1
| | | | | | | | | [restful-authentication](https://rubygems.org/gems/restful-authentication/versions/1.2.1) hasn't been updated since September 6th, 2012 so it might not be a great idea to recommend that Rails users try it out. Devise seems like a much more popular and secure solution that automatically resets sessions on sign in and out so it's a great example in this case. /cc @tenderlove @josevalim
* Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-031-3/+3
|
* Fixed grammatical errors in rails docs [ci skip]Matt Michnal2016-02-091-2/+2
| | | | | | Fixed errors in rails migrations docs [ci skip] Fixed errors in rails security docs [ci skip]
* [ci skip] Fix grammarAbhishek Jain2016-02-091-1/+1
|
* use rails secret in rails guidesRyo Hashimoto2016-02-031-1/+1
|
* ApplicationRecord documentation passGenadi Samokovarov2015-12-171-1/+1
| | | | | | | This is a pass over the documentation which fills the missing gaps of `ApplicationRecord`. [ci skip]
* Fix a couple of grammatical errors in security.mdExistent Ltd2015-12-161-2/+2
|
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-10-311-1/+1
|\
| * Improved `KeyError` messages on bang version, since commit ↵amitkumarsuroliya2015-10-111-1/+1
| | | | | | | | https://github.com/rails/rails/commit/e768c519fb6015e00961702a5165c6dab548a954 bang version produces `KeyError` [ci skip]
* | Improve readability in CSRF section of guideAndy Lampert2015-10-071-4/+3
| |
* | [ci skip] Change 'an URL' to 'a URL' as URL doesn't have a vowel soundtanmay30112015-10-061-2/+2
| |
* | Update text on CSS Injection / MyspaceSean Collins2015-10-031-5/+3
|/ | | | [skip ci]
* Clarify CSRF <script> purpose and protection. Note how to deal with your own ↵Jeremy Daer2015-09-161-1/+3
| | | | | | | | <script> tags. Ref #21618 [ci skip]
* Improved explanation of the <script> tag CSRF behaviorAnshul Agrawal2015-09-141-1/+1
|
* Merge branch 'master' of github.com:rails/railsVijay Dev2015-08-241-20/+20
|\ | | | | | | | | Conflicts: guides/source/security.md
| * Add bold to lists' titles [ci skip]Alexey Markov2015-08-211-6/+6
| |
| * Small fixes [ci skip]Alexey Markov2015-08-201-12/+6
| |
| * Small fixes [ci skip]Alexey Markov2015-08-171-6/+5
| |
| * Tiny documentation fixes [ci skip]Robin Dupret2015-08-111-1/+6
| |
| * [ci skip] Typo fixedDhia Eddine Chouchane2015-08-061-1/+1
| |
| * Outdated information about session storage updated [ci skip] Dhia Eddine Chouchane2015-08-061-2/+4
| | | | | | | | The guide contains information about Rails 2 storing mechanism, but not Rails 4. Enhanced the accuracy and coherence of information (There was a part saying "Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore." while there was no mention of EncryptedCookieStore before)
* | add commas removed earlier [ci skip]Vijay Dev2015-08-241-1/+1
| |
* | [ci skip] Fix to `a, b and c` formatyui-knk2015-07-251-1/+1
| |
* | [ci skip] Fix minor typoyui-knk2015-07-241-1/+1
| | | | | | | | | | * Remove `,` * Fix `&lt`; -> `&lt;`
* | [ci skip] Minor fixyui-knk2015-07-241-1/+1
|/ | | | | * add a space * add a `.`
* Add to Security guides the secrets.ymlMauro George2015-07-061-0/+23
| | | | [ci skip]
* [ci skip] Replace dead link about HttpOnly cookies.Yoong Kang Lim2015-05-281-1/+1
|
* Rails documentation standard is american english. [ci skip]karanarora2015-05-201-1/+1
|
* updating the links, they were removed in cc30f5f9 [ci skip]Ankit Gupta2015-05-191-0/+1
| | | | new links as per pull request comment #20160 (OWASP guides)
* Dead blog/site links [ci skip]Ankit Gupta2015-05-141-1/+1
|
* promote :except option instead of :only for before action docs [ci skip]Faruk AYDIN2015-05-091-1/+1
|
* [skip ci] Fix typos in actionpack changelog and security guideAnton Davydov2015-05-071-1/+1
|
* Merge pull request #19446 from ↵Zachary Scott2015-04-141-4/+6
|\ | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip]
| * [ci skip] Fix for Security Guide - Captcha SectionAnderson Dadario2015-03-221-4/+6
| |
* | Remove old and not working link. [ci skip]Santosh Wadghule2015-03-281-1/+1
|/
* Merge pull request #18503 from vipulnsward/guides-in-onXavier Noria2015-01-141-1/+1
|\ | | | | Changed `IN` to `ON` in markdown renderer condition
| * - Changed `IN` to `ON` in markdown renderer conditionVipul A M2015-01-141-1/+1
| | | | | | | | - Changed `IN` to `ON` in all note sentences in guides.
* | Guides: Removing reference to blog that is not updated anymore [ci skip]Andrey Nering2015-01-131-1/+0
|/
* Avoid displaying new lines inside note paragraphsRobin Dupret2015-01-031-1/+8
| | | | | | | | | | | | | Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip]
* warn about reading guides in GitHubXavier Noria2014-12-231-0/+2
| | | | References #18148.
* Do not use line breaks on notes [ci skip]Andrey Nering2014-12-221-6/+1
| | | | References #18138
* s/a unobtrusive/an unobtrusive [ci skip]Zachary Scott2014-12-221-1/+1
|