Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Merge branch 'master' of github.com:rails/docrails | Vijay Dev | 2016-12-16 | 1 | -1/+1 | |
|\ | ||||||
| * | Remove mention of SafeErb gem [ci skip] | Prathamesh Sonpatki | 2016-11-19 | 1 | -1/+1 | |
| | | | | | | | | Followup of https://github.com/rails/rails/pull/27086 | |||||
* | | Remove mention of deprecated SafeERB gem from security docs for now, prior ↵ | Vipul A M | 2016-11-18 | 1 | -1/+1 | |
|/ | | | | | section already speaks about sanitization as a safety measure. [ci skip] (#27086) Fixes #27085 | |||||
* | Remove the word "mongrel" from documents | Ryunosuke Sato | 2016-09-07 | 1 | -1/+1 | |
| | | | | | | | | | Currently mongrel is not maintained. And it couldn't be built with any Ruby versions that supported by Rails. It is reasonable to remove the word "mongrel" in order to avoid confusion from newcomer. | |||||
* | [ci skip] Broken links in documentation fix | Rasmus Kjellberg | 2016-08-30 | 1 | -1/+1 | |
| | ||||||
* | When referring to Rails, be consistent in usage of capitalized form, unless ↵ | Vipul A M | 2016-08-19 | 1 | -1/+1 | |
| | | | | it is used in context of a command like bin/rails or the rails directory [ci skip] | |||||
* | rails -> Rails [ci skip] | Santosh Wadghule | 2016-07-12 | 1 | -1/+1 | |
| | ||||||
* | cometic updates to security guide - fixes #25058 [ci skip] | Mateusz Konieczny | 2016-05-27 | 1 | -1/+1 | |
| | ||||||
* | Merge pull request #25052 from matkoniecz/2008_is_not_recent | Jon Moss | 2016-05-17 | 1 | -3/+1 | |
|\ | | | | | update to make it less obvious that this guide is from 2008/2009 | |||||
| * | update to make it less obvious that this guide is from 2008/2009 | Mateusz Konieczny | 2016-05-17 | 1 | -3/+1 | |
| | | | | | | | | | | malicious ads are neither new nor unusual live HTTP headers project is dead - see https://www.mozdev.org/bugs/show_bug.cgi?id=25944 | |||||
* | | Safari 4 supports http only cookie (#25053) | Mateusz Konieczny | 2016-05-17 | 1 | -1/+1 | |
| | | | | | | | | | | * Update documentation about Safari 4 supporting http only cookie - Source: www.greebo.net/2009/06/09/httponly-in-safari-40-release/ via http://stackoverflow.com/questions/528405/which-browsers-do-support-httponly-cookies | |||||
* | | Fix security guide capitalization errors | Jon Moss | 2016-05-16 | 1 | -15/+15 | |
|/ | | | | | | | | | Would have submitted to docrails, but this guide was just changed today, and docrails doesn't have the most updated version :grimacing: cc @vipulnsward [ci skip] | |||||
* | Update the Rails security guide | Ralin Chimev | 2016-05-16 | 1 | -2/+2 | |
| | | | | | | | | | | | Bring up-to-date the information about the session id in the Sessions section. The guide currently says that the session id is a md5 hash while the implementation uses a random hex string. Fixes #25032. [ci skip] | |||||
* | [ci skip] Parameter filter performs regular expression partial matching | Andrew Babichev | 2016-03-31 | 1 | -0/+2 | |
| | ||||||
* | Remove reference to unmaintained plugin/gem | Olivier Lacan | 2016-03-23 | 1 | -1/+1 | |
| | | | | | | | | | [restful-authentication](https://rubygems.org/gems/restful-authentication/versions/1.2.1) hasn't been updated since September 6th, 2012 so it might not be a great idea to recommend that Rails users try it out. Devise seems like a much more popular and secure solution that automatically resets sessions on sign in and out so it's a great example in this case. /cc @tenderlove @josevalim | |||||
* | Change 'a HTTP' to 'an HTTP' [ci skip] | Santosh Wadghule | 2016-03-03 | 1 | -3/+3 | |
| | ||||||
* | Fixed grammatical errors in rails docs [ci skip] | Matt Michnal | 2016-02-09 | 1 | -2/+2 | |
| | | | | | | Fixed errors in rails migrations docs [ci skip] Fixed errors in rails security docs [ci skip] | |||||
* | [ci skip] Fix grammar | Abhishek Jain | 2016-02-09 | 1 | -1/+1 | |
| | ||||||
* | use rails secret in rails guides | Ryo Hashimoto | 2016-02-03 | 1 | -1/+1 | |
| | ||||||
* | ApplicationRecord documentation pass | Genadi Samokovarov | 2015-12-17 | 1 | -1/+1 | |
| | | | | | | | This is a pass over the documentation which fills the missing gaps of `ApplicationRecord`. [ci skip] | |||||
* | Fix a couple of grammatical errors in security.md | Existent Ltd | 2015-12-16 | 1 | -2/+2 | |
| | ||||||
* | Merge branch 'master' of github.com:rails/docrails | Vijay Dev | 2015-10-31 | 1 | -1/+1 | |
|\ | ||||||
| * | Improved `KeyError` messages on bang version, since commit ↵ | amitkumarsuroliya | 2015-10-11 | 1 | -1/+1 | |
| | | | | | | | | https://github.com/rails/rails/commit/e768c519fb6015e00961702a5165c6dab548a954 bang version produces `KeyError` [ci skip] | |||||
* | | Improve readability in CSRF section of guide | Andy Lampert | 2015-10-07 | 1 | -4/+3 | |
| | | ||||||
* | | [ci skip] Change 'an URL' to 'a URL' as URL doesn't have a vowel sound | tanmay3011 | 2015-10-06 | 1 | -2/+2 | |
| | | ||||||
* | | Update text on CSS Injection / Myspace | Sean Collins | 2015-10-03 | 1 | -5/+3 | |
|/ | | | | [skip ci] | |||||
* | Clarify CSRF <script> purpose and protection. Note how to deal with your own ↵ | Jeremy Daer | 2015-09-16 | 1 | -1/+3 | |
| | | | | | | | | <script> tags. Ref #21618 [ci skip] | |||||
* | Improved explanation of the <script> tag CSRF behavior | Anshul Agrawal | 2015-09-14 | 1 | -1/+1 | |
| | ||||||
* | Merge branch 'master' of github.com:rails/rails | Vijay Dev | 2015-08-24 | 1 | -20/+20 | |
|\ | | | | | | | | | Conflicts: guides/source/security.md | |||||
| * | Add bold to lists' titles [ci skip] | Alexey Markov | 2015-08-21 | 1 | -6/+6 | |
| | | ||||||
| * | Small fixes [ci skip] | Alexey Markov | 2015-08-20 | 1 | -12/+6 | |
| | | ||||||
| * | Small fixes [ci skip] | Alexey Markov | 2015-08-17 | 1 | -6/+5 | |
| | | ||||||
| * | Tiny documentation fixes [ci skip] | Robin Dupret | 2015-08-11 | 1 | -1/+6 | |
| | | ||||||
| * | [ci skip] Typo fixed | Dhia Eddine Chouchane | 2015-08-06 | 1 | -1/+1 | |
| | | ||||||
| * | Outdated information about session storage updated [ci skip] | Dhia Eddine Chouchane | 2015-08-06 | 1 | -2/+4 | |
| | | | | | | | | The guide contains information about Rails 2 storing mechanism, but not Rails 4. Enhanced the accuracy and coherence of information (There was a part saying "Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore." while there was no mention of EncryptedCookieStore before) | |||||
* | | add commas removed earlier [ci skip] | Vijay Dev | 2015-08-24 | 1 | -1/+1 | |
| | | ||||||
* | | [ci skip] Fix to `a, b and c` format | yui-knk | 2015-07-25 | 1 | -1/+1 | |
| | | ||||||
* | | [ci skip] Fix minor typo | yui-knk | 2015-07-24 | 1 | -1/+1 | |
| | | | | | | | | | | * Remove `,` * Fix `<`; -> `<` | |||||
* | | [ci skip] Minor fix | yui-knk | 2015-07-24 | 1 | -1/+1 | |
|/ | | | | | * add a space * add a `.` | |||||
* | Add to Security guides the secrets.yml | Mauro George | 2015-07-06 | 1 | -0/+23 | |
| | | | | [ci skip] | |||||
* | [ci skip] Replace dead link about HttpOnly cookies. | Yoong Kang Lim | 2015-05-28 | 1 | -1/+1 | |
| | ||||||
* | Rails documentation standard is american english. [ci skip] | karanarora | 2015-05-20 | 1 | -1/+1 | |
| | ||||||
* | updating the links, they were removed in cc30f5f9 [ci skip] | Ankit Gupta | 2015-05-19 | 1 | -0/+1 | |
| | | | | new links as per pull request comment #20160 (OWASP guides) | |||||
* | Dead blog/site links [ci skip] | Ankit Gupta | 2015-05-14 | 1 | -1/+1 | |
| | ||||||
* | promote :except option instead of :only for before action docs [ci skip] | Faruk AYDIN | 2015-05-09 | 1 | -1/+1 | |
| | ||||||
* | [skip ci] Fix typos in actionpack changelog and security guide | Anton Davydov | 2015-05-07 | 1 | -1/+1 | |
| | ||||||
* | Merge pull request #19446 from ↵ | Zachary Scott | 2015-04-14 | 1 | -4/+6 | |
|\ | | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip] | |||||
| * | [ci skip] Fix for Security Guide - Captcha Section | Anderson Dadario | 2015-03-22 | 1 | -4/+6 | |
| | | ||||||
* | | Remove old and not working link. [ci skip] | Santosh Wadghule | 2015-03-28 | 1 | -1/+1 | |
|/ | ||||||
* | Merge pull request #18503 from vipulnsward/guides-in-on | Xavier Noria | 2015-01-14 | 1 | -1/+1 | |
|\ | | | | | Changed `IN` to `ON` in markdown renderer condition |