aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
Commit message (Collapse)AuthorAgeFilesLines
* [skip ci] Fix typos in actionpack changelog and security guideAnton Davydov2015-05-071-1/+1
|
* Merge pull request #19446 from ↵Zachary Scott2015-04-141-4/+6
|\ | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip]
| * [ci skip] Fix for Security Guide - Captcha SectionAnderson Dadario2015-03-221-4/+6
| |
* | Remove old and not working link. [ci skip]Santosh Wadghule2015-03-281-1/+1
|/
* Merge pull request #18503 from vipulnsward/guides-in-onXavier Noria2015-01-141-1/+1
|\ | | | | Changed `IN` to `ON` in markdown renderer condition
| * - Changed `IN` to `ON` in markdown renderer conditionVipul A M2015-01-141-1/+1
| | | | | | | | - Changed `IN` to `ON` in all note sentences in guides.
* | Guides: Removing reference to blog that is not updated anymore [ci skip]Andrey Nering2015-01-131-1/+0
|/
* Avoid displaying new lines inside note paragraphsRobin Dupret2015-01-031-1/+8
| | | | | | | | | | | | | Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip]
* warn about reading guides in GitHubXavier Noria2014-12-231-0/+2
| | | | References #18148.
* Do not use line breaks on notes [ci skip]Andrey Nering2014-12-221-6/+1
| | | | References #18138
* s/a unobtrusive/an unobtrusive [ci skip]Zachary Scott2014-12-221-1/+1
|
* Add note about Ajax and CSRF-Token [ci skip]Andrey Nering2014-12-201-1/+8
|
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-4/+4
|
* Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip]Javier Vidal2014-11-221-1/+1
| | | | | | | | | | The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
* [ci skip] re-worded section on CookieStore to make it more readable.Tom Kadwill2014-08-161-3/+3
|
* Point to rubygems instead of Rails GitHub. [ci skip]Rafael Mendonça França2014-08-151-1/+1
| | | | The rails repository is not the official plugin anymore
* Fixed link for in_place_editor [ci skip]Arun Agrawal2014-08-151-1/+1
| | | | closes #16512
* correct markdown usage [ci skip]Nishant Modak2014-07-091-6/+6
|
* remove rubyforge.org that was shut down [ci skip]Gaurav Sharma2014-06-061-1/+1
|
* Replace first person point of view on guides.Hendy Tanata2014-05-161-7/+7
| | | | [skip ci]
* [ci skip] Security guide clarity.Kyle Heironimus2014-05-011-2/+2
|
* Remove statement assuming coffee shop/public space wifi is inherently insecureNick Quaranto2014-04-191-1/+1
|
* Include default rails protect_from_forgery with: :exceptionPaulL12014-04-171-4/+4
| | | | | | Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align.
* CSRF protection should rescue exception not extendPaulL12014-04-171-3/+2
| | | | | I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that.
* [ci skip] Use plain underscore instead of "\_".Juanito Fatas2014-04-131-2/+2
|
* W3C CSP document moved to gihub.io URL [ci skip]Andy Callaghan2014-04-051-1/+1
| | | The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
* [ci skip] use secrets.secret_key_base instead of config.secret_key_baseKuldeep Aggarwal2014-03-011-3/+10
| | | | use secrets.yml instead of secret_token.rb
* Add verb to sanitization noteDave Jachimiak2014-02-141-1/+1
|
* Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+43
| | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* clean up security guide: his => their [ci skip]Rex Feng2014-01-161-1/+1
|
* [ci skip] Added alias to CSRFUday Kadaboina2014-01-141-2/+2
|
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-3/+5
| | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-6/+6
|
* Use genderless pronouns in security guide. [ci skip]Vipul A M2013-12-021-18/+18
| | | | related #49ff20d9b164693ed7fee880b69cc14b141678b3
* Update security.mdAdam2013-11-081-1/+1
| | | | | | Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications"
* incorrect urlSergio2013-09-161-1/+1
| | | incorrect url
* incorrect urls Sergio2013-09-161-2/+2
| | | I've found two incorrects urls for adding ':' at the end of the url
* surplus : in attachment_fu pluginSergio2013-09-151-1/+1
| | | surplus ':' character in url
* Improves a sentence in guides/securityHannes Fostie2013-09-091-1/+1
| | | | Changed "... books make this wrong" to "... books get this wrong"
* cleans the guides sources from fancy non-ASCII stuffXavier Noria2013-08-231-22/+22
|
* remove language about configuring digest method [ci skip]Justin George2013-07-311-1/+1
|
* update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵Justin George2013-07-301-1/+1
| | | | SignedCookieStore [ci skip]
* Remove double spaces in guidesSunny Ripert2013-05-281-2/+2
|
* Simple grammar updatesJonathan Roes2013-05-031-2/+2
|
* Fix typo "can exploited" with "can be exploited"Leo Gallucci2013-05-011-1/+1
|
* Ruby On Rails -> Ruby on Rails [ci skip]Xavier Noria2013-04-161-1/+1
|
* ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer ↵sthollmann2013-03-271-1/+1
| | | | available at the previous location
* Remove mass-assignment line from guide summaryAndrew Wilcox2013-01-251-1/+0
|
* PUT => PATCH or PUTAkira Matsuda2013-01-021-1/+1
|
* Updated security guide to reference secret_key_base instead of secret_token, ↵Gary S. Weaver2012-12-211-3/+3
| | | | with a little information about the change from CookieStore to EncryptedCookieStore.