Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add to Security guides the secrets.yml | Mauro George | 2015-07-06 | 1 | -0/+23 |
| | | | | [ci skip] | ||||
* | [ci skip] Replace dead link about HttpOnly cookies. | Yoong Kang Lim | 2015-05-28 | 1 | -1/+1 |
| | |||||
* | Rails documentation standard is american english. [ci skip] | karanarora | 2015-05-20 | 1 | -1/+1 |
| | |||||
* | updating the links, they were removed in cc30f5f9 [ci skip] | Ankit Gupta | 2015-05-19 | 1 | -0/+1 |
| | | | | new links as per pull request comment #20160 (OWASP guides) | ||||
* | Dead blog/site links [ci skip] | Ankit Gupta | 2015-05-14 | 1 | -1/+1 |
| | |||||
* | promote :except option instead of :only for before action docs [ci skip] | Faruk AYDIN | 2015-05-09 | 1 | -1/+1 |
| | |||||
* | [skip ci] Fix typos in actionpack changelog and security guide | Anton Davydov | 2015-05-07 | 1 | -1/+1 |
| | |||||
* | Merge pull request #19446 from ↵ | Zachary Scott | 2015-04-14 | 1 | -4/+6 |
|\ | | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip] | ||||
| * | [ci skip] Fix for Security Guide - Captcha Section | Anderson Dadario | 2015-03-22 | 1 | -4/+6 |
| | | |||||
* | | Remove old and not working link. [ci skip] | Santosh Wadghule | 2015-03-28 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #18503 from vipulnsward/guides-in-on | Xavier Noria | 2015-01-14 | 1 | -1/+1 |
|\ | | | | | Changed `IN` to `ON` in markdown renderer condition | ||||
| * | - Changed `IN` to `ON` in markdown renderer condition | Vipul A M | 2015-01-14 | 1 | -1/+1 |
| | | | | | | | | - Changed `IN` to `ON` in all note sentences in guides. | ||||
* | | Guides: Removing reference to blog that is not updated anymore [ci skip] | Andrey Nering | 2015-01-13 | 1 | -1/+0 |
|/ | |||||
* | Avoid displaying new lines inside note paragraphs | Robin Dupret | 2015-01-03 | 1 | -1/+8 |
| | | | | | | | | | | | | | Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip] | ||||
* | warn about reading guides in GitHub | Xavier Noria | 2014-12-23 | 1 | -0/+2 |
| | | | | References #18148. | ||||
* | Do not use line breaks on notes [ci skip] | Andrey Nering | 2014-12-22 | 1 | -6/+1 |
| | | | | References #18138 | ||||
* | s/a unobtrusive/an unobtrusive [ci skip] | Zachary Scott | 2014-12-22 | 1 | -1/+1 |
| | |||||
* | Add note about Ajax and CSRF-Token [ci skip] | Andrey Nering | 2014-12-20 | 1 | -1/+8 |
| | |||||
* | Don't convert empty arrays to nils when deep munging params | Chris Sinjakli | 2014-12-15 | 1 | -4/+4 |
| | |||||
* | Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip] | Javier Vidal | 2014-11-22 | 1 | -1/+1 |
| | | | | | | | | | | The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html | ||||
* | [ci skip] re-worded section on CookieStore to make it more readable. | Tom Kadwill | 2014-08-16 | 1 | -3/+3 |
| | |||||
* | Point to rubygems instead of Rails GitHub. [ci skip] | Rafael Mendonça França | 2014-08-15 | 1 | -1/+1 |
| | | | | The rails repository is not the official plugin anymore | ||||
* | Fixed link for in_place_editor [ci skip] | Arun Agrawal | 2014-08-15 | 1 | -1/+1 |
| | | | | closes #16512 | ||||
* | correct markdown usage [ci skip] | Nishant Modak | 2014-07-09 | 1 | -6/+6 |
| | |||||
* | remove rubyforge.org that was shut down [ci skip] | Gaurav Sharma | 2014-06-06 | 1 | -1/+1 |
| | |||||
* | Replace first person point of view on guides. | Hendy Tanata | 2014-05-16 | 1 | -7/+7 |
| | | | | [skip ci] | ||||
* | [ci skip] Security guide clarity. | Kyle Heironimus | 2014-05-01 | 1 | -2/+2 |
| | |||||
* | Remove statement assuming coffee shop/public space wifi is inherently insecure | Nick Quaranto | 2014-04-19 | 1 | -1/+1 |
| | |||||
* | Include default rails protect_from_forgery with: :exception | PaulL1 | 2014-04-17 | 1 | -4/+4 |
| | | | | | | Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align. | ||||
* | CSRF protection should rescue exception not extend | PaulL1 | 2014-04-17 | 1 | -3/+2 |
| | | | | | I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that. | ||||
* | [ci skip] Use plain underscore instead of "\_". | Juanito Fatas | 2014-04-13 | 1 | -2/+2 |
| | |||||
* | W3C CSP document moved to gihub.io URL [ci skip] | Andy Callaghan | 2014-04-05 | 1 | -1/+1 |
| | | | The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL | ||||
* | [ci skip] use secrets.secret_key_base instead of config.secret_key_base | Kuldeep Aggarwal | 2014-03-01 | 1 | -3/+10 |
| | | | | use secrets.yml instead of secret_token.rb | ||||
* | Add verb to sanitization note | Dave Jachimiak | 2014-02-14 | 1 | -1/+1 |
| | |||||
* | Log which keys were set to nil in deep_munge | Lukasz Sarnacki | 2014-01-28 | 1 | -0/+43 |
| | | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added. | ||||
* | clean up security guide: his => their [ci skip] | Rex Feng | 2014-01-16 | 1 | -1/+1 |
| | |||||
* | [ci skip] Added alias to CSRF | Uday Kadaboina | 2014-01-14 | 1 | -2/+2 |
| | |||||
* | CSRF protection from cross-origin <script> tags | Jeremy Kemper | 2013-12-17 | 1 | -3/+5 |
| | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking | ||||
* | [ci skip] Removing some gender sensitive object pronouns | Tejas Dinkar | 2013-12-02 | 1 | -6/+6 |
| | |||||
* | Use genderless pronouns in security guide. [ci skip] | Vipul A M | 2013-12-02 | 1 | -18/+18 |
| | | | | related #49ff20d9b164693ed7fee880b69cc14b141678b3 | ||||
* | Update security.md | Adam | 2013-11-08 | 1 | -1/+1 |
| | | | | | | Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications" | ||||
* | incorrect url | Sergio | 2013-09-16 | 1 | -1/+1 |
| | | | incorrect url | ||||
* | incorrect urls | Sergio | 2013-09-16 | 1 | -2/+2 |
| | | | I've found two incorrects urls for adding ':' at the end of the url | ||||
* | surplus : in attachment_fu plugin | Sergio | 2013-09-15 | 1 | -1/+1 |
| | | | surplus ':' character in url | ||||
* | Improves a sentence in guides/security | Hannes Fostie | 2013-09-09 | 1 | -1/+1 |
| | | | | Changed "... books make this wrong" to "... books get this wrong" | ||||
* | cleans the guides sources from fancy non-ASCII stuff | Xavier Noria | 2013-08-23 | 1 | -22/+22 |
| | |||||
* | remove language about configuring digest method [ci skip] | Justin George | 2013-07-31 | 1 | -1/+1 |
| | |||||
* | update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵ | Justin George | 2013-07-30 | 1 | -1/+1 |
| | | | | SignedCookieStore [ci skip] | ||||
* | Remove double spaces in guides | Sunny Ripert | 2013-05-28 | 1 | -2/+2 |
| | |||||
* | Simple grammar updates | Jonathan Roes | 2013-05-03 | 1 | -2/+2 |
| |