aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' of github.com:rails/railsVijay Dev2015-08-241-20/+20
|\ | | | | | | | | Conflicts: guides/source/security.md
| * Add bold to lists' titles [ci skip]Alexey Markov2015-08-211-6/+6
| |
| * Small fixes [ci skip]Alexey Markov2015-08-201-12/+6
| |
| * Small fixes [ci skip]Alexey Markov2015-08-171-6/+5
| |
| * Tiny documentation fixes [ci skip]Robin Dupret2015-08-111-1/+6
| |
| * [ci skip] Typo fixedDhia Eddine Chouchane2015-08-061-1/+1
| |
| * Outdated information about session storage updated [ci skip] Dhia Eddine Chouchane2015-08-061-2/+4
| | | | | | | | The guide contains information about Rails 2 storing mechanism, but not Rails 4. Enhanced the accuracy and coherence of information (There was a part saying "Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore." while there was no mention of EncryptedCookieStore before)
* | add commas removed earlier [ci skip]Vijay Dev2015-08-241-1/+1
| |
* | [ci skip] Fix to `a, b and c` formatyui-knk2015-07-251-1/+1
| |
* | [ci skip] Fix minor typoyui-knk2015-07-241-1/+1
| | | | | | | | | | * Remove `,` * Fix `&lt`; -> `<`
* | [ci skip] Minor fixyui-knk2015-07-241-1/+1
|/ | | | | * add a space * add a `.`
* Add to Security guides the secrets.ymlMauro George2015-07-061-0/+23
| | | | [ci skip]
* [ci skip] Replace dead link about HttpOnly cookies.Yoong Kang Lim2015-05-281-1/+1
|
* Rails documentation standard is american english. [ci skip]karanarora2015-05-201-1/+1
|
* updating the links, they were removed in cc30f5f9 [ci skip]Ankit Gupta2015-05-191-0/+1
| | | | new links as per pull request comment #20160 (OWASP guides)
* Dead blog/site links [ci skip]Ankit Gupta2015-05-141-1/+1
|
* promote :except option instead of :only for before action docs [ci skip]Faruk AYDIN2015-05-091-1/+1
|
* [skip ci] Fix typos in actionpack changelog and security guideAnton Davydov2015-05-071-1/+1
|
* Merge pull request #19446 from ↵Zachary Scott2015-04-141-4/+6
|\ | | | | | | | | andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip]
| * [ci skip] Fix for Security Guide - Captcha SectionAnderson Dadario2015-03-221-4/+6
| |
* | Remove old and not working link. [ci skip]Santosh Wadghule2015-03-281-1/+1
|/
* Merge pull request #18503 from vipulnsward/guides-in-onXavier Noria2015-01-141-1/+1
|\ | | | | Changed `IN` to `ON` in markdown renderer condition
| * - Changed `IN` to `ON` in markdown renderer conditionVipul A M2015-01-141-1/+1
| | | | | | | | - Changed `IN` to `ON` in all note sentences in guides.
* | Guides: Removing reference to blog that is not updated anymore [ci skip]Andrey Nering2015-01-131-1/+0
|/
* Avoid displaying new lines inside note paragraphsRobin Dupret2015-01-031-1/+8
| | | | | | | | | | | | | Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip]
* warn about reading guides in GitHubXavier Noria2014-12-231-0/+2
| | | | References #18148.
* Do not use line breaks on notes [ci skip]Andrey Nering2014-12-221-6/+1
| | | | References #18138
* s/a unobtrusive/an unobtrusive [ci skip]Zachary Scott2014-12-221-1/+1
|
* Add note about Ajax and CSRF-Token [ci skip]Andrey Nering2014-12-201-1/+8
|
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-4/+4
|
* Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip]Javier Vidal2014-11-221-1/+1
| | | | | | | | | | The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
* [ci skip] re-worded section on CookieStore to make it more readable.Tom Kadwill2014-08-161-3/+3
|
* Point to rubygems instead of Rails GitHub. [ci skip]Rafael Mendonça França2014-08-151-1/+1
| | | | The rails repository is not the official plugin anymore
* Fixed link for in_place_editor [ci skip]Arun Agrawal2014-08-151-1/+1
| | | | closes #16512
* correct markdown usage [ci skip]Nishant Modak2014-07-091-6/+6
|
* remove rubyforge.org that was shut down [ci skip]Gaurav Sharma2014-06-061-1/+1
|
* Replace first person point of view on guides.Hendy Tanata2014-05-161-7/+7
| | | | [skip ci]
* [ci skip] Security guide clarity.Kyle Heironimus2014-05-011-2/+2
|
* Remove statement assuming coffee shop/public space wifi is inherently insecureNick Quaranto2014-04-191-1/+1
|
* Include default rails protect_from_forgery with: :exceptionPaulL12014-04-171-4/+4
| | | | | | Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align.
* CSRF protection should rescue exception not extendPaulL12014-04-171-3/+2
| | | | | I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that.
* [ci skip] Use plain underscore instead of "\_".Juanito Fatas2014-04-131-2/+2
|
* W3C CSP document moved to gihub.io URL [ci skip]Andy Callaghan2014-04-051-1/+1
| | | The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
* [ci skip] use secrets.secret_key_base instead of config.secret_key_baseKuldeep Aggarwal2014-03-011-3/+10
| | | | use secrets.yml instead of secret_token.rb
* Add verb to sanitization noteDave Jachimiak2014-02-141-1/+1
|
* Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+43
| | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* clean up security guide: his => their [ci skip]Rex Feng2014-01-161-1/+1
|
* [ci skip] Added alias to CSRFUday Kadaboina2014-01-141-2/+2
|
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-3/+5
| | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-6/+6
|