| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \
| |/ /
|/| | |
AEAD encrypted cookies and sessions
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
|\ \ \
| | | |
| | | | |
[ci skip]fix wrong variable name in docs
|
| | | | |
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Define path with __dir__
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
".. with __dir__ we can restore order in the Universe." - by @fxn
Related to 5b8738c2df003a96f0e490c43559747618d10f5f
|
|\ \ \ \
| | | | |
| | | | | |
Add ActiveRecord::Relation#or description to guides
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`gmail` --> `Gmail`
[ci skip]
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Update Rails API Application guide to match current code [ci skip]
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Adjust list of middlewares loaded by default
* Add routing middleware to list to match the list in the Rack guide
* Adjust list of Controller modules loaded by default
Plus fix one singular/plural mistake
|
| |/ / /
|/| | | |
|
| |/ /
|/| | |
|
| | |
| | |
| | |
| | | |
[ci skip]
|
|\ \ \
| | | |
| | | | |
Simplify handling of prerequisites in Getting Started guide [ci skip]
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Telling people about prerequisites, and then telling them a page later
how to check and install those prerequisites, is confusing. This commit
removes the list and just handles the software installation in one
place.
Fixes #28565
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
dixpac/dixpac/add_documentation_for_validate_and_callback_order_of_execution
Improving docs for callbacks execution order [ci skip]
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When define callbacks latest definition on the same callback/method
overwrites previous ones.
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Remove obsolete Guides source files [ci skip]
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Nested Model Forms guide is out of date, not linked from index,
and material is covered in the Form Helpers guide.
* Profiling guide was committed as an outline years ago
and never actually written.
|
|/ / / |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
* Adjust middlewares list to match current defaults
* application.routes runs on application object, not Rails
* Add explanation of Sprockets::Rails::QuietAssets
|
| | |
| | |
| | |
| | |
| | | |
This allows auto_discovery_link_tag to support the JSON Feed standard.
See https://jsonfeed.org/version/1 for more information.
|
|\ \ \
| |_|/
|/| | |
[ci skip] explain async queue and rake tasks
|
| | |
| | |
| | |
| | | |
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | | |
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously this implied that system tests provided other non-headless
drivers when Selenium is the only driver that uses `:using`,
`:screen_size` or `:options` arguments.
This change clarifies that Selenium is the only non-headless driver.
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
It's more likely you'll generate a test for testing users than a users
creates test. This is a better example of a real world test.
Additionally the users create view is unlikely to have the text
"UserCreates" since that is likely generated as well. This is now an
example of visiting the users index.
|
| |
| |
| |
| |
| | |
Update guide to clarify that mailer fixtures are not created when
using the mailer generator.
|
|/ |
|
|\
| |
| | |
Correct Autoloading and STI guide (issue #26994)
|
| | |
|
| |
| |
| |
| | |
The `assert_nothing_raised` was moved to `ActiveSupport::Testing::Assertions` in 3cece0b6574c496605df055a2ebf77177f5b6e7f.
|
| | |
|
| |
| |
| | |
Put wording in line with http://weblog.rubyonrails.org/2017/4/27/Rails-5-1-final/
|
| |
| |
| |
| | |
The `secrets` method is in `Application` class, not `Configuration` class.
|
| |
| |
| |
| |
| |
| | |
* `Permit same-origin connections by default` was backported in db70978, 549d732.
* `Deprecated `:controller` and `:action` path parameters` was included in 6520ea5.
* `Exception handling: use `rescue_from` was included in 6b54316.
|
| |
| |
| |
| | |
@prathamesh-sonpatki added the last missing commits in #28911.
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Will backport to 5-1-stable, since the original PR landed there.
[ci skip]
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | | |
Update the "Working with javascript" guide
|
| | | |
|