Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove deprecated `config.secret_token` | Rafael Mendonça França | 2019-01-17 | 1 | -1/+3 |
| | |||||
* | Adding frozen_string_literal pragma to Railties. | Pat Allan | 2017-08-14 | 1 | -0/+2 |
| | |||||
* | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" | Matthew Draper | 2017-07-02 | 1 | -1/+0 |
| | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa. | ||||
* | Enforce frozen string in Rubocop | Kir Shatrov | 2017-07-01 | 1 | -0/+1 |
| | |||||
* | applies new string literal convention in railties/test | Xavier Noria | 2016-08-06 | 1 | -6/+6 |
| | | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. | ||||
* | remove args from assert_nothing_raised in tests | Tara Scherner de la Fuente | 2016-02-22 | 1 | -3/+3 |
| | |||||
* | Refactor ActionDispatch::RemoteIp | Sam Aarons | 2014-08-21 | 1 | -1/+15 |
| | | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16') | ||||
* | make sure both headers are set before checking for ip spoofing | Tamir Duberstein | 2013-06-04 | 1 | -0/+10 |
| | |||||
* | Remove comments about removing LegacyKeyGenerator in 4.1 | Trevor Turk | 2013-04-03 | 1 | -1/+0 |
| | |||||
* | Rename DummyKeyGenerator -> LegacyKeyGenerator | Trevor Turk | 2013-04-02 | 1 | -2/+2 |
| | |||||
* | Restore original remote_ip algorithm. | Andre Arko | 2013-01-02 | 1 | -1/+1 |
| | | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979 | ||||
* | Use derived keys everywhere, http_authentication was missing it | Santiago Pastorino | 2012-11-03 | 1 | -1/+3 |
| | |||||
* | Remove app building setup/teardown for remote ip railtie tests | Carlos Antonio da Silva | 2012-08-21 | 1 | -14/+0 |
| | | | | | These tests rely on "make_basic_app", which is a faster version that does not need to create the whole app directory structure. | ||||
* | convert railties to use AS::TestCase | Aaron Patterson | 2012-01-05 | 1 | -1/+1 |
| | |||||
* | Solve the RAILS_ENV problem in the railties tests in a more generic way | Jon Leighton | 2011-06-06 | 1 | -0/+4 |
| | |||||
* | Fix a routing test. Reorganize middleware tests. | José Valim | 2010-10-02 | 1 | -0/+63 |