| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | make sure both headers are set before checking for ip spoofing | Tamir Duberstein | 2013-06-04 | 1 | -0/+10 |
| | | |||||
| * | Remove comments about removing LegacyKeyGenerator in 4.1 | Trevor Turk | 2013-04-03 | 1 | -1/+0 |
| | | |||||
| * | Rename DummyKeyGenerator -> LegacyKeyGenerator | Trevor Turk | 2013-04-02 | 1 | -2/+2 |
| | | |||||
| * | Restore original remote_ip algorithm. | Andre Arko | 2013-01-02 | 1 | -1/+1 |
| | | | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979 | ||||
| * | Use derived keys everywhere, http_authentication was missing it | Santiago Pastorino | 2012-11-03 | 1 | -1/+3 |
| | | |||||
| * | Remove app building setup/teardown for remote ip railtie tests | Carlos Antonio da Silva | 2012-08-21 | 1 | -14/+0 |
| | | | | | | These tests rely on "make_basic_app", which is a faster version that does not need to create the whole app directory structure. | ||||
| * | convert railties to use AS::TestCase | Aaron Patterson | 2012-01-05 | 1 | -1/+1 |
| | | |||||
| * | Solve the RAILS_ENV problem in the railties tests in a more generic way | Jon Leighton | 2011-06-06 | 1 | -0/+4 |
| | | |||||
| * | Fix a routing test. Reorganize middleware tests. | José Valim | 2010-10-02 | 1 | -0/+63 |
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |