From 5d7b70f4336d42eabfc403e9f6efceb88b3eff44 Mon Sep 17 00:00:00 2001
From: Guillermo Iguaran <guilleiguaran@gmail.com>
Date: Sat, 9 Dec 2017 15:41:55 -0500
Subject: Add secure `X-Download-Options` and
 `X-Permitted-Cross-Domain-Policies` to default headers set.

---
 actionpack/lib/action_dispatch/railtie.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'actionpack/lib/action_dispatch')

diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb
index 855f2ffa47..95e99987a0 100644
--- a/actionpack/lib/action_dispatch/railtie.rb
+++ b/actionpack/lib/action_dispatch/railtie.rb
@@ -26,7 +26,9 @@ module ActionDispatch
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
       "X-XSS-Protection" => "1; mode=block",
-      "X-Content-Type-Options" => "nosniff"
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none"
     }
 
     config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
-- 
cgit v1.2.3


From f1b4cd1ad47eab55ab7b18ae0cc167fabf72f38b Mon Sep 17 00:00:00 2001
From: Guillermo Iguaran <guilleiguaran@gmail.com>
Date: Sat, 9 Dec 2017 16:46:31 -0500
Subject: Change the system tests to set Puma as default server only when the
 user haven't specified manually another server.

---
 actionpack/lib/action_dispatch/system_testing/server.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_dispatch')

diff --git a/actionpack/lib/action_dispatch/system_testing/server.rb b/actionpack/lib/action_dispatch/system_testing/server.rb
index 8f1b6725b1..4fc1f33767 100644
--- a/actionpack/lib/action_dispatch/system_testing/server.rb
+++ b/actionpack/lib/action_dispatch/system_testing/server.rb
@@ -20,7 +20,7 @@ module ActionDispatch
         end
 
         def set_server
-          Capybara.server = :puma, { Silent: self.class.silence_puma }
+          Capybara.server = :puma, { Silent: self.class.silence_puma } if Capybara.server == Capybara.servers[:default]
         end
 
         def set_port
-- 
cgit v1.2.3


From 82822a34217503336d51b7baab82cd18cf71e435 Mon Sep 17 00:00:00 2001
From: Dmitri Dolguikh <dmitri@appliedlogic.ca>
Date: Wed, 29 Nov 2017 16:27:27 -0800
Subject: Introduced `ActiveSupport::Digest` that allows to specify hash
 function implementation and defaults to `Digest::MD5`.

Replaced calls to `::Digest::MD5.hexdigest` with calls to `ActiveSupport::Digest.hexdigest`.
---
 actionpack/lib/action_dispatch/http/cache.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_dispatch')

diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb
index 3328ce17a0..a8febc32b3 100644
--- a/actionpack/lib/action_dispatch/http/cache.rb
+++ b/actionpack/lib/action_dispatch/http/cache.rb
@@ -133,7 +133,7 @@ module ActionDispatch
         end
 
         def generate_strong_etag(validators)
-          %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(validators))}")
+          %("#{ActiveSupport::Digest.hexdigest(ActiveSupport::Cache.expand_cache_key(validators))}")
         end
 
         def cache_control_segments
-- 
cgit v1.2.3


From 245c1dafa8bab409fbcd780a996c619240df7143 Mon Sep 17 00:00:00 2001
From: Ryuta Kamizono <kamipo@gmail.com>
Date: Thu, 14 Dec 2017 17:30:54 +0900
Subject: Enable `Layout/LeadingCommentSpace` to not allow cosmetic changes in
 the future

Follow up of #31432.
---
 actionpack/lib/action_dispatch/journey/nfa/dot.rb | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'actionpack/lib/action_dispatch')

diff --git a/actionpack/lib/action_dispatch/journey/nfa/dot.rb b/actionpack/lib/action_dispatch/journey/nfa/dot.rb
index bdb78d8d48..56e9e3c83d 100644
--- a/actionpack/lib/action_dispatch/journey/nfa/dot.rb
+++ b/actionpack/lib/action_dispatch/journey/nfa/dot.rb
@@ -9,16 +9,16 @@ module ActionDispatch
             "  #{from} -> #{to} [label=\"#{sym || 'ε'}\"];"
           }
 
-          #memo_nodes = memos.values.flatten.map { |n|
-          #  label = n
-          #  if Journey::Route === n
-          #    label = "#{n.verb.source} #{n.path.spec}"
-          #  end
-          #  "  #{n.object_id} [label=\"#{label}\", shape=box];"
-          #}
-          #memo_edges = memos.flat_map { |k, memos|
-          #  (memos || []).map { |v| "  #{k} -> #{v.object_id};" }
-          #}.uniq
+          # memo_nodes = memos.values.flatten.map { |n|
+          #   label = n
+          #   if Journey::Route === n
+          #     label = "#{n.verb.source} #{n.path.spec}"
+          #   end
+          #   "  #{n.object_id} [label=\"#{label}\", shape=box];"
+          # }
+          # memo_edges = memos.flat_map { |k, memos|
+          #   (memos || []).map { |v| "  #{k} -> #{v.object_id};" }
+          # }.uniq
 
           <<-eodot
 digraph nfa {
-- 
cgit v1.2.3