blob: e51b19b6d021ab65db226fa0c80b90dbd06d31a6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
* Fix strong parameters `permit!` with nested arrays.
Given:
```
params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]])
params.permit!
```
`params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`.
*Steve Hull*
* Output only one Content-Security-Policy nonce header value per request.
Fixes #32597.
*Andrey Novikov*, *Andrew White*
* Move default headers configuration into their own module that can be included in controllers.
*Kevin Deisz*
* Add method `dig` to `session`.
*claudiob*, *Takumi Shotoku*
* Controller level `force_ssl` has been deprecated in favor of
`config.force_ssl`.
*Derek Prior*
* Rails 6 requires Ruby 2.4.1 or newer.
*Jeremy Daer*
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionpack/CHANGELOG.md) for previous changes.
|