Merge branch 'master-sec'
* master-sec: Check that request is same-origin prior to including CSRF token in XHRs HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token activesupport: Avoid Marshal.load on raw cache value in RedisCacheStore activesupport: Avoid Marshal.load on raw cache value in MemCacheStore Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash Include Content-Length in signature for ActiveStorage direct upload
Showing
想要评论请 注册 或 登录