- 23 11月, 2017 1 次提交
-
-
由 T.J. Schuck 提交于
[ci skip]
-
- 05 11月, 2017 1 次提交
-
-
由 yuuji.yaginuma 提交于
Several methods of `RequestForgeryProtection` are not showed in the api doc even though `:doc:` is specified. (e.g. `form_authenticity_param`) http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html These methods are listed in the doc of v4.1. http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html This is due to the influence of `:nodoc:` added in #18102, methods after `CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc. Therefore, in order to show the method like originally, added `startdoc` after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
-
- 21 10月, 2017 1 次提交
-
-
由 Akira Matsuda 提交于
This basically reverts e9fca766, d08da958, d1fe1dcf, and 68eaf7b4
-
- 26 8月, 2017 1 次提交
-
-
由 Yoshiyuki Hirano 提交于
-
- 29 7月, 2017 1 次提交
-
-
由 Kir Shatrov 提交于
-
- 11 7月, 2017 2 次提交
-
-
由 Lisa Ugray 提交于
Since we now default to `protect_from_forgery with: :exception`, provide a wrapper to `skip_before_action :verify_authenticity_token` for disabling forgery protection.
-
由 Lisa Ugray 提交于
Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
-
- 02 7月, 2017 1 次提交
-
-
由 Matthew Draper 提交于
This reverts commit 3420a145, reversing changes made to afb66a5a.
-
- 01 7月, 2017 2 次提交
-
-
由 Akira Matsuda 提交于
-
由 Kir Shatrov 提交于
-
- 06 4月, 2017 1 次提交
-
-
由 Jon Leighton 提交于
I came up against this while dealing with a misconfigured server. The browser was setting the Origin header to "https://example.com", but the Rails app returned "http://example.com" from request.base_url (because it was failing to detect that HTTPS was used). This caused verify_authenticity_token to fail, but the message in the log was "Can't verify CSRF token", which is confusing because the failure had nothing to do with the CSRF token sent in the request. This made it very hard to identify the issue, so hopefully this will make it more obvious for the next person.
-
- 12 3月, 2017 1 次提交
-
-
由 Hrvoje Šimić 提交于
[ci skip]
-
- 24 12月, 2016 1 次提交
-
-
由 Akira Matsuda 提交于
-
- 07 8月, 2016 2 次提交
-
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
-
- 21 7月, 2016 1 次提交
-
-
由 Junya Ogura 提交于
-
- 24 5月, 2016 1 次提交
-
-
由 Matthew Caruana Galizia 提交于
CSRF verification for non-XHR GET requests (cross-origin `<script>` tags) didn't check this flag before logging failures. Setting `config.action_controller.log_warning_on_csrf_failure = false` now disables logging for these CSRF failures as well. Closes #25086. Signed-off-by: NJeremy Daer <jeremydaer@gmail.com>
-
- 20 4月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
When the token is generated by the form we were using the schema and host information while only using the path to compare if the action was the same. This was causing the token to be invalid. To fix this we use the same information to generate the token and check it. Fix #24257
-
- 12 4月, 2016 1 次提交
-
-
由 Vipul A M 提交于
- we are ending sentences properly - fixing of space issues - fixed continuity issues in some sentences. Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 . This change reverts making sure we add '.' at end of deprecation sentences. This is to keep sentences within Rails itself consistent and with a '.' at the end.
-
- 15 2月, 2016 1 次提交
-
-
由 shik 提交于
Use `each_byte` instead of `bytes` to speed up string xor operation and reduce object allocations. Inspired by commit 02c38678. ``` ruby require 'benchmark/ips' require 'allocation_tracer' a = 32.times.map { rand(256) }.pack('C*') b = 32.times.map { rand(256) }.pack('C*') def xor_byte_strings1(s1, s2) s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*') end def xor_byte_strings2(s1, s2) s2_bytes = s2.bytes s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*') end def xor_byte_strings3(s1, s2) s2_bytes = s2.bytes s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 } s2_bytes.pack('C*') end fail if xor_byte_strings1(a, b) != xor_byte_strings2(a, b) fail if xor_byte_strings1(a, b) != xor_byte_strings3(a, b) Benchmark.ips do |x| x.report('xor_byte_strings1') { xor_byte_strings1(a, b) } x.report('xor_byte_strings2') { xor_byte_strings2(a, b) } x.report('xor_byte_strings3') { xor_byte_strings3(a, b) } x.compare! end Tracer = ObjectSpace::AllocationTracer Tracer.setup(%i{type}) p xor_byte_strings1: Tracer.trace { xor_byte_strings1(a, b) } p xor_byte_strings2: Tracer.trace { xor_byte_strings2(a, b) } p xor_byte_strings3: Tracer.trace { xor_byte_strings3(a, b) } ``` ``` Warming up -------------------------------------- xor_byte_strings1 10.668k i/100ms xor_byte_strings2 11.814k i/100ms xor_byte_strings3 13.139k i/100ms Calculating ------------------------------------- xor_byte_strings1 116.667k (± 3.1%) i/s - 586.740k xor_byte_strings2 129.932k (± 4.3%) i/s - 649.770k xor_byte_strings3 142.506k (± 4.2%) i/s - 722.645k Comparison: xor_byte_strings3: 142506.3 i/s xor_byte_strings2: 129932.4 i/s - 1.10x slower xor_byte_strings1: 116666.8 i/s - 1.22x slower {:xor_byte_strings1=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings3=>{[:T_ARRAY]=>[1, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} ```
-
- 09 2月, 2016 1 次提交
-
-
由 Aaron Patterson 提交于
``` [aaron@TC rails (master)]$ cat xor.rb a = "\x14b\"\xB4P8\x05\x8D\xC74\xC3\xEC}\xFDf\x8E!h\xCF^\xBF\xA5%\xC6\xF0\xA9\xF9x\x04\xFA\xF1\x82" b = "O.\xF7\x01\xA9D\xA3\xE1D\x7FU\x85\xFC\x8Ak\e\x04\x8A\x97\x91\xD01\x02\xA4G\x1EIf:Y\x0F@" def xor_byte_strings(s1, s2) s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*') end def xor_byte_strings2(s1, s2) s2_bytes = s2.bytes s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*') end require 'benchmark/ips' require 'allocation_tracer' Benchmark.ips do |x| x.report 'xor_byte_strings' do xor_byte_strings a, b end x.report 'xor_byte_strings2' do xor_byte_strings2 a, b end end ObjectSpace::AllocationTracer.setup(%i{type}) result = ObjectSpace::AllocationTracer.trace do xor_byte_strings a, b end p :xor_byte_strings => result ObjectSpace::AllocationTracer.clear result = ObjectSpace::AllocationTracer.trace do xor_byte_strings2 a, b end p :xor_byte_strings2 => result [aaron@TC rails (master)]$ ruby -I~/git/allocation_tracer/lib xor.rb Calculating ------------------------------------- xor_byte_strings 10.087k i/100ms xor_byte_strings2 11.339k i/100ms ------------------------------------------------- xor_byte_strings 108.386k (± 5.8%) i/s - 544.698k xor_byte_strings2 122.239k (± 3.0%) i/s - 612.306k {:xor_byte_strings=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} ```
-
- 05 1月, 2016 1 次提交
-
-
由 Ben Toews 提交于
-
- 07 12月, 2015 1 次提交
-
-
由 eileencodes 提交于
Per this comment https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want `protect_from_forgery` to default to `prepend: false`. `protect_from_forgery` will now be insterted into the callback chain at the point it is called in your application. This is useful for cases where you want to `protect_from_forgery` after you perform required authentication callbacks or other callbacks that are required to run after forgery protection. If you want `protect_from_forgery` callbacks to always run first, regardless of position they are called in your application, then you can add `prepend: true` to your `protect_from_forgery` call. Example: ```ruby protect_from_forgery prepend: true ```
-
- 26 11月, 2015 1 次提交
-
-
由 Ben Toews 提交于
-
- 28 9月, 2015 1 次提交
-
-
由 yui-knk 提交于
* add `end` to end of class definition * add a blank line between explanation and example code
-
- 16 9月, 2015 1 次提交
-
-
由 Juanito Fatas 提交于
-
- 15 9月, 2015 1 次提交
-
-
由 Aaron Patterson 提交于
this commit removes some direct access to `env`.
-
- 23 8月, 2015 1 次提交
-
-
由 Ronak Jangir 提交于
May be missed in 5fe14163 commit Also fixes the broken build
-
- 06 8月, 2015 6 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
The cookie jar can just ask the request object for the information it needs. This allows us to stop allocating hashes for options, and also allows us to delay calculating values in advance. Generating the options hash forced us to calculate values that we may never have needed at runtime
-
由 Aaron Patterson 提交于
Accessing a request object has nice advantages over accessing a hash. If you use a missing method name, you'll get an exception rather than a `nil` (is one nice feature)
-
- 28 7月, 2015 1 次提交
-
-
由 Aditya Kapoor 提交于
-
- 25 5月, 2015 1 次提交
-
-
由 yui-knk 提交于
-
- 23 5月, 2015 1 次提交
-
-
由 karanarora 提交于
spelling fix [ci skip] example to be consistent [ci skip] grammatical fix typo fixes [ci skip]
-
- 28 4月, 2015 2 次提交
-
-
由 Prathamesh Sonpatki 提交于
- Changed Javascript to JavaScript. - Added full-stop which was missing, also wrapped the sentence to 80 chars. - Changed proc to Proc and oauth to OAuth.
-
由 Hendy Tanata 提交于
[ci skip]
-
- 13 4月, 2015 1 次提交
-
-
由 Zachary Scott 提交于
-