- 17 6月, 2014 2 次提交
- 16 6月, 2014 1 次提交
-
-
由 Timm 提交于
Fixed a Nokogiri::CSS::SyntaxError by using its expected format for unicode characters.
-
- 28 5月, 2014 1 次提交
-
-
由 Zuhao Wan 提交于
-
- 06 5月, 2014 1 次提交
-
-
由 Tom Kadwill 提交于
-
- 18 4月, 2014 2 次提交
-
-
由 Rafael Mendonça França 提交于
Related with cbb91745
-
由 Rafael Mendonça França 提交于
This was changed at cbb91745
-
- 05 3月, 2014 1 次提交
-
-
由 John Barton (joho) 提交于
Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection which is on by default.
-
- 18 12月, 2013 2 次提交
-
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
Thanks to @homakov for sounding the alarm about JSONP-style data leaking
-
- 19 9月, 2013 1 次提交
-
-
由 Jonathan Baudanza 提交于
Previously it was raising a NilException
-
- 09 2月, 2013 1 次提交
-
-
由 Andrey Chernih 提交于
-
- 23 1月, 2013 1 次提交
-
-
由 Michiel Sikkes 提交于
-
- 06 1月, 2013 1 次提交
-
-
由 Yves Senn 提交于
They don't add any benefits over `assert object.blank?` and `assert object.present?`
-
- 13 9月, 2012 1 次提交
-
-
由 Sergey Nartimov 提交于
It's further work on CSRF after 24594110. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does).
-
- 31 5月, 2012 1 次提交
-
-
由 Sergey Nartimov 提交于
-
- 29 3月, 2012 3 次提交
-
-
由 Piotr Sarnacki 提交于
If embedding auth_token in remote forms is off and we pass a value for auth_token it should respect it.
-
由 Piotr Sarnacki 提交于
Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms` to `false`. This change breaks remote forms that need to work also without javascript, so if you need such behavior, you can either set it to `true` or explicitly pass `:authenticity_token => true` in form options
-
由 Piotr Sarnacki 提交于
There is a regression introduced in 16ee611f, which breaks remote forms that should also work without javascript. This commit introduces config option that allows to configure this behavior defaulting to the old behavior (ie. include authenticity token in remote forms by default) Conflicts: actionpack/CHANGELOG.md
-
- 16 3月, 2012 1 次提交
-
-
由 Sandeep 提交于
-
- 15 3月, 2012 2 次提交
-
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value
-
- 10 3月, 2012 1 次提交
-
-
由 Sergey Nartimov 提交于
can be configured using `:with` option in `protect_from_forgery` method or `request_forgery_protection_method` config option possible values: - :reset_session (default) - :exception new applications are generated with: protect_from_forgery :with => :exception
-
- 23 2月, 2012 1 次提交
-
-
由 David Lee 提交于
PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
-
- 22 1月, 2012 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
These requires were added in a87b92db and the implementation changed in 2cdc1f0c, removing the need for them.
-
- 17 1月, 2012 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
-
- 11 9月, 2011 2 次提交
-
-
由 Mike Dillon 提交于
-
由 Mike Dillon 提交于
-
- 24 5月, 2011 1 次提交
-
-
由 Jon Leighton 提交于
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and require 'securerandom' from the stdlib when active support is required.
-
- 11 5月, 2011 1 次提交
-
-
由 David Lee 提交于
-
- 08 4月, 2011 1 次提交
-
-
由 James Robinson 提交于
Improved formatting of csrf_helper and improved test coverage
-
- 09 2月, 2011 1 次提交
-
-
由 Michael Koziarski 提交于
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
-
- 07 2月, 2011 1 次提交
-
-
由 Dan Pickett 提交于
[#6228 state:committed] Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
- 06 2月, 2011 1 次提交
-
-
由 Timothy N. Tsvetkov 提交于
Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
- 10 1月, 2011 1 次提交
-
-
由 Jakub Kuźma 提交于
-
- 27 9月, 2010 1 次提交
-
-
由 Emilio Tagua 提交于
-
- 14 9月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
get csrf_meta_tag back to the generated layout in deference to existing printed material, chomp also the generated HTML to be faithful to the output before the refactor
-
- 11 9月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty
-
- 17 8月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
code gardening: we have assert_(nil|blank|present), more concise, with better default failure messages - let's use them
-
- 05 2月, 2010 1 次提交
-
-
由 Jeremy Kemper 提交于
-