提交 · 9cb91f93295785dd393023223976101a8dafef03 · 张重言 / rails

04 11月, 2012 1 次提交
- S
  
  Sign cookies using key deriver · 60609bb5
  由 Santiago Pastorino 提交于 10月 31, 2012
  
  60609bb5
28 10月, 2012 1 次提交
- A
  
  Multiple changes to 1,9 hash syntax · 62f273b6
  由 AvnerCohen 提交于 10月 27, 2012
  
  62f273b6
14 9月, 2012 1 次提交
- A
  Build fix for ActionMailer · 5138a303
  由 Arun Agrawal 提交于 9月 14, 2012
```
See

http://travis-ci.org/#!/rails/rails/jobs/2444632
```
  5138a303
13 9月, 2012 1 次提交

Implement :null_session CSRF protection method · 95be790e

由 Sergey Nartimov 提交于 9月 13, 2012

It's further work on CSRF after 24594110.

The :null_session CSRF protection method provide an empty session during
request processing but doesn't reset it completely (as :reset_session
does).

95be790e

03 8月, 2012 1 次提交
- X
  
  load active_support/core_ext/class/attribute in active_support/rails · 5e1b9204
  由 Xavier Noria 提交于 8月 02, 2012
  
  5e1b9204
15 6月, 2012 1 次提交
- V
  
  copy editing [ci skip] · 6efc5bf4
  由 Vijay Dev 提交于 6月 14, 2012
  
  6efc5bf4
08 6月, 2012 3 次提交
- D
  
  on CSRF whitelisting the argument for :if must be a symbol · 5c17aa51
  由 Daniel Lopes 提交于 6月 07, 2012
  
  5c17aa51
- D
  
  fix typos on the CSRF whitelisting doc · faf27445
  由 Daniel Lopes 提交于 6月 07, 2012
  
  faf27445
- D
  
  Document the CSRF whitelisting on get requests · 39856627
  由 Daniel Lopes 提交于 6月 07, 2012
  
  39856627
15 5月, 2012 1 次提交
- F
  
  Removing ==Examples and last blank lines of docs from actionpack · fc0391ff
  由 Francesco Rodriguez 提交于 5月 15, 2012
  
  fc0391ff
29 3月, 2012 1 次提交
- T
  
  CSRF messages are no longer controlled by 422.html because InvalidAuthenticityToken is not raised · e8108433
  由 Tony Primerano 提交于 3月 28, 2012
  
  e8108433
10 3月, 2012 1 次提交

configure how unverified request will be handled · 24594110

由 Sergey Nartimov 提交于 3月 09, 2012

can be configured using `:with` option in `protect_from_forgery` method
or `request_forgery_protection_method` config option

possible values:
- :reset_session (default)
- :exception

new applications are generated with:

    protect_from_forgery :with => :exception

24594110

06 1月, 2012 1 次提交
- K
  
  removed warning because logger.warn differentiate the warings · 93ec400e
  由 Karunakar (Ruby) 提交于 1月 05, 2012
  
  93ec400e
10 9月, 2011 1 次提交
- M
  
  Change log level for CSRF token verification warning · 7fb99e57
  由 Mike Dillon 提交于 9月 02, 2011
  
  7fb99e57
24 7月, 2011 1 次提交
- O
  Changed a few instances of of words in the API docs written in British English to · 71d18ce4
  由 Oemuer Oezkir 提交于 7月 24, 2011
```
American English(according to Weber)
```
  71d18ce4
11 7月, 2011 1 次提交
- V
  
  TODO fix explicitly loading exceptations, autoload removed · 525fd3ac
  由 Vishnu Atrai 提交于 6月 29, 2011
  
  525fd3ac
02 7月, 2011 1 次提交
- V
  
  document handle_unverified_request method · 2949e30a
  由 Vijay Dev 提交于 7月 02, 2011
  
  2949e30a
01 7月, 2011 1 次提交
- V
  
  update doc about resetting the session in case of authenticity token mismatch · 5fe67fa7
  由 Vijay Dev 提交于 7月 01, 2011
  
  5fe67fa7
24 5月, 2011 2 次提交
- S
  
  Remove extra white spaces on ActionPack docs. · fcdb5dc5
  由 Sebastian Martinez 提交于 5月 23, 2011
  
  fcdb5dc5
- J
  Replace references to ActiveSupport::SecureRandom with just SecureRandom, and... · d411c85a
  由 Jon Leighton 提交于 5月 23, 2011
```
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and require 'securerandom' from the stdlib when active support is required.
```
  d411c85a
09 5月, 2011 1 次提交
- J
  
  Warn if we cannot verify CSRF token authenticity · 59705dee
  由 José Valim 提交于 5月 09, 2011
  
  59705dee
23 2月, 2011 1 次提交
- M
  
  Prepend the CSRF filter to make it much more difficult to execute application code before it fires. · 3d907a68
  由 Michael Koziarski 提交于 2月 23, 2011
  
  3d907a68
09 2月, 2011 1 次提交

Change the CSRF whitelisting to only apply to get requests · ae19e414

由 Michael Koziarski 提交于 1月 05, 2011

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

X-CSRF-Token: ...

This fixes CVE-2011-0447

ae19e414

27 11月, 2010 1 次提交
- R
  
  Add explicit statement that verify_authenticity_token can be turned off for actions. · 16796414
  由 Ryan Bigg 提交于 11月 27, 2010
  
  16796414
11 9月, 2010 1 次提交
- X
  revises implementation and documentation of csrf_meta_tags, and aliases... · a87b92db
  由 Xavier Noria 提交于 9月 11, 2010
```
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty
```
  a87b92db
03 9月, 2010 1 次提交
- J
  Revert "Setup explicit requires for files with exceptions. Removed them from autoloading." · 599e46bf
  由 José Valim 提交于 9月 02, 2010
```
Booting a new Rails application does not work after this commit [#5359 state:open]

This reverts commit 38a421b3.
```
  599e46bf
02 9月, 2010 1 次提交
- Ł
  Setup explicit requires for files with exceptions. Removed them from autoloading. · 38a421b3
  由 Łukasz Strzałkowski 提交于 8月 11, 2010
```
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
```
  38a421b3
27 8月, 2010 1 次提交
- J
  
  Reflect how CSRF protection now works and refer to the Security Guide for more information · c28d46a9
  由 Joost Baaij 提交于 8月 26, 2010
  
  c28d46a9
11 6月, 2010 1 次提交
- E
  
  Fix a bunch of minor spelling mistakes · ccf9577a
  由 Evgeniy Dolzhenko 提交于 6月 11, 2010
  
  ccf9577a
03 6月, 2010 2 次提交
- W
  
  Changes made while working on upgrading cells to Rails 3 · e57dbfe6
  由 wycats 提交于 6月 02, 2010
  
  e57dbfe6
- W
  
  Changes made while working on upgrading cells to Rails 3 · ffe001f1
  由 wycats 提交于 6月 02, 2010
  
  ffe001f1
22 4月, 2010 1 次提交

Clean up the config object in ActionPack. Create config_accessor which just... · 4163ccec

由 José Valim 提交于 4月 22, 2010

Clean up the config object in ActionPack. Create config_accessor which just delegates to the config object, reducing the number of deprecations and add specific tests.

4163ccec

12 3月, 2010 1 次提交
- C
  ActionController::Base.request_forgery_protection_token should actually be the... · 8b4dca10
  由 Carl Lerche 提交于 3月 11, 2010
```
ActionController::Base.request_forgery_protection_token should actually be the name of the token and not true.
```
  8b4dca10
09 3月, 2010 1 次提交
- C
  Move request forgery protection configuration to the AC config object · 01f0e476
  由 Carl Lerche 提交于 3月 08, 2010
```
	This is an interim solution pending revisiting the rails
	framework configuration situation. 
```
  01f0e476
01 2月, 2010 1 次提交
- J
  
  Convert to class_attribute · e5ab4b0d
  由 Jeremy Kemper 提交于 1月 31, 2010
  
  e5ab4b0d
30 12月, 2009 1 次提交

Use extlib_inheritable_accessor in request_forgery_protection.rb. · 2e87196d

由 Carl Lerche 提交于 12月 29, 2009

For some reason the current class_inheritable_accessor does not play nice with included hooks. class_inheritable_accessor will be revised shortly.

2e87196d

21 12月, 2009 1 次提交
- J
  
  Merge Session stuff into RackConvenience · 0f8a5c79
  由 Joshua Peek 提交于 12月 20, 2009
  
  0f8a5c79
18 11月, 2009 1 次提交
- J
  
  Extract form_authenticity_param instance method so it's overridable in subclasses · e1385be0
  由 Jeremy Kemper 提交于 11月 17, 2009
  
  e1385be0
28 10月, 2009 1 次提交
- Y
  
  Reorganize CSRF a bit · 0b2dd7af
  由 Yehuda Katz 提交于 10月 28, 2009
  
  0b2dd7af
07 8月, 2009 1 次提交
- Y
  
  Rename /base to /metal and make base.rb and metal.rb top-level to reflect their module locations · bd6b61be
  由 Yehuda Katz 提交于 8月 06, 2009
  
  bd6b61be