- 19 12月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782
-
- 27 11月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 23 11月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 28 3月, 2019 2 次提交
-
-
由 Sharang Dashputre 提交于
-
由 Rafael Mendonça França 提交于
-
- 27 3月, 2019 2 次提交
-
-
由 Abhay Nikam 提交于
-
由 Ken Greeff 提交于
-
- 22 3月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 11 3月, 2019 1 次提交
-
-
由 eileencodes 提交于
* Bump RAILS_VERSION * Bundle * rake update_versions * rake changelog:header
-
- 09 1月, 2019 1 次提交
-
-
由 Yuji Yaginuma 提交于
Allow using combine the Cache-Control `public` and `no-cache` headers
-
- 02 1月, 2019 1 次提交
-
-
由 Ryuta Kamizono 提交于
Restore an ability that class level `update` without giving ids
-
- 19 12月, 2018 2 次提交
-
-
由 Kasper Timm Hansen 提交于
-
由 Kasper Timm Hansen 提交于
Allow nil params on controller HTTP test methods
-
- 05 12月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 29 11月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 28 11月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 14 11月, 2018 1 次提交
-
-
由 Rafael França 提交于
Reset Capybara sessions if failed system test screenshot raising an exception
-
- 01 11月, 2018 1 次提交
-
-
由 Ryuta Kamizono 提交于
-
- 23 10月, 2018 2 次提交
-
-
由 Andrew White 提交于
There is no controller instance when using a redirect route or a mounted rack application so pass the request object as the context when resolving dynamic CSP sources in this scenario. Fixes #34200. (cherry picked from commit a150a026)
-
由 Andrew White 提交于
Previously if a dynamic source returned a symbol such as :self it would be converted to a string implicity, e.g: policy.default_src -> { :self } would generate the header: Content-Security-Policy: default-src self and now it generates: Content-Security-Policy: default-src 'self' (cherry picked from commit ed91b75c)
-
- 08 8月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 31 7月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 21 7月, 2018 2 次提交
-
-
由 Kasper Timm Hansen 提交于
-
由 Kasper Timm Hansen 提交于
Prevent `RequestEncoder#encode_params` to parse falsey params
-
- 20 4月, 2018 2 次提交
-
-
由 bogdanvlviv 提交于
- Add missing dot. - warp code example in "```". [ci skip]
-
由 Rafael Mendonça França 提交于
Fixes StrongParameters `permit!` to work with nested arrays
-
- 19 4月, 2018 1 次提交
-
-
由 Ryuta Kamizono 提交于
Fix reference to fixed issue in actionpack/CHANGELOG.md [ci skip]
-
- 18 4月, 2018 1 次提交
-
-
由 Andrew White 提交于
Output only one nonce in CSP header per request
-
- 10 4月, 2018 2 次提交
-
-
由 Rafael Mendonça França 提交于
-
由 Rafael Mendonça França 提交于
Only disable headless chrome gpu on Windows
-
- 21 3月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 16 3月, 2018 1 次提交
-
-
由 Catherine Khuu 提交于
* Check exclude before flagging cookies as secure. * Update comments in ActionDispatch::SSL. [Catherine Khuu + Rafael Mendonça França]
-
- 12 3月, 2018 1 次提交
-
-
由 bogdanvlviv 提交于
- Add missing dots. - Change example of using `content_security_policy_report_only` in controller. - Remove TODO. Related to #32222
-
- 08 3月, 2018 2 次提交
-
-
由 Andrew White 提交于
If the app has the CSP disabled globally allow a controller action to enable the policy for that request.
-
由 Andrew White 提交于
e.g: class LegacyPagesController < ApplicationController content_security_policy false, only: :index end
-
- 28 2月, 2018 1 次提交
-
-
由 Ryuta Kamizono 提交于
Consistent behavior for session and cookies with to_h and to_hash method
-
- 25 2月, 2018 1 次提交
-
-
由 Grant Bourque 提交于
- Update the default HSTS max-age value to 31536000 seconds (1 year) to meet the minimum max-age requirement for https://hstspreload.org/.
-
- 22 2月, 2018 1 次提交
-
-
由 Andrew White 提交于
Add support for automatic nonce generation for Rails UJS
-
- 15 2月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
[ci skip]
-
- 31 1月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-