Add backticks [ci-skip]
This commit is contained in:
parent
9ac01c6a81
commit
ff2ee25907
@ -373,7 +373,7 @@ NOTE: Alternatively, you can call `ActionController::Base.cache_store` outside o
|
||||
|
||||
You can access the cache by calling `Rails.cache`.
|
||||
|
||||
### ActiveSupport::Cache::Store
|
||||
### `ActiveSupport::Cache::Store`
|
||||
|
||||
This class provides the foundation for interacting with the cache in Rails. This is an abstract class and you cannot use it on its own. Rather you must use a concrete implementation of the class tied to a storage engine. Rails ships with several implementations documented below.
|
||||
|
||||
@ -428,7 +428,7 @@ custom class.
|
||||
config.cache_store = MyCacheStore.new
|
||||
```
|
||||
|
||||
### ActiveSupport::Cache::MemoryStore
|
||||
### `ActiveSupport::Cache::MemoryStore`
|
||||
|
||||
This cache store keeps entries in memory in the same Ruby process. The cache
|
||||
store has a bounded size specified by sending the `:size` option to the
|
||||
@ -451,7 +451,7 @@ New Rails projects are configured to use this implementation in the development
|
||||
NOTE: Since processes will not share cache data when using `:memory_store`,
|
||||
it will not be possible to manually read, write, or expire the cache via the Rails console.
|
||||
|
||||
### ActiveSupport::Cache::FileStore
|
||||
### `ActiveSupport::Cache::FileStore`
|
||||
|
||||
This cache store uses the file system to store entries. The path to the directory where the store files will be stored must be specified when initializing the cache.
|
||||
|
||||
@ -470,7 +470,7 @@ periodically clear out old entries.
|
||||
This is the default cache store implementation (at `"#{root}/tmp/cache/"`) if
|
||||
no explicit `config.cache_store` is supplied.
|
||||
|
||||
### ActiveSupport::Cache::MemCacheStore
|
||||
### `ActiveSupport::Cache::MemCacheStore`
|
||||
|
||||
This cache store uses Danga's `memcached` server to provide a centralized cache for your application. Rails uses the bundled `dalli` gem by default. This is currently the most popular cache store for production websites. It can be used to provide a single, shared cache cluster with very high performance and redundancy.
|
||||
|
||||
@ -490,7 +490,7 @@ See the [`Dalli::Client` documentation](https://www.rubydoc.info/gems/dalli/Dall
|
||||
|
||||
The `write` and `fetch` methods on this cache accept two additional options that take advantage of features specific to memcached. You can specify `:raw` to send a value directly to the server with no serialization. The value must be a string or number. You can use memcached direct operations like `increment` and `decrement` only on raw values. You can also specify `:unless_exist` if you don't want memcached to overwrite an existing entry.
|
||||
|
||||
### ActiveSupport::Cache::RedisCacheStore
|
||||
### `ActiveSupport::Cache::RedisCacheStore`
|
||||
|
||||
The Redis cache store takes advantage of Redis support for automatic eviction
|
||||
when it reaches max memory, allowing it to behave much like a Memcached cache server.
|
||||
@ -562,7 +562,7 @@ config.cache_store = :redis_cache_store, { url: cache_servers,
|
||||
}
|
||||
```
|
||||
|
||||
### ActiveSupport::Cache::NullStore
|
||||
### `ActiveSupport::Cache::NullStore`
|
||||
|
||||
This cache store is scoped to each web request, and clears stored values at the end of a request. It is meant for use in development and test environments. It can be very useful when you have code that interacts directly with `Rails.cache` but caching interferes with seeing the results of code changes.
|
||||
|
||||
|
@ -1069,7 +1069,7 @@ be explicitly configured.
|
||||
By default Rails is configured to return the following response headers. Your
|
||||
application returns these headers for every HTTP response.
|
||||
|
||||
#### X-Frame-Options
|
||||
#### `X-Frame-Options`
|
||||
|
||||
This header indicates if a browser can render the page in a `<frame>`,
|
||||
`<iframe>`, `<embed>` or `<object>` tag. This header is set to `SAMEORIGIN` by
|
||||
@ -1077,23 +1077,23 @@ default to allow framing on the same domain only. Set it to `DENY` to deny
|
||||
framing at all, or remove this header completely if you want to allow framing on
|
||||
all domains.
|
||||
|
||||
#### X-XSS-Protection
|
||||
#### `X-XSS-Protection`
|
||||
|
||||
A [deprecated legacy
|
||||
header](https://owasp.org/www-project-secure-headers/#x-xss-protection), set to
|
||||
`0` in Rails by default to disable problematic legacy XSS auditors.
|
||||
|
||||
#### X-Content-Type-Options
|
||||
#### `X-Content-Type-Options`
|
||||
|
||||
This header is set to `nosniff` in Rails by default. It stops the browser from
|
||||
guessing the MIME type of a file.
|
||||
|
||||
#### X-Permitted-Cross-Domain-Policies
|
||||
#### `X-Permitted-Cross-Domain-Policies`
|
||||
|
||||
This header is set to `none` in Rails by default. It disallows Adobe Flash and
|
||||
PDF clients from embedding your page on other domains.
|
||||
|
||||
#### Referrer-Policy
|
||||
#### `Referrer-Policy`
|
||||
|
||||
This header is set to `strict-origin-when-cross-origin` in Rails by default.
|
||||
For cross-origin requests, this only sends the origin in the Referer header. This
|
||||
@ -1127,10 +1127,10 @@ Or you can remove them:
|
||||
config.action_dispatch.default_headers.clear
|
||||
```
|
||||
|
||||
### Strict-Transport-Security Header
|
||||
### `Strict-Transport-Security` Header
|
||||
|
||||
The HTTP
|
||||
[Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
|
||||
[`Strict-Transport-Security`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
|
||||
(HTST) response header makes sure the browser automatically upgrades to HTTPS
|
||||
for current and future connections.
|
||||
|
||||
@ -1140,10 +1140,10 @@ The header is added to the response when enabling the `force_ssl` option:
|
||||
config.force_ssl = true
|
||||
```
|
||||
|
||||
### Content-Security-Policy Header
|
||||
### `Content-Security-Policy` Header
|
||||
|
||||
To help protect against XSS and injection attacks, it is recommended to define a
|
||||
[Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
|
||||
[`Content-Security-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
|
||||
response header for your application. Rails provides a DSL that allows you to
|
||||
configure the header.
|
||||
|
||||
@ -1196,7 +1196,7 @@ end
|
||||
#### Reporting Violations
|
||||
|
||||
Enable the
|
||||
[report-uri](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)
|
||||
[`report-uri`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)
|
||||
directive to report violations to the specified URI:
|
||||
|
||||
```ruby
|
||||
@ -1207,7 +1207,7 @@ end
|
||||
|
||||
When migrating legacy content, you might want to report violations without
|
||||
enforcing the policy. Set the
|
||||
[Content-Security-Policy-Report-Only](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only)
|
||||
[`Content-Security-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only)
|
||||
response header to only report violations:
|
||||
|
||||
```ruby
|
||||
@ -1224,9 +1224,9 @@ end
|
||||
|
||||
#### Adding a Nonce
|
||||
|
||||
If you are considering 'unsafe-inline', consider using nonces instead. [Nonces
|
||||
If you are considering `'unsafe-inline'`, consider using nonces instead. [Nonces
|
||||
provide a substantial improvement](https://www.w3.org/TR/CSP3/#security-nonces)
|
||||
over 'unsafe-inline' when implementing a Content Security Policy on top
|
||||
over `'unsafe-inline'` when implementing a Content Security Policy on top
|
||||
of existing code.
|
||||
|
||||
```ruby
|
||||
@ -1289,16 +1289,16 @@ for allowing inline `<script>` tags.
|
||||
This is used by the Rails UJS helper to create dynamically
|
||||
loaded inline `<script>` elements.
|
||||
|
||||
### Feature-Policy Header
|
||||
### `Feature-Policy` Header
|
||||
|
||||
NOTE: The Feature-Policy header has been renamed to Permissions-Policy.
|
||||
The Permissions-Policy requires a different implementation and isn't
|
||||
NOTE: The `Feature-Policy` header has been renamed to `Permissions-Policy`.
|
||||
The `Permissions-Policy` requires a different implementation and isn't
|
||||
yet supported by all browsers. To avoid having to rename this
|
||||
middleware in the future, we use the new name for the middleware but
|
||||
keep the old header name and implementation for now.
|
||||
|
||||
To allow or block the use of browser features, you can define a
|
||||
[Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
|
||||
[`Feature-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
|
||||
response header for your application. Rails provides a DSL that allows you to
|
||||
configure the header.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user