TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add backticks [ci-skip]

Browse Source
This commit is contained in:
Jonathan Hefner 2022-05-18 20:01:18 -05:00
parent 9ac01c6a81
commit ff2ee25907
2 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
guides/source/caching_with_rails.md
View File

@ -373,7 +373,7 @@ NOTE: Alternatively, you can call `ActionController::Base.cache_store` outside o
You can access the cache by calling `Rails.cache`.
### ActiveSupport::Cache::Store
### `ActiveSupport::Cache::Store`
This class provides the foundation for interacting with the cache in Rails. This is an abstract class and you cannot use it on its own. Rather you must use a concrete implementation of the class tied to a storage engine. Rails ships with several implementations documented below.
@ -428,7 +428,7 @@ custom class.
config.cache_store = MyCacheStore.new
```
### ActiveSupport::Cache::MemoryStore
### `ActiveSupport::Cache::MemoryStore`
This cache store keeps entries in memory in the same Ruby process. The cache
store has a bounded size specified by sending the `:size` option to the
@ -451,7 +451,7 @@ New Rails projects are configured to use this implementation in the development
NOTE: Since processes will not share cache data when using `:memory_store`,
it will not be possible to manually read, write, or expire the cache via the Rails console.
### ActiveSupport::Cache::FileStore
### `ActiveSupport::Cache::FileStore`
This cache store uses the file system to store entries. The path to the directory where the store files will be stored must be specified when initializing the cache.
@ -470,7 +470,7 @@ periodically clear out old entries.
This is the default cache store implementation (at `"#{root}/tmp/cache/"`) if
no explicit `config.cache_store` is supplied.
### ActiveSupport::Cache::MemCacheStore
### `ActiveSupport::Cache::MemCacheStore`
This cache store uses Danga's `memcached` server to provide a centralized cache for your application. Rails uses the bundled `dalli` gem by default. This is currently the most popular cache store for production websites. It can be used to provide a single, shared cache cluster with very high performance and redundancy.
@ -490,7 +490,7 @@ See the [`Dalli::Client` documentation](https://www.rubydoc.info/gems/dalli/Dall
The `write` and `fetch` methods on this cache accept two additional options that take advantage of features specific to memcached. You can specify `:raw` to send a value directly to the server with no serialization. The value must be a string or number. You can use memcached direct operations like `increment` and `decrement` only on raw values. You can also specify `:unless_exist` if you don't want memcached to overwrite an existing entry.
### ActiveSupport::Cache::RedisCacheStore
### `ActiveSupport::Cache::RedisCacheStore`
The Redis cache store takes advantage of Redis support for automatic eviction
when it reaches max memory, allowing it to behave much like a Memcached cache server.
@ -562,7 +562,7 @@ config.cache_store = :redis_cache_store, { url: cache_servers,
}
```
### ActiveSupport::Cache::NullStore
### `ActiveSupport::Cache::NullStore`
This cache store is scoped to each web request, and clears stored values at the end of a request. It is meant for use in development and test environments. It can be very useful when you have code that interacts directly with `Rails.cache` but caching interferes with seeing the results of code changes.

34
guides/source/security.md
View File

@ -1069,7 +1069,7 @@ be explicitly configured.
By default Rails is configured to return the following response headers. Your
application returns these headers for every HTTP response.
#### X-Frame-Options
#### `X-Frame-Options`
This header indicates if a browser can render the page in a `<frame>`,
`<iframe>`, `<embed>` or `<object>` tag. This header is set to `SAMEORIGIN` by
@ -1077,23 +1077,23 @@ default to allow framing on the same domain only. Set it to `DENY` to deny
framing at all, or remove this header completely if you want to allow framing on
all domains.
#### X-XSS-Protection
#### `X-XSS-Protection`
A [deprecated legacy
header](https://owasp.org/www-project-secure-headers/#x-xss-protection), set to
`0` in Rails by default to disable problematic legacy XSS auditors.
#### X-Content-Type-Options
#### `X-Content-Type-Options`
This header is set to `nosniff` in Rails by default. It stops the browser from
guessing the MIME type of a file.
#### X-Permitted-Cross-Domain-Policies
#### `X-Permitted-Cross-Domain-Policies`
This header is set to `none` in Rails by default. It disallows Adobe Flash and
PDF clients from embedding your page on other domains.
#### Referrer-Policy
#### `Referrer-Policy`
This header is set to `strict-origin-when-cross-origin` in Rails by default.
For cross-origin requests, this only sends the origin in the Referer header. This
@ -1127,10 +1127,10 @@ Or you can remove them:
config.action_dispatch.default_headers.clear
```
### Strict-Transport-Security Header
### `Strict-Transport-Security` Header
The HTTP
[Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
[`Strict-Transport-Security`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
(HTST) response header makes sure the browser automatically upgrades to HTTPS
for current and future connections.
@ -1140,10 +1140,10 @@ The header is added to the response when enabling the `force_ssl` option:
config.force_ssl = true
```
### Content-Security-Policy Header
### `Content-Security-Policy` Header
To help protect against XSS and injection attacks, it is recommended to define a
[Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
[`Content-Security-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
response header for your application. Rails provides a DSL that allows you to
configure the header.
@ -1196,7 +1196,7 @@ end
#### Reporting Violations
Enable the
[report-uri](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)
[`report-uri`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)
directive to report violations to the specified URI:
```ruby
@ -1207,7 +1207,7 @@ end
When migrating legacy content, you might want to report violations without
enforcing the policy. Set the
[Content-Security-Policy-Report-Only](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only)
[`Content-Security-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only)
response header to only report violations:
```ruby
@ -1224,9 +1224,9 @@ end
#### Adding a Nonce
If you are considering 'unsafe-inline', consider using nonces instead. [Nonces
If you are considering `'unsafe-inline'`, consider using nonces instead. [Nonces
provide a substantial improvement](https://www.w3.org/TR/CSP3/#security-nonces)
over 'unsafe-inline' when implementing a Content Security Policy on top
over `'unsafe-inline'` when implementing a Content Security Policy on top
of existing code.
```ruby
@ -1289,16 +1289,16 @@ for allowing inline `<script>` tags.
This is used by the Rails UJS helper to create dynamically
loaded inline `<script>` elements.
### Feature-Policy Header
### `Feature-Policy` Header
NOTE: The Feature-Policy header has been renamed to Permissions-Policy.
The Permissions-Policy requires a different implementation and isn't
NOTE: The `Feature-Policy` header has been renamed to `Permissions-Policy`.
The `Permissions-Policy` requires a different implementation and isn't
yet supported by all browsers. To avoid having to rename this
middleware in the future, we use the new name for the middleware but
keep the old header name and implementation for now.
To allow or block the use of browser features, you can define a
[Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
[`Feature-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
response header for your application. Rails provides a DSL that allows you to
configure the header.