TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
51,266 Commits 2 Branches 0 Tags 294 MiB
b7afca1993
Commit Graph

71 Commits

Author SHA1 Message Date
Ankit Gupta
cc30f5f92a Dead blog/site links [ci skip] 2015-05-14 19:46:38 -04:00
Faruk AYDIN
a834c64a75 promote :except option instead of :only for before action docs [ci skip] 2015-05-09 17:36:05 +03:00
Anton Davydov
8a40bf2081 [skip ci] Fix typos in actionpack changelog and security guide 2015-05-07 14:49:34 +03:00
Zachary Scott
163de75707 Merge pull request #19446 from andersonDadario/fix_security_guide_captcha_03_21_2015 
Fix security guide captcha 03 21 2015 [ci skip]
 2015-04-14 16:53:09 -07:00
Santosh Wadghule
2e1fefffab Remove old and not working link. [ci skip] 2015-03-28 01:09:52 +05:30
Anderson Dadario
f612433710 [ci skip] Fix for Security Guide - Captcha Section 2015-03-22 07:55:45 -03:00
Xavier Noria
7ba24831d7 Merge pull request #18503 from vipulnsward/guides-in-on 
Changed `IN` to `ON` in markdown renderer condition
 2015-01-14 11:35:34 +01:00
Vipul A M
5cfaf5a46e - Changed IN to ON in markdown renderer condition 
- Changed `IN` to `ON` in all note sentences in guides.
 2015-01-14 11:52:13 +05:30
Andrey Nering
9c021884ed Guides: Removing reference to blog that is not updated anymore [ci skip] 2015-01-13 15:54:45 -02:00
Robin Dupret
d0703280c7 Avoid displaying new lines inside note paragraphs 
Commit 65a2977 added a `pre-wrap` style for white spaces on `.note`
paragraphs. However, this is first inconsistent as other notes like
warnings don't have this style applied. Furthermore, it seems to be
unneeded for mobile devices.

Also revert changes made in #18147 since they aren't needed anymore.

Cross-refs #18138.

[ci skip]
 2015-01-03 12:58:19 +01:00
Xavier Noria
7702974281 warn about reading guides in GitHub 
References #18148.
 2014-12-23 23:32:50 +01:00
Andrey Nering
024edd365b Do not use line breaks on notes [ci skip] 
References #18138
 2014-12-22 15:25:32 -02:00
Zachary Scott
84af1e6d07 s/a unobtrusive/an unobtrusive [ci skip] 2014-12-22 06:51:21 -05:00
Andrey Nering
f7d81c924f Add note about Ajax and CSRF-Token [ci skip] 2014-12-20 14:33:55 -02:00
Chris Sinjakli
8f8ccb9901 Don't convert empty arrays to nils when deep munging params 2014-12-15 14:51:07 +00:00
Javier Vidal
ee5dfe2727 Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip] 
The URL

http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352

points to an article titled 'The H is closing down'. The good one is:

http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
 2014-11-22 16:48:58 +01:00
Tom Kadwill
5e0f9e40a3 [ci skip] re-worded section on CookieStore to make it more readable. 2014-08-16 17:10:40 +01:00
Rafael Mendonça França
a59b9e2284 Point to rubygems instead of Rails GitHub. [ci skip] 
The rails repository is not the official plugin anymore
 2014-08-15 10:45:53 -03:00
Arun Agrawal
967a2ff998 Fixed link for in_place_editor [ci skip] 
closes #16512
 2014-08-15 15:43:21 +02:00
Nishant Modak
da5ac71885 correct markdown usage [ci skip] 2014-07-09 01:32:44 +05:30
Gaurav Sharma
19ef270923 remove rubyforge.org that was shut down [ci skip] 2014-06-06 22:26:56 +05:30
Hendy Tanata
f52a13cdf4 Replace first person point of view on guides. 
[skip ci]
 2014-05-16 17:15:00 -07:00
Kyle Heironimus
830839c3ec [ci skip] Security guide clarity. 2014-05-01 14:09:09 -05:00
Nick Quaranto
66e5844b9a Remove statement assuming coffee shop/public space wifi is inherently insecure 2014-04-19 15:19:09 -04:00
PaulL1
d3152750b7 Include default rails protect_from_forgery with: :exception 
Extend previous changes, include the default line from the application controller that new rails applications are created with: 
  protect_from_forgery with: :exception

Minor wording changes to align.
 2014-04-17 21:20:17 +02:00
PaulL1
92fd44b35d CSRF protection should rescue exception not extend 
I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found.  The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned.

I think the best approach now is to catch the exception, although I'm not 100% certain on that.
 2014-04-17 14:04:40 +02:00
Juanito Fatas
982a19edc9 [ci skip] Use plain underscore instead of "\_". 2014-04-13 23:56:59 +08:00
Andy Callaghan
3779c1d45e W3C CSP document moved to gihub.io URL [ci skip] 
The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
 2014-04-05 17:01:59 +01:00
Kuldeep Aggarwal
ae75289260 [ci skip] use secrets.secret_key_base instead of config.secret_key_base 
use secrets.yml instead of secret_token.rb
 2014-03-01 01:35:29 +05:30
Dave Jachimiak
848e377a20 Add verb to sanitization note 2014-02-14 11:36:03 -05:00
Lukasz Sarnacki
69ab91ae93 Log which keys were set to nil in deep_munge 
deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.

Also mentions in guides were added.
 2014-01-28 20:29:38 +01:00
Rex Feng
beeb8969e0 clean up security guide: his => their [ci skip] 2014-01-16 18:57:21 -05:00
Uday Kadaboina
ad04c2e0b5 [ci skip] Added alias to CSRF 2014-01-14 01:31:23 -05:00
Jeremy Kemper
1650bb3d56 CSRF protection from cross-origin <script> tags 
Thanks to @homakov for sounding the alarm about JSONP-style data leaking
 2013-12-17 13:14:17 -07:00
Tejas Dinkar
223ff7949e [ci skip] Removing some gender sensitive object pronouns 2013-12-02 09:24:47 +05:30
Vipul A M
8700e5f56c Use genderless pronouns in security guide. [ci skip] 
related  #49ff20d9b164693ed7fee880b69cc14b141678b3
 2013-12-02 03:22:31 +05:30
Adam
336caf9114 Update security.md 
Hi Guys 
I was reading through this guide last night and noticed a small mistake, would be great if you could update it. 
I changed the word 'building' to 'build' in line 20. 
"Web application frameworks are made to help developers building web applications"
 2013-11-08 13:43:31 -07:00
Sergio
f91ea51017 incorrect url 
incorrect url
 2013-09-16 01:09:56 +02:00
Sergio
edb74a187b incorrect urls 
I've found two incorrects urls for adding ':' at the end of the url
 2013-09-16 00:25:00 +02:00
Sergio
ebcd9d6c03 surplus : in attachment_fu plugin 
surplus ':' character in url
 2013-09-15 23:51:31 +02:00
Hannes Fostie
84cea5a6d1 Improves a sentence in guides/security 
Changed "... books make this wrong" to "... books get this wrong"
 2013-09-09 09:43:58 +02:00
Xavier Noria
b77f25cb84 cleans the guides sources from fancy non-ASCII stuff 2013-08-23 17:59:11 +02:00
Justin George
16bf1ba476 remove language about configuring digest method [ci skip] 2013-07-31 14:17:39 -07:00
Justin George
72e53910a0 update guide to reflect default HMAC SHA1 in MessageVerifier used in SignedCookieStore [ci skip] 2013-07-30 12:38:44 -07:00
Sunny Ripert
53607be559 Remove double spaces in guides 2013-05-28 14:38:02 +02:00
Jonathan Roes
2392916eab Simple grammar updates 2013-05-03 00:28:06 -03:00
Leo Gallucci
0960716d38 Fix typo "can exploited" with "can be exploited" 2013-05-01 16:56:33 -03:00
Xavier Noria
b8e2664250 Ruby On Rails -> Ruby on Rails [ci skip] 2013-04-16 17:06:16 +02:00
sthollmann
164af1f967 ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer available at the previous location 2013-03-27 10:46:19 +01:00
Andrew Wilcox
4e5a4cf4b2 Remove mass-assignment line from guide summary 2013-01-25 23:45:55 -05:00