TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
56,181 Commits 2 Branches 0 Tags 294 MiB
baae952588
Commit Graph

95 Commits

Author SHA1 Message Date
Genadi Samokovarov
c29fbd3c7a ApplicationRecord documentation pass 
This is a pass over the documentation which fills the missing gaps of
`ApplicationRecord`.

[ci skip]
 2015-12-17 11:56:35 +01:00
Existent Ltd
6cadc4d96a Fix a couple of grammatical errors in security.md 2015-12-16 14:36:46 +00:00
Vijay Dev
b217354dbb Merge branch 'master' of github.com:rails/docrails 2015-10-31 17:01:41 +00:00
amitkumarsuroliya
aa37991e43 Improved KeyError messages on bang version, since commit e768c519fb bang version produces KeyError [ci skip] 2015-10-11 02:40:29 +05:30
Andy Lampert
705847578e Improve readability in CSRF section of guide 2015-10-07 22:11:34 -06:00
tanmay3011
148d1217a1 [ci skip] Change 'an URL' to 'a URL' as URL doesn't have a vowel sound 2015-10-06 23:34:05 +05:30
Sean Collins
19b626a31a Update text on CSS Injection / Myspace 
[skip ci]
 2015-10-03 12:42:33 -06:00
Jeremy Daer
4d77e02d34 Clarify CSRF <script> purpose and protection. Note how to deal with your own <script> tags. 
Ref #21618

[ci skip]
 2015-09-16 08:56:16 -07:00
Anshul Agrawal
570cd24816 Improved explanation of the <script> tag CSRF behavior 2015-09-14 11:35:16 +05:30
Vijay Dev
4f252cddc1 Merge branch 'master' of github.com:rails/rails 
Conflicts:
	guides/source/security.md
 2015-08-24 06:05:07 +00:00
Vijay Dev
5bcb454ba4 add commas removed earlier [ci skip] 2015-08-24 04:32:09 +00:00
Alexey Markov
0b18876e15 Add bold to lists' titles [ci skip] 2015-08-21 10:19:38 +03:00
Alexey Markov
81cec09aac Small fixes [ci skip] 2015-08-20 21:36:58 +03:00
Alexey Markov
76c2f01fcb Small fixes [ci skip] 2015-08-17 23:09:31 +03:00
Robin Dupret
f51d142881 Tiny documentation fixes [ci skip] 2015-08-11 15:35:35 +02:00
Dhia Eddine Chouchane
a42ca131a5 [ci skip] Typo fixed 2015-08-06 09:21:03 +01:00
Dhia Eddine Chouchane
87f0e6719f Outdated information about session storage updated [ci skip] 
The guide contains information about Rails 2 storing mechanism, but not Rails 4. 
Enhanced the accuracy and coherence of information (There was a part saying "Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore." while there was no mention of EncryptedCookieStore before)
 2015-08-06 09:08:11 +01:00
yui-knk
33a72824b8 [ci skip] Fix to a, b and c format 2015-07-25 10:21:32 +09:00
yui-knk
f9015ada7e [ci skip] Fix minor typo 
* Remove `,`
* Fix `&lt`; -> `&lt;`
 2015-07-24 23:07:16 +09:00
yui-knk
0868b4cec9 [ci skip] Minor fix 
* add a space
* add a `.`
 2015-07-24 22:15:08 +09:00
Mauro George
35373fd54b Add to Security guides the secrets.yml 
[ci skip]
 2015-07-06 09:21:15 -03:00
Yoong Kang Lim
ad6e508039 [ci skip] Replace dead link about HttpOnly cookies. 2015-05-28 10:35:54 +10:00
karanarora
bb4ef33b0a Rails documentation standard is american english. [ci skip] 2015-05-20 20:39:41 +05:30
Ankit Gupta
dcb5154e09 updating the links, they were removed in cc30f5f9 [ci skip] 
new links as per pull request comment #20160 (OWASP guides)
 2015-05-19 11:46:34 -04:00
Ankit Gupta
cc30f5f92a Dead blog/site links [ci skip] 2015-05-14 19:46:38 -04:00
Faruk AYDIN
a834c64a75 promote :except option instead of :only for before action docs [ci skip] 2015-05-09 17:36:05 +03:00
Anton Davydov
8a40bf2081 [skip ci] Fix typos in actionpack changelog and security guide 2015-05-07 14:49:34 +03:00
Zachary Scott
163de75707 Merge pull request #19446 from andersonDadario/fix_security_guide_captcha_03_21_2015 
Fix security guide captcha 03 21 2015 [ci skip]
 2015-04-14 16:53:09 -07:00
Santosh Wadghule
2e1fefffab Remove old and not working link. [ci skip] 2015-03-28 01:09:52 +05:30
Anderson Dadario
f612433710 [ci skip] Fix for Security Guide - Captcha Section 2015-03-22 07:55:45 -03:00
Xavier Noria
7ba24831d7 Merge pull request #18503 from vipulnsward/guides-in-on 
Changed `IN` to `ON` in markdown renderer condition
 2015-01-14 11:35:34 +01:00
Vipul A M
5cfaf5a46e - Changed IN to ON in markdown renderer condition 
- Changed `IN` to `ON` in all note sentences in guides.
 2015-01-14 11:52:13 +05:30
Andrey Nering
9c021884ed Guides: Removing reference to blog that is not updated anymore [ci skip] 2015-01-13 15:54:45 -02:00
Robin Dupret
d0703280c7 Avoid displaying new lines inside note paragraphs 
Commit 65a2977 added a `pre-wrap` style for white spaces on `.note`
paragraphs. However, this is first inconsistent as other notes like
warnings don't have this style applied. Furthermore, it seems to be
unneeded for mobile devices.

Also revert changes made in #18147 since they aren't needed anymore.

Cross-refs #18138.

[ci skip]
 2015-01-03 12:58:19 +01:00
Xavier Noria
7702974281 warn about reading guides in GitHub 
References #18148.
 2014-12-23 23:32:50 +01:00
Andrey Nering
024edd365b Do not use line breaks on notes [ci skip] 
References #18138
 2014-12-22 15:25:32 -02:00
Zachary Scott
84af1e6d07 s/a unobtrusive/an unobtrusive [ci skip] 2014-12-22 06:51:21 -05:00
Andrey Nering
f7d81c924f Add note about Ajax and CSRF-Token [ci skip] 2014-12-20 14:33:55 -02:00
Chris Sinjakli
8f8ccb9901 Don't convert empty arrays to nils when deep munging params 2014-12-15 14:51:07 +00:00
Javier Vidal
ee5dfe2727 Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip] 
The URL

http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352

points to an article titled 'The H is closing down'. The good one is:

http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
 2014-11-22 16:48:58 +01:00
Tom Kadwill
5e0f9e40a3 [ci skip] re-worded section on CookieStore to make it more readable. 2014-08-16 17:10:40 +01:00
Rafael Mendonça França
a59b9e2284 Point to rubygems instead of Rails GitHub. [ci skip] 
The rails repository is not the official plugin anymore
 2014-08-15 10:45:53 -03:00
Arun Agrawal
967a2ff998 Fixed link for in_place_editor [ci skip] 
closes #16512
 2014-08-15 15:43:21 +02:00
Nishant Modak
da5ac71885 correct markdown usage [ci skip] 2014-07-09 01:32:44 +05:30
Gaurav Sharma
19ef270923 remove rubyforge.org that was shut down [ci skip] 2014-06-06 22:26:56 +05:30
Hendy Tanata
f52a13cdf4 Replace first person point of view on guides. 
[skip ci]
 2014-05-16 17:15:00 -07:00
Kyle Heironimus
830839c3ec [ci skip] Security guide clarity. 2014-05-01 14:09:09 -05:00
Nick Quaranto
66e5844b9a Remove statement assuming coffee shop/public space wifi is inherently insecure 2014-04-19 15:19:09 -04:00
PaulL1
d3152750b7 Include default rails protect_from_forgery with: :exception 
Extend previous changes, include the default line from the application controller that new rails applications are created with: 
  protect_from_forgery with: :exception

Minor wording changes to align.
 2014-04-17 21:20:17 +02:00
PaulL1
92fd44b35d CSRF protection should rescue exception not extend 
I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found.  The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned.

I think the best approach now is to catch the exception, although I'm not 100% certain on that.
 2014-04-17 14:04:40 +02:00