1704be74ee
Prior to this commit, when multiple cookie domains were specified, the first domain that was a substring of the request host was chosen. This allowed, for example, the "example.com" domain to be chosen when the request host was "example.com.au" or even "myexample.com". This commit ensures a domain is chosen only if it is equal to or is a superdomain of the request host. Fixes #37760. |
||
---|---|---|
.. | ||
abstract_controller | ||
action_controller | ||
action_dispatch | ||
action_pack | ||
abstract_controller.rb | ||
action_controller.rb | ||
action_dispatch.rb | ||
action_pack.rb |