69fc0e1b5e
This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks. |
||
|---|---|---|
| .. | ||
| abstract_controller | ||
| action_controller | ||
| action_dispatch | ||
| action_pack | ||
| abstract_controller.rb | ||
| action_controller.rb | ||
| action_dispatch.rb | ||
| action_pack.rb | ||