1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Commit graph

15 commits

Author SHA1 Message Date
Greg Campbell
4003a5bd76 Address CVE-2014-4671 (JSONP Flash exploit)
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
2014-07-09 11:37:19 -07:00
Jeremy Kemper
1650bb3d56 CSRF protection from cross-origin <script> tags
Thanks to @homakov for sounding the alarm about JSONP-style data leaking
2013-12-17 13:14:17 -07:00
Carlos Antonio da Silva
65df4c53c2 Add changelog entry for jsonp mimetype change, fix failing test
Fix failing test: Mime::JS generates "text/javascript"
2012-04-29 12:01:05 -03:00
José Valim
d4dd1af341 Merge pull request #2321 from omjokine/master
JSONP should use mimetype application/javascript
2012-04-29 01:13:39 -07:00
Karunakar (Ruby)
131c9ba9d0 Moving to logger methods to ActiveSupport Logger 2011-12-24 00:17:21 +05:30
José Valim
0a4035b12a Revert the serializers API as other alternatives are now also under discussion 2011-11-25 19:29:39 +00:00
José Valim
7fcc8c0a1f Rely solely on active_model_serializer and remove the fancy constant lookup. 2011-11-23 23:45:27 +00:00
Jose and Yehuda
8ff7693a8d Initial commit of serializer support 2011-10-15 18:40:37 +02:00
Olli Jokinen
fae9ad9c71 fixed test case test_render_json_with_callback to use content_type application/javascript 2011-07-28 15:39:04 +03:00
Neeraj Singh
806e6f80dc render_to_string must ensure that response_body
is nil

[ #5875 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
2011-01-25 20:14:03 +01:00
Diego Carrion
72f37bd8bc renderer calls object.to_json when rendering :json => object [#5655 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
2010-09-27 23:11:29 +02:00
José Valim
81fb742488 Always downstream given options in :json, :xml and :js renderers and add tests for it. 2010-04-22 12:12:38 +02:00
José Valim
a39c7505bd Cleanup render callstack and make render(:json => {}, :status => 401) work again. 2010-02-24 22:17:25 +01:00
Joshua Peek
0540781539 Namespace TestControllers inside their test case class 2009-09-19 13:04:12 -05:00
Yehuda Katz + Carl Lerche
49a84ff69c Ported over render :file tests. 2009-05-13 17:00:59 -07:00