kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test/dispatch
History
Tim Wade 803f87567f
Generate content security policy for non-HTML responses 
One feature of the content security policy DSL, though undocumented,
is that it will not generate headers for non-HTML responses, even if a
configuration is explicitly provided. While it may not seem obvious
that anyone would want to send this header in an API response, Mozilla
Observatory, for instance, recommends the following for API responses:

`Content-Security-Policy: default-src 'none'; frame-ancestors 'none'`

(source: https://observatory.mozilla.org/faq/)

The Secure Headers gem also makes recommendations about the content
security policy for API responses: https://github.com/github/secure_headers#api-configurations

As such, this removes the HTML guard clause from the
`ContentSecurityPolicy` middleware.
2022-03-07 16:24:14 -08:00
..
request Use static message when raising HTTP request parameter parse errors 2021-08-28 11:56:05 -05:00
routing Delete concerns_executes_block_in_context_of_current_mapper test 2022-02-06 14:45:54 +00:00
session Stringify keys in session.merge! 2022-02-05 11:23:45 +01:00
system_testing Remove deprecated ActionDispatch::SystemTestCase#host! 2021-11-17 21:51:14 +00:00
actionable_exceptions_test.rb Only allow ActionableErrors if show_detailed_exceptions is enabled 2020-06-17 07:59:57 -07:00
callbacks_test.rb Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
content_disposition_test.rb Escape # in RFC 5987 pattern 2020-08-31 10:31:30 -04:00
content_security_policy_test.rb Generate content security policy for non-HTML responses 2022-03-07 16:24:14 -08:00
cookies_test.rb Consider onion services secure for cookies 2021-11-26 14:52:09 -05:00
debug_exceptions_test.rb Pass log_rescued_responses as environment config 2021-07-19 00:08:30 +01:00
debug_locks_test.rb Fix can't modify frozen String error in DebugLocks 2017-08-28 21:48:05 +09:00
exception_wrapper_test.rb Skip logging backtrace when exception is in rescue_responses 2021-06-24 23:04:12 -04:00
executor_test.rb Fix style and misspell in action dispatch executor test 2022-02-11 14:55:33 -05:00
header_test.rb Remove Rubocop's comments from Rails code base 2018-07-26 23:37:31 +03:00
host_authorization_test.rb Allow IPs with port in the HostAuthorization middleware 2021-12-15 21:41:50 +00:00
live_response_test.rb Allow 'private, no-store' Cache-Control header 2021-04-05 14:20:17 +10:00
mapper_test.rb Allow multiline to be passed in routes when using wildcards. 2021-10-13 19:14:20 -04:00
middleware_stack_test.rb Add back Rack::Runtime to the default middleware stack. 2021-09-15 18:37:34 -04:00
mime_type_test.rb Prevent catastrophic backtracking during mime parsing 2021-05-04 13:49:41 -07:00
mount_test.rb mounted routes with non-word characters 2019-04-15 15:11:13 +02:00
permissions_policy_test.rb Use Feature-Policy header name for now 2020-11-19 16:08:09 +01:00
prefix_generation_test.rb Remove body content from redirect responses 2022-02-25 13:31:54 -04:00
rack_cache_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
reloader_test.rb Replace assert ! with assert_not 2018-04-19 08:11:33 -04:00
request_id_test.rb Fix tests with Ruby 3 2020-10-30 02:20:04 +00:00
request_test.rb Replace ableist language 2021-10-05 22:27:09 -04:00
response_test.rb Remove X-Download-Options default header 2022-01-06 10:03:17 +01:00
routing_assertions_test.rb chore: fix spelling 2021-04-15 15:49:48 +10:00
routing_test.rb Remove body content from redirect responses 2022-02-25 13:31:54 -04:00
runner_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
server_timing_test.rb Add Server Timing middleware (#36289) 2021-09-19 21:27:07 -07:00
show_exceptions_test.rb Raise more specific exception for invalid mime type from user-agent 2020-10-07 11:49:56 -04:00
ssl_test.rb quietly handle unknown HTTP methods in Action Dispatch SSL middleware 2020-12-28 07:27:50 -05:00
static_test.rb Allow rails to serve brotli encoded assets 2020-06-01 08:57:02 -07:00
test_request_test.rb Replace more ableist language 2021-10-07 11:47:28 -04:00
test_response_test.rb Remove deprecated methods in ActionDispatch::TestResponse 2019-01-17 16:08:31 -05:00
uploaded_file_test.rb Restore UploadedFile compatibility with IO.copy_stream 2019-02-23 23:36:58 +01:00
url_generation_test.rb Fix setting trailing_slash: true in route definition 2022-02-15 10:44:33 +01:00