1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionpack/test
Rafael Mendonça França 4ace047c91
Add back Rack::Runtime to the default middleware stack.
We were planning to remove this middleware because we thought it could
make easier to attacker to do a Time Attack. However, while
Rack::Runtime can indeed be used to know how long a request took, and
compare with other requests, it doesn't provide any information that
can't be found in the total time of the request as well.

Instead of removing the middleware, we decided to keep it, and direct
users to instead of removing it, use its information to uncover actions
that are vulnerable to Time Attack.

This reverts commit 127dd06df6, reversing
changes made to 4354e3ae49.
2021-09-15 18:37:34 -04:00
..
abstract Fix generated MIME methods to recognize kwargs 2021-08-07 13:59:08 +09:00
assertions Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
controller Don't show deprecation warning for equal paths 2021-09-08 11:45:19 +02:00
dispatch Add back Rack::Runtime to the default middleware stack. 2021-09-15 18:37:34 -04:00
fixtures Allow rails to serve brotli encoded assets 2020-06-01 08:57:02 -07:00
journey Restore the behavior of journey root node methods 2021-08-12 09:51:38 -04:00
lib Include layout when rendering objects from controllers 2020-10-14 11:49:45 -06:00
routing Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
support Introduce Journey::Ast to avoid extra ast walks 2021-07-29 16:23:11 -04:00
abstract_unit.rb Let the Action Pack autoload with Zeitwerk 2021-08-21 20:20:23 +02:00