kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/lib/action_dispatch/middleware
History
Jonathan Hefner 1704be74ee Strict match when choosing cookie domain for host 
Prior to this commit, when multiple cookie domains were specified, the
first domain that was a substring of the request host was chosen.  This
allowed, for example, the "example.com" domain to be chosen when the
request host was "example.com.au" or even "myexample.com".

This commit ensures a domain is chosen only if it is equal to or is a
superdomain of the request host.

Fixes #37760.
2020-06-10 02:17:39 -05:00
..
session Fix possible information leak / session hijacking vulnerability. 2019-12-18 17:01:09 -03:00
templates Fix typos [ci skip] 2020-04-22 21:43:37 -07:00
actionable_exceptions.rb Refactor after the most recent code review 2019-04-19 14:15:41 +09:00
callbacks.rb Enable Style/RedundantBegin cop to avoid newly adding redundant begin block 2018-12-21 06:12:42 +09:00
cookies.rb Strict match when choosing cookie domain for host 2020-06-10 02:17:39 -05:00
debug_exceptions.rb Remove deprecation silencing in debug exceptions 2020-03-29 23:02:08 +01:00
debug_locks.rb Add Style/RedundantFreeze to remove redudant .freeze 2018-09-29 07:18:44 +00:00
debug_view.rb Auto-correct Style/RedundantBegin offence 2019-05-08 19:34:31 +09:00
exception_wrapper.rb Reuse the exception class name in all places in the wrapper 2019-07-16 14:33:47 +01:00
executor.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
flash.rb Add Style/RedundantFreeze to remove redudant .freeze 2018-09-29 07:18:44 +00:00
host_authorization.rb Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
public_exceptions.rb Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
reloader.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
remote_ip.rb Revert "Don’t ignore X-Forwarded-For IPs with ports attached" 2020-05-12 08:07:17 -04:00
request_id.rb Add Style/RedundantFreeze to remove redudant .freeze 2018-09-29 07:18:44 +00:00
show_exceptions.rb Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
ssl.rb Default HSTS max-age directive to 2 years 2020-01-29 14:46:39 +01:00
stack.rb Delayed middleware delete does not allow move operations 2020-01-08 11:30:02 +02:00
static.rb Precompressed static file refactor 2020-06-01 08:57:05 -07:00