kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test
History
Jon Leighton a500b4796f Improve logging when Origin header doesn't match 
I came up against this while dealing with a misconfigured server. The
browser was setting the Origin header to "https://example.com", but the
Rails app returned "http://example.com" from request.base_url (because
it was failing to detect that HTTPS was used).

This caused verify_authenticity_token to fail, but the message in the
log was "Can't verify CSRF token", which is confusing because the
failure had nothing to do with the CSRF token sent in the request. This
made it very hard to identify the issue, so hopefully this will make it
more obvious for the next person.
2017-04-06 16:03:35 +01:00
..
abstract Add more rubocop rules about whitespaces 2016-10-29 01:17:49 -02:00
assertions Improve assert_response helper 2016-09-14 11:30:09 -04:00
controller Improve logging when Origin header doesn't match 2017-04-06 16:03:35 +01:00
dispatch Make driven_by overridable 2017-03-29 09:04:30 +09:00
fixtures Add more rubocop rules about whitespaces 2016-10-29 01:17:49 -02:00
journey Properly escape test names 2017-02-02 19:58:17 +09:00
lib/controller class Foo < Struct.new(:x) creates an extra unneeded anonymous class 2017-01-13 15:13:47 +09:00
routing applies new string literal convention in actionpack/test 2016-08-06 18:54:50 +02:00
tmp
abstract_unit.rb Call system test driver per-instance rather than globally 2017-03-09 10:52:05 -05:00