Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on Jan 18, 2015
  1. Merge pull request #93 from strzibny/master

    Fix permissions back to 0644
Commits on Jan 16, 2015
  1. strzibny

    Fix permissions back to 0644

    strzibny authored
Commits on Apr 8, 2014
  1. v1.5.3

    Thais Camilo and Konstantin Haase authored committed
Commits on Mar 13, 2014
  1. Merge pull request #76 from ujifgc/clarify-warning

    clarify reaction warning, test it
  2. Igor Bochkariov
Commits on Feb 4, 2014
  1. Merge pull request #74 from statianzo/invalid-referer

    Discard invalid Referer header
Commits on Jan 23, 2014
  1. Jason Staten

    fix typoed header name

    statianzo authored
  2. Jason Staten

    refactor instantiation

    statianzo authored
  3. Jason Staten

    Discard invalid Referer header

    statianzo authored
    If an invalid Referer header such as "|uri" is
    provided, ignore the value of it and skip using the Host header fallback.
Commits on Jan 15, 2014
  1. v1.5.2

  2. deal with rbx travis setup later

Commits on Jan 3, 2014
  1. Merge pull request #73 from rennex/fix_session_hijacking

    Ignore changing Accept-Encoding header, fixes #56
  2. rennex
Commits on Nov 22, 2013
  1. Merge pull request #71 from vipulnsward/remove_request_var

    Don't create request since it is unused.
Commits on Nov 21, 2013
  1. Vipul A M
Commits on Oct 21, 2013
  1. v1.5.1

  2. let json_csrf always deny, fixes #50

  3. add lincense, fixes #62

Commits on Sep 12, 2013
  1. Merge pull request #68 from pje/set-authenticity-token

    Ensure that session contains a csrf token after "safe" requests
Commits on Sep 10, 2013
  1. Patrick Ellis
  2. Patrick Ellis

    Ensure that session contains a csrf token after "safe" requests

    pje authored
    Currently, `AuthenticityToken#accepts?` will only add an authenticity
    token to the session if the request is "unsafe". By default, this means
    that the first POST/PUT/DELETE request from every session is guaranteed
    to fail. (see: #60)
    This changeset rearranges a few lines in `AuthenticityToken#accepts?` to
    do conditional assignment of `session[:csrf]` every time the method is
    called--even for safe requests.
Commits on Sep 9, 2013
  1. Merge pull request #69 from pje/make-random-string-length-consistent

    ensure Rack::Protection::Base#random_string always outputs 32 characters
  2. Patrick Ellis
Commits on Sep 3, 2013
  1. Merge pull request #65 from dariocravero/configurable-authenticity-to…

    Implemented an authenticity_param option on AuthenticityToken
  2. Merge pull request #66 from digitaloceancloud/master

    Add instrumentation support
Commits on Aug 21, 2013
  1. Brooke McKim
Commits on Aug 6, 2013
  1. Darío Javier Cravero

    Added the option `:authenticity_param` to the `AuthenticityToken`

    dariocravero authored
    protection to allow for a different param name to be sent/expected by the
    application that uses it.
Commits on Jun 7, 2013
  1. Merge pull request #58 from jeffWelling/encoding_fix

    Encoding fix
Commits on May 15, 2013
  1. Jeff Welling

    Use magic comment

    jeffWelling authored
Commits on May 12, 2013
  1. Jeff Welling
Commits on Apr 16, 2013
  1. Merge pull request #54 from dayflower/fix_path_encoding

    Fix PathTraversal to leave encoding of PATH_INFO unchanged
  2. ITO Nobuaki
  3. ITO Nobuaki
Something went wrong with that request. Please try again.