e8d783ff87
## Rails 6.1.5.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 6.1.5 (March 09, 2022) ## * Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, "https://example.com"] } end ``` With this fix the policy generated from above will now be valid. *Edouard Chin* * Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813. *Nikita Vyrko* * Dup arrays that get "converted". Fixes #43681. *Aaron Patterson* * Don't show deprecation warning for equal paths. *Anton Rieder* * Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094. *Alex Ghiculescu* * Add fallback host for SystemTestCase driven by RackTest. Fixes #42780. *Petrik de Heus* * Add more detail about what hosts are allowed. *Alex Ghiculescu* |
||
---|---|---|
.. | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |