diff options
author | Kevin Deisz <kevin.deisz@gmail.com> | 2018-04-06 15:13:28 -0400 |
---|---|---|
committer | Kevin Deisz <kevin.deisz@gmail.com> | 2018-04-06 15:13:28 -0400 |
commit | f22bc41a92e8f51d6f6da5b840f3364474d6aaba (patch) | |
tree | 96d039056180b5228f715160fcfae41a5e7126fc /actionpack | |
parent | 03bd370c02a8fa83ab6dd01bdd99fe342c523b81 (diff) | |
download | rails-f22bc41a92e8f51d6f6da5b840f3364474d6aaba.tar.gz rails-f22bc41a92e8f51d6f6da5b840f3364474d6aaba.tar.bz2 rails-f22bc41a92e8f51d6f6da5b840f3364474d6aaba.zip |
Include default headers by default in API mode
ActionDispatch's default headers are now moved into their own module that are by default included in both Base and API. This allows API-mode applications to take advantage of the default security headers, as well as providing an easy way to add more.
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG.md | 4 | ||||
-rw-r--r-- | actionpack/lib/action_controller.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/api.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/base.rb | 7 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/default_headers.rb | 17 |
5 files changed, 24 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 76342f7108..152ec3700b 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,7 @@ +* Move default headers configuration into their own module that can be included in controllers. + + *Kevin Deisz* + * Add method `dig` to `session`. *claudiob*, *Takumi Shotoku* diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index f43784f9f2..29d61c3ceb 100644 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -25,6 +25,7 @@ module ActionController autoload :ContentSecurityPolicy autoload :Cookies autoload :DataStreaming + autoload :DefaultHeaders autoload :EtagWithTemplateDigest autoload :EtagWithFlash autoload :Flash diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index b192e496de..93ffff1bd6 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -122,6 +122,7 @@ module ActionController ForceSSL, DataStreaming, + DefaultHeaders, # Before callbacks should also be executed as early as possible, so # also include them at the bottom. diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 204a3d400c..3378d6db0f 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -232,6 +232,7 @@ module ActionController HttpAuthentication::Basic::ControllerMethods, HttpAuthentication::Digest::ControllerMethods, HttpAuthentication::Token::ControllerMethods, + DefaultHeaders, # Before callbacks should also be executed as early as possible, so # also include them at the bottom. @@ -264,12 +265,6 @@ module ActionController PROTECTED_IVARS end - def self.make_response!(request) - ActionDispatch::Response.create.tap do |res| - res.request = request - end - end - ActiveSupport.run_load_hooks(:action_controller_base, self) ActiveSupport.run_load_hooks(:action_controller, self) end diff --git a/actionpack/lib/action_controller/metal/default_headers.rb b/actionpack/lib/action_controller/metal/default_headers.rb new file mode 100644 index 0000000000..eef0602fcd --- /dev/null +++ b/actionpack/lib/action_controller/metal/default_headers.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +module ActionController + # Allows configuring default headers that will be automatically merged into + # each response. + module DefaultHeaders + extend ActiveSupport::Concern + + module ClassMethods + def make_response!(request) + ActionDispatch::Response.create.tap do |res| + res.request = request + end + end + end + end +end |