diff options
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 135 |
1 files changed, 124 insertions, 11 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 4ab0857a66..8eea4ccd41 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,105 @@ +* Using strings or symbols for middleware class names is deprecated. Convert + things like this: + + middleware.use "Foo::Bar" + + to this: + + middleware.use Foo::Bar + +* ActionController::TestSession now accepts a default value as well as + a block for generating a default value based off the key provided. + + This fixes calls to session#fetch in ApplicationController instances that + take more two arguments or a block from raising `ArgumentError: wrong + number of arguments (2 for 1)` when performing controller tests. + + *Matthew Gerrior* + +* Fix `ActionController::Parameters#fetch` overwriting `KeyError` returned by + default block. + + *Jonas Schuber Erlandsson*, *Roque Pinel* + +* `ActionController::Parameters` no longer inherits from + `HashWithIndifferentAccess` + + Inheriting from `HashWithIndifferentAccess` allowed users to call any + enumerable methods on `Parameters` object, resulting in a risk of losing the + `permitted?` status or even getting back a pure `Hash` object instead of + a `Parameters` object with proper sanitization. + + By not inheriting from `HashWithIndifferentAccess`, we are able to make + sure that all methods that are defined in `Parameters` object will return + a proper `Parameters` object with a correct `permitted?` flag. + + *Prem Sichanugrist* + +* Replaced `ActiveSupport::Concurrency::Latch` with `Concurrent::CountDownLatch` + from the concurrent-ruby gem. + + *Jerry D'Antonio* + +* Add ability to filter parameters based on parent keys. + + # matches {credit_card: {code: "xxxx"}} + # doesn't match {file: { code: "xxxx"}} + config.filter_parameters += [ "credit_card.code" ] + + See #13897. + + *Guillaume Malette* + +* Deprecate passing first parameter as `Hash` and default status code for `head` method. + + *Mehmet Emin İNAÇ* + +* Adds`Rack::Utils::ParameterTypeError` and `Rack::Utils::InvalidParameterError` + to the rescue_responses hash in `ExceptionWrapper` (Rack recommends + integrators serve 400s for both of these). + + *Grey Baker* + +* Add support for API only apps. + ActionController::API is added as a replacement of + ActionController::Base for this kind of applications. + + *Santiago Pastorino & Jorge Bejar* + +* Remove `assigns` and `assert_template`. Both methods have been extracted + into a gem at https://github.com/rails/rails-controller-testing. + + See #18950. + + *Alan Guo Xiang Tan* + +* `FileHandler` and `Static` middleware initializers accept `index` argument + to configure the directory index file name. Defaults to `index` (as in + `index.html`). + + See #20017. + + *Eliot Sykes* + +* Deprecate `:nothing` option for `render` method. + + *Mehmet Emin İNAÇ* + +* Fix `rake routes` not showing the right format when + nesting multiple routes. + + See #18373. + + *Ravil Bayramgalin* + +* Add ability to override default form builder for a controller. + + class AdminController < ApplicationController + default_form_builder AdminFormBuilder + end + + *Kevin McPhillips* + * For actions with no corresponding templates, render `head :no_content` instead of raising an error. This allows for slimmer API controller methods that simply work, without needing further instructions. @@ -27,14 +129,24 @@ *Kohei Suzuki* -* Fix handling of empty X_FORWARDED_HOST header in raw_host_with_port +* Fix handling of empty `X_FORWARDED_HOST` header in `raw_host_with_port`. - Previously, an empty X_FORWARDED_HOST header would cause - Actiondispatch::Http:URL.raw_host_with_port to return nil, causing - Actiondispatch::Http:URL.host to raise a NoMethodError. + Previously, an empty `X_FORWARDED_HOST` header would cause + `Actiondispatch::Http:URL.raw_host_with_port` to return `nil`, causing + `Actiondispatch::Http:URL.host` to raise a `NoMethodError`. *Adam Forsyth* +* Allow `Bearer` as token-keyword in `Authorization-Header`. + + Aditionally to `Token`, the keyword `Bearer` is acceptable as a keyword + for the auth-token. The `Bearer` keyword is described in the original + OAuth RFC and used in libraries like Angular-JWT. + + See #19094. + + *Peter Schröder* + * Drop request class from RouteSet constructor. If you would like to use a custom request class, please subclass and implement @@ -94,7 +206,8 @@ *arthurnn* * `ActionController#translate` supports symbols as shortcuts. - When shortcut is given it also lookups without action name. + When a shortcut is given it also performs the lookup without the action + name. *Max Melentiev* @@ -162,13 +275,13 @@ * Preserve default url options when generating URLs. - Fixes an issue that would cause default_url_options to be lost when + Fixes an issue that would cause `default_url_options` to be lost when generating URLs with fewer positional arguments than parameters in the route definition. *Tekin Suleyman* -* Deprecate *_via_redirect integration test methods. +* Deprecate `*_via_redirect` integration test methods. Use `follow_redirect!` manually after the request call for the same behavior. @@ -191,11 +304,11 @@ *Jonas Baumann* -* Deprecate all *_filter callbacks in favor of *_action callbacks. +* Deprecate all `*_filter` callbacks in favor of `*_action` callbacks. *Rafael Mendonça França* -* Allow you to pass `prepend: false` to protect_from_forgery to have the +* Allow you to pass `prepend: false` to `protect_from_forgery` to have the verification callback appended instead of prepended to the chain. This allows you to let the verification step depend on prior callbacks. @@ -266,7 +379,7 @@ * Ensure `append_info_to_payload` is called even if an exception is raised. - Fixes an issue where when an exception is raised in the request the additonal + Fixes an issue where when an exception is raised in the request the additional payload data is not available. See: @@ -297,7 +410,7 @@ * Stop converting empty arrays in `params` to `nil`. - This behaviour was introduced in response to CVE-2012-2660, CVE-2012-2694 + This behavior was introduced in response to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 ActiveRecord now issues a safe query when passing an empty array into |