diff options
Diffstat (limited to 'actionpack/CHANGELOG.md')
| -rw-r--r-- | actionpack/CHANGELOG.md | 768 |
1 files changed, 159 insertions, 609 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 931313612c..c9c347ea26 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,715 +1,265 @@ -* Add request encoding and response parsing to integration tests. +* Allow keys not found in RACK_KEY_TRANSLATION for setting the environment when rendering + arbitrary templates. - What previously was: + *Sammy Larbi* - ```ruby - require 'test_helper' +* Remove deprecated support to non-keyword arguments in `ActionDispatch::IntegrationTest#process`, + `#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`. - class ApiTest < ActionDispatch::IntegrationTest - test 'creates articles' do - assert_difference -> { Article.count } do - post articles_path(format: :json), - params: { article: { title: 'Ahoy!' } }.to_json, - headers: { 'Content-Type' => 'application/json' } - end - - assert_equal({ 'id' => Article.last.id, 'title' => 'Ahoy!' }, JSON.parse(response.body)) - end - end - ``` - - Can now be written as: - - ```ruby - require 'test_helper' - - class ApiTest < ActionDispatch::IntegrationTest - test 'creates articles' do - assert_difference -> { Article.count } do - post articles_path, params: { article: { title: 'Ahoy!' } }, as: :json - end - - assert_equal({ 'id' => Article.last.id, 'title' => 'Ahoy!' }, response.parsed_body) - end - end - ``` - - Passing `as: :json` to integration test request helpers will set the format, - content type and encode the parameters as JSON. - - Then on the response side, `parsed_body` will parse the body according to the - content type the response has. - - Currently JSON is the only supported MIME type. Add your own with - `ActionDispatch::IntegrationTest.register_encoder`. - - *Kasper Timm Hansen* - -* Add image/svg+xml as a default mime type. - - *DHH* - -## Rails 5.0.0.beta2 (February 01, 2016) ## - -* Add `-g` and `-c` options to `bin/rails routes`. These options return the url `name`, `verb` and - `path` field that match the pattern or match a specific controller. - - Deprecate `CONTROLLER` env variable in `bin/rails routes`. - - See #18902. - - *Anton Davydov* & *Vipul A M* - -* Response etags to always be weak: Prefixes 'W/' to value returned by - `ActionDispatch::Http::Cache::Response#etag=`, such that etags set in - `fresh_when` and `stale?` are weak. - - Fixes #17556. - - *Abhishek Yadav* - -* Provide the name of HTTP Status code in assertions. - - *Sean Collins* - -* More explicit error message when running `rake routes`. `CONTROLLER` argument - can now be supplied in different ways: - `Rails::WelcomeController`, `Rails::Welcome`, `rails/welcome`. - - Fixes #22918. - - *Edouard Chin* - -* Allow `ActionController::Parameters` instances as an argument to URL - helper methods. An `ArgumentError` will be raised if the passed parameters - are not secure. - - Fixes #22832. - - *Prathamesh Sonpatki* - -* Add option for per-form CSRF tokens. - - *Greg Ose & Ben Toews* - -* Add tests and documentation for `ActionController::Renderers::use_renderers`. - - *Benjamin Fleischer* - -* Fix `ActionController::Parameters#convert_parameters_to_hashes` to return filtered - or unfiltered values based on from where it is called, `to_h` or `to_unsafe_h` - respectively. - - Fixes #22841. - - *Prathamesh Sonpatki* - -* Add `ActionController::Parameters#include?` - - *Justin Coyne* - -## Rails 5.0.0.beta1 (December 18, 2015) ## - -* Deprecate `redirect_to :back` in favor of `redirect_back`, which accepts a - required `fallback_location` argument, thus eliminating the possibility of a - `RedirectBackError`. - - *Derek Prior* - -* Add `redirect_back` method to `ActionController::Redirecting` to provide a - way to safely redirect to the `HTTP_REFERER` if it is present, falling back - to a provided redirect otherwise. - - *Derek Prior* - -* `ActionController::TestCase` will be moved to it's own gem in Rails 5.1 - - With the speed improvements made to `ActionDispatch::IntegrationTest` we no - longer need to keep two separate code bases for testing controllers. In - Rails 5.1 `ActionController::TestCase` will be deprecated and moved into a - gem outside of Rails source. - - This is a documentation deprecation so that going forward so new tests will use - `ActionDispatch::IntegrationTest` instead of `ActionController::TestCase`. - - *Eileen M. Uchitelle* - -* Add a `response_format` option to `ActionDispatch::DebugExceptions` - to configure the format of the response when errors occur in - development mode. - - If `response_format` is `:default` the debug info will be rendered - in an HTML page. In the other hand, if the provided value is `:api` - the debug info will be rendered in the original response format. - - *Jorge Bejar* - -* Change the `protect_from_forgery` prepend default to `false`. - - Per this comment - https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want - `protect_from_forgery` to default to `prepend: false`. - - `protect_from_forgery` will now be inserted into the callback chain at the - point it is called in your application. This is useful for cases where you - want to `protect_from_forgery` after you perform required authentication - callbacks or other callbacks that are required to run after forgery protection. - - If you want `protect_from_forgery` callbacks to always run first, regardless of - position they are called in your application then you can add `prepend: true` - to your `protect_from_forgery` call. - - Example: - - ```ruby - protect_from_forgery prepend: true - ``` - - *Eileen M. Uchitelle* - -* In url_for, never append a question mark to the URL when the query string - is empty anyway. (It used to do that when called like `url_for(controller: - 'x', action: 'y', q: {})`.) - - *Paul Grayson* - -* Catch invalid UTF-8 querystring values and respond with BadRequest - - Check querystring params for invalid UTF-8 characters, and raise an - ActionController::BadRequest error if present. Previously these strings - would typically trigger errors further down the stack. - - *Grey Baker* - -* Parse RSS/ATOM responses as XML, not HTML. - - *Alexander Kaupanin* - -* Show helpful message in `BadRequest` exceptions due to invalid path - parameter encodings. - - Fixes #21923. - - *Agis Anastasopoulos* - -* Add the ability of returning arbitrary headers to `ActionDispatch::Static`. - - Now ActionDispatch::Static can accept HTTP headers so that developers - will have control of returning arbitrary headers like - 'Access-Control-Allow-Origin' when a response is delivered. They can be - configured with `#config`: - - Example: - - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=60", - "Access-Control-Allow-Origin" => "http://rubyonrails.org" - } - - *Yuki Nishijima* - -* Allow multiple `root` routes in same scope level. Example: - - Example: - - root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) } - root 'landing#show' - - *Rafael Sales* - -* Fix regression in mounted engine named routes generation for app deployed to - a subdirectory. `relative_url_root` was prepended to the path twice (e.g. - "/subdir/subdir/engine_path" instead of "/subdir/engine_path") - - Fixes #20920. Fixes #21459. - - *Matthew Erhard* - -* `ActionDispatch::Response#new` no longer applies default headers. If you want - default headers applied to the response object, then call - `ActionDispatch::Response.create`. This change only impacts people who are - directly constructing an `ActionDispatch::Response` object. - -* Accessing mime types via constants like `Mime::HTML` is deprecated. Please - change code like this: - - Mime::HTML - - To this: - - Mime[:html] - - This change is so that Rails will not manage a list of constants, and fixes - an issue where if a type isn't registered you could possibly get the wrong - object. - - `Mime[:html]` is available in older versions of Rails, too, so you can - safely change libraries and plugins and maintain compatibility with - multiple versions of Rails. - -* `url_for` does not modify its arguments when generating polymorphic URLs. - - *Bernerd Schaefer* - -* Make it easier to opt in to `config.force_ssl` and `config.ssl_options` by - making them less dangerous to try and easier to disable. - - SSL redirect: - * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. - * Introduce `:status` and `:body` to customize the redirect response. - The 301 permanent default makes it difficult to test the redirect and - back out of it since browsers remember the 301. Test with a 302 or 307 - instead, then switch to 301 once you're confident that all is well. - - HTTP Strict Transport Security (HSTS): - * Shorter max-age. Shorten the default max-age from 1 year to 180 days, - the low end for https://www.ssllabs.com/ssltest/ grading and greater - than the 18-week minimum to qualify for browser preload lists. - * Disabling HSTS. Setting `hsts: false` now sets `hsts { expires: 0 }` - instead of omitting the header. Omitting does nothing to disable HSTS - since browsers hang on to your previous settings until they expire. - Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and - actually disables HSTS: - http://tools.ietf.org/html/rfc6797#section-6.1.1 - * HSTS Preload. Introduce `preload: true` to set the `preload` flag, - indicating that your site may be included in browser preload lists, - including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: - https://hstspreload.appspot.com - - *Jeremy Daer* - -* Update `ActionController::TestSession#fetch` to behave more like - `ActionDispatch::Request::Session#fetch` when using non-string keys. - - *Jeremy Friesen* - -* Using strings or symbols for middleware class names is deprecated. Convert - things like this: - - middleware.use "Foo::Bar" - - to this: - - middleware.use Foo::Bar - -* `ActionController::TestSession` now accepts a default value as well as - a block for generating a default value based off the key provided. - - This fixes calls to `session#fetch` in `ApplicationController` instances that - take more two arguments or a block from raising `ArgumentError: wrong - number of arguments (2 for 1)` when performing controller tests. - - *Matthew Gerrior* - -* Fix `ActionController::Parameters#fetch` overwriting `KeyError` returned by - default block. - - *Jonas Schuber Erlandsson*, *Roque Pinel* - -* `ActionController::Parameters` no longer inherits from - `HashWithIndifferentAccess` + *Rafael Mendonça França* - Inheriting from `HashWithIndifferentAccess` allowed users to call any - enumerable methods on `Parameters` object, resulting in a risk of losing the - `permitted?` status or even getting back a pure `Hash` object instead of - a `Parameters` object with proper sanitization. +* Remove deprecated `ActionDispatch::IntegrationTest#*_via_redirect`. - By not inheriting from `HashWithIndifferentAccess`, we are able to make - sure that all methods that are defined in `Parameters` object will return - a proper `Parameters` object with a correct `permitted?` flag. + *Rafael Mendonça França* - *Prem Sichanugrist* +* Remove deprecated `ActionDispatch::IntegrationTest#xml_http_request`. -* Replaced `ActiveSupport::Concurrency::Latch` with `Concurrent::CountDownLatch` - from the concurrent-ruby gem. + *Rafael Mendonça França* - *Jerry D'Antonio* +* Remove deprecated support for passing `:path` and route path as strings in `ActionDispatch::Routing::Mapper#match`. -* Add ability to filter parameters based on parent keys. + *Rafael Mendonça França* - # matches {credit_card: {code: "xxxx"}} - # doesn't match {file: { code: "xxxx"}} - config.filter_parameters += [ "credit_card.code" ] +* Remove deprecated support for passing path as `nil` in `ActionDispatch::Routing::Mapper#match`. - See #13897. + *Rafael Mendonça França* - *Guillaume Malette* +* Remove deprecated `cache_control` argument from `ActionDispatch::Static#initialize`. -* Deprecate passing first parameter as `Hash` and default status code for `head` method. + *Rafael Mendonça França* - *Mehmet Emin İNAÇ* +* Remove deprecated support to passing strings or symbols to the middleware stack. -* Adds`Rack::Utils::ParameterTypeError` and `Rack::Utils::InvalidParameterError` - to the rescue_responses hash in `ExceptionWrapper` (Rack recommends - integrators serve 400s for both of these). + *Rafael Mendonça França* - *Grey Baker* +* Change HSTS subdomain to true. -* Add support for API only apps. - `ActionController::API` is added as a replacement of - `ActionController::Base` for this kind of applications. + *Rafael Mendonça França* - *Santiago Pastorino*, *Jorge Bejar* +* Remove deprecated `host` and `port` ssl options. -* Remove `assigns` and `assert_template`. Both methods have been extracted - into a gem at https://github.com/rails/rails-controller-testing. + *Rafael Mendonça França* - See #18950. +* Remove deprecated `const_error` argument in + `ActionDispatch::Session::SessionRestoreError#initialize`. - *Alan Guo Xiang Tan* + *Rafael Mendonça França* -* `FileHandler` and `Static` middleware initializers accept `index` argument - to configure the directory index file name. Defaults to `index` (as in - `index.html`). +* Remove deprecated `#original_exception` in `ActionDispatch::Session::SessionRestoreError`. - See #20017. + *Rafael Mendonça França* - *Eliot Sykes* +* Deprecate `ActionDispatch::ParamsParser::ParseError` in favor of + `ActionDispatch::Http::Parameters::ParseError`. -* Deprecate `:nothing` option for `render` method. + *Rafael Mendonça França* - *Mehmet Emin İNAÇ* +* Remove deprecated `ActionDispatch::ParamsParser`. -* Fix `rake routes` not showing the right format when - nesting multiple routes. + *Rafael Mendonça França* - See #18373. +* Remove deprecated `original_exception` and `message` arguments in + `ActionDispatch::ParamsParser::ParseError#initialize`. - *Ravil Bayramgalin* + *Rafael Mendonça França* -* Add ability to override default form builder for a controller. +* Remove deprecated `#original_exception` in `ActionDispatch::ParamsParser::ParseError`. - class AdminController < ApplicationController - default_form_builder AdminFormBuilder - end + *Rafael Mendonça França* - *Kevin McPhillips* +* Remove deprecated access to mime types through constants. -* For actions with no corresponding templates, render `head :no_content` - instead of raising an error. This allows for slimmer API controller - methods that simply work, without needing further instructions. + *Rafael Mendonça França* - See #19036. +* Remove deprecated support to non-keyword arguments in `ActionController::TestCase#process`, + `#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`. - *Stephen Bussey* + *Rafael Mendonça França* -* Provide friendlier access to request variants. +* Remove deprecated `xml_http_request` and `xhr` methods in `ActionController::TestCase`. - request.variant = :phone - request.variant.phone? # true - request.variant.tablet? # false + *Rafael Mendonça França* - request.variant = [:phone, :tablet] - request.variant.phone? # true - request.variant.desktop? # false - request.variant.any?(:phone, :desktop) # true - request.variant.any?(:desktop, :watch) # false +* Remove deprecated methods in `ActionController::Parameters`. - *George Claghorn* + *Rafael Mendonça França* -* Fix regression where a gzip file response would have a Content-type, - even when it was a 304 status code. +* Remove deprecated support to comparing a `ActionController::Parameters` + with a `Hash`. - See #19271. + *Rafael Mendonça França* - *Kohei Suzuki* +* Remove deprecated support to `:text` in `render`. -* Fix handling of empty `X_FORWARDED_HOST` header in `raw_host_with_port`. + *Rafael Mendonça França* - Previously, an empty `X_FORWARDED_HOST` header would cause - `Actiondispatch::Http:URL.raw_host_with_port` to return `nil`, causing - `Actiondispatch::Http:URL.host` to raise a `NoMethodError`. +* Remove deprecated support to `:nothing` in `render`. - *Adam Forsyth* + *Rafael Mendonça França* -* Allow `Bearer` as token-keyword in `Authorization-Header`. +* Remove deprecated support to `:back` in `redirect_to`. - Additionally to `Token`, the keyword `Bearer` is acceptable as a keyword - for the auth-token. The `Bearer` keyword is described in the original - OAuth RFC and used in libraries like Angular-JWT. + *Rafael Mendonça França* - See #19094. +* Remove deprecated support to passing status as option `head`. - *Peter Schröder* + *Rafael Mendonça França* -* Drop request class from `RouteSet` constructor. +* Remove deprecated support to passing original exception to `ActionController::BadRequest` + and the `ActionController::BadRequest#original_exception` method. - If you would like to use a custom request class, please subclass and implement - the `request_class` method. + *Rafael Mendonça França* - *tenderlove@ruby-lang.org* +* Remove deprecated methods `skip_action_callback`, `skip_filter`, `before_filter`, + `prepend_before_filter`, `skip_before_filter`, `append_before_filter`, `around_filter` + `prepend_around_filter`, `skip_around_filter`, `append_around_filter`, `after_filter`, + `prepend_after_filter`, `skip_after_filter` and `append_after_filter`. -* Fallback to `ENV['RAILS_RELATIVE_URL_ROOT']` in `url_for`. + *Rafael Mendonça França* - Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not - prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) - is set, it takes precedence. +* Show an "unmatched constraints" error when params fail to match constraints + on a matched route, rather than a "missing keys" error. - Fixes #5122. + Fixes #26470. - *Yasyf Mohamedali* + *Chris Carter* -* Partitioning of routes is now done when the routes are being drawn. This - helps to decrease the time spent filtering the routes during the first request. +* Fix adding implicitly rendered template digests to ETags. - *Guo Xiang Tan* + Fixes a case when modifying an implicitly rendered template for a + controller action using `fresh_when` or `stale?` would not result in a new + `ETag` value. -* Fix regression in functional tests. Responses should have default headers - assigned. + *Javan Makhmali* - See #18423. +* Make `fixture_file_upload` work in integration tests. - *Jeremy Kemper*, *Yves Senn* + *Yuji Yaginuma* -* Deprecate `AbstractController#skip_action_callback` in favor of individual skip_callback methods - (which can be made to raise an error if no callback was removed). +* Add `to_param` to `ActionController::Parameters` deprecations. - *Iain Beeston* + In the future `ActionController::Parameters` are discouraged from being used + in URLs without explicit whitelisting. Go through `to_h` to use `to_param`. -* Alias the `ActionDispatch::Request#uuid` method to `ActionDispatch::Request#request_id`. - Due to implementation, `config.log_tags = [:request_id]` also works in substitute - for `config.log_tags = [:uuid]`. + *Kir Shatrov* - *David Ilizarov* +* Fix nested multiple roots -* Change filter on /rails/info/routes to use an actual path regexp from rails - and not approximate javascript version. Oniguruma supports much more - extensive list of features than javascript regexp engine. + The PR #20940 enabled the use of multiple roots with different constraints + at the top level but unfortunately didn't work when those roots were inside + a namespace and also broke the use of root inside a namespace after a top + level root was defined because the check for the existence of the named route + used the global :root name and not the namespaced name. - Fixes #18402. + This is fixed by using the name_for_action method to expand the :root name to + the full namespaced name. We can pass nil for the second argument as we're not + dealing with resource definitions so don't need to handle the cases for edit + and new routes. - *Ravil Bayramgalin* + Fixes #26148. -* Non-string authenticity tokens do not raise NoMethodError when decoding - the masked token. + *Ryo Hashimoto*, *Andrew White* - *Ville Lautanala* +* Include the content of the flash in the auto-generated etag. This solves the following problem: -* Add `http_cache_forever` to Action Controller, so we can cache a response - that never gets expired. + 1. POST /messages + 2. redirect_to messages_url, notice: 'Message was created' + 3. GET /messages/1 + 4. GET /messages - *arthurnn* + Step 4 would before still include the flash message, even though it's no longer relevant, + because the etag cache was recorded with the flash in place and didn't change when it was gone. -* `ActionController#translate` supports symbols as shortcuts. - When a shortcut is given it also performs the lookup without the action - name. + *DHH* - *Max Melentiev* +* SSL: Changes redirect behavior for all non-GET and non-HEAD requests + (like POST/PUT/PATCH etc) to `http://` resources to redirect to `https://` + with a [307 status code](http://tools.ietf.org/html/rfc7231#section-6.4.7) instead of [301 status code](http://tools.ietf.org/html/rfc7231#section-6.4.2). -* Expand `ActionController::ConditionalGet#fresh_when` and `stale?` to also - accept a collection of records as the first argument, so that the - following code can be written in a shorter form. + 307 status code instructs the HTTP clients to preserve the original + request method while redirecting. It has been part of HTTP RFC since + 1999 and is implemented/recognized by most (if not all) user agents. # Before - def index - @articles = Article.all - fresh_when(etag: @articles, last_modified: @articles.maximum(:updated_at)) - end + POST http://example.com/articles (i.e. ArticlesContoller#create) + redirects to + GET https://example.com/articles (i.e. ArticlesContoller#index) # After - def index - @articles = Article.all - fresh_when(@articles) - end - - *claudiob* - -* Explicitly ignored wildcard verbs when searching for HEAD routes before fallback - - Fixes an issue where a mounted rack app at root would intercept the HEAD - request causing an incorrect behavior during the fall back to GET requests. - - Example: - - draw do - get '/home' => 'test#index' - mount rack_app, at: '/' - end - head '/home' - assert_response :success - - In this case, a HEAD request runs through the routes the first time and fails - to match anything. Then, it runs through the list with the fallback and matches - `get '/home'`. The original behavior would match the rack app in the first pass. - - *Terence Sun* - -* Migrating xhr methods to keyword arguments syntax - in `ActionController::TestCase` and `ActionDispatch::Integration` - - Old syntax: - - xhr :get, :create, params: { id: 1 } - - New syntax example: - - get :create, params: { id: 1 }, xhr: true - - *Kir Shatrov* - -* Migrating to keyword arguments syntax in `ActionController::TestCase` and - `ActionDispatch::Integration` HTTP request methods. - - Example: - - post :create, params: { y: x }, session: { a: 'b' } - get :view, params: { id: 1 } - get :view, params: { id: 1 }, format: :json - - *Kir Shatrov* - -* Preserve default url options when generating URLs. - - Fixes an issue that would cause `default_url_options` to be lost when - generating URLs with fewer positional arguments than parameters in the - route definition. - - *Tekin Suleyman* + POST http://example.com/articles (i.e. ArticlesContoller#create) + redirects to + POST https://example.com/articles (i.e. ArticlesContoller#create) -* Deprecate `*_via_redirect` integration test methods. + *Chirag Singhal* - Use `follow_redirect!` manually after the request call for the same behavior. +* Add `:as` option to `ActionController:TestCase#process` and related methods. - *Aditya Kapoor* + Specifying `as: mime_type` allows the `CONTENT_TYPE` header to be specified + in controller tests without manually doing this through `@request.headers['CONTENT_TYPE']`. -* Add `ActionController::Renderer` to render arbitrary templates - outside controller actions. + *Everest Stefan Munro-Zeisberger* - Its functionality is accessible through class methods `render` and - `renderer` of `ActionController::Base`. +* Show cache hits and misses when rendering partials. - *Ravil Bayramgalin* + Partials using the `cache` helper will show whether a render hit or missed + the cache: -* Support `:assigns` option when rendering with controllers/mailers. - - *Ravil Bayramgalin* - -* Default headers, removed in controller actions, are no longer reapplied on - the test response. - - *Jonas Baumann* - -* Deprecate all `*_filter` callbacks in favor of `*_action` callbacks. - - *Rafael Mendonça França* - -* Allow you to pass `prepend: false` to `protect_from_forgery` to have the - verification callback appended instead of prepended to the chain. - This allows you to let the verification step depend on prior callbacks. - - Example: - - class ApplicationController < ActionController::Base - before_action :authenticate - protect_from_forgery prepend: false, unless: -> { @authenticated_by.oauth? } - - private - def authenticate - if oauth_request? - # authenticate with oauth - @authenticated_by = 'oauth'.inquiry - else - # authenticate with cookies - @authenticated_by = 'cookie'.inquiry - end - end - end - - *Josef Šimánek* - -* Remove `ActionController::HideActions`. - - *Ravil Bayramgalin* - -* Remove `respond_to`/`respond_with` placeholder methods, this functionality - has been extracted to the `responders` gem. - - *Carlos Antonio da Silva* - -* Remove deprecated assertion files. - - *Rafael Mendonça França* - -* Remove deprecated usage of string keys in URL helpers. - - *Rafael Mendonça França* - -* Remove deprecated `only_path` option on `*_path` helpers. - - *Rafael Mendonça França* - -* Remove deprecated `NamedRouteCollection#helpers`. - - *Rafael Mendonça França* - -* Remove deprecated support to define routes with `:to` option that doesn't contain `#`. - - *Rafael Mendonça França* - -* Remove deprecated `ActionDispatch::Response#to_ary`. - - *Rafael Mendonça França* - -* Remove deprecated `ActionDispatch::Request#deep_munge`. - - *Rafael Mendonça França* - -* Remove deprecated `ActionDispatch::Http::Parameters#symbolized_path_parameters`. - - *Rafael Mendonça França* - -* Remove deprecated option `use_route` in controller tests. - - *Rafael Mendonça França* - -* Ensure `append_info_to_payload` is called even if an exception is raised. - - Fixes an issue where when an exception is raised in the request the additional - payload data is not available. + ``` + Rendered messages/_message.html.erb in 1.2 ms [cache hit] + Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss] + ``` - See #14903. + This removes the need for the old fragment cache logging: - *Dieter Komendera*, *Margus Pärt* + ``` + Read fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/d0bdf2974e1ef6d31685c3b392ad0b74 (0.6ms) + Rendered messages/_message.html.erb in 1.2 ms [cache hit] + Write fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/3b4e249ac9d168c617e32e84b99218b5 (1.1ms) + Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss] + ``` -* Correctly rely on the response's status code to handle calls to `head`. + Though that full output can be reenabled with + `config.action_controller.enable_fragment_cache_logging = true`. - *Robin Dupret* + *Stan Lo* -* Using `head` method returns empty response_body instead - of returning a single space " ". +* Don't override the `Accept` header in integration tests when called with `xhr: true`. - The old behavior was added as a workaround for a bug in an early - version of Safari, where the HTTP headers are not returned correctly - if the response body has a 0-length. This is been fixed since and - the workaround is no longer necessary. + Fixes #25859. - Fixes #18253. + *David Chen* - *Prathamesh Sonpatki* +* Fix `defaults` option for root route. -* Fix how polymorphic routes works with objects that implement `to_model`. + A regression from some refactoring for the 5.0 release, this change + fixes the use of `defaults` (default parameters) in the `root` routing method. - *Travis Grathwell* + *Chris Arcand* -* Stop converting empty arrays in `params` to `nil`. +* Check `request.path_parameters` encoding at the point they're set. - This behavior was introduced in response to CVE-2012-2660, CVE-2012-2694 - and CVE-2013-0155 + Check for any non-UTF8 characters in path parameters at the point they're + set in `env`. Previously they were checked for when used to get a controller + class, but this meant routes that went directly to a Rack app, or skipped + controller instantiation for some other reason, had to defend against + non-UTF8 characters themselves. - ActiveRecord now issues a safe query when passing an empty array into - a where clause, so there is no longer a need to defend against this type - of input (any nils are still stripped from the array). + *Grey Baker* - *Chris Sinjakli* +* Don't raise `ActionController::UnknownHttpMethod` from `ActionDispatch::Static`. -* Fixed usage of optional scopes in url helpers. + Pass `Rack::Request` objects to `ActionDispatch::FileHandler` to avoid it + raising `ActionController::UnknownHttpMethod`. If an unknown method is + passed, it should pass exception higher in the stack instead, once we've had a + chance to define exception handling behaviour. - *Alex Robbin* + *Grey Baker* -* Fixed handling of positional url helper arguments when `format: false`. +* Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`. - Fixes #17819. + Updated `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespace + for `ParameterTypeError` and `InvalidParameterError` errors. - *Andrew White*, *Tatiana Soukiassian* + *Grey Baker* -Please check [4-2-stable](https://github.com/rails/rails/blob/4-2-stable/actionpack/CHANGELOG.md) for previous changes. +Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/actionpack/CHANGELOG.md) for previous changes. |