diff options
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 176 |
1 files changed, 25 insertions, 151 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index c38b31903b..3f29d810d5 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,168 +1,42 @@ -* Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'. +* Correctly rely on the response's status code to handle calls to `head`. - Fixes #15511. + *Robin Dupret* - *Larry Lv* +* Using `head` method returns empty response_body instead + of returning a single space " ". -* ActionController::Parameters#require now accepts `false` values. + The old behavior was added as a workaround for a bug in an early + version of Safari, where the HTTP headers are not returned correctly + if the response body has a 0-length. This is been fixed since and + the workaround is no longer necessary. - Fixes #15685. + Fixes #18253. - *Sergio Romano* + *Prathamesh Sonpatki* -* With authorization header `Authorization: Token token=`, `authenticate` now - recognize token as nil, instead of "token". +* Fix how polymorphic routes works with objects that implement `to_model`. - Fixes #14846. + *Travis Grathwell* - *Larry Lv* +* Stop converting empty arrays in `params` to `nil` -* Ensure the controller is always notified as soon as the client disconnects - during live streaming, even when the controller is blocked on a write. + This behaviour was introduced in response to CVE-2012-2660, CVE-2012-2694 + and CVE-2013-0155 - *Nicholas Jakobsen*, *Matthew Draper* + ActiveRecord now issues a safe query when passing an empty array into + a where clause, so there is no longer a need to defend against this type + of input (any nils are still stripped from the array). -* Routes specifying 'to:' must be a string that contains a "#" or a rack - application. Use of a symbol should be replaced with `action: symbol`. - Use of a string without a "#" should be replaced with `controller: string`. + *Chris Sinjakli* -* Fix URL generation with `:trailing_slash` such that it does not add - a trailing slash after `.:format` +* Fixed usage of optional scopes in url helpers. - *Dan Langevin* + *Alex Robbin* -* Build full URI as string when processing path in integration tests for - performance reasons. +* Fixed handling of positional url helper arguments when `format: false`. - *Guo Xiang Tan* + Fixes #17819. -* Fix `'Stack level too deep'` when rendering `head :ok` in an action method - called 'status' in a controller. + *Andrew White*, *Tatiana Soukiassian* - Fixes #13905. - - *Christiaan Van den Poel* - -* Add MKCALENDAR HTTP method (RFC 4791). - - *Sergey Karpesh* - -* Instrument fragment cache metrics. - - Adds `:controller`: and `:action` keys to the instrumentation payload - for the `*_fragment.action_controller` notifications. This allows tracking - e.g. the fragment cache hit rates for each controller action. - - *Daniel Schierbeck* - -* Always use the provided port if the protocol is relative. - - Fixes #15043. - - *Guilherme Cavalcanti*, *Andrew White* - -* Moved `params[request_forgery_protection_token]` into its own method - and improved tests. - - Fixes #11316. - - *Tom Kadwill* - -* Added verification of route constraints given as a Proc or an object responding - to `:matches?`. Previously, when given an non-complying object, it would just - silently fail to enforce the constraint. It will now raise an `ArgumentError` - when setting up the routes. - - *Xavier Defrang* - -* Properly treat the entire IPv6 User Local Address space as private for - purposes of remote IP detection. Also handle uppercase private IPv6 - addresses. - - Fixes #12638. - - *Caleb Spare* - -* Fixed an issue with migrating legacy json cookies. - - Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming - cookies are marshal-encoded. This is not the case when `secret_token` is - used in conjunction with the `:json` or `:hybrid` serializer. - - In those case, when upgrading to use `secret_key_base`, this would cause a - `TypeError: incompatible marshal file format` and a 500 error for the user. - - Fixes #14774. - - *Godfrey Chan* - -* Make URL escaping more consistent: - - 1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers - 2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters - 3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation - 4. Use `escape_segment` rather than `escape_path` in URL generation - - For point 4 there are two exceptions. Firstly, when a route uses wildcard segments - (e.g. `*foo`) then we use `escape_path` as the value may contain '/' characters. This - means that wildcard routes can't be optimized. Secondly, if a `:controller` segment - is used in the path then this uses `escape_path` as the controller may be namespaced. - - Fixes #14629, #14636 and #14070. - - *Andrew White*, *Edho Arief* - -* Add alias `ActionDispatch::Http::UploadedFile#to_io` to - `ActionDispatch::Http::UploadedFile#tempfile`. - - *Tim Linquist* - -* Returns null type format when format is not know and controller is using `any` - format block. - - Fixes #14462. - - *Rafael Mendonça França* - -* Improve routing error page with fuzzy matching search. - - *Winston* - -* Only make deeply nested routes shallow when parent is shallow. - - Fixes #14684. - - *Andrew White*, *James Coglan* - -* Append link to bad code to backtrace when exception is `SyntaxError`. - - *Boris Kuznetsov* - -* Swapped the parameters of assert_equal in `assert_select` so that the - proper values were printed correctly. - - Fixes #14422. - - *Vishal Lal* - -* The method `shallow?` returns false if the parent resource is a singleton so - we need to check if we're not inside a nested scope before copying the :path - and :as options to their shallow equivalents. - - Fixes #14388. - - *Andrew White* - -* Make logging of CSRF failures optional (but on by default) with the - `log_warning_on_csrf_failure` configuration setting in - `ActionController::RequestForgeryProtection`. - - *John Barton* - -* Fix URL generation in controller tests with request-dependent - `default_url_options` methods. - - *Tony Wooster* - - -Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionpack/CHANGELOG.md) for previous changes. +Please check [4-2-stable](https://github.com/rails/rails/blob/4-2-stable/actionpack/CHANGELOG.md) for previous changes. |