diff options
Diffstat (limited to 'actionpack/lib/action_controller/metal')
3 files changed, 32 insertions, 19 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 113c20a758..173df79ee7 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -101,6 +101,11 @@ module ActionController #:nodoc: session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end + # The form's authenticity parameter. Override to provide your own. + def form_authenticity_param + params[request_forgery_protection_token] + end + def protect_against_forgery? allow_forgery_protection end diff --git a/actionpack/lib/action_controller/metal/responder.rb b/actionpack/lib/action_controller/metal/responder.rb index c6e847ba0f..e8e88e7479 100644 --- a/actionpack/lib/action_controller/metal/responder.rb +++ b/actionpack/lib/action_controller/metal/responder.rb @@ -14,12 +14,11 @@ module ActionController #:nodoc: # # When a request comes, for example with format :xml, three steps happen: # - # 1) respond_with searches for a template at people/index.xml; + # 1) responder searches for a template at people/index.xml; # - # 2) if the template is not available, it will create a responder, passing - # the controller and the resource and invoke :to_xml on it; + # 2) if the template is not available, it will invoke :to_xml in the given resource; # - # 3) if the responder does not respond_to :to_xml, call to_format on it. + # 3) if the responder does not respond_to :to_xml, call :to_format on it. # # === Builtin HTTP verb semantics # @@ -88,14 +87,16 @@ module ActionController #:nodoc: @resource = resources.is_a?(Array) ? resources.last : resources @resources = resources @options = options + @action = options.delete(:action) @default_response = options.delete(:default_response) end delegate :head, :render, :redirect_to, :to => :controller delegate :get?, :post?, :put?, :delete?, :to => :request - # Undefine :to_json since it's defined on Object + # Undefine :to_json and :to_yaml since it's defined on Object undef_method(:to_json) if method_defined?(:to_json) + undef_method(:to_yaml) if method_defined?(:to_yaml) # Initializes a new responder an invoke the proper format. If the format is # not defined, call to_format. @@ -111,14 +112,8 @@ module ActionController #:nodoc: # def to_html default_render - rescue ActionView::MissingTemplate - if get? - raise - elsif has_errors? - render :action => default_action - else - redirect_to resource_location - end + rescue ActionView::MissingTemplate => e + navigation_behavior(e) end # All others formats follow the procedure below. First we try to render a @@ -127,9 +122,26 @@ module ActionController #:nodoc: # def to_format default_render - rescue ActionView::MissingTemplate + rescue ActionView::MissingTemplate => e raise unless resourceful? + api_behavior(e) + end + protected + + # This is the common behavior for "navigation" requests, like :html, :iphone and so forth. + def navigation_behavior(error) + if get? + raise error + elsif has_errors? + render :action => default_action + else + redirect_to resource_location + end + end + + # This is the common behavior for "API" requests, like :xml and :json. + def api_behavior(error) if get? display resource elsif has_errors? @@ -141,8 +153,6 @@ module ActionController #:nodoc: end end - protected - # Checks whether the resource responds to the current format or not. # def resourceful? @@ -194,7 +204,7 @@ module ActionController #:nodoc: # the verb is post. # def default_action - request.post? ? :new : :edit + @action || (request.post? ? :new : :edit) end end end diff --git a/actionpack/lib/action_controller/metal/streaming.rb b/actionpack/lib/action_controller/metal/streaming.rb index 4761763a26..43c661bef4 100644 --- a/actionpack/lib/action_controller/metal/streaming.rb +++ b/actionpack/lib/action_controller/metal/streaming.rb @@ -1,5 +1,3 @@ -require 'active_support/core_ext/string/bytesize' - module ActionController #:nodoc: # Methods for sending arbitrary data and for streaming files to the browser, # instead of rendering. |