diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG.md | 2 | ||||
-rw-r--r-- | actionpack/lib/abstract_controller/caching/fragments.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/helpers.rb | 2 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 9 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/debug_view.rb | 4 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/host_authorization.rb | 4 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/routing.rb | 28 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/system_test_case.rb | 14 | ||||
-rw-r--r-- | actionpack/test/dispatch/cookies_test.rb | 11 | ||||
-rw-r--r-- | actionpack/test/dispatch/host_authorization_test.rb | 6 |
10 files changed, 35 insertions, 46 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index d9041aecb7..6348bef4cb 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -20,7 +20,7 @@ * Introduce ActionDispatch::HostAuthorization This is a new middleware that guards against DNS rebinding attacks by - white-listing the allowed hosts a request can be made to. + explicitly permitting the hosts a request can be made to. Each host is checked with the case operator (`#===`) to support `RegExp`, `Proc`, `IPAddr` and custom objects as host allowances. diff --git a/actionpack/lib/abstract_controller/caching/fragments.rb b/actionpack/lib/abstract_controller/caching/fragments.rb index 4e454adc5f..18677ddd18 100644 --- a/actionpack/lib/abstract_controller/caching/fragments.rb +++ b/actionpack/lib/abstract_controller/caching/fragments.rb @@ -28,7 +28,6 @@ module AbstractController self.fragment_cache_keys = [] if respond_to?(:helper_method) - helper_method :fragment_cache_key helper_method :combined_fragment_cache_key end end diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb index 0faaac1ce4..f1fb7ab0f7 100644 --- a/actionpack/lib/action_controller/metal/helpers.rb +++ b/actionpack/lib/action_controller/metal/helpers.rb @@ -75,7 +75,7 @@ module ActionController # Provides a proxy to access helper methods from outside the view. def helpers @helper_proxy ||= begin - proxy = ActionView::Base.new + proxy = ActionView::Base.empty proxy.config = config.inheritable_copy proxy.extend(_helpers) end diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index cb28baa229..1611a8b3dd 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -488,13 +488,8 @@ module ActionDispatch end def cookie_metadata(name, options) - if request.use_cookies_with_metadata - metadata = expiry_options(options) - metadata[:purpose] = "cookie.#{name}" - - metadata - else - {} + expiry_options(options).tap do |metadata| + metadata[:purpose] = "cookie.#{name}" if request.use_cookies_with_metadata end end diff --git a/actionpack/lib/action_dispatch/middleware/debug_view.rb b/actionpack/lib/action_dispatch/middleware/debug_view.rb index ac12dc13a1..5a7010a1c2 100644 --- a/actionpack/lib/action_dispatch/middleware/debug_view.rb +++ b/actionpack/lib/action_dispatch/middleware/debug_view.rb @@ -10,7 +10,9 @@ module ActionDispatch RESCUES_TEMPLATE_PATH = File.expand_path("templates", __dir__) def initialize(assigns) - super([RESCUES_TEMPLATE_PATH], assigns) + paths = [RESCUES_TEMPLATE_PATH] + renderer = ActionView::Renderer.new ActionView::LookupContext.new(paths) + super(renderer, assigns) end def debug_params(params) diff --git a/actionpack/lib/action_dispatch/middleware/host_authorization.rb b/actionpack/lib/action_dispatch/middleware/host_authorization.rb index 447b70112a..b7dff1df41 100644 --- a/actionpack/lib/action_dispatch/middleware/host_authorization.rb +++ b/actionpack/lib/action_dispatch/middleware/host_authorization.rb @@ -3,8 +3,8 @@ require "action_dispatch/http/request" module ActionDispatch - # This middleware guards from DNS rebinding attacks by white-listing the - # hosts a request can be sent to. + # This middleware guards from DNS rebinding attacks by explicitly permitting + # the hosts a request can be sent to. # # When a request comes to an unauthorized host, the +response_app+ # application will be executed and rendered. If no +response_app+ is given, a diff --git a/actionpack/lib/action_dispatch/routing.rb b/actionpack/lib/action_dispatch/routing.rb index 5cde677051..f832719f19 100644 --- a/actionpack/lib/action_dispatch/routing.rb +++ b/actionpack/lib/action_dispatch/routing.rb @@ -74,8 +74,8 @@ module ActionDispatch # For routes that don't fit the <tt>resources</tt> mold, you can use the HTTP helper # methods <tt>get</tt>, <tt>post</tt>, <tt>patch</tt>, <tt>put</tt> and <tt>delete</tt>. # - # get 'post/:id' => 'posts#show' - # post 'post/:id' => 'posts#create_comment' + # get 'post/:id', to: 'posts#show' + # post 'post/:id', to: 'posts#create_comment' # # Now, if you POST to <tt>/posts/:id</tt>, it will route to the <tt>create_comment</tt> action. A GET on the same # URL will route to the <tt>show</tt> action. @@ -83,7 +83,7 @@ module ActionDispatch # If your route needs to respond to more than one HTTP method (or all methods) then using the # <tt>:via</tt> option on <tt>match</tt> is preferable. # - # match 'post/:id' => 'posts#show', via: [:get, :post] + # match 'post/:id', to: 'posts#show', via: [:get, :post] # # == Named routes # @@ -94,7 +94,7 @@ module ActionDispatch # Example: # # # In config/routes.rb - # get '/login' => 'accounts#login', as: 'login' + # get '/login', to: 'accounts#login', as: 'login' # # # With render, redirect_to, tests, etc. # redirect_to login_url @@ -120,9 +120,9 @@ module ActionDispatch # # # In config/routes.rb # controller :blog do - # get 'blog/show' => :list - # get 'blog/delete' => :delete - # get 'blog/edit' => :edit + # get 'blog/show', to: :list + # get 'blog/delete', to: :delete + # get 'blog/edit', to: :edit # end # # # provides named routes for show, delete, and edit @@ -132,7 +132,7 @@ module ActionDispatch # # Routes can generate pretty URLs. For example: # - # get '/articles/:year/:month/:day' => 'articles#find_by_id', constraints: { + # get '/articles/:year/:month/:day', to: 'articles#find_by_id', constraints: { # year: /\d{4}/, # month: /\d{1,2}/, # day: /\d{1,2}/ @@ -147,7 +147,7 @@ module ActionDispatch # You can specify a regular expression to define a format for a parameter. # # controller 'geocode' do - # get 'geocode/:postalcode' => :show, constraints: { + # get 'geocode/:postalcode', to: :show, constraints: { # postalcode: /\d{5}(-\d{4})?/ # } # end @@ -156,13 +156,13 @@ module ActionDispatch # expression modifiers: # # controller 'geocode' do - # get 'geocode/:postalcode' => :show, constraints: { + # get 'geocode/:postalcode', to: :show, constraints: { # postalcode: /hx\d\d\s\d[a-z]{2}/i # } # end # # controller 'geocode' do - # get 'geocode/:postalcode' => :show, constraints: { + # get 'geocode/:postalcode', to: :show, constraints: { # postalcode: /# Postalcode format # \d{5} #Prefix # (-\d{4})? #Suffix @@ -178,13 +178,13 @@ module ActionDispatch # # You can redirect any path to another path using the redirect helper in your router: # - # get "/stories" => redirect("/posts") + # get "/stories", to: redirect("/posts") # # == Unicode character routes # # You can specify unicode character routes in your router: # - # get "こんにちは" => "welcome#index" + # get "こんにちは", to: "welcome#index" # # == Routing to Rack Applications # @@ -192,7 +192,7 @@ module ActionDispatch # index action in the PostsController, you can specify any Rack application # as the endpoint for a matcher: # - # get "/application.js" => Sprockets + # get "/application.js", to: Sprockets # # == Reloading routes # diff --git a/actionpack/lib/action_dispatch/system_test_case.rb b/actionpack/lib/action_dispatch/system_test_case.rb index 484eb46331..066daa4a12 100644 --- a/actionpack/lib/action_dispatch/system_test_case.rb +++ b/actionpack/lib/action_dispatch/system_test_case.rb @@ -93,19 +93,19 @@ module ActionDispatch # of through the +options+ hash. # # As an example, if you want to add mobile emulation on chrome, you'll have to - # create an instance of selenium's `Chrome::Options` object and add + # create an instance of selenium's +Chrome::Options+ object and add # capabilities with a block. # - # The block will be passed an instance of `<Driver>::Options` where you can + # The block will be passed an instance of <tt><Driver>::Options</tt> where you can # define the capabilities you want. Please refer to your driver documentation # to learn about supported options. # - # class ApplicationSystemTestCase < ActionDispatch::SystemTestCase - # driven_by :chrome, screen_size: [1024, 768] do |driver_option| - # driver_option.add_emulation(device: 'iPhone 6') - # driver_option.add_extension('path/to/chrome_extension.crx') + # class ApplicationSystemTestCase < ActionDispatch::SystemTestCase + # driven_by :selenium, using: :chrome, screen_size: [1024, 768] do |driver_option| + # driver_option.add_emulation(device_name: 'iPhone 6') + # driver_option.add_extension('path/to/chrome_extension.crx') + # end # end - # end # # Because <tt>ActionDispatch::SystemTestCase</tt> is a shim between Capybara # and Rails, any driver that is supported by Capybara is supported by system diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index 8f9dbaf4b3..4aaac1320e 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -1193,11 +1193,7 @@ class CookiesTest < ActionController::TestCase get :encrypted_discount_and_user_id_cookie travel 2.hours - assert_equal 50, cookies.encrypted[:user_id] - - cookies[:discount_percentage] = cookies[:user_id] - assert_not_equal 10, cookies.encrypted[:discount_percentage] - assert_equal 50, cookies.encrypted[:discount_percentage] + assert_nil cookies.signed[:user_id] end def test_switch_off_metadata_for_signed_cookies_if_config_is_false @@ -1206,11 +1202,8 @@ class CookiesTest < ActionController::TestCase get :signed_discount_and_user_id_cookie travel 2.hours - assert_equal 50, cookies.signed[:user_id] - cookies[:discount_percentage] = cookies[:user_id] - assert_not_equal 10, cookies.signed[:discount_percentage] - assert_equal 50, cookies.signed[:discount_percentage] + assert_nil cookies.signed[:user_id] end def test_read_rails_5_2_stable_encrypted_cookies_if_config_is_false diff --git a/actionpack/test/dispatch/host_authorization_test.rb b/actionpack/test/dispatch/host_authorization_test.rb index dae7b08ec1..5263dd2597 100644 --- a/actionpack/test/dispatch/host_authorization_test.rb +++ b/actionpack/test/dispatch/host_authorization_test.rb @@ -15,7 +15,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_match "Blocked host: www.example.com", response.body end - test "passes all requests to if the whitelist is empty" do + test "allows all requests if hosts is empty" do @app = ActionDispatch::HostAuthorization.new(App, nil) get "/" @@ -24,7 +24,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_equal "Success", body end - test "passes requests to allowed host" do + test "hosts can be a single element array" do @app = ActionDispatch::HostAuthorization.new(App, %w(www.example.com)) get "/" @@ -33,7 +33,7 @@ class HostAuthorizationTest < ActionDispatch::IntegrationTest assert_equal "Success", body end - test "the whitelist could be a single element" do + test "hosts can be a string" do @app = ActionDispatch::HostAuthorization.new(App, "www.example.com") get "/" |