aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/upgrading_ruby_on_rails.md
diff options
context:
space:
mode:
Diffstat (limited to 'guides/source/upgrading_ruby_on_rails.md')
-rw-r--r--guides/source/upgrading_ruby_on_rails.md44
1 files changed, 43 insertions, 1 deletions
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md
index b838874e2b..2f0f3573fb 100644
--- a/guides/source/upgrading_ruby_on_rails.md
+++ b/guides/source/upgrading_ruby_on_rails.md
@@ -27,6 +27,31 @@ Upgrading from Rails 4.0 to Rails 4.1
NOTE: This section is a work in progress.
+### CSRF protection from remote `<script>` tags
+
+Or, "whaaat my tests are failing!!!?"
+
+Cross-site request forgery (CSRF) protection now covers GET requests with
+JavaScript responses, too. That prevents a third-party site from referencing
+your JavaScript URL and attempting to run it to extract sensitive data.
+
+This means that your functional and integration tests that use
+
+```ruby
+get :index, format: :js
+```
+
+will now trigger CSRF protection. Switch to
+
+```ruby
+xhr :get, :index, format: :js
+```
+
+to explicitly test an XmlHttpRequest.
+
+If you really mean to load JavaScript from remote `<script>` tags, skip CSRF
+protection on that action.
+
### Spring
If you want to use Spring as your application preloader you need to:
@@ -68,7 +93,7 @@ secrets, you need to:
### Changes in JSON handling
-The are a few major changes related to JSON handling in Rails 4.1.
+There are a few major changes related to JSON handling in Rails 4.1.
#### MultiJSON removal
@@ -200,6 +225,23 @@ Note that this option was added as a security measure, to ensure user input coul
not be used as locale information unless previously known, so it's recommended not
to disable this option unless you have a strong reason for doing so.
+### Mutator methods called on Relation
+
+`Relation` no longer has mutator methods like `#map!` and `#delete_if`. Convert
+to an `Array` by calling `#to_a` before using these methods.
+
+It intends to prevent odd bugs and confusion in code that call mutator
+methods directly on the `Relation`.
+
+```ruby
+# Instead of this
+Author.where(name: 'Hank Moody').compact!
+
+# Now you have to do this
+authors = Author.where(name: 'Hank Moody').to_a
+authors.compact!
+```
+
Upgrading from Rails 3.2 to Rails 4.0
-------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-30 01:55:49 +0000