| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Assigning local variable named `current_user` in the condition is
confusing.
|
|
|
|
|
|
|
| |
This reverts commit 296d024b4e91c4891ae0b010249193513e63b921, reversing
changes made to e341d835070c7ef9990f41e02bbf46536be0aee7.
We aren't trying to compare to current_user, we're assigning that variable.
|
| |
|
|\
| |
| | |
Standardize Action Cable README.md
|
| |
| |
| |
| |
| |
| |
| | |
All other Rails components feature this section, Action Cable should
have it as well.
[ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.
Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.
In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
|
|\ \
| | |
| | |
| | | |
Optionally allow ActionCable requests from the same host as origin
|
| |/
| |
| |
| |
| |
| |
| | |
When the `allow_same_origin_as_host` is set to `true`, the request
forgery protection permits `HTTP_ORIGIN` values starting with the
corresponding `proto://` prefix followed by `HTTP_HOST`. This way
it is not required to specify the list of allowed URLs.
|
|/ |
|
|\
| |
| | |
Add documentation about Action Cable npm package
|
| |
| |
| |
| |
| |
| |
| |
| | |
Sorry, forgot to include in my main PR :(
[ci skip]
[Jon Moss, Zach Schneider]
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Conflicts:
actioncable/README.md
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
- Only Action Cable README did not have this section, all of the other
READMEs have this section.
|
|/ /
| |
| |
| |
| |
| | |
- Remove "Configuration", "Running the server", "Dependencies" and "Deployment"
sections from the Action Cable README as they are already duplicated in the
Action Cable overview guide.
|
| | |
|
|/
|
| |
Added 'sh' for markdown formatting as bash.
|
|
|
|
|
| |
In #23935, cable file was to be provided by the javascript instead of coffeescript,
doc was also been modified to use javascript.
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
default worker pool size was changed from 100 to 4 at #24376
|
|\
| |
| | |
Fix typos in ActionCable Channel [ci skip]
|
| | |
|
|/
|
|
| |
Follow up to 8b69f1e
|
| |
|
|
|
|
|
| |
* Fix typos/grammar errors
* Make capitalization/naming consistent
|
| |
|
|
|
|
|
|
|
|
|
| |
This PR checks all active Action Cable documentation for typos and other
fixes. It aims to make sure that when Rails 5 is released, that the
Action Cable docs are up to snuff with the other documentation included
with Rails.
[ci skip]
|
|\
| |
| | |
ActionCable README updates
|
| |
| |
| |
| | |
[ci skip]
|
| | |
|
|/ |
|
|\
| |
| | |
remove `faye-websocket` dependency from README [ci skip]
|
| |
| |
| |
| | |
`faye-websocket` gem is no longer used from 322dca293b3716ccaa09e7e82046e539b0d2ffda.
|
|/
|
|
|
|
|
|
|
|
|
| |
Some existing examples used ActionCable.server.config but for
configuring allowed_request_origins that is overridden in development
mode. The correct place to set that is
Rails.application.config.action_cable which the ActionCable initializer
loads from. I thought the other two examples should be changed as well
just in case a default value that would override a configured value is
introduced for either log_tags or disable_request_forgery_protection in
the future.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since #23152 eliminated the EventMachine dependency, we don’t need to
explicitly mention EventMachine.
Nevertheless, I'm not 100% sure about saying "the websocket-driver loop"
driver… any suggestions, @matthewd or @pixeltrix ? :sweat_smile:
[ci skip]
|
|
|
|
| |
This changed in #22950.
|
|
|
| |
I believe the paragraph starting with "This relies" belongs with the one above it.
|
|\
| |
| | |
[ci skip] Improve Action Cable configuration explanations
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Clarify wording around how defaults work
* Clarify wording around what formatting versus information is required
* Separate consumer configuration section since it is important and wordy
* Add additional explanation of options for setting consumer configuration
* Consolidate consumer configuration information to reduce confusion
|
|/
|
|
|
| |
This reverts commit d0393fccffc118a5de37654aa222774b66123393, reversing
changes made to 3b7ccadfc1c8dfec61af898167e1300b17f5cf25.
|
| |
|
| |
|
|
|
|
|
| |
Mounting it as prescribed here:
https://github.com/rails/rails/blob/0d1d50c2db40ea1a9d3bebfb0c35da43bbd4d27f/railties/lib/rails/generators/rails/app/templates/config/routes.rb#L5
|
|
|
|
|
| |
* Add link to API documentation
* Link to issue tracker for rails/rails (instead of rails/actioncable)
* Add link to rails-core mailing list for feature requests
|
| |
|