| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
".. with __dir__ we can restore order in the Universe." - by @fxn
Related to 5b8738c2df003a96f0e490c43559747618d10f5f
|
| |
|
| |
|
|
|
|
|
|
| |
* Remove trailing spaces.
* Add backticks around method and command.
* Fix indentation.
|
| |
|
| |
|
|
|
|
| |
https://bugs.ruby-lang.org/issues/13239
|
|
|
|
|
| |
Assigning local variable named `current_user` in the condition is
confusing.
|
|
|
|
|
|
|
| |
This reverts commit 296d024b4e91c4891ae0b010249193513e63b921, reversing
changes made to e341d835070c7ef9990f41e02bbf46536be0aee7.
We aren't trying to compare to current_user, we're assigning that variable.
|
| |
|
|
|
|
|
|
|
| |
This method is repeatedly used throughout the docs (in the [AC::Connection docs](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/lib/action_cable/connection/base.rb#L28), the [AC README](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/README.md#a-full-stack-example), the [AC Guides](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/guides/source/action_cable_overview.md#connection-setup)), but not actually documented itself and seemingly not supported for public use based on its current `private` status.
This actually makes the method public and documents it. The actual behavior that’s documented here is implemented [here](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/lib/action_cable/connection/base.rb#L213-L219), via [this rescuing of the UnauthorizedError](https://github.com/rails/rails/blob/3dd1de8ba4d5862b01e7f5dd3878b21fd98b443b/actioncable/lib/action_cable/connection/base.rb#L172).
The method is [already tested here](https://github.com/rails/rails/blob/25473baf409185638073fe2f016f4b9dda284e50/actioncable/test/connection/authorization_test.rb#L17-L29).
|
|
|
|
|
| |
These tests double-stub connection.pubsub, so we need to ensure the
first call's completed before we set up for the second.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Unlike Faye support, it seems a bit too documented to remove without
warning. So, here's a warning.
|
| |
|
|
|
|
|
|
| |
According to the commit comment on 54d84cbb77a7fbc6359eda4eb40cc7da29c426e1, AJ/bin/test was intentionally not added,
but AJ tests doesn't actually do anything special other than specifying ENV['AJ_ADAPTER'],
which can be easily done via command line environment variable.
|
|
|
|
|
|
|
| |
`assert_raise` does not check error message. However, in some tests,
it seems like expecting error message checking with `assert_raise`.
Instead of specifying an error message in `assert_raise`, modify to use
another assert to check the error message.
|
| |
|
| |
|
|
|
| |
Fix missing left bracket in exception message.
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
|
|
|
|
|
|
|
|
|
|
| |
ActionCable was throwing a "Existing connection must be closed before
opening" exception which was being picked up as a production issue in
our error monitoring software. Since this happens pretty often on any
device that allows the browser to sleep (mobile) this error was getting
triggered often.
This change removes the exception, but keeps logging the occurrence. We
now return `false` to let the caller now that `open` failed.
|
|
|
|
| |
Actually, private methods cannot be called with `self.`, so it's not just redundant, it's a bad habit in Ruby
|
|\
| |
| | |
Standardize Action Cable README.md
|
| |
| |
| |
| |
| |
| |
| | |
All other Rails components feature this section, Action Cable should
have it as well.
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| | |
Per https://www.timeanddate.com/counters/firstnewyear.html, it's already
2017 in a lot of places, so we should bump the Rails license years to
2017.
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
nio4r 2.0.0 primarily includes new features and bugfixes, with few breaking
changes. The primary reason for bumping the major version is dropping support
for all Ruby versions prior to 2.2.2, so as to match Rails 5.
Full release announcement here:
https://groups.google.com/forum/#!topic/socketry/ZDIUj1ufiJ8
|
| |
| |
| |
| |
| |
| | |
[ci skip]
- capitalize WebSocket
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
reactor_running? will be true just after the thread enters
EventMachine.run; reactor_thread only gets set after the internal
initialize_event_machine method has been called, the C extension is set
up, and it is entering its run loop.
|
| | |
|
| |
| |
| |
| |
| | |
Need to specify `reload` from turbolinks 5.
Ref: 7225f0bb9fd1d71a7a37b53815c90178cc7319bd
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.
Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.
In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
|
|\ \
| | |
| | |
| | | |
Optionally allow ActionCable requests from the same host as origin
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the `allow_same_origin_as_host` is set to `true`, the request
forgery protection permits `HTTP_ORIGIN` values starting with the
corresponding `proto://` prefix followed by `HTTP_HOST`. This way
it is not required to specify the list of allowed URLs.
|
|\ \ \
| | | |
| | | | |
Work around read/close race (x2)
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
IO#close and IO#read across threads don't get along so well:
After T1 enters #read and releases the GVL, T2 can call #close on the
IO, thereby both closing the fd and freeing the buffer while T1 is using
them.
|
|/ / / |
|