| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
respond_with (and consequently the class-level respond_to)
are being removed from Rails. Instead of moving it to a 3rd
library, the functionality will be moved to responders gem
(at github.com/plataformatec/responders) which already provides
some responders extensions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New default: the template digest is automatically included in your ETags.
When you call `fresh_when @post`, the digest for `posts/show.html.erb`
is mixed in so future changes to the HTML will blow HTTP caches for you.
This makes it easy to HTTP-cache many more of your actions.
If you render a different template, you can now pass the `:template`
option to include its digest instead:
fresh_when @post, template: 'widgets/show'
Pass `template: false` to skip the lookup. To turn this off entirely, set:
config.action_controller.etag_with_template_digest = false
|
|
|
|
| |
The error was moved outside of the `ClassMethods` module.
|
|
|
|
|
| |
The test was not failing for `assert_template file: nil` when a file
has been rendered.
|
|
|
|
|
|
|
| |
This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing
changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699.
IT BROKE THE BUILD!!!
|
|
|
|
|
|
| |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = \SHA256'
|
| |
|
|
|
|
|
|
|
| |
Also cleanup test a bit
[related #14886]
[related #14743]
|
|
|
|
|
|
|
|
|
|
| |
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
for the exception defined in `ExceptionWrapper`, so the path the user was
visiting when an exception occurred was not previously available to any custom
exceptions_app.
The original `PATH_INFO` is now stashed in
`env["action_dispatch.original_path"]`.
|
|
|
|
|
|
|
|
|
|
| |
Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.
Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.
|
|
|
|
|
| |
Also reordered some of the items to put newer ones on top (same order as
CHANGELOGs), which makes it easier to diff while we are still working on it.
|
|
|
|
|
|
|
|
|
|
|
|
| |
`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.
Use `render body: ' '` if the old behavior is desired.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
|/
|
|
|
|
|
|
|
| |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this commit shallow resources would only generate paths for
non-direct children (with a nested depth greater than 1).
Take the following routes file.
resources :blogs do
resources :posts, shallow: true do
resources :comments do
resources :tags
end
end
end
This would generate shallow paths for `tags` nested under `posts`,
e.g `/posts/:id/tags/`, however it would not generate shallow paths
for `comments` nested under `posts`, e.g `/posts/:id/comments/new`.
This commit changes the behaviour of the route mapper so that it
generate paths for direct children of shallow resources, for example
if you take the previous routes file, this will now generate
shallow paths for `comments` nested under `posts`, .e.g
`posts/:id/comments/new`.
This was the behaviour in Rails `4.0.4` however this was broken in
@jcoglan's fix for another routes related issue[1].
This also fixes an issue[2] reported by @smdern.
[1] https://github.com/rails/rails/commit/d0e5963
[2] https://github.com/rails/rails/issues/15783
|
|
|
|
|
|
|
| |
The controller can set the response format as 'JSON' before the renderer code be
evaluated, so we must replace it when necessary.
Fixes #15081
|
|\
| |
| |
| |
| |
| | |
Add always permitted parameters as a configurable option.
[Rafael Mendonça França + Gary S. Weaver]
|
| |
| |
| |
| | |
Fixes issue #15511.
|
|\ \
| | |
| | |
| | | |
ActionController::Parameters#require now accepts FalseClass values
|
|/ /
| |
| |
| | |
Fixes #15685.
|
| | |
|
| |
| |
| |
| | |
.. even when the producer is blocked for a write.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We are going to deprecate only on Rails 5 to make easier plugin
maintainers support different Rails versions. Right now we are only
discouraging their usage.
This reverts commit 6c5f43bab8206747a8591435b2aa0ff7051ad3de.
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| | |
application. Use of a symbol should be replaced with `action: symbol`.
Use of a string without a "#" should be replaced with `controller: string`.
|
| | |
|
| |
| |
| |
| |
| | |
This is the continuation of the work started at
9d62e04838f01f5589fa50b0baa480d60c815e2c
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes URL generation with trailing_slash: true
Conflicts:
actionpack/lib/action_dispatch/http/url.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
URL generation with trailing_slash: true was adding a trailing slash
after .:format
Routes.draw do
resources :bars
end
bars_url(trailing_slash: true, format: 'json')
# => /bars.json/
This commit removes that extra trailing slash
|
| | | |
|
| | |
| | |
| | |
| | | |
There are performance gains to be made by avoiding URI setter methods.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
khelben/head_with_status_action_stack_level_too_deep
fixes stack level too deep exception on action named 'status' rendering 'head :ok'
|
|/ / /
| | |
| | |
| | | |
'head :ok'
|
|\ \ \
| | | |
| | | |
| | | | |
Add RFC 4791 MKCALENDAR method
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add controller and action name to the fragment caching instrumentation payload
Conflicts:
actionpack/CHANGELOG.md
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
There may be situations where you need to tunnel SSL connections over
port 80 so we shouldn't remove it if it has been explicitly provided.
|
| |/ /
|/| |
| | |
| | | |
improved tests.
|
| | | |
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Callable route constraint verification
Conflicts:
actionpack/CHANGELOG.md
|
| | |
| | |
| | |
| | | |
silently failing to enforce the constraint
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make remote_ip detection properly handle private IPv6 addresses
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
| | | |
| | | |
| | | | |
Fixes #12638.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1. Escape '%' characters in URLs - only unescaped data
should be passed to URL helpers
2. Add an `escape_segment` helper to `Router::Utils`
that escapes '/' characters
3. Use `escape_segment` rather than `escape_fragment`
in optimized URL generation
4. Use `escape_segment` rather than `escape_path`
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard
segments (e.g. *foo) then we use `escape_path` as the value may contain '/'
characters. This means that wildcard routes can't be optimized. Secondly,
if a `:controller` segment is used in the path then this uses `escape_path`
as the controller may be namespaced.
Fixes #14629, #14636 and #14070.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When requesting a controller with the following code with a unknown format:
def my_action
respond_to do |format|
format.json { head :ok }
format.any { render text: 'Default response' }
end
end
we should render the default response instead of raising ActionController::UnknownFormat
Fixes #14462
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/controller/mime/respond_with_test.rb
Conflicts:
actionpack/CHANGELOG.md
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since `:shallow` may be set at any point in the resource nesting we should
only make the new and collection routes shallow when the parent is shallow.
This is a bit of a hack but until the mapper is refactored to an object graph
instead of a hash of merged values it's the best we can do.
Fixes #14684.
|