aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
...
* | Remove changelog header for unreleased versionRafael Mendonça França2018-03-131-2/+0
| | | | | | | | | | | | We only add the header when releasing to avoid some conflicts. [ci skip]
* | Remove CHANGELOG entries which were backported to 5-2-stableRyuta Kamizono2018-02-281-5/+0
| |
* | Support for automatic nonce generation was backported to 5.2Guillermo Iguaran2018-02-241-28/+0
| |
* | Add support for automatic nonce generation for Rails UJSAndrew White2018-02-191-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* | Rails 6 requires Ruby 2.4.1+Jeremy Daer2018-02-171-0/+6
|/ | | | | | Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug. References #32028
* Add changelog entry for #31844bogdanvlviv2018-02-011-0/+4
|
* Start Rails 6.0 development!!!Rafael Mendonça França2018-01-301-245/+1
| | | | :tada::tada::tada:
* Add 'Referrer-Policy' header to default headers setGuillermo Iguaran2018-01-081-0/+4
|
* Added deprecations and removals notes for Action Pack [ci skip]Prathamesh Sonpatki2018-01-071-1/+1
|
* Minor cleanup of CHANGELOG of PR #30850 [ci skip]Prathamesh Sonpatki2017-12-171-3/+3
|
* Change the system tests to set Puma as default server only when the user ↵Guillermo Iguaran2017-12-091-0/+5
| | | | haven't specified manually another server.
* Add secure `X-Download-Options` and `X-Permitted-Cross-Domain-Policies` to ↵Guillermo Iguaran2017-12-091-0/+5
| | | | default headers set.
* Add headless firefox driver to System Testsbogdanvlviv2017-12-071-0/+4
|
* Add changelog entry for 9d6e28eileencodes2017-11-301-0/+12
| | | | Since this changes a default setting a changelog entry is important.
* Register most popular audio/video/font mime types supported by modern browsersGuillermo Iguaran2017-11-281-0/+4
|
* Preparing for 5.2.0.beta2 releaseRafael Mendonça França2017-11-281-0/+5
|
* Fix optimized url helpers when using relative url rootAndrew White2017-11-281-0/+7
| | | | Fixes #31220.
* Preparing for 5.2.0.beta1 releaseRafael Mendonça França2017-11-271-0/+2
|
* Fix CHANGELOG for CSP PR #31162 [ci skip]Prathamesh Sonpatki2017-11-271-10/+10
|
* Add CHANGELOG.md entry for #31162 [ci skip]Andrew White2017-11-271-0/+60
|
* Merge pull request #22435 from yui-knk/fix_engine_route_testRafael Mendonça França2017-11-061-0/+4
|\ | | | | | | Make `assert_recognizes` to traverse mounted engines
| * Make `assert_recognizes` to traverse mounted enginesyui-knk2016-04-231-0/+4
| | | | | | | | | | | | Before this commit paths of mounted engines are not traversed when `assert_recognizes` is called, causing strange test results. This commit enable to traverse mounted paths.
* | Remove deprecated `ActionController::ParamsParser::ParseError`Rafael Mendonça França2017-10-231-2/+6
| |
* | Add changelog entry about new `allow_other_host` option for `redirect_back` ↵bogdanvlviv2017-10-221-0/+7
| | | | | | | | | | | | method [ci skip] Related to #30850
* | Add headless chrome driver to System Testsyuuji.yaginuma2017-10-171-0/+4
| |
* | Implement H2 Early Hints for Railseileencodes2017-10-041-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When puma/puma#1403 is merged Puma will support the Early Hints status code for sending assets before a request has finished. While the Early Hints spec is still in draft, this PR prepares Rails to allowing this status code. If the proxy server supports Early Hints, it will send H2 pushes to the client. This PR adds a method for setting Early Hints Link headers via Rails, and also automatically sends Early Hints if supported from the `stylesheet_link_tag` and the `javascript_include_tag`. Once puma supports Early Hints the `--early-hints` argument can be passed to the server to enable this or set in the puma config with `early_hints(true)`. Note that for Early Hints to work in the browser the requirements are 1) a proxy that can handle H2, and 2) HTTPS. To start the server with Early Hints enabled pass `--early-hints` to `rails s`. This has been verified to work with h2o, Puma, and Rails with Chrome. The commit adds a new option to the rails server to enable early hints for Puma. Early Hints spec: https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04 [Eileen M. Uchitelle, Aaron Patterson]
* | Fix indentation in CHANGELOG [ci skip]Ryuta Kamizono2017-09-261-3/+3
| |
* | Add key rotation cookies middlewareMichael Coyne2017-09-241-0/+9
| | | | | | | | | | | | Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
* | Use the default Capybara registered puma server configurationThomas Walpole2017-09-181-0/+7
| |
* | :scissors:Ryuta Kamizono2017-09-071-1/+1
| | | | | | | | [ci skip]
* | This commit adds:Assain2017-09-041-0/+21
| | | | | | | | | | | | | | | | * Documentation for Duration support added to signed/encrypted cookies * Changelog entries for the duration support and expiry metadata added to cookies [ci skip]
* | Retrive screenshot in relative path of current directoryyuuji.yaginuma2017-08-271-0/+6
| | | | | | | | | | | | | | | | | | | | In Rails engine `Rails.root `returns the path of the dummy application. Therefore, there is no `tmp` directly where the test is running, so can not get the screenshot. For this reason, instead of directly specifying tmp, retrive screenshot by relative path from the current directory. Fixes #30405
* | Deprecate ActionDispatch::TestResponse response aliasesTrevor Wistaff2017-08-071-0/+8
| | | | | | | | https://github.com/rails/rails/issues/30072
* | Lint actionpack/CHANGELOG.mdJon Moss2017-08-061-3/+3
| | | | | | | | | | | | Fixes a few grammar things. [ci skip]
* | Add backticks for class names in CHANGELOG [ci skip]Ryuta Kamizono2017-07-111-3/+3
| |
* | Protect from forgery by defaultLisa Ugray2017-07-101-0/+10
| | | | | | | | | | | | | | | | Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
* | Add CHANGELOG for #29630 [ci skip]Prathamesh Sonpatki2017-07-011-0/+4
| |
* | SystemTesting::Driver can register capybara-webkit and poltergeistMario Alberto Chávez2017-06-021-0/+10
| | | | | | | | | | | | | | | | | | | | drivers. When using `driver_by` with capybara-webkit or poltergeist, SystemTesting::Driver will register the driver while passing `screen_size` and `options` parameteres. `options` could contain any option supported by the underlying driver.
* | AEAD encrypted cookies and sessionsMichael Coyne2017-05-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted.
* | Cleanup CHANGELOGs [ci skip]Ryuta Kamizono2017-05-191-10/+10
| | | | | | | | | | * Fix indentation. * Add backticks.
* | Use recyclable cache keys (#29092)David Heinemeier Hansson2017-05-181-0/+13
| |
* | Cleanup CHANGELOGs [ci skip]Ryuta Kamizono2017-04-301-0/+1
| | | | | | | | | | | | * Remove trailing spaces. * Add backticks around method and command. * Fix indentation.
* | Move CHANGELOG.md entry from Active Support to Action PackJon Moss2017-04-111-0/+12
| | | | | | | | | | | | | | Was looking through #28402, and realized the CHANGELOG.md entry is in the wrong place. Sorry we didn't catch this during code review :cry: [ci skip]
* | Start Rails 5.2 developmentMatthew Draper2017-03-221-408/+1
| |
* | Small grammar changeJon Moss2017-03-131-3/+1
| | | | | | | | | | | | Reads easier, and removes extra tick marks. [ci skip]
* | Fixes ActionController::Rendering#with_defaultsalpaca-tc2017-03-121-0/+6
| | | | | | | | `env` is undefined.
* | Fix indentation and formatting in CHANGELOGs [ci skip]Ryuta Kamizono2017-03-111-2/+2
| |
* | Add @takkanm credits in the changelog [ci skip]Rafael Mendonça França2017-03-101-1/+1
| |
* | Added `reverse_merge`/`reverse_merge!` to AC::Parameters:Edouard CHIN2017-03-091-0/+4
| | | | | | | | | | - This PR adds the `reverse_merge` and `reverse_merge!` method to `ActionController::Parameters` - Fixes #28353
* | Add CHANGELOG entry for #28250Andrew White2017-03-061-0/+10
| |
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 02:21:21 +0000