aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
* stop applying default headers in ActionDispatch::ResponseAaron Patterson2015-09-231-0/+5
| | | | | | | | | | I'm making this change so that I can construct response objects that *don't* have the default headers applied. For example, I would like to construct a response object from the return value of a controller. If you need to construct a response object with the default headers, then please use the alternate constructor: `ActionDispatch::Response.create`
* Fix a typo: Mime::Types should be Mime::Type [ci skip]Juanito Fatas2015-09-221-1/+1
|
* update changelog for mime changesAaron Patterson2015-09-211-0/+13
|
* Merge pull request #21502 from ↵Rafael Mendonça França2015-09-081-0/+4
|\ | | | | | | | | | | bernerdschaefer/bs-polymorphic-url_for-dups-arguments `url_for` does not modify polymorphic options
| * `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* | Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-071-0/+27
|/ | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* minor copy edit. [ci skip]Yves Senn2015-08-271-2/+2
| | | | Follow up to #21384.
* Updating TestSession to access with indifferenceJeremy Friesen2015-08-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following Rails code failed (with a `KeyError` exception) under test: ```ruby class ApplicationController < ActionController::Base def user_strategy # At this point: # ```ruby # session == { # "user_strategy"=>"email", # "user_identifying_value"=>"hello@world.com" # } # ``` if session.key?(:user_strategy) session.fetch(:user_strategy) end end end ``` When I checked the session's keys (`session.keys`), I got an array of strings. If I accessed `session[:user_strategy]` I got the expected `'email'` value. However if I used `session.fetch(:user_strategy)` I got a `KeyError` exception. This appears to be a Rails 4.2.4 regression (as the code works under Rails 4.2.3). Closes #21383
* Using strings or symbols for middleware class names is deprecated.Aaron Patterson2015-08-071-0/+9
| | | | | | | | | | Convert things like this: middleware.use "Foo::Bar" to this: middleware.use Foo::Bar
* Adds missing argument handling for ActionController::TestSession toMatthew Gerrior2015-08-061-0/+9
| | | | allow testing controllers that use session#fetch with a default value.
* Fix exception overwritten for parameters fetch methodRoque Pinel2015-07-181-0/+5
| | | | | | | | | When executing an `ActionController::Parameters#fetch` with a block that raises a `KeyError` the raised `KeyError` will be rescued and converted to an `ActionController::ParameterMissing` exception, covering up the original exception. [Jonas Schubert Erlandsson & Roque Pinel]
* [skip ci] Lookup can be a noun but it is not a verbJon Atack2015-07-171-1/+2
| | | | Various grammar corrections and wrap to 80 characters.
* Update documentation on `AC::Parameters`Prem Sichanugrist2015-07-151-1/+1
|
* Make AC::Parameters not inherited from HashPrem Sichanugrist2015-07-151-0/+14
| | | | | | | | This is another take at #14384 as we decided to wait until `master` is targeting Rails 5.0. This commit is implementation-complete, as it guarantees that all the public methods on the hash-inherited Parameters are still working (based on test case). We can decide to follow-up later if we want to remove some methods out from Parameters.
* Replaced `ActiveSupport::Concurrency::Latch` with concurrent-ruby.Jerry D'Antonio2015-07-131-0/+5
| | | | | | | | | | The concurrent-ruby gem is a toolset containing many concurrency utilities. Many of these utilities include runtime-specific optimizations when possible. Rather than clutter the Rails codebase with concurrency utilities separate from the core task, such tools can be superseded by similar tools in the more specialized gem. This commit replaces `ActiveSupport::Concurrency::Latch` with `Concurrent::CountDownLatch`, which is functionally equivalent.
* Allow filtering params based on parent keysGuillaume Malette2015-06-221-0/+10
| | | | | | | | | | Add the possibility to only filter parameters based on their full path instead of relying on the immediate key. config.filter_parameters += ['credit_card.code'] { 'credit_card' => { 'code' => '[FILTERED]' }, 'source' => { 'code' => '<%= puts 5 %>' } }
* Revert "Merge pull request #20584 from arthurnn/fix_url"Arthur Neves2015-06-171-4/+0
| | | | | | | | This reverts commit 0b3397872582f2cf1bc6960960a6393f477c55e6, reversing changes made to 56d52e3749180e6c1dcf7166adbad967470aa78b. As pointed out on the PR, this will hide development mistakes too, which is not ideal.
* Catch InvalidURIError on bad paths on redirect.Arthur Neves2015-06-161-0/+4
| | | | | Handle URI::InvalidURIError errors on the redirect route method, so it wont raise a 500 if a bad path is given.
* Deprecate passing hash as first parameter into ActionController::HeadMehmet Emin İNAÇ2015-06-151-0/+4
|
* quick pass over changelogs. [ci skip]Yves Senn2015-06-151-4/+4
|
* Handle param-parsing errors from Rack in ExceptionWrapperGrey Baker2015-06-121-0/+6
|
* Add CHANGELOG entries for API apps functionalitySantiago Pastorino2015-06-111-0/+6
|
* Merge pull request #19094 from phoet/have_bearer_be_valid_as_wellRafael Mendonça França2015-06-011-0/+10
|\ | | | | Have Bearer be valid as well
| * add changelog entryphoet2015-06-011-0/+10
| |
* | Remove `assigns` and `assert_template`.Guo Xiang Tan2015-05-301-0/+7
|/
* Merge pull request #20017 from eliotsykes/configurable-static-index-filenameRafael Mendonça França2015-05-281-0/+8
|\ | | | | | | config.static_index configures directory Index "index.html" filename
| * config.static_index configures directory index "index.html" filenameEliot Sykes2015-05-281-0/+8
| | | | | | | | | | | | Set `config.static_index` to serve a static directory index file not named `index`. For example, to serve `main.html` instead of `index.html` for directory requests, set `config.static_index` to `"main"`.
* | Deprecate `:nothing` option for render methodMehmet Emin İNAÇ2015-05-281-0/+4
|/ | | | `head` method works similar to `render` method with `:nothing` option
* Spelling/typo/grammatical fixes [ci skip]karanarora2015-05-231-1/+1
| | | | | | | | | | spelling fix [ci skip] example to be consistent [ci skip] grammatical fix typo fixes [ci skip]
* Pass over CHANGELOGS [ci skip]Prathamesh Sonpatki2015-05-161-1/+1
|
* [skip ci] Fix typos in actionpack changelog and security guideAnton Davydov2015-05-071-1/+1
|
* Add changelog for rake routes default fixArthur Neves2015-04-271-0/+7
| | | | [see #18392]
* pass over CHANGELOGs. [ci skip]Yves Senn2015-04-221-4/+4
|
* Override default form builder for a controllerKevin McPhillips2015-04-131-0/+8
|
* head no_content when there is no template or action performedStephen Bussey2015-04-051-0/+8
|
* Merge pull request #18939 from georgeclaghorn/variant-inquiryRafael Mendonça França2015-03-271-1/+15
|\ | | | | | | Provide friendlier access to request variants
| * Provide friendlier access to request variantsGeorge Claghorn2015-03-241-5/+19
| | | | | | | | Closes #18933.
* | Add changelog entry for #19271Arthur Neves2015-03-241-0/+7
|/
* Fix handling of empty X_FORWARDED_HOST header.adam2015-03-201-0/+8
| | | | | | Previously, an empty X_FORWARDED_HOST header would cause Actiondispatch::Http:URL.raw_host_with_port to return nil, causing Actiondispatch::Http:URL.host to raise a NoMethodError.
* Fix typo in Action Pack changelog. [ci skip]Mike Naberezny2015-03-141-1/+1
|
* Drop request class from RouteSet constructor.Aaron Patterson2015-03-041-0/+7
| | | | | If you would like to use a custom request class, please subclass and implemet the `request_class` method.
* Merge pull request #18775 from yasyf/issue_5122Rafael Mendonça França2015-03-031-0/+10
|\ | | | | | | Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`
| * Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`.Yasyf Mohamedali2015-02-241-0/+10
| | | | | | | | | | | | Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.
* | Merge pull request #15806 from tgxworld/partition_routes_during_setupAaron Patterson2015-03-021-0/+5
|\ \ | | | | | | Partition routes during setup.
| * | Partition routes during setup.Guo Xiang Tan2015-02-261-0/+5
| | | | | | | | | | | | | | | | | | | | | Partitioning of all the routes is currently being done during the first request. Since there is no need to clear the cache for `partitioned_routes` when adding a new route. We can move the partitioning of the routes during setup time.
* | | Merge pull request #18434 from brainopia/change_filter_on_rails_info_routesRichard Schneeman2015-02-261-0/+8
|\ \ \ | |/ / |/| | Change filter on /rails/info/routes to use an actual path regexp from rails
| * | Change filter on /rails/info/routes to use an actual path regexp from railsbrainopia2015-02-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | Change filter on /rails/info/routes to use an actual path regexp from rails and not approximate javascript version. Oniguruma supports much more extensive list of features than javascript regexp engine. Fixes #18402.
* | | add CHANGELOG for f6e293ec54f02f83cdb37502bea117f66f87bcae. [ci skip]Yves Senn2015-02-251-0/+7
| |/ |/|
* | Merge pull request #19060 from iainbeeston/deprecate-skip-action-callbackRafael Mendonça França2015-02-241-0/+5
|\ \ | |/ |/| Deprecate `AbstractController::Callbacks#skip_action_callback`
| * Deprecate `AbstractController::Callbacks#skip_action_callback`Iain Beeston2015-02-241-0/+5
| | | | | | | | | | | | | | | | | | | | As part of #19029, in future `skip_before_action`, `skip_after_action` and `skip_around_action` will raise an ArgumentError if the specified callback does not exist. `skip_action_callback` calls all three of these methods and will almost certainly result in an ArgumentError. If anyone wants to remove all three callbacks then they can still call the three individual methods. Therefore let's deprecate `skip_action_callback` now and remove it when #19029 is merged.