aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
* Add config option for cookies digestŁukasz Strzałkowski2014-08-081-0/+5
| | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = \SHA256'
* Update actionpack CHANGELOGRyan Dao2014-08-081-0/+5
|
* Add CHANGELOG for #14886Arthur Neves2014-07-181-0/+5
| | | | | | | Also cleanup test a bit [related #14886] [related #14743]
* Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-1/+12
| | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
* Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-0/+5
| | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* Synced 4.2 release notes with the latest commits.Godfrey Chan2014-07-111-0/+2
| | | | | Also reordered some of the items to put newer ones on top (same order as CHANGELOGs), which makes it easier to diff while we are still working on it.
* Removed single space padding from empty response body.Godfrey Chan2014-07-101-0/+14
| | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into ↵Aaron Patterson2014-07-101-0/+5
|\ | | | | | | | | | | | | | | | | | | gcampbell-rosetta_flash * 'rosetta_flash' of https://github.com/gcampbell/rails: Address CVE-2014-4671 (JSONP Flash exploit) Conflicts: actionpack/CHANGELOG.md
| * Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-091-0/+5
| | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | Force encoding of US-ASCII to UTF-8 in unescape_uri.Karl Entwistle2014-07-101-0/+9
|/ | | | | | | | | Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104.
* Generate shallow paths for all children of shallow resources.Seb Jacobs2014-07-061-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit shallow resources would only generate paths for non-direct children (with a nested depth greater than 1). Take the following routes file. resources :blogs do resources :posts, shallow: true do resources :comments do resources :tags end end end This would generate shallow paths for `tags` nested under `posts`, e.g `/posts/:id/tags/`, however it would not generate shallow paths for `comments` nested under `posts`, e.g `/posts/:id/comments/new`. This commit changes the behaviour of the route mapper so that it generate paths for direct children of shallow resources, for example if you take the previous routes file, this will now generate shallow paths for `comments` nested under `posts`, .e.g `posts/:id/comments/new`. This was the behaviour in Rails `4.0.4` however this was broken in @jcoglan's fix for another routes related issue[1]. This also fixes an issue[2] reported by @smdern. [1] https://github.com/rails/rails/commit/d0e5963 [2] https://github.com/rails/rails/issues/15783
* Change the JSON renderer to enforce the 'JS' Content TypeLucas Mazza2014-07-021-0/+7
| | | | | | | The controller can set the response format as 'JSON' before the renderer code be evaluated, so we must replace it when necessary. Fixes #15081
* Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-271-0/+6
|\ | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
* | Fix request's path_info when a rack app mounted at '/'.Larry Lv2014-06-141-0/+6
| | | | | | | | Fixes issue #15511.
* | Merge pull request #15692 from sromano/falseClassMatthew Draper2014-06-141-0/+6
|\ \ | | | | | | | | | ActionController::Parameters#require now accepts FalseClass values
| * | ActionController::Parameters#require now accepts FalseClass valuesSergio Romano2014-06-131-0/+6
|/ / | | | | | | Fixes #15685.
* | Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-0/+7
| |
* | Handle client disconnect during live streamingMatthew Draper2014-06-081-0/+5
| | | | | | | | .. even when the producer is blocked for a write.
* | Partially revert deprecation of *_filterRafael Mendonça França2014-06-031-4/+0
| | | | | | | | | | | | | | | | | | | | | | We are going to deprecate only on Rails 5 to make easier plugin maintainers support different Rails versions. Right now we are only discouraging their usage. This reverts commit 6c5f43bab8206747a8591435b2aa0ff7051ad3de. Conflicts: actionpack/CHANGELOG.md
* | Routes specifying 'to:' must be a string that contains a "#" or a rackAaron Patterson2014-06-031-0/+4
| | | | | | | | | | application. Use of a symbol should be replaced with `action: symbol`. Use of a string without a "#" should be replaced with `controller: string`.
* | Missing period from AP/CHANGELOG [ci skip]Zachary Scott2014-05-311-1/+1
| |
* | Deprecate all *_filter callbacks in favor of *_action callbacksRafael Mendonça França2014-05-271-0/+4
| | | | | | | | | | This is the continuation of the work started at 9d62e04838f01f5589fa50b0baa480d60c815e2c
* | Merge pull request #14986 from dlangevin/trailing-slash-url-generationRafael Mendonça França2014-05-241-0/+6
|\ \ | | | | | | | | | | | | | | | | | | Fixes URL generation with trailing_slash: true Conflicts: actionpack/lib/action_dispatch/http/url.rb
| * | Fixes URL generation with trailing_slash: trueDan Langevin2014-05-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | URL generation with trailing_slash: true was adding a trailing slash after .:format Routes.draw do resources :bars end bars_url(trailing_slash: true, format: 'json') # => /bars.json/ This commit removes that extra trailing slash
* | | Future port c8ddb61Zachary Scott2014-05-231-3/+3
| | |
* | | Form full URI as string to be parsed in Rack::Test.Guo Xiang Tan2014-05-211-0/+5
| | | | | | | | | | | | There are performance gains to be made by avoiding URI setter methods.
* | | Merge pull request #15118 from ↵Rafael Mendonça França2014-05-151-0/+7
|\ \ \ | | | | | | | | | | | | | | | | | | | | khelben/head_with_status_action_stack_level_too_deep fixes stack level too deep exception on action named 'status' rendering 'head :ok'
| * | | fixes stack level too deep exception on action named 'status' returning ↵Christiaan Van den Poel2014-05-151-0/+7
|/ / / | | | | | | | | | 'head :ok'
* | | Merge pull request #15121 from skarpesh/rfc4791-methodsRafael Mendonça França2014-05-151-0/+4
|\ \ \ | | | | | | | | | | | | Add RFC 4791 MKCALENDAR method
| * | | Add RFC4791 MKCALENDAR methodkasper2014-05-151-0/+4
|/ / /
* | | Merge pull request #14137 from dasch/better-fragment-cache-instrumentationRafael Mendonça França2014-05-141-0/+8
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add controller and action name to the fragment caching instrumentation payload Conflicts: actionpack/CHANGELOG.md
| * | | Add controller and action name to the instrumentation payloadDaniel Schierbeck2014-05-101-0/+8
| | | |
* | | | Always use the provided port for protocol relative urlsAndrew White2014-05-111-0/+6
| | | | | | | | | | | | | | | | | | | | There may be situations where you need to tunnel SSL connections over port 80 so we shouldn't remove it if it has been explicitly provided.
* | | | Moved 'params[request_forgery_protection_token]' into its own method and ↵Tom Kadwill2014-05-061-0/+7
| |/ / |/| | | | | | | | improved tests.
* | | Improve CHANGELOG entryRafael Mendonça França2014-05-041-2/+2
| | |
* | | Merge pull request #11166 from xavier/callable_constraint_verificationRafael Mendonça França2014-05-041-0/+7
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Callable route constraint verification Conflicts: actionpack/CHANGELOG.md
| * | Verify that route constraints respond to the expected messages instead of ↵Xavier Defrang2013-06-281-0/+7
| | | | | | | | | | | | silently failing to enforce the constraint
* | | Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-0/+8
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * | | Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-0/+8
| | | | | | | | | | | | | | | | Fixes #12638.
* | | | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | | | Make URL escaping more consistentAndrew White2014-04-201-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers 2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters 3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation 4. Use `escape_segment` rather than `escape_path` in URL generation For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use `escape_path` as the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a `:controller` segment is used in the path then this uses `escape_path` as the controller may be namespaced. Fixes #14629, #14636 and #14070.
* | | | Add CHANGELOG entry for #14755 [ci skip]Rafael Mendonça França2014-04-171-0/+5
| | | |
* | | | Return null type format when format is not knowRafael Mendonça França2014-04-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When requesting a controller with the following code with a unknown format: def my_action respond_to do |format| format.json { head :ok } format.any { render text: 'Default response' } end end we should render the default response instead of raising ActionController::UnknownFormat Fixes #14462 Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/mime/respond_with_test.rb Conflicts: actionpack/CHANGELOG.md
* | | | Add CHANGELOG entry for #14619 [ci skip]Rafael Mendonça França2014-04-111-0/+4
| | | |
* | | | Only make deeply nested routes shallow when parent is shallowAndrew White2014-04-111-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since `:shallow` may be set at any point in the resource nesting we should only make the new and collection routes shallow when the parent is shallow. This is a bit of a hack but until the mapper is refactored to an object graph instead of a hash of merged values it's the best we can do. Fixes #14684.
* | | | Append link to bad code to backtrace when exception is SyntaxErrorBoris Kuznetsov2014-03-271-0/+4
| | | |
* | | | Swapped parameters of assert_equal in assert_selectVishal Lal2014-03-221-0/+7
| | | |
* | | | Use nested_scope? not shallow? to determine whether to copy optionsAndrew White2014-03-161-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The method `shallow?` returns false if the parent resource is a singleton so we need to check if we're not inside a nested scope before copying the :path and :as options to their shallow equivalents. Fixes #14388.
* | | | Move changelog entry to the top, highlight module name [ci skip]Carlos Antonio da Silva2014-03-081-5/+6
| | | |
* | | | Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-0/+5
| | | | | | | | | | | | | | | | | | | | Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection which is on by default.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 03:26:50 +0000