aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
* Routes specifying 'to:' must be a string that contains a "#" or a rackAaron Patterson2014-06-031-0/+4
| | | | | application. Use of a symbol should be replaced with `action: symbol`. Use of a string without a "#" should be replaced with `controller: string`.
* Missing period from AP/CHANGELOG [ci skip]Zachary Scott2014-05-311-1/+1
|
* Deprecate all *_filter callbacks in favor of *_action callbacksRafael Mendonça França2014-05-271-0/+4
| | | | | This is the continuation of the work started at 9d62e04838f01f5589fa50b0baa480d60c815e2c
* Merge pull request #14986 from dlangevin/trailing-slash-url-generationRafael Mendonça França2014-05-241-0/+6
|\ | | | | | | | | | | | | Fixes URL generation with trailing_slash: true Conflicts: actionpack/lib/action_dispatch/http/url.rb
| * Fixes URL generation with trailing_slash: trueDan Langevin2014-05-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | URL generation with trailing_slash: true was adding a trailing slash after .:format Routes.draw do resources :bars end bars_url(trailing_slash: true, format: 'json') # => /bars.json/ This commit removes that extra trailing slash
* | Future port c8ddb61Zachary Scott2014-05-231-3/+3
| |
* | Form full URI as string to be parsed in Rack::Test.Guo Xiang Tan2014-05-211-0/+5
| | | | | | | | There are performance gains to be made by avoiding URI setter methods.
* | Merge pull request #15118 from ↵Rafael Mendonça França2014-05-151-0/+7
|\ \ | | | | | | | | | | | | | | | khelben/head_with_status_action_stack_level_too_deep fixes stack level too deep exception on action named 'status' rendering 'head :ok'
| * | fixes stack level too deep exception on action named 'status' returning ↵Christiaan Van den Poel2014-05-151-0/+7
|/ / | | | | | | 'head :ok'
* | Merge pull request #15121 from skarpesh/rfc4791-methodsRafael Mendonça França2014-05-151-0/+4
|\ \ | | | | | | | | | Add RFC 4791 MKCALENDAR method
| * | Add RFC4791 MKCALENDAR methodkasper2014-05-151-0/+4
|/ /
* | Merge pull request #14137 from dasch/better-fragment-cache-instrumentationRafael Mendonça França2014-05-141-0/+8
|\ \ | | | | | | | | | | | | | | | | | | Add controller and action name to the fragment caching instrumentation payload Conflicts: actionpack/CHANGELOG.md
| * | Add controller and action name to the instrumentation payloadDaniel Schierbeck2014-05-101-0/+8
| | |
* | | Always use the provided port for protocol relative urlsAndrew White2014-05-111-0/+6
| | | | | | | | | | | | | | | There may be situations where you need to tunnel SSL connections over port 80 so we shouldn't remove it if it has been explicitly provided.
* | | Moved 'params[request_forgery_protection_token]' into its own method and ↵Tom Kadwill2014-05-061-0/+7
| |/ |/| | | | | improved tests.
* | Improve CHANGELOG entryRafael Mendonça França2014-05-041-2/+2
| |
* | Merge pull request #11166 from xavier/callable_constraint_verificationRafael Mendonça França2014-05-041-0/+7
|\ \ | |/ |/| | | | | | | | | Callable route constraint verification Conflicts: actionpack/CHANGELOG.md
| * Verify that route constraints respond to the expected messages instead of ↵Xavier Defrang2013-06-281-0/+7
| | | | | | | | silently failing to enforce the constraint
* | Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-0/+8
|\ \ | | | | | | | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * | Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-0/+8
| | | | | | | | | | | | Fixes #12638.
* | | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | | Make URL escaping more consistentAndrew White2014-04-201-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers 2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters 3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation 4. Use `escape_segment` rather than `escape_path` in URL generation For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use `escape_path` as the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a `:controller` segment is used in the path then this uses `escape_path` as the controller may be namespaced. Fixes #14629, #14636 and #14070.
* | | Add CHANGELOG entry for #14755 [ci skip]Rafael Mendonça França2014-04-171-0/+5
| | |
* | | Return null type format when format is not knowRafael Mendonça França2014-04-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When requesting a controller with the following code with a unknown format: def my_action respond_to do |format| format.json { head :ok } format.any { render text: 'Default response' } end end we should render the default response instead of raising ActionController::UnknownFormat Fixes #14462 Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/mime/respond_with_test.rb Conflicts: actionpack/CHANGELOG.md
* | | Add CHANGELOG entry for #14619 [ci skip]Rafael Mendonça França2014-04-111-0/+4
| | |
* | | Only make deeply nested routes shallow when parent is shallowAndrew White2014-04-111-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since `:shallow` may be set at any point in the resource nesting we should only make the new and collection routes shallow when the parent is shallow. This is a bit of a hack but until the mapper is refactored to an object graph instead of a hash of merged values it's the best we can do. Fixes #14684.
* | | Append link to bad code to backtrace when exception is SyntaxErrorBoris Kuznetsov2014-03-271-0/+4
| | |
* | | Swapped parameters of assert_equal in assert_selectVishal Lal2014-03-221-0/+7
| | |
* | | Use nested_scope? not shallow? to determine whether to copy optionsAndrew White2014-03-161-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | The method `shallow?` returns false if the parent resource is a singleton so we need to check if we're not inside a nested scope before copying the :path and :as options to their shallow equivalents. Fixes #14388.
* | | Move changelog entry to the top, highlight module name [ci skip]Carlos Antonio da Silva2014-03-081-5/+6
| | |
* | | Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-0/+5
| | | | | | | | | | | | | | | Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection which is on by default.
* | | Fix controller test not resetting @_url_optionsTony Wooster2014-02-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4f2cd3e9 introduced a bug by reordering the call to `@controller.recycle!` above the call to `build_request_uri`. The impact of this was that the `@_url_options` cache ends up not being reset between building a request URI (occurring within the test controller) and the firing of the actual request. We encountered this bug because we had the following setup: class MinimumReproducibleController < ActionController::Base before_filter { @param = 'param' } def index render text: url_for(params) end def default_url_options { custom_opt: @param } end end def test_index get :index # builds url, then fires actual request end The first step in `get :index` in the test suite would populate the @_url_options cache. The subsequent call to `url_for` inside of the controller action would then utilize the uncleared cache, thus never calling the now-updated default_url_options. This commit fixes this bug calling recycle! twice, and removes a call to set response_body, which should no longer be needed since we're recycling the request object explicitly.
* | | Point master changelogs to 4-1-stable branchCarlos Antonio da Silva2014-02-251-551/+1
| | | | | | | | | | | | Remove 4-1 related entries from master [ci skip]
* | | Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* | | Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-181-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* | | Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-181-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* | | Correct prestreaming controller response status.Kevin Casey2014-02-151-0/+7
| | | | | | | | | | | | | | | | | | if the controller action has not yet streamed any data, actions should process as normal, and errors should trigger the appropriate behavior (500, or in the case of ActionController::BadRequest, a 400 Bad Request)
* | | Updated CHANGELOG, docs, guides and release notes.Godfrey Chan2014-02-111-15/+14
| | | | | | | | | | | | Also added a `cookies_serializer.rb` initializer to the app template.
* | | Added changelog entry for Flash changes [ci skip]Godfrey Chan2014-02-111-0/+4
| | |
* | | Set the :shallow_path as each scope is generatedAndrew White2014-02-091-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we set :shallow_path when shallow is called it can result in incorrect paths if the resource is inside a namespace because namespace itself sets the :shallow_path option to the namespace path. We fix this by removing the :shallow_path option from shallow as that should only be turning shallow routes on and not otherwise affecting the scope. To do this we need to treat the :shallow option to resources differently to other scope options and move it to before the nested block is called. This change also has the positive side effect of making the behavior of the :shallow option consistent with the shallow method. Fixes #12498.
* | | Require action_view to fix missing constantPhilipe Fatio2014-02-071-0/+5
| | | | | | | | | | | | | | | Previously, requiring action_view/view_paths did cause an uninitialized constant error for ENCODING_FLAG, which is defined in action_view.
* | | synchronize 4.1 release notes with CHANGELOGS. [ci skip]Yves Senn2014-02-061-1/+1
| | | | | | | | | | | | /cc @chancancode
* | | Merge pull request #13863 from joshjordan/jsj-dont-throw-out-get-paramsRafael Mendonça França2014-02-011-0/+5
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Do not discard query parameters on requests that use wrap_parameters Conflicts: actionpack/CHANGELOG.md
| * | | Do not discard query parameters on requests that use wrap_parametersJosh Jordan2014-01-301-0/+5
| | | |
* | | | tidy CHANGELOGs [ci skip]Yves Senn2014-01-301-2/+2
| | | |
* | | | Modify the session serializer implementationGuillermo Iguaran2014-01-301-7/+8
| | | | | | | | | | | | | | | | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* | | | Update CHANGELOG properly with GH #13692 [ci-skip]Guillermo Iguaran2014-01-291-14/+14
| | | |
* | | | Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-291-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* | | | Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+8
|/ / / | | | | | | | | | | | | | | | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* | | Clear filtered request attributes between requests in testsAndrew White2014-01-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | The request attributes filtered_parameters, filtered_env and filtered_path are memoized for performance reasons. However this can cause unusual behavior in tests where there are multiple calls to get, post, etc. Fixes #13803.