aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #19135 from yuki24/access-control-supportJeremy Daer2015-10-131-0/+19
|\ | | | | | | Add basic support for access control headers to ActionDispatch::Static
| * Add the ability of returning arbitrary headers to ActionDispatch::StaticYuki Nishijima2015-06-131-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now ActionDispatch::Static can accept HTTP headers so that developers will have control of returning arbitrary headers like 'Access-Control-Allow-Origin' when a response is delivered. They can be configured through `#config.public_file_server.headers`: config.public_file_server.headers = { "Cache-Control" => "public, max-age=60", "Access-Control-Allow-Origin" => "http://rubyonrails.org" } Also deprecate `config.static_cache_control` in favor of `config.public_file_server.headers`.
* | Allow multiple `root` routes in same scope levelRafael Sales2015-10-101-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an application has multiple root entries with different constraints, the current solution is to use `get '/'`. Example: **Currently I have to do:** ```ruby get '/', to: 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) } get '/', to: 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) } root 'landing#show' ``` **But I would like to do:** ```ruby root 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) } root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) } root 'landing#show' ``` Other URL matchers such as `get`, `post`, etc, already allows this, so I think it's fair that `root` also allow it since it's just a shortcut for a `get` internally.
* | Fix mounted engine named routes regressionMatthew Erhard2015-10-071-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating the url for a mounted engine through its proxy, the path should be the sum of three parts: 1. Any `SCRIPT_NAME` request header or the value of `ActionDispatch::Routing::RouteSet#relative_url_root`. 2. A prefix (the engine's mounted path). 3. The path of the named route inside the engine. Since commit https://github.com/rails/rails/commit/44ff0313c121f528a68b3bd21d6c7a96f313e3d3, this has been broken. Step 2 has been changed to: 2. A prefix (the value of `ActionDispatch::Routing::RouteSet#relative_url_root` + the engine's mounted path). The value of `ActionDispatch::Routing::RouteSet#relative_url_root` is taken into account in step 1 of the route generation and should be ignored when generating the mounted engine's prefix in step 2. This commit fixes the regression by having `ActionDispatch::Routing::RouteSet#url_for` check `options[:relative_url_root]` before falling back to `ActionDispatch::Routing::RouteSet#relative_url_root`. The prefix generating code then sets `options[:relative_url_root]` to an empty string. This empty string is used instead of `ActionDispatch::Routing::RouteSet#relative_url_root` and avoids the duplicate `relative_url_root` value in the final result. This resolves #20920 and resolves #21459
* | Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-061-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* | stop applying default headers in ActionDispatch::ResponseAaron Patterson2015-09-231-0/+5
| | | | | | | | | | | | | | | | | | | | I'm making this change so that I can construct response objects that *don't* have the default headers applied. For example, I would like to construct a response object from the return value of a controller. If you need to construct a response object with the default headers, then please use the alternate constructor: `ActionDispatch::Response.create`
* | Fix a typo: Mime::Types should be Mime::Type [ci skip]Juanito Fatas2015-09-221-1/+1
| |
* | update changelog for mime changesAaron Patterson2015-09-211-0/+13
| |
* | Merge pull request #21502 from ↵Rafael Mendonça França2015-09-081-0/+4
|\ \ | | | | | | | | | | | | | | | bernerdschaefer/bs-polymorphic-url_for-dups-arguments `url_for` does not modify polymorphic options
| * | `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* | | Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-071-0/+27
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* | minor copy edit. [ci skip]Yves Senn2015-08-271-2/+2
| | | | | | | | Follow up to #21384.
* | Updating TestSession to access with indifferenceJeremy Friesen2015-08-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following Rails code failed (with a `KeyError` exception) under test: ```ruby class ApplicationController < ActionController::Base def user_strategy # At this point: # ```ruby # session == { # "user_strategy"=>"email", # "user_identifying_value"=>"hello@world.com" # } # ``` if session.key?(:user_strategy) session.fetch(:user_strategy) end end end ``` When I checked the session's keys (`session.keys`), I got an array of strings. If I accessed `session[:user_strategy]` I got the expected `'email'` value. However if I used `session.fetch(:user_strategy)` I got a `KeyError` exception. This appears to be a Rails 4.2.4 regression (as the code works under Rails 4.2.3). Closes #21383
* | Using strings or symbols for middleware class names is deprecated.Aaron Patterson2015-08-071-0/+9
| | | | | | | | | | | | | | | | | | | | Convert things like this: middleware.use "Foo::Bar" to this: middleware.use Foo::Bar
* | Adds missing argument handling for ActionController::TestSession toMatthew Gerrior2015-08-061-0/+9
| | | | | | | | allow testing controllers that use session#fetch with a default value.
* | Fix exception overwritten for parameters fetch methodRoque Pinel2015-07-181-0/+5
| | | | | | | | | | | | | | | | | | When executing an `ActionController::Parameters#fetch` with a block that raises a `KeyError` the raised `KeyError` will be rescued and converted to an `ActionController::ParameterMissing` exception, covering up the original exception. [Jonas Schubert Erlandsson & Roque Pinel]
* | [skip ci] Lookup can be a noun but it is not a verbJon Atack2015-07-171-1/+2
| | | | | | | | Various grammar corrections and wrap to 80 characters.
* | Update documentation on `AC::Parameters`Prem Sichanugrist2015-07-151-1/+1
| |
* | Make AC::Parameters not inherited from HashPrem Sichanugrist2015-07-151-0/+14
| | | | | | | | | | | | | | | | This is another take at #14384 as we decided to wait until `master` is targeting Rails 5.0. This commit is implementation-complete, as it guarantees that all the public methods on the hash-inherited Parameters are still working (based on test case). We can decide to follow-up later if we want to remove some methods out from Parameters.
* | Replaced `ActiveSupport::Concurrency::Latch` with concurrent-ruby.Jerry D'Antonio2015-07-131-0/+5
| | | | | | | | | | | | | | | | | | | | The concurrent-ruby gem is a toolset containing many concurrency utilities. Many of these utilities include runtime-specific optimizations when possible. Rather than clutter the Rails codebase with concurrency utilities separate from the core task, such tools can be superseded by similar tools in the more specialized gem. This commit replaces `ActiveSupport::Concurrency::Latch` with `Concurrent::CountDownLatch`, which is functionally equivalent.
* | Allow filtering params based on parent keysGuillaume Malette2015-06-221-0/+10
| | | | | | | | | | | | | | | | | | | | Add the possibility to only filter parameters based on their full path instead of relying on the immediate key. config.filter_parameters += ['credit_card.code'] { 'credit_card' => { 'code' => '[FILTERED]' }, 'source' => { 'code' => '<%= puts 5 %>' } }
* | Revert "Merge pull request #20584 from arthurnn/fix_url"Arthur Neves2015-06-171-4/+0
| | | | | | | | | | | | | | | | This reverts commit 0b3397872582f2cf1bc6960960a6393f477c55e6, reversing changes made to 56d52e3749180e6c1dcf7166adbad967470aa78b. As pointed out on the PR, this will hide development mistakes too, which is not ideal.
* | Catch InvalidURIError on bad paths on redirect.Arthur Neves2015-06-161-0/+4
| | | | | | | | | | Handle URI::InvalidURIError errors on the redirect route method, so it wont raise a 500 if a bad path is given.
* | Deprecate passing hash as first parameter into ActionController::HeadMehmet Emin İNAÇ2015-06-151-0/+4
| |
* | quick pass over changelogs. [ci skip]Yves Senn2015-06-151-4/+4
|/
* Handle param-parsing errors from Rack in ExceptionWrapperGrey Baker2015-06-121-0/+6
|
* Add CHANGELOG entries for API apps functionalitySantiago Pastorino2015-06-111-0/+6
|
* Merge pull request #19094 from phoet/have_bearer_be_valid_as_wellRafael Mendonça França2015-06-011-0/+10
|\ | | | | Have Bearer be valid as well
| * add changelog entryphoet2015-06-011-0/+10
| |
* | Remove `assigns` and `assert_template`.Guo Xiang Tan2015-05-301-0/+7
|/
* Merge pull request #20017 from eliotsykes/configurable-static-index-filenameRafael Mendonça França2015-05-281-0/+8
|\ | | | | | | config.static_index configures directory Index "index.html" filename
| * config.static_index configures directory index "index.html" filenameEliot Sykes2015-05-281-0/+8
| | | | | | | | | | | | Set `config.static_index` to serve a static directory index file not named `index`. For example, to serve `main.html` instead of `index.html` for directory requests, set `config.static_index` to `"main"`.
* | Deprecate `:nothing` option for render methodMehmet Emin İNAÇ2015-05-281-0/+4
|/ | | | `head` method works similar to `render` method with `:nothing` option
* Spelling/typo/grammatical fixes [ci skip]karanarora2015-05-231-1/+1
| | | | | | | | | | spelling fix [ci skip] example to be consistent [ci skip] grammatical fix typo fixes [ci skip]
* Pass over CHANGELOGS [ci skip]Prathamesh Sonpatki2015-05-161-1/+1
|
* [skip ci] Fix typos in actionpack changelog and security guideAnton Davydov2015-05-071-1/+1
|
* Add changelog for rake routes default fixArthur Neves2015-04-271-0/+7
| | | | [see #18392]
* pass over CHANGELOGs. [ci skip]Yves Senn2015-04-221-4/+4
|
* Override default form builder for a controllerKevin McPhillips2015-04-131-0/+8
|
* head no_content when there is no template or action performedStephen Bussey2015-04-051-0/+8
|
* Merge pull request #18939 from georgeclaghorn/variant-inquiryRafael Mendonça França2015-03-271-1/+15
|\ | | | | | | Provide friendlier access to request variants
| * Provide friendlier access to request variantsGeorge Claghorn2015-03-241-5/+19
| | | | | | | | Closes #18933.
* | Add changelog entry for #19271Arthur Neves2015-03-241-0/+7
|/
* Fix handling of empty X_FORWARDED_HOST header.adam2015-03-201-0/+8
| | | | | | Previously, an empty X_FORWARDED_HOST header would cause Actiondispatch::Http:URL.raw_host_with_port to return nil, causing Actiondispatch::Http:URL.host to raise a NoMethodError.
* Fix typo in Action Pack changelog. [ci skip]Mike Naberezny2015-03-141-1/+1
|
* Drop request class from RouteSet constructor.Aaron Patterson2015-03-041-0/+7
| | | | | If you would like to use a custom request class, please subclass and implemet the `request_class` method.
* Merge pull request #18775 from yasyf/issue_5122Rafael Mendonça França2015-03-031-0/+10
|\ | | | | | | Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`
| * Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`.Yasyf Mohamedali2015-02-241-0/+10
| | | | | | | | | | | | Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.
* | Merge pull request #15806 from tgxworld/partition_routes_during_setupAaron Patterson2015-03-021-0/+5
|\ \ | | | | | | Partition routes during setup.
| * | Partition routes during setup.Guo Xiang Tan2015-02-261-0/+5
| | | | | | | | | | | | | | | | | | | | | Partitioning of all the routes is currently being done during the first request. Since there is no need to clear the cache for `partitioned_routes` when adding a new route. We can move the partitioning of the routes during setup time.