aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #17978 from kommen/fixed-pr-14903Rafael Mendonça França2015-01-021-0/+11
|\ | | | | | | | | | | | | Ensure append_info_to_payload is called even if an exception is raised. Conflicts: actionpack/CHANGELOG.md
| * Ensure append_info_to_payload is called even if an exception is raised.Dieter Komendera2014-12-101-0/+11
| | | | | | | | | | | | | | | | See: * https://github.com/rails/rails/pull/14903 * https://github.com/roidrage/lograge/issues/37 Some code by mxrguspxrt from #14903.
* | Correctly use the response's status code calling headRobin Dupret2014-12-311-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 20fece1 introduced the `_status_code` method to fix calls to `head :ok`. This method has been added on both ActionController::Metal and ActionDispatch::Response. As for the latter, this method is just equivalent to the `response_code` one so commit aefec3c removed it from the `Reponse` object so call to the `_status_code` method on an ActionController::Base instance would be handled by the `Metal` class (which `Base` inherits from) but the status code is not updated according to the response at this level. The fix is to actually rely on `response_code` for ActionController::Base instances but this method doesn't exist for bare Metal controllers so we need to define it.
* | Remove single space response body for head requestPrathamesh Sonpatki2014-12-301-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - The single space response was added due to a bug in safari in https://github.com/rails/rails/commit/cb0f8fda9652c4d24d04693bdb82cecd3b067e5c and https://github.com/rails/rails/commit/807df4fcf021fc4d15972aa1c17ba7398d43ab0d. - This was removed from the `render nothing: true` in https://github.com/rails/rails/pull/14883. - Removing it from response of :head also. As :head is more obvious alternative to call `render nothing: true`(http://guides.rubyonrails.org/layouts_and_rendering.html#using-head-to-build-header-only-responses), removing it from head method also. - Closes #18253.
* | Merge pull request #18251 from tjgrathwell/fix-polymorphic-routes-to-modelRafael Mendonça França2014-12-301-0/+4
| | | | | | | | Fix form_for to work with objects that implement to_model
* | cleanup CHANGELOGs. [ci skip]Yves Senn2014-12-231-2/+2
| |
* | Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-0/+11
| |
* | allow URL helpers to work with optional scopesAlex Robbin2014-12-131-0/+4
| |
* | Fix handling of positional url helper arguments when format is falseTatiana Soukiassian2014-12-131-0/+6
|/ | | | | | | There is no need to subtract one from the path_params size when there is no format parameter because it is not present in the path_params array. Fixes #17819.
* Start Rails 5 development :tada:Rafael Mendonça França2014-11-281-410/+1
| | | | | | | We will support only Ruby >= 2.1. But right now we don't accept pull requests with syntax changes to drop support to Ruby 1.9.
* Merge pull request #17186 from tgxworld/header_authentication_tokenMatthew Draper2014-11-271-0/+7
|\ | | | | | | Allow authentication header to not have to specify 'token=' key.
* | Changelog formatSean Griffin2014-11-241-2/+3
| |
* | Deprecate string options in URL helpersMelanie Gilman2014-11-241-0/+6
| | | | | | | | | | | | Fixes https://github.com/rails/rails/issues/16958 [Byron Bischoff & Melanie Gilman]
* | Deprecate the `only_path` option on `*_path` helpers.Godfrey Chan2014-10-281-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | In cases where this option is set to `true`, the option is redundant and can be safely removed; otherwise, the corresponding `*_url` helper should be used instead. Fixes #17294. See also #17363. [Dan Olson, Godfrey Chan]
* | some changelog formatting. [ci skip]Yves Senn2014-10-161-2/+2
| |
* | Improve Journey compliance to RFC 3986Nicolas Cavigneaux2014-10-141-0/+10
|/ | | | | | | | | | The scanner in Journey fails to recognize routes that use literals from the sub-delims section of RFC 3986. This commit enhance the compatibility of Journey with the RFC by adding support of authorized delimiters to the scanner. Fix #17212
* No need CHANGLOG entry for a bug in a non released versionRafael Mendonça França2014-09-251-7/+0
| | | | [ci skip]
* Remove internal options from query string of pathsGert Goet2014-09-251-0/+7
| | | | Fixes #17057
* Deprecate implicit AD::Response splatting and Array conversionJeremy Kemper2014-09-061-0/+13
|
* Don't rescue IPAddr::InvalidAddressErrorPeter Suschlik2014-08-291-0/+7
| | | | | | | | IPAddr::InvalidAddressError does not exist in Ruby 1.9.3 and fails for JRuby in 1.9 mode. As IPAddr::InvalidAddressError is a subclass of ArgumentError (via IPAddr::Error) just rescuing ArgumentError is fine.
* Merge pull request #16637 from Agis-/redirect-with-constraint-routeAaron Patterson2014-08-281-0/+7
|\ | | | | Fix the router ignoring constraints when used together with a redirect route
| * Don't ignore constraints in redirect routesAgis-2014-08-251-0/+7
| | | | | | | | | | | | | | | | https://github.com/rails/rails/commit/402c2af55053c2f29319091ad21fd6fa6b90ee89 introduced a regression that caused any constraints added to redirect routes to be ignored. Fixes #16605
* | minor changelog formatting changes.Yves Senn2014-08-271-4/+5
|/
* Refactor ActionDispatch::RemoteIpSam Aarons2014-08-211-0/+8
| | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
* Avoid duplicating routes for HEAD requests.Guo Xiang Tan2014-08-211-0/+8
| | | | | | | | Follow up to rails#15321 Instead of duplicating the routes, we will first match the HEAD request to HEAD routes. If no match is found, we will then map the HEAD request to GET routes.
* Enable gzip compression by defaultschneems2014-08-201-0/+6
| | | | | | If someone is using ActionDispatch::Static to serve assets and makes it past the `match?` then the file exists on disk and it will be served. This PR adds in logic that checks to see if the file being served is already compressed (via gzip) and on disk, if it is it will be served as long as the client can handle gzip encoding. If not, then a non gzip file will be served. This additional logic slows down an individual asset request but should speed up the consumer experience as compressed files are served and production applications should be delivered with a CDN. This PR allows a CDN to cache a gzip file by setting the `Vary` header appropriately. In net this should speed up a production application that are using Rails as an origin for a CDN. Non-asset request speed is not affected in this PR.
* Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-181-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* Deprecate TagAssertion instead of removingRafael Mendonça França2014-08-181-1/+1
|
* Merge branch 'master' into loofahRafael Mendonça França2014-08-171-0/+45
|\ | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-0/+8
| | | | | | | | | | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
| * Merge pull request #16467 from strzalek/cookies-digest-config-option2Godfrey Chan2014-08-171-0/+5
| |\ | | | | | | | | | | | | | | | | | | | | | Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
| | * Add config option for cookies digestŁukasz Strzałkowski2014-08-121-0/+5
| | | | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
| * | Move respond_with to the responders gemJosé Valim2014-08-171-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | respond_with (and consequently the class-level respond_to) are being removed from Rails. Instead of moving it to a 3rd library, the functionality will be moved to responders gem (at github.com/plataformatec/responders) which already provides some responders extensions.
| * | When your templates change, browser caches bust automatically.Jeremy Kemper2014-08-171-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New default: the template digest is automatically included in your ETags. When you call `fresh_when @post`, the digest for `posts/show.html.erb` is mixed in so future changes to the HTML will blow HTTP caches for you. This makes it easy to HTTP-cache many more of your actions. If you render a different template, you can now pass the `:template` option to include its digest instead: fresh_when @post, template: 'widgets/show' Pass `template: false` to skip the lookup. To turn this off entirely, set: config.action_controller.etag_with_template_digest = false
| * | remove deprecated `MissingHelperError` proxy.Yves Senn2014-08-141-0/+5
| | | | | | | | | | | | The error was moved outside of the `ClassMethods` module.
| * | Fix assert_template for files.Guo Xiang Tan2014-08-141-0/+4
| | | | | | | | | | | | | | | The test was not failing for `assert_template file: nil` when a file has been rendered.
* | | Prepare for partial release.Kasper Timm Hansen2014-08-171-3/+1
| | | | | | | | | | | | | | | | | | | | | - Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper. - Add upgrade notes. - Add sanitizer to new applications Gemfiles. - Remove 'rails-dom-testing' as a dependency.
* | | Merge branch 'master' into loofahRafael Mendonça França2014-08-121-0/+42
|\| | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md
| * | Revert "Merge pull request #16434 from strzalek/cookies-digest-config-option"Santiago Pastorino2014-08-081-5/+0
| | | | | | | | | | | | | | | | | | | | | This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699. IT BROKE THE BUILD!!!
| * | Add config option for cookies digestŁukasz Strzałkowski2014-08-081-0/+5
| |/ | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = \SHA256'
| * Update actionpack CHANGELOGRyan Dao2014-08-081-0/+5
| |
| * Add CHANGELOG for #14886Arthur Neves2014-07-181-0/+5
| | | | | | | | | | | | | | Also cleanup test a bit [related #14886] [related #14743]
| * Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-1/+12
| | | | | | | | | | | | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
| * Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-0/+5
| | | | | | | | | | | | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
| * Synced 4.2 release notes with the latest commits.Godfrey Chan2014-07-111-0/+2
| | | | | | | | | | Also reordered some of the items to put newer ones on top (same order as CHANGELOGs), which makes it easier to diff while we are still working on it.
| * Removed single space padding from empty response body.Godfrey Chan2014-07-101-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* | Merge pull request #11218 from kaspth/loofah-integrationRafael Mendonça França2014-07-101-0/+6
|\ \ | |/ |/| | | | | | | | | | | Loofah-integration Conflicts: actionpack/CHANGELOG.md actionview/CHANGELOG.md
| * Added deprecation notice to actionpack changelog.Timm2014-06-161-0/+6
| |
* | Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into ↵Aaron Patterson2014-07-101-0/+5
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | gcampbell-rosetta_flash * 'rosetta_flash' of https://github.com/gcampbell/rails: Address CVE-2014-4671 (JSONP Flash exploit) Conflicts: actionpack/CHANGELOG.md
| * | Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-091-0/+5
| | | | | | | | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 05:56:08 +0000