| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
ActionDispatch's default headers are now moved into their own module that are by default included in both Base and API. This allows API-mode applications to take advantage of the default security headers, as well as providing an easy way to add more.
|
|
|
|
| |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
|
|
|
| |
This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f,
d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
|
| |
|
| |
|
|
|
| |
Include the content of the flash in the auto-generated etag
|
|
|
|
|
| |
At GitHub we need to handle parameter encodings that are not UTF-8. This
patch allows us to specify encodings per parameter per action.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
| |
Abstract Controller is the common component between Action Mailer and
Action Controller so if we need to share the caching component it need
to be there.
|
|
|
|
|
| |
- Fixes bug #23142.
- Bug was occurring only with ActionController::API, because `_process_options` wasn't being run for API requests, even though it was being run for normal app requests.
|
|
|
|
|
|
| |
Since all controller instances are required to have a request and
response object, RackDelegation is no longer needed (we always have to
delegate to the response)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Render arbitrary templates outside of controller actions
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New default: the template digest is automatically included in your ETags.
When you call `fresh_when @post`, the digest for `posts/show.html.erb`
is mixed in so future changes to the HTML will blow HTTP caches for you.
This makes it easy to HTTP-cache many more of your actions.
If you render a different template, you can now pass the `:template`
option to include its digest instead:
fresh_when @post, template: 'widgets/show'
Pass `template: false` to skip the lookup. To turn this off entirely, set:
config.action_controller.etag_with_template_digest = false
|
| |
|
| |
|
|
|
|
| |
HTML Scanner is part of ActionView and it should be loaded along with it
|
| |
|
|
|
|
| |
Move that part to AV railtie
|
|
|
|
|
| |
These constants were removed in 4b97ce5eb16cc20207516387fba98bf577e2e281,
but I forgot to remove the autoload calls :sparkles:.
|
| |
|
| |
|
|
|
|
| |
StrongParameters protection
|
| |
|
|
|
|
|
|
|
| |
Method invalid_asset_host! was delegated to controller but sprockets
compile assets in their own scope without controller. And if we set asset_host
with second parameter it should raise error through invalid_asset_host!.
But since controller is nil it cannot be reached.
|
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Routing::UrlFor was always required in UrlHelpers. This
was changed by splitting previous implementation of UrlHelper into 2
modules: ActionView::Helpers::UrlHelper and
ActionView::Routing::UrlHelper. The former one keeps only basic
implementation of url_for. The latter adds features that allow to use
routes and is only required when url_helpers or mounted_helpers are
required.
|
|
|
|
|
|
| |
This is another step in moving Action View's dependencies in Action Pack
to Action View itself. Also, HtmlScanner seems to be better suited for
views rather than controllers.
|
| |
|
|
|
|
|
|
|
| |
Since it's more about DOM classes and ids it belongs to Action View
better. What's more, it's more convenient to make it part of Action View
to follow the rule that Action Pack can depend on Action View, but not
the other way round.
|
|
|
|
|
|
| |
Since Action View should not depend on actionpack, it's best to delegate
invalid_asset_host! to controller and just rely on such simple contract
instead of raising ActionController::RoutingError directly.
|
|
|
|
|
|
|
| |
The new option allows any Ruby namespace to be registered and set
up for eager load. We are effectively exposing the structure existing
in Rails since v3.0 for all developers in order to make their applications
thread-safe and CoW friendly.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This is a private place to put those AS features that are used
by every component. Nowadays we cherry-pick individual files
wherever they are used, but that it is not worth the effort
for stuff that is going to be loaded for sure sooner or later,
like blank?, autoload, concern, etc.
|
| |
|
| |
|
|
|
|
|
|
| |
More info http://edgeguides.rubyonrails.org/api_app.html
[Carlos Antonio da Silva & Santiago Pastorino]
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Also, no need to include dependencies in AS::Concerns inside included blocks.
|
|
|
| |
This will allow us to do a rootless JSON/XML request to server.
|