| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Call block to #redirect_to in controller context
The documentation for ActionController::Redirecting states that a Proc
argument "will be executed in the controller's context." However,
unless #instance_eval is used (removed in 6b3ad0ca), that statement is
false for procs defined outside of the controller instance.
This commit restores the documented behavior.
Fixes #33731.
* Move test proc into a constant in another class
Per @rafaelfranca's suggestion.
[Steven Peckins + Rafael Mendonça França]
|
| |
|
|
|
| |
[ci skip]
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
```diff
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index a3159c29dd..1836a07d4e 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -50,8 +50,8 @@ module Redirecting
# redirect_to post_url(@post), status: 301, flash: { updated_post_id: @post.id }
# redirect_to({ action: 'atom' }, alert: "Something serious happened")
#
- # Statements after redirect_to in our controller get executed, so redirect_to doesn't stop the execution of the function.
- <U+2028># To terminate the execution of the function immediately after the redirect_to, use return.
+ # Statements after +redirect_to+ in our controller get executed, so +redirect_to+ doesn't stop the execution of the function.
+ # To terminate the execution of the function immediately after the +redirect_to+, use return.
# redirect_to post_url(@post) and return
def redirect_to(options = {}, response_status = {})
raise ActionControllerError.new("Cannot redirect to nil!") unless options
```
https://travis-ci.org/rails/rails/jobs/207908041#L549
|
| |
|
|
|
|
| |
Closes #28033
|
| |
|
|
|
|
| |
Follow up to 333bfd896e87862cece95deb1ef88132d5f54ba8
|
| |
|
| |
|
| |
|
|
|
|
|
| |
indetical -> identical
[skip ci]
|
|\
| |
| | |
Prevent ActionController::Parameters in url_for
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
If you're not familiar with how the `Referer` header works, you likely
won't understand why you need to provide a fallback or under what
circumstances it would be used.
Hopefully this clarifies things a bit.
|
| |
| |
| |
| |
| |
| |
| | |
Applications that use `redirect_to :back` can be forced to 500 by
clients that do not send the HTTP `Referer` (sic) header.
`redirect_back` requires the user to consider this possibility up front
and avoids this trivially-caused application error.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`redirect_to :back` is a somewhat common pattern in Rails apps, but it
is not completely safe. There are a number of circumstances where HTTP
referrer information is not available on the request. This happens often
with bot traffic and occasionally to user traffic depending on browser
security settings.
When there is no referrer available on the request, `redirect_to :back`
will raise `ActionController::RedirectBackError`, usually resulting in
an application error.
`redirect_back` takes a required `fallback_location` keyword argument
that specifies the redirect when the referrer information is not
available. This prevents 500 errors caused by
`ActionController::RedirectBackError`.
|
|
|
|
|
|
| |
Since all controller instances are required to have a request and
response object, RackDelegation is no longer needed (we always have to
delegate to the response)
|
| |
|
|
|
|
| |
Closes #16170
|
| |
|
| |
|
|
|
|
|
| |
Without parenthesis, ruby assumes that curly braces denote the beginning
of a block.
|
|
|
|
|
| |
The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some instances, `assert_redirected_to` assertion was returning an
incorrect and misleading failure message when the assertion failed.
This was due to a disconnect in how the assertion computes the redirect
string for the failure message and how `redirect_to` computes the
string that is actually used for redirection.
I made the `_compute_redirect_to_loaction` method used by `redirect_to`
public and call that from the method `assert_redirect_to` uses to
calculate the URL.
The reveals a new test failure due to the regex used by
`_compute_redirect_to_location` allow `_` in the URL scheme.
|
|
|
|
|
| |
So, if there is redirect_to params[:q]
i can send ?q=javascript:asdf()%0A/localpath
Or something more nasty, so please use \A
|
|
|
|
|
|
|
|
| |
This reverts commit 3fa00070047b5d019d39e691598ee2890283d052.
Reason: This message is usually not accurate and annoying:
Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`
|
| |
|
|
|
|
|
|
|
|
| |
* Avoid calling class_eval when not needed
* Remove helpers_path attr accessor, it's defined as a class attribute a
few lines later
* Avoid creating extra arrays when finding helpers, use flat_map and sort!
* Remove not required refer variable when redirecting :back
|
| |
|
| |
|
|\
| |
| | |
log at debug level what line caused the redirect_to
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.
Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:
Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/
Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493
WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183
Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d
Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373
HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428
Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html
Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/
Fixes #4144
|
| | |
|
| |
| |
| |
| | |
add tests for stripping \r\n chars since that's already happening
|
| |
| |
| |
| | |
curly regexp and by mentoining the protocol relative scheme in the internal comment
|
| |
| |
| |
| | |
"//asset.host.com/resources/1235" see issue #3856
|
| | |
|
| | |
|
|/ |
|
| |
|