| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Closes #16170
|
| |
|
| |
|
|
|
|
|
| |
Without parenthesis, ruby assumes that curly braces denote the beginning
of a block.
|
|
|
|
|
| |
The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some instances, `assert_redirected_to` assertion was returning an
incorrect and misleading failure message when the assertion failed.
This was due to a disconnect in how the assertion computes the redirect
string for the failure message and how `redirect_to` computes the
string that is actually used for redirection.
I made the `_compute_redirect_to_loaction` method used by `redirect_to`
public and call that from the method `assert_redirect_to` uses to
calculate the URL.
The reveals a new test failure due to the regex used by
`_compute_redirect_to_location` allow `_` in the URL scheme.
|
|
|
|
|
| |
So, if there is redirect_to params[:q]
i can send ?q=javascript:asdf()%0A/localpath
Or something more nasty, so please use \A
|
|
|
|
|
|
|
|
| |
This reverts commit 3fa00070047b5d019d39e691598ee2890283d052.
Reason: This message is usually not accurate and annoying:
Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`
|
| |
|
|
|
|
|
|
|
|
| |
* Avoid calling class_eval when not needed
* Remove helpers_path attr accessor, it's defined as a class attribute a
few lines later
* Avoid creating extra arrays when finding helpers, use flat_map and sort!
* Remove not required refer variable when redirecting :back
|
| |
|
| |
|
|\
| |
| | |
log at debug level what line caused the redirect_to
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.
Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:
Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/
Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493
WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183
Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d
Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373
HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428
Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html
Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/
Fixes #4144
|
| | |
|
| |
| |
| |
| | |
add tests for stripping \r\n chars since that's already happening
|
| |
| |
| |
| | |
curly regexp and by mentoining the protocol relative scheme in the internal comment
|
| |
| |
| |
| | |
"//asset.host.com/resources/1235" see issue #3856
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
context it is eval'ed.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
autoloading."
Booting a new Rails application does not work after this commit [#5359 state:open]
This reverts commit 38a421b34d0b414564e919f67d339fac067a56e6.
|
|
|
|
|
|
| |
autoloading.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
warnings are in dependencies.
|
|
|
|
| |
is wired up without a router included (and still support redirect_to "omg")
|
| |
|
| |
|
| |
|
|
|
|
| |
and ActionController up to AbstractController.
|
| |
|
|
|
|
| |
works just fine standalone (which means that ConditionalGet also doesn't have a Rendering dependency)
|
|
|