aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Add explanation about accepts_nested_attributes_for keys in the strong ↵Bart de Water2016-03-121-2/+3
| | | | | | | | | | | | parameters documentation [skip ci]
* | | Use the most highest priority exception handler when cause is setSean Griffin2016-03-111-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was some subtle breakage caused by #18774, when we removed `#original_exception` in favor of `#cause`. However, `#cause` is automatically set by Ruby when raising an exception from a rescue block. With this change, we will use whichever handler has the highest priority (whichever call to `rescue_from` came last). In cases where the outer has lower precidence than the cause, but the outer is what should be handled, cause will need to be explicitly unset. Fixes #23925
* | | Merge pull request #22854 from jcoyne/missing_templateSean Griffin2016-03-111-1/+1
|\ \ \ | | | | | | | | | | | | Default rendering behavior if respond_to collector doesn't have a block.
| * | | Render default template if block doesn't renderJustin Coyne2016-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a `respond_to` collector doesn't have a response, then a `:no_content` response should be rendered. This brings the default rendering behavior introduced by https://github.com/rails/rails/issues/19036 to controller methods employing `respond_to`
* | | | add return values to example [ci skip]yuuji.yaginuma2016-03-101-1/+1
| | | |
* | | | Add `ActionController::Parameters#dig`Sean Griffin2016-03-091-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | This method will only be added when used with Ruby 2.3.0 or greater. This method has the same behavior as `Hash#dig`, except it will convert hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
* | | | Pass headers through to payload for logging.Gareth du Plooy2016-03-081-0/+1
| |_|/ |/| | | | | | | | Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
* | | Remove http_cache_forever's version parameterJean Boussier2016-03-051-4/+2
| |/ |/|
* | Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-031-4/+4
| |
* | Fix typo in implicit_renderMax Woolf2016-03-021-1/+1
|/ | | When trying to make a request and the request doesn't have a suitable template, the new error messages are really helpful but there's a small (and I mean, VERY small) typo that has been bugging me for the last few days. This adds the space and restores order to the universe. :heart:
* Additional review of 6b31761.Kasper Timm Hansen2016-02-251-1/+1
| | | | | * Fixes typos in error message and release notes. * Removes unused template test file.
* Lock down new `ImplicitRender` behavior for 5.0 RCGodfrey Chan2016-02-252-18/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Conceptually revert #20276 The feature was implemented for the `responders` gem. In the end, they did not need that feature, and have found a better fix (see plataformatec/responders#131). `ImplicitRender` is the place where Rails specifies our default policies for the case where the user did not explicitly tell us what to render, essentially describing a set of heuristics. If the gem (or the user) knows exactly what they want, they could just perform the correct `render` to avoid falling through to here, as `responders` did (the user called `respond_with`). Reverting the patch allows us to avoid exploding the complexity and defining “the fallback for a fallback” policies. 2. `respond_to` and templates are considered exhaustive enumerations If the user specified a list of formats/variants in a `respond_to` block, anything that is not explicitly included should result in an `UnknownFormat` error (which is then caught upstream to mean “406 Not Acceptable” by default). This is already how it works before this commit. Same goes for templates – if the user defined a set of templates (usually in the file system), that set is now considered exhaustive, which means that “missing” templates are considered `UnknownFormat` errors (406). 3. To keep API endpoints simple, the implicit render behavior for actions with no templates defined at all (regardless of formats, locales, variants, etc) are defaulted to “204 No Content”. This is a strictly narrower version of the feature landed in #19036 and #19377. 4. To avoid confusion when interacting in the browser, these actions will raise an `UnknownFormat` error for “interactive” requests instead. (The precise definition of “interactive” requests might change – the spirit here is to give helpful messages and avoid confusions.) Closes #20666, #23062, #23077, #23564 [Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
* Show permitted flag in the output of AC::Parameters#inspectPrathamesh Sonpatki2016-02-241-1/+1
| | | | - Fixes #23822.
* Merge pull request #23682 from ShikChen/fast_strxorSantiago Pastorino2016-02-211-1/+2
|\ | | | | Improve the performance of string xor operation
| * Improve the performance of string xor operationshik2016-02-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use `each_byte` instead of `bytes` to speed up string xor operation and reduce object allocations. Inspired by commit 02c3867882d6d23b10df262a6db5f937ca69fb53. ``` ruby require 'benchmark/ips' require 'allocation_tracer' a = 32.times.map { rand(256) }.pack('C*') b = 32.times.map { rand(256) }.pack('C*') def xor_byte_strings1(s1, s2) s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*') end def xor_byte_strings2(s1, s2) s2_bytes = s2.bytes s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*') end def xor_byte_strings3(s1, s2) s2_bytes = s2.bytes s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 } s2_bytes.pack('C*') end fail if xor_byte_strings1(a, b) != xor_byte_strings2(a, b) fail if xor_byte_strings1(a, b) != xor_byte_strings3(a, b) Benchmark.ips do |x| x.report('xor_byte_strings1') { xor_byte_strings1(a, b) } x.report('xor_byte_strings2') { xor_byte_strings2(a, b) } x.report('xor_byte_strings3') { xor_byte_strings3(a, b) } x.compare! end Tracer = ObjectSpace::AllocationTracer Tracer.setup(%i{type}) p xor_byte_strings1: Tracer.trace { xor_byte_strings1(a, b) } p xor_byte_strings2: Tracer.trace { xor_byte_strings2(a, b) } p xor_byte_strings3: Tracer.trace { xor_byte_strings3(a, b) } ``` ``` Warming up -------------------------------------- xor_byte_strings1 10.668k i/100ms xor_byte_strings2 11.814k i/100ms xor_byte_strings3 13.139k i/100ms Calculating ------------------------------------- xor_byte_strings1 116.667k (± 3.1%) i/s - 586.740k xor_byte_strings2 129.932k (± 4.3%) i/s - 649.770k xor_byte_strings3 142.506k (± 4.2%) i/s - 722.645k Comparison: xor_byte_strings3: 142506.3 i/s xor_byte_strings2: 129932.4 i/s - 1.10x slower xor_byte_strings1: 116666.8 i/s - 1.22x slower {:xor_byte_strings1=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings3=>{[:T_ARRAY]=>[1, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} ```
* | Deprecate AC::Parameters#== with a HashBenjamin Quorning2016-02-191-9/+14
| |
* | Fix AC::Parameters#== with other AC::ParametersBenjamin Quorning2016-02-191-3/+4
| | | | | | | | Creating a protected getter method for `@parameters`.
* | fields_for_style needs to test for AC::ParametersAaron Patterson2016-02-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | While iterating an AC::Parameters object, the object will mutate itself and stick AC::Parameters objects where there used to be hashes: https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632 If you use `permit` after this iteration, the `fields_for_style` method wouldn't return true because the child objects are now AC::Parameters objects rather than Hashes. fixes #23701
* | Implement ActionController::Parameters#inspectBenjamin Quorning2016-02-171-1/+5
|/ | | | Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
* Remove `const_missing` which fallback to deprecated `NEVER_UNPERMITTED_PARAMS`Ryuta Kamizono2016-02-151-10/+0
| | | | `NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
* Request#fullpath should not raise an exception, so remove the rescueAaron Patterson2016-02-091-1/+1
|
* AC::Request#format always returns a value, so we do not need to tryAaron Patterson2016-02-091-1/+1
|
* speed up string xor operation and reduce object allocationsAaron Patterson2016-02-081-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` [aaron@TC rails (master)]$ cat xor.rb a = "\x14b\"\xB4P8\x05\x8D\xC74\xC3\xEC}\xFDf\x8E!h\xCF^\xBF\xA5%\xC6\xF0\xA9\xF9x\x04\xFA\xF1\x82" b = "O.\xF7\x01\xA9D\xA3\xE1D\x7FU\x85\xFC\x8Ak\e\x04\x8A\x97\x91\xD01\x02\xA4G\x1EIf:Y\x0F@" def xor_byte_strings(s1, s2) s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*') end def xor_byte_strings2(s1, s2) s2_bytes = s2.bytes s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*') end require 'benchmark/ips' require 'allocation_tracer' Benchmark.ips do |x| x.report 'xor_byte_strings' do xor_byte_strings a, b end x.report 'xor_byte_strings2' do xor_byte_strings2 a, b end end ObjectSpace::AllocationTracer.setup(%i{type}) result = ObjectSpace::AllocationTracer.trace do xor_byte_strings a, b end p :xor_byte_strings => result ObjectSpace::AllocationTracer.clear result = ObjectSpace::AllocationTracer.trace do xor_byte_strings2 a, b end p :xor_byte_strings2 => result [aaron@TC rails (master)]$ ruby -I~/git/allocation_tracer/lib xor.rb Calculating ------------------------------------- xor_byte_strings 10.087k i/100ms xor_byte_strings2 11.339k i/100ms ------------------------------------------------- xor_byte_strings 108.386k (± 5.8%) i/s - 544.698k xor_byte_strings2 122.239k (± 3.0%) i/s - 612.306k {:xor_byte_strings=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} ```
* Hand off the interlock to the new thread in AC::LiveMatthew Draper2016-02-071-23/+28
| | | | | | Most importantly, the original request thread must yield its share lock while waiting for the live thread to commit -- otherwise a request's base and live threads can deadlock against each other.
* disable controller / view thread spawning in testsAaron Patterson2016-02-051-2/+13
| | | | | | | | | | | | | | | | | | Tests can (and do) access the database from the main thread. In this case they were starting a transaction, then making a request. The request would create a new thread, which would allocate a new database connection. Since the main thread started a transaction that contains data that the new thread wants to see, the new thread would not see it due to data visibility from transactions. Spawning the new thread in production is fine because middleware should not be doing database manipulation similar to the test harness. Before 603fe20c it was possible to set the database connection id based on a thread local, but 603fe20c changes the connection lookup code to never look at the "connection id" but only at the thread object itself. Without that indirection, we can't force threads to use the same connection pool as another thread. Fixes #23483
* Fix typo in strong params hash deprecation messageMarek2016-01-271-2/+2
| | | and remove unecessary spaces in string interpolation.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-1/+6
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-221-1/+6
| | | | | | | | | | | | this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
* | Fix nodoc to internal class error document some of themVipul A M2016-01-251-1/+0
| | | | | | | | | | | | | | [ci skip] Fixes #20808 [Vipul A M & Julio Lopez]
* | Merge pull request #23167 from maclover7/fix-21032Rafael França2016-01-211-1/+5
|\ \ | | | | | | Fix `ActionController::Parameters#==` bug
| * | Fix `ActionController::Parameters#==` bugJon Moss2016-01-211-1/+5
| | | | | | | | | | | | See bug #21032.
* | | remove doc reference to ActionController::MimeResponds#respond_tosealocal2016-01-201-3/+0
| | |
* | | document simple example of ActionController::MimeResponds#respond_tosealocal2016-01-201-1/+9
|/ /
* | Link to docs instead of listing methodsschneems2016-01-191-5/+7
| |
* | Add methods to StrongParametersschneems2016-01-191-1/+1
| | | | | | It's reasonable to expose different value readers.
* | [close #23084] Deprecated StrongParametersschneems2016-01-191-0/+16
| | | | | | | | We can provide a more flexible upgrade experience by warning users they are using unsafe methods instead of forcing the safe API by deprecating before removal. This PR provides this functionality.
* | AC::Parameters#at_json: restore Rails 4.2’s valueclaudiob2016-01-121-1/+2
| | | | | | | | | | | | Fixes #23026 See discussion at #23026
* | Unneeded &block parametersAkira Matsuda2016-01-121-2/+2
| |
* | [ci skip] Fix typo Renderering --> RenderingAkshay Vishnoi2016-01-091-1/+1
| |
* | Merge pull request #22275 from mastahyeti/per-form-csrfRafael França2016-01-061-11/+54
|\ \ | | | | | | Per-form CSRF tokens
| * | add option for per-form CSRF tokensBen Toews2016-01-041-11/+54
| | |
* | | Group related methods togetherBenjamin Fleischer2016-01-031-67/+67
| | |
* | | Add ActionController:Renderers testBenjamin Fleischer2016-01-031-0/+9
|/ / | | | | | | To complement actionpack/test/controller/metal/renderers_test.rb
* | Test ActionController::Renderers::use_renderersBenjamin Fleischer2015-12-311-0/+34
| |
* | Merge pull request #22850 from prathamesh-sonpatki/fix_ac_params_unsafe_h_2Kasper Timm Hansen2015-12-311-6/+6
|\ \ | | | | | | Fix AC::Parameters#to_unsafe_h to return all unfiltered values
| * | Fix AC::Parameters#to_unsafe_h to return all unfiltered valuesPrathamesh Sonpatki2015-12-311-6/+6
| | | | | | | | | | | | | | | | | | | | | - AC::Parameters#convert_parameters_to_hashes should return filtered or unfiltered values based on whether it is called from `to_h` or `to_unsafe_h` instead of always defaulting to `to_h`. - Fixes #22841
* | | Avoid `Time.parse` for static dateRafaël Blais Masson2015-12-301-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | Benchmark.ips do |x| x.report('Time.parse') { Time.parse('2011-01-01') } x.report('Time.new') { Time.new(2011, 1, 1) } end Calculating ------------------------------------- Time.parse 6.640k i/100ms Time.new 15.082k i/100ms ------------------------------------------------- Time.parse 71.915k (± 3.1%) i/s - 365.200k Time.new 167.645k (± 3.3%) i/s - 844.592k
* / Add AC::Parameters#include?Justin Coyne2015-12-291-1/+1
|/ | | | Fixes #22818
* Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-181-1/+0
|\ | | | | Prevent ActionController::Parameters in url_for
| * Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-1/+0
| |