aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* Extracted redirect logic from ActionController::Force::ClassMethods.force_sslJeremy Friesen2012-05-311-7/+15
| | | | | | | | | | | | | Prior to this patch the existing .force_ssl method handles both defining the filter and handling the logic for performing the redirect. With this patch the logic for redirecting to the HTTPS protocol is separated from the filter logic that determines if a redirect should occur. By separating the two levels of behavior, an instance method for ActionController (i.e. #force_ssl_redirect) is exposed and available for more granular SSL enforcement. Cleaned up indentation.
* Fix sorting of helpers from different pathsPiotr Sarnacki2012-05-281-2/+2
| | | | | | | | | | | | | | | | When more than one directory for helpers is provided to a controller, it should preserver the order of directories. Given 2 paths: MyController.helpers_paths = ["dir1/helpers", "dir2/helpers"] helpers from dir1 should be loaded first. Before this commit, all helpers were mixed and then sorted alphabetically, which essentially would require to rename helpers to get desired order. This is a problem especially for engines, where you would like to be able to predict accurately which engine helpers will load first. (closes #6496)
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-1/+4
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Show in log correct wrapped keysDmitry Vorotilin2012-05-201-1/+2
|
* Merge pull request #2237 from jackdempsey/log_redirect_toAaron Patterson2012-05-161-0/+1
|\ | | | | log at debug level what line caused the redirect_to
| * log at debug level what line caused the redirect_toJack Dempsey2012-05-161-0/+1
| |
* | Removing ==Examples and last blank lines of docs from actionpackFrancesco Rodriguez2012-05-157-19/+0
| |
* | Move HTTP Token auth docs above the Token moduleElia Schito2012-05-111-42/+44
| |
* | If content_type is explicitly passed to the :head method use the value or ↵Kunal Shah2012-05-081-1/+2
| | | | | | | | fallback
* | remove .new from raise ActionController::UnknownFormatSteven Soroka2012-05-061-1/+1
| |
* | Raise a rescuable exception when Rails doesn't know what to do with the ↵Steven Soroka2012-05-062-2/+4
| | | | | | | | format, rather than responding with a head :not_acceptable (406)
* | Use Hash#fetch instead of has_key? checkCarlos Antonio da Silva2012-05-041-1/+1
| |
* | Merge pull request #4445 from nragaz/role_based_params_wrappingJosé Valim2012-05-041-2/+3
| | | | | | | | specify a role for identifying accessible attributes when wrapping params
* | Merge pull request #6148 from twinturbo/head-fixJosé Valim2012-05-031-1/+21
|\ \ | | | | | | Make ActionController#head pass rack-link
| * | Remove content-length as welltwinturbo2012-05-031-2/+3
| | |
| * | Make ActionController#head pass rack-linktwinturbo2012-05-031-1/+20
| | |
* | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-05-012-2/+2
|\ \ \ | |/ / |/| |
| * | Code-format references to config settingsMark Rushakoff2012-04-271-1/+1
| | |
| * | More using <tt>x</tt> instead of +x+ when the latter renders improperly.Mark Rushakoff2012-04-271-1/+1
| | |
* | | no need to dup options in send_dataSergey Nartimov2012-04-301-1/+1
| | | | | | | | | | | | options aren't modified inside send_file_headers!
* | | allow send_file/send_data to skip disposition header, closes #2973Sergey Nartimov2012-04-301-17/+11
| | |
* | | Add note about using 303 See Other for XHR requests other than GET/POSTAndrew White2012-04-301-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IE since version 6 and recently Chrome and Firefox have started following 302 redirects from XHR requests other than GET/POST using the original request method. This can lead to DELETE requests being redirected amongst other things. Although it doesn't directly affect the Rails framework since it doesn't return a 302 redirect to any non-GET/POST request a note has been added to raise awareness of the issue. Some references: Original article from @technoweenie: http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/ Hacker News discussion of the article: http://news.ycombinator.com/item?id=2903493 WebKit bug report: https://bugs.webkit.org/show_bug.cgi?id=46183 Firefox bug report and changeset: https://bugzilla.mozilla.org/show_bug.cgi?id=598304 https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d Chrome bug report: http://code.google.com/p/chromium/issues/detail?id=56373 HTTPbis bug report and changeset: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160 http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428 Roy T. Fielding's history of the issue: http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html Automated browser tests for the issue: http://www.mnot.net/javascript/xmlhttprequest/ Fixes #4144
* | | Avoid calling content type multiple timesJosé Valim2012-04-291-4/+6
| | |
* | | Merge pull request #2321 from omjokine/masterJosé Valim2012-04-291-1/+4
|\ \ \ | |/ / |/| | JSONP should use mimetype application/javascript
| * | Merge remote-tracking branch 'upstream/master'Olli Jokinen2011-12-0115-73/+83
| |\ \
| * | | Change mimetype to Mime::JS if JSONP is usedOlli Jokinen2011-07-281-1/+4
| | | |
* | | | Use <tt>Foo::Bar</tt> instead of +Foo::Bar+Mark Rushakof2012-04-272-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latter doesn't render as code in HTML output. Regex used in Rubymine to locate the latter form: (\+)(:*\w+:(?::|\w)+)(\+)
* | | | #send_file leans on Rack::Sendfile to X-Accel-Redirect the file's path, so ↵Jeremy Kemper2012-04-121-1/+21
| | | | | | | | | | | | | | | | opening the file to set the response body is wasteful. Set a FileBody wrapper instead that responds to to_path and streams the file if needed.
* | | | Remove unnecessary in HTML 5 type attribute with default valueAndrey A.I. Sitnik2012-04-051-1/+1
| | | |
* | | | Merge pull request #5716 from jurriaan/tr-gsub-cleanupSantiago Pastorino2012-04-043-3/+3
|\ \ \ \ | | | | | | | | | | Updated/changed unneeded tr/gsubs
| * | | | Updated/changed useless tr/gsubsJurriaan Pruis2012-04-033-3/+3
| | | | |
* | | | | Fix AC responder exampleAlexey Vakhov2012-04-041-1/+1
| | | | |
* | | | | Remove non-obligatory params in AC respond_to examplesAlexey Vakhov2012-04-031-2/+2
|/ / / /
* | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-04-011-1/+0
|\ \ \ \
| * | | | CSRF messages are no longer controlled by 422.html because ↵Tony Primerano2012-03-281-1/+0
| | | | | | | | | | | | | | | | | | | | InvalidAuthenticityToken is not raised
* | | | | Remove obsolete reader from AC::MethodNotAllowed exception classAlexey Vakhov2012-03-311-2/+0
| | | | |
* | | | | Remove AC::RenderError class second declarationAlexey Vakhov2012-03-311-3/+0
|/ / / /
* | | | respond_with description: changed 'response' to 'format'Mark Thomson2012-03-181-1/+1
| | | |
* | | | Revised comments for respond_withMark Thomson2012-03-181-17/+18
| | | |
* | | | Merge remote-tracking branch 'origin/master'Mark Thomson2012-03-175-6/+27
|\ \ \ \
| * | | | strip null bytes from Location header as wellBrian Lopez2012-03-151-1/+1
| | | | | | | | | | | | | | | | | | | | add tests for stripping \r\n chars since that's already happening
| * | | | Simplify helpers handling. Ensure Metal can run AC hooks.José Valim2012-03-151-0/+1
| | | | |
| * | | | Add ActionController::HTTPSantiago Pastorino2012-03-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More info http://edgeguides.rubyonrails.org/api_app.html [Carlos Antonio da Silva & Santiago Pastorino]
| * | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-03-131-1/+24
| |\ \ \ \
| * | | | | Updated description of #retrieve_collector_from_mimesMark Thomson2012-03-131-2/+6
| | | | | |
| * | | | | configure how unverified request will be handledSergey Nartimov2012-03-091-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | can be configured using `:with` option in `protect_from_forgery` method or `request_forgery_protection_method` config option possible values: - :reset_session (default) - :exception new applications are generated with: protect_from_forgery :with => :exception
* | | | | | Revised description for responds_withMark Thomson2012-03-171-19/+115
| |/ / / / |/| | | |
* | | | | Added documentation for the ActionController::MimeResponds::Collector class.Mark Thomson2012-03-131-1/+24
|/ / / /
* | | | Set the rendered_format on respond_to.José Valim2012-03-071-0/+1
| | | |
* | | | Remove unused ActionController::SessionManagementSantiago Pastorino2012-03-061-9/+0
| | | |