aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* Remove usage of strip_heredoc in the framework in favor of <<~Rafael Mendonça França2018-02-161-2/+1
| | | | | Some places we can't remove because Ruby still don't have a method equivalent to strip_heredoc to be called in an already existent string.
* Fix typos, update documentationJames Lovejoy2018-01-111-2/+2
| | | | [ci skip]
* Add missing require for `strip_heredoc`Peter Wagenet2018-01-041-0/+1
|
* Added reference to default value of `allow_other_host` [ci skip]Prathamesh Sonpatki2017-12-171-1/+1
|
* [ci skip] update linkDixit Patel2017-12-151-1/+1
|
* Merge pull request #30780 from ↵Sean Griffin2017-12-071-0/+10
|\ | | | | | | | | JackMc/fix-chrome-referrer-invalidauthenticitytoken Fix issue #30658 by checking explicitly for 'null' referrer
| * Add a better error message when a "null" Origin header occursJack McCracken2017-11-031-0/+10
| |
* | Yield array from AC::Parameters#each for block with one argDominic Cleal2017-12-061-1/+1
| | | | | | | | Matches Hash#each behaviour as used in Rails 4.
* | Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-271-0/+26
| | | | | | | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* | Merge pull request #24510 from ↵Rafael Mendonça França2017-11-252-9/+6
|\ \ | | | | | | | | | | | | | | | vipulnsward/make-variable_size_secure_compare-public Make variable_size_secure_compare public
| * | Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,Vipul A M2017-06-072-9/+6
| | | | | | | | | | | | | | | | | | | | | to make it not leak length information even for variable length string. Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, and started raising `ArgumentError` in case of length mismatch of passed strings.
* | | Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-222-5/+5
| | | | | | | | | [ci skip]
* | | Bump RuboCop to 0.51.0Koichi ITO2017-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Summary RuboCop 0.51.0 was released. https://github.com/bbatsov/rubocop/releases/tag/v0.51.0 And rubocop-0-51 channel is available in Code Climate. https://github.com/codeclimate/codeclimate-rubocop/issues/109 This PR will bump RuboCop to 0.51.0 and fixes the following new offenses. ```console % bundle exec rubocop Inspecting 2358 files (snip) Offenses: actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. [key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')] ^^^^ activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. assert_raise(LoadError) { require 'no_this_file_don\'t_exist' } ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2358 files inspected, 2 offenses detected ```
* | | Show `RequestForgeryProtection` methods in api doc [ci skip]yuuji.yaginuma2017-11-051-0/+1
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Several methods of `RequestForgeryProtection` are not showed in the api doc even though `:doc:` is specified. (e.g. `form_authenticity_param`) http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html These methods are listed in the doc of v4.1. http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html This is due to the influence of `:nodoc:` added in #18102, methods after `CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc. Therefore, in order to show the method like originally, added `startdoc` after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
* | checking for nested attributes when attribute names specified to wrap them ↵Kelton Manzanares2017-10-251-6/+7
| | | | | | | | as well
* | Fixed functionality to include method in params_wrapper.rbRyan Perez2017-10-251-0/+7
| | | | | | | | to properly wrap all attributes, including those which are nested.
* | [Action Pack] require => require_relativeAkira Matsuda2017-10-212-2/+2
| | | | | | | | | | This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f, d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
* | Keep `:api: plugin` methods in the doc [ci skip]Ryuta Kamizono2017-10-201-2/+2
| | | | | | | | | | | | | | `:api:` tag was removed in 5349f231 since RDoc doesn't support `:api:` tag. But those methods are not private API, they are public API for renderers. The renderers should be able to know that they can override this method.
* | Remove unused `UnknownController` classyuuji.yaginuma2017-10-181-3/+0
| | | | | | | | `UnknownController` was added in b1999be, but it is not used anywhere.
* | Remove unused `before_filters`yuuji.yaginuma2017-10-151-6/+0
| | | | | | | | | | This method added by 1008511. It is unnecessary because it is no longer called by 19c3495.
* | Fix some typos.Mike Boone2017-10-101-1/+1
| |
* | Add allow_other_host option to redirect_back methodTim Masliuchenko2017-10-101-7/+16
| |
* | Remove `:api:` tag that has leaked on the doc directly [ci skip]Ryuta Kamizono2017-09-301-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | Currently `:api:` tag has leaked on the doc directly since RDoc doesn't support `:api:` tag directive. http://api.rubyonrails.org/v5.1/classes/AbstractController/Rendering.html So `:api: private` doesn't work as expected. We are using `:nodoc:` for the purpose. Related #13989.
* | Merge pull request #30493 from ↵Ryuta Kamizono2017-09-021-1/+1
|\ \ | | | | | | | | | | | | koic/fix_cant_modify_frozen_string_error_in_ac_rendering Fix `can't modify frozen String` error in AC::Rendering
| * | Fix `can't modify frozen String` error in AC::RenderingKoichi ITO2017-09-021-1/+1
| | |
* | | Remove unused requireRyuta Kamizono2017-09-011-2/+0
| | | | | | | | | | | | This is no longer used since 79a5ea9eadb4d43b62afacedc0706cbe88c54496.
* | | Clarify intentions around method redefinitionsMatthew Draper2017-09-011-1/+1
|/ / | | | | | | | | | | | | | | | | Don't use remove_method or remove_possible_method just before a new definition: at best the purpose is unclear, and at worst it creates a race condition. Instead, prefer redefine_method when practical, and silence_redefinition_of_method otherwise.
* | Use tt in doc for ActionPack [ci skip]Yoshiyuki Hirano2017-08-262-4/+4
| |
* | Update links to use https link instead of http [ci skip]Yoshiyuki Hirano2017-08-223-6/+6
| |
* | Use frozen string literal in actionpack/Kir Shatrov2017-07-2926-1/+53
| |
* | Merge pull request #29919 from kirs/actionpack-frozen-friendlyRafael França2017-07-241-1/+3
|\ \ | | | | | | Make actionpack frozen string friendly
| * | Make actionpack frozen string friendlyKir Shatrov2017-07-241-1/+3
| | |
* | | Fix typo in API docsRyan Lue2017-07-201-1/+1
| | |
* | | Correct API documentation for ActionController::Parameters#deleteRyan Lue2017-07-201-4/+4
|/ /
* | Assign `content_type` only onceyui-knk2017-07-131-2/+2
| |
* | Add ActionController::Base.skip_forgery_protectionLisa Ugray2017-07-101-0/+9
| | | | | | | | | | | | Since we now default to `protect_from_forgery with: :exception`, provide a wrapper to `skip_before_action :verify_authenticity_token` for disabling forgery protection.
* | Protect from forgery by defaultLisa Ugray2017-07-101-0/+4
| | | | | | | | | | | | | | | | Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
* | Merge branch 'master' into require_relative_2017Xavier Noria2017-07-021-7/+2
|\ \
| * \ Merge pull request #29566 from eugeneius/wrap_parameters_queryKasper Timm Hansen2017-07-021-7/+2
| |\ \ | | | | | | | | Don't wrap parameters if query parameter exists
| | * | Don't wrap parameters if query parameter existsEugene Kenny2017-06-251-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to avoid overwriting a query parameter with the wrapped parameters hash. Previously this was implemented by merging the wrapped parameters at the root level if the key already existed, which was effectively a no-op. The query parameter was still overwritten in the filtered parameters hash, however. We can fix that discrepancy with a simpler implementation and less unnecessary work by skipping parameter wrapping entirely if the key was sent as a query parameter.
| * | | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-0227-27/+0
| | | | | | | | | | | | | | | | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
| * | | Merge pull request #29540 from kirs/rubocop-frozen-stringMatthew Draper2017-07-0227-0/+27
| |\ \ \ | | | | | | | | | | | | | | | Enforce frozen string in Rubocop
| | * | | Enforce frozen string in RubocopKir Shatrov2017-07-0127-0/+27
| | |/ /
* | / / [Action Controller] require => require_relativeAkira Matsuda2017-07-012-2/+2
|/ / /
* | | Fix format of `ActionController::Parameters#to_s` doc [ci skip]yuuji.yaginuma2017-07-011-0/+1
| | |
* | | Fallback Parameters#to_s to Hash#to_sKir Shatrov2017-06-301-1/+8
|/ / | | | | Fixes https://github.com/rails/rails/issues/29617
* | Don't wrap parameters if key already existsEugene Kenny2017-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We shouldn't perform parameter wrapping if it would overwrite one of the parameters sent with the request, as that would interfere with reading the parameter directly from the top level `params` hash. The current implementation has logic for this case, but it doesn't handle `nil`/`false` values, which means these parameters: { "user" => nil } are transformed into this `params` hash: { "user" => { "user" => nil } } and `params["user"]` no longer returns the original parameter value.
* | Fix typo in `AC::UnfilteredParameters` message [ci skip]yuuji.yaginuma2017-06-231-2/+2
| | | | | | | | Ref: https://github.com/rails/rails/blob/33b596709388cc48d90ab6d1de99d7bd6e85f916/actionpack/lib/action_controller/metal/strong_parameters.rb#L52..L56
* | Fix examples for `AC::Parameters#to_query` [ci skip]yuuji.yaginuma2017-06-191-1/+6
|/ | | | | | | | | | | | | | | Without `permit`, `AC::Parameters#to_query` raise `AC::UnfilteredParameters`. ```ruby params = ActionController::Parameters.new({ name: "David", nationality: "Danish" }) params.to_query # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash ```
* Use mattr_accessor default: option throughout the projectGenadi Samokovarov2017-06-031-4/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 10:01:36 +0000