Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Add controller-specific `force_ssl` method to force web browser to use HTTPS ↵ | Prem Sichanugrist | 2011-03-28 | 1 | -0/+35 | |
| | | | | | | | | protocol This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action. This featured was requested by DHH. | |||||
* | Action Pack typos. | R.T. Lechow | 2011-03-05 | 1 | -1/+1 | |
| | ||||||
* | Prepend the CSRF filter to make it much more difficult to execute ↵ | Michael Koziarski | 2011-02-23 | 1 | -1/+1 | |
| | | | | application code before it fires. | |||||
* | merges docrails | Xavier Noria | 2011-02-18 | 1 | -0/+37 | |
|\ | ||||||
| * | add some docs for ActionController::Renderers | Gabriel Horner | 2011-02-10 | 1 | -0/+37 | |
| | | ||||||
* | | Remove misleading reference to polymorphic_url. | José Valim | 2011-02-11 | 1 | -2/+0 | |
| | | ||||||
* | | Change the CSRF whitelisting to only apply to get requests | Michael Koziarski | 2011-02-08 | 1 | -10/+9 | |
| | | | | | | | | | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447 | |||||
* | | Use Mime::Type references. | José Valim | 2011-02-08 | 1 | -1/+1 | |
|/ | ||||||
* | No need to symbolize these. | José Valim | 2010-12-27 | 1 | -2/+2 | |
| | ||||||
* | #948 template_inheritance | artemave | 2010-12-26 | 1 | -2/+2 | |
| | ||||||
* | Fix respond_with example code so it makes sense | Will | 2010-12-19 | 1 | -2/+2 | |
| | ||||||
* | Correct deprecated AR usage in ActionController::MimeResponds documentation | Will | 2010-12-19 | 1 | -4/+4 | |
| | ||||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2010-11-27 | 1 | -3/+7 | |
|\ | ||||||
| * | Add explicit statement that verify_authenticity_token can be turned off for ↵ | Ryan Bigg | 2010-11-27 | 1 | -3/+7 | |
| | | | | | | | | actions. | |||||
* | | implicit self here | Santiago Pastorino | 2010-11-25 | 1 | -1/+1 | |
| | | ||||||
* | | move the setting up of the mime collector into the collector on init | Josh Kalderimis | 2010-11-25 | 1 | -3/+3 | |
| | | | | | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | If a user wants json output then try best to render json output. In such ↵ | Neeraj Singh | 2010-11-24 | 1 | -1/+1 | |
|/ | | | | | | | | cases prefer kind_of(String) over respond_to?(to_str) [#5841 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | :subdomain, :domain and :tld_length options can now be used in url_for, ↵ | Josh Kalderimis | 2010-11-23 | 1 | -1/+3 | |
| | | | | | | allowing for easy manipulation of the host during link generation. Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | Remove unused constant | Santiago Pastorino | 2010-11-22 | 1 | -2/+0 | |
| | ||||||
* | There's no need for ternary op here | Santiago Pastorino | 2010-11-22 | 1 | -1/+1 | |
| | ||||||
* | Remove unneeded metaprogramming and method generation in favor of direct ↵ | Santiago Pastorino | 2010-11-22 | 1 | -24/+10 | |
| | | | | definition | |||||
* | Fix indentation | Santiago Pastorino | 2010-11-20 | 1 | -24/+23 | |
| | ||||||
* | Add config.action_controller.include_all_helpers, by default it is set to true. | Piotr Sarnacki | 2010-11-18 | 1 | -1/+2 | |
| | | | | | | | In older rails versions there was a way to use only helpers from helper file corresponding to current controller and you could also include all helpers by saying 'helper :all' in controller. This config allows to return to older behavior by setting it to false. | |||||
* | Move @assigns from the controller to the test itself | Santiago Pastorino | 2010-11-06 | 1 | -1/+0 | |
| | ||||||
* | Fix problems trying to functional test AC::Metal controllers | Santiago Pastorino | 2010-11-06 | 1 | -9/+1 | |
| | | | | [#5393 state:committed] | |||||
* | Correctly handle the case of an API response that returns a hash by treating ↵ | Chris Eppstein | 2010-11-06 | 1 | -1/+1 | |
| | | | | a single hash argument as the resource instead of as options. | |||||
* | replace if ! with unless | Neeraj Singh | 2010-10-17 | 1 | -1/+1 | |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2010-10-14 | 1 | -1/+1 | |
|\ | ||||||
| * | Fix small typo in documentation | Krekoten' Marjan | 2010-10-12 | 1 | -1/+1 | |
| | | ||||||
* | | Return a valid empty JSON on successful PUT and DELETE requests. [#5199 ↵ | Szymon Nowak | 2010-10-12 | 1 | -0/+20 | |
|/ | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | Rendering doesn't need RackDelegation | wycats | 2010-10-10 | 1 | -1/+0 | |
| | ||||||
* | Fix a few bugs when trying to use Head standalone | wycats | 2010-10-10 | 1 | -4/+2 | |
| | ||||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2010-10-06 | 1 | -4/+0 | |
|\ | ||||||
| * | `render :text => proc { ... }` is no longer supported. | John Firebaugh | 2010-10-04 | 1 | -4/+0 | |
| | | ||||||
* | | reduce function calls on Array | Aaron Patterson | 2010-09-29 | 1 | -3/+2 | |
| | | ||||||
* | | removing more lolinject | Aaron Patterson | 2010-09-29 | 1 | -8/+7 | |
| | | ||||||
* | | removing lollerject | Aaron Patterson | 2010-09-29 | 1 | -1/+1 | |
|/ | ||||||
* | renderer calls object.to_json when rendering :json => object [#5655 ↵ | Diego Carrion | 2010-09-27 | 1 | -1/+1 | |
| | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 | |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | Do not cache the script name outcome. | José Valim | 2010-09-27 | 1 | -9/+11 | |
| | ||||||
* | Merge remote branch 'miloops/warnings' | José Valim | 2010-09-27 | 1 | -3/+3 | |
|\ | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/url_for.rb | |||||
| * | Initialize @_routes if not defined yet, avoiding more warnings. | Emilio Tagua | 2010-09-27 | 1 | -0/+1 | |
| | | ||||||
| * | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 | |
| | | ||||||
* | | Cache url_options on a per-request basis. | thedarkone | 2010-09-27 | 1 | -9/+11 | |
|/ | ||||||
* | Remove deprecated stuff in ActionController | Carlos Antonio da Silva | 2010-09-26 | 1 | -1/+1 | |
| | | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController. | |||||
* | There is no need to use instance_eval since the proc is created in the same ↵ | José Valim | 2010-09-24 | 1 | -1/+1 | |
| | | | | context it is eval'ed. | |||||
* | Make redirect_to accept blocks [#5643 state:resolved] | Nando Vieira | 2010-09-24 | 1 | -1/+5 | |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | Refactor decode_credentials to avoid inject and use map instead. | Emilio Tagua | 2010-09-22 | 1 | -6/+5 | |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | Fix header capitalization by explicitly upcasing first letter of every word, ↵ | Maxim Chernyak | 2010-09-18 | 1 | -1/+1 | |
| | | | | and avoiding capitalize. [#5636 state:resolved] | |||||
* | Small tweak the ConditionalGet documentation | Carl Lerche | 2010-09-17 | 1 | -2/+2 | |
| | | | Time#utc does not need to be called when passing the object to :last_modified since it is called internally to Rails. |