aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
...
* Add controller-specific `force_ssl` method to force web browser to use HTTPS ↵Prem Sichanugrist2011-03-281-0/+35
| | | | | | | | protocol This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action. This featured was requested by DHH.
* Action Pack typos.R.T. Lechow2011-03-051-1/+1
|
* Prepend the CSRF filter to make it much more difficult to execute ↵Michael Koziarski2011-02-231-1/+1
| | | | application code before it fires.
* merges docrailsXavier Noria2011-02-181-0/+37
|\
| * add some docs for ActionController::RenderersGabriel Horner2011-02-101-0/+37
| |
* | Remove misleading reference to polymorphic_url.José Valim2011-02-111-2/+0
| |
* | Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-10/+9
| | | | | | | | | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* | Use Mime::Type references.José Valim2011-02-081-1/+1
|/
* No need to symbolize these.José Valim2010-12-271-2/+2
|
* #948 template_inheritanceartemave2010-12-261-2/+2
|
* Fix respond_with example code so it makes senseWill2010-12-191-2/+2
|
* Correct deprecated AR usage in ActionController::MimeResponds documentationWill2010-12-191-4/+4
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2010-11-271-3/+7
|\
| * Add explicit statement that verify_authenticity_token can be turned off for ↵Ryan Bigg2010-11-271-3/+7
| | | | | | | | actions.
* | implicit self hereSantiago Pastorino2010-11-251-1/+1
| |
* | move the setting up of the mime collector into the collector on initJosh Kalderimis2010-11-251-3/+3
| | | | | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | If a user wants json output then try best to render json output. In such ↵Neeraj Singh2010-11-241-1/+1
|/ | | | | | | | cases prefer kind_of(String) over respond_to?(to_str) [#5841 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* :subdomain, :domain and :tld_length options can now be used in url_for, ↵Josh Kalderimis2010-11-231-1/+3
| | | | | | allowing for easy manipulation of the host during link generation. Signed-off-by: José Valim <jose.valim@gmail.com>
* Remove unused constantSantiago Pastorino2010-11-221-2/+0
|
* There's no need for ternary op hereSantiago Pastorino2010-11-221-1/+1
|
* Remove unneeded metaprogramming and method generation in favor of direct ↵Santiago Pastorino2010-11-221-24/+10
| | | | definition
* Fix indentationSantiago Pastorino2010-11-201-24/+23
|
* Add config.action_controller.include_all_helpers, by default it is set to true.Piotr Sarnacki2010-11-181-1/+2
| | | | | | | In older rails versions there was a way to use only helpers from helper file corresponding to current controller and you could also include all helpers by saying 'helper :all' in controller. This config allows to return to older behavior by setting it to false.
* Move @assigns from the controller to the test itselfSantiago Pastorino2010-11-061-1/+0
|
* Fix problems trying to functional test AC::Metal controllersSantiago Pastorino2010-11-061-9/+1
| | | | [#5393 state:committed]
* Correctly handle the case of an API response that returns a hash by treating ↵Chris Eppstein2010-11-061-1/+1
| | | | a single hash argument as the resource instead of as options.
* replace if ! with unlessNeeraj Singh2010-10-171-1/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2010-10-141-1/+1
|\
| * Fix small typo in documentationKrekoten' Marjan2010-10-121-1/+1
| |
* | Return a valid empty JSON on successful PUT and DELETE requests. [#5199 ↵Szymon Nowak2010-10-121-0/+20
|/ | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Rendering doesn't need RackDelegationwycats2010-10-101-1/+0
|
* Fix a few bugs when trying to use Head standalonewycats2010-10-101-4/+2
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2010-10-061-4/+0
|\
| * `render :text => proc { ... }` is no longer supported.John Firebaugh2010-10-041-4/+0
| |
* | reduce function calls on ArrayAaron Patterson2010-09-291-3/+2
| |
* | removing more lolinjectAaron Patterson2010-09-291-8/+7
| |
* | removing lollerjectAaron Patterson2010-09-291-1/+1
|/
* renderer calls object.to_json when rendering :json => object [#5655 ↵Diego Carrion2010-09-271-1/+1
| | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Do not cache the script name outcome.José Valim2010-09-271-9/+11
|
* Merge remote branch 'miloops/warnings'José Valim2010-09-271-3/+3
|\ | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/url_for.rb
| * Initialize @_routes if not defined yet, avoiding more warnings.Emilio Tagua2010-09-271-0/+1
| |
| * Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
| |
* | Cache url_options on a per-request basis.thedarkone2010-09-271-9/+11
|/
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-261-1/+1
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* There is no need to use instance_eval since the proc is created in the same ↵José Valim2010-09-241-1/+1
| | | | context it is eval'ed.
* Make redirect_to accept blocks [#5643 state:resolved]Nando Vieira2010-09-241-1/+5
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Refactor decode_credentials to avoid inject and use map instead.Emilio Tagua2010-09-221-6/+5
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Fix header capitalization by explicitly upcasing first letter of every word, ↵Maxim Chernyak2010-09-181-1/+1
| | | | and avoiding capitalize. [#5636 state:resolved]
* Small tweak the ConditionalGet documentationCarl Lerche2010-09-171-2/+2
| | | Time#utc does not need to be called when passing the object to :last_modified since it is called internally to Rails.