aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* Check authentication scheme in Basic authtomykaira2013-07-071-1/+6
| | | | | | | | | | `authenticate_with_http_basic` and its families should check the authentication schema is "Basic". Different schema, such as OAuth2 Bearer should be rejected by basic auth, but it was passing as the test shows. This fixes #10257.
* Remove duplicate letter 'a'. [ci skip]Uģis Ozols2013-06-191-1/+1
|
* Add `respond_with` `location` option to the docsTute Costa2013-06-181-2/+6
|
* [ci skip] document protect_against_forgery? methodWeston Platter2013-05-101-0/+1
|
* Fix generating route from engine to other enginePiotr Sarnacki2013-05-031-1/+2
| | | | | | | | | | | | A regression was introduced in 5b3bb6, generating route from within an engine to an another engine resulted in prefixing a path with the SCRIPT_NAME value. The regression was caused by the fact that SCRIPT_NAME should be appended only if it's the SCRIPT_NAME for the application, not if it's SCRIPT_NAME from the current engine. closes #10409
* Don't reprocess the options hash on every requestAndrew White2013-04-271-1/+2
|
* Add support for extra options to `force_ssl`Andrew White2013-04-251-17/+48
| | | | | | | | This commit adds support for passing additional url options along with a :status option and any of the flash-related options to `redirect_to` (i.e. :flash, :alert & :notice). Closes #7570.
* Use `request.fullpath` to build redirect url in `force_ssl`Andrew White2013-04-251-4/+7
| | | | | | | | | | | The `force_ssl` command now builds the redirect url from `request.fullpath`. This ensures that the format is maintained and it doesn't redirect to a route that has the same parameters but is defined earlier in `routes.rb`. Also any optional segments are maintained. Fixes #7528. Fixes #9061. Fixes #10305.
* fixed missing comma in exampleIlya Vorontsov2013-04-241-1/+1
|
* Return nil for Mime::NullType#refAndrew White2013-04-101-1/+1
|
* Reverts rendering behavior when format is unknownGrzegorz Świrski2013-04-101-1/+1
| | | | | | | | | If a request has unknown format (eg. /foo.bar), the renderer fallbacks to default format. This patch reverts Rails 3.2 behavior after c2267db commit. Fixes issue #9654.
* Fix typoRafael Mendonça França2013-04-091-2/+2
|
* fix AP warning; remove unused variableVipul A M2013-04-091-0/+1
|
* Merge pull request #9604 from sgrif/live_streaming_exceptionsRafael Mendonça França2013-04-081-0/+28
|\ | | | | Exceptions raised when using ActionController::Live cause server crash
| * Exception handling for controllers using ActionController::LiveSean Griffin2013-03-181-0/+28
| | | | | | | | | | | | | | | | | | Any exceptions that occured at the view or controller level for a controller using ActionController::Live would cause the server to either hang with an open socket indefinitely, or immediately crash (depending on whether the server was launched with rails s or directly). Changed the behavior of exceptions to act the same as streaming templates for html requests, and allow for an on_error callback if needed.
* | Remove unecessary variable call, `#sort!` always returns an arrayAgis Anastasopoulos2013-04-071-1/+0
| |
* | Prefer find_by over dynamic finders in rdocSam Ruby2013-04-021-2/+2
| |
* | Fix some typosVipul A M2013-03-241-1/+1
| |
* | Fix documentation markup [ci skip]Rafael Mendonça França2013-03-231-0/+2
| |
* | StringIO is not required by default in JRubyArun Agrawal2013-03-221-0/+1
| |
* | Fix broken ActionController#action_missingJanko Luin2013-03-201-1/+1
| | | | | | | | | | A recent change introduced the assumption that all controller actions are known beforehand, which is not true when using action_missing.
* | Digest auth should not 500 when given a basic header.Brad Dunbar2013-03-181-0/+1
|/
* Handle conditional get in live requests - this will prevent error when using ↵Bernard Potocki2013-03-141-0/+4
| | | | stale on live streams(issue #9636)
* Merge pull request #9626 from dasch/dasch/instrument-strong-paramsJosé Valim2013-03-091-1/+2
|\ | | | | Use AS::Notifications to instrument Strong Params
| * Use the instrumentation framework to instrument Strong ParamsDaniel Schierbeck2013-03-071-1/+2
| |
* | ensure response.stream is closedSam Ruby2013-03-091-0/+1
|/
* fix respond_to without blocks not working if one of the blocks is allgrosser2013-02-241-1/+1
|
* This cache is not neededSantiago Pastorino2013-02-211-2/+1
|
* Use composition to figure out the forgery protection strategySantiago Pastorino2013-02-211-9/+27
|
* Rack::Test::UploadedFile is a permitted scalarFabio Kreusch2013-02-211-3/+4
|
* Fix #9168 Initialize NullCookieJar with all options needed for KeyGeneratorAndrey Chernih2013-02-081-1/+1
|
* Missing require hash/keysAkira Matsuda2013-02-011-0/+2
|
* Missing or unneeded require extract_optionsAkira Matsuda2013-02-011-0/+1
|
* Use \A in RegexpsEgor Homakov2013-02-011-1/+1
| | | | | So, if there is redirect_to params[:q] i can send ?q=javascript:asdf()%0A/localpath Or something more nasty, so please use \A
* Merge pull request #9032 from firmhouse/head-breaks-csrfSantiago Pastorino2013-01-281-2/+2
|\ | | | | Make HEAD work / convert to GET once more
| * Added request.head? to forgery protection codeMichiel Sikkes2013-01-221-2/+2
| |
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-3/+4
| | | | | | | | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* | ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051]Xavier Noria2013-01-231-2/+5
|/
* Only check for unpermmited parameters ifRafael Mendonça França2013-01-221-1/+1
| | | | action_on_unpermitted_parameters is present
* avoid creating an object in every callXavier Noria2013-01-221-1/+2
| | | | This was a suggestion of @carlosantoniodasilva, thanks!
* Refactor grep call to remove .eachCarlos Antonio da Silva2013-01-201-1/+1
| | | | Grep already yields the matching keys to the given block.
* Use 1.9 hash style in docs/comments [ci skip]Carlos Antonio da Silva2013-01-201-3/+3
|
* Removing warning: shadowing outer local variable Arun Agrawal2013-01-201-3/+3
|
* strong parameters filters permitted scalarsXavier Noria2013-01-201-22/+92
|
* Restore and adapt the implementation reverted atRafael Mendonça França2013-01-191-19/+46
| | | | | | https://github.com/rails/rails/commit/cc1c3c5be061e7572018f734e5239750ab449e3f Now instead of raise, we log by default in development and test
* Added ability to raise or log on unpermitted params.Thomas Drake-Brockman2013-01-201-0/+25
|
* Revert "Merge pull request #8989 from robertomiranda/use-rails-4-find-by"Guillermo Iguaran2013-01-181-2/+2
| | | | | This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1.
* User Rails 4 find_byrobertomiranda2013-01-181-2/+2
|
* strong parameters exception handlingBrian Alexander2013-01-151-6/+0
|
* Revert "log at debug level what line caused the redirect_to"Carlos Antonio da Silva2013-01-151-1/+0
| | | | | | | | This reverts commit 3fa00070047b5d019d39e691598ee2890283d052. Reason: This message is usually not accurate and annoying: Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-05 04:57:49 +0000