Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Check authentication scheme in Basic auth | tomykaira | 2013-07-07 | 1 | -1/+6 |
| | | | | | | | | | | `authenticate_with_http_basic` and its families should check the authentication schema is "Basic". Different schema, such as OAuth2 Bearer should be rejected by basic auth, but it was passing as the test shows. This fixes #10257. | ||||
* | Remove duplicate letter 'a'. [ci skip] | Uģis Ozols | 2013-06-19 | 1 | -1/+1 |
| | |||||
* | Add `respond_with` `location` option to the docs | Tute Costa | 2013-06-18 | 1 | -2/+6 |
| | |||||
* | [ci skip] document protect_against_forgery? method | Weston Platter | 2013-05-10 | 1 | -0/+1 |
| | |||||
* | Fix generating route from engine to other engine | Piotr Sarnacki | 2013-05-03 | 1 | -1/+2 |
| | | | | | | | | | | | | A regression was introduced in 5b3bb6, generating route from within an engine to an another engine resulted in prefixing a path with the SCRIPT_NAME value. The regression was caused by the fact that SCRIPT_NAME should be appended only if it's the SCRIPT_NAME for the application, not if it's SCRIPT_NAME from the current engine. closes #10409 | ||||
* | Don't reprocess the options hash on every request | Andrew White | 2013-04-27 | 1 | -1/+2 |
| | |||||
* | Add support for extra options to `force_ssl` | Andrew White | 2013-04-25 | 1 | -17/+48 |
| | | | | | | | | This commit adds support for passing additional url options along with a :status option and any of the flash-related options to `redirect_to` (i.e. :flash, :alert & :notice). Closes #7570. | ||||
* | Use `request.fullpath` to build redirect url in `force_ssl` | Andrew White | 2013-04-25 | 1 | -4/+7 |
| | | | | | | | | | | | The `force_ssl` command now builds the redirect url from `request.fullpath`. This ensures that the format is maintained and it doesn't redirect to a route that has the same parameters but is defined earlier in `routes.rb`. Also any optional segments are maintained. Fixes #7528. Fixes #9061. Fixes #10305. | ||||
* | fixed missing comma in example | Ilya Vorontsov | 2013-04-24 | 1 | -1/+1 |
| | |||||
* | Return nil for Mime::NullType#ref | Andrew White | 2013-04-10 | 1 | -1/+1 |
| | |||||
* | Reverts rendering behavior when format is unknown | Grzegorz Świrski | 2013-04-10 | 1 | -1/+1 |
| | | | | | | | | | If a request has unknown format (eg. /foo.bar), the renderer fallbacks to default format. This patch reverts Rails 3.2 behavior after c2267db commit. Fixes issue #9654. | ||||
* | Fix typo | Rafael Mendonça França | 2013-04-09 | 1 | -2/+2 |
| | |||||
* | fix AP warning; remove unused variable | Vipul A M | 2013-04-09 | 1 | -0/+1 |
| | |||||
* | Merge pull request #9604 from sgrif/live_streaming_exceptions | Rafael Mendonça França | 2013-04-08 | 1 | -0/+28 |
|\ | | | | | Exceptions raised when using ActionController::Live cause server crash | ||||
| * | Exception handling for controllers using ActionController::Live | Sean Griffin | 2013-03-18 | 1 | -0/+28 |
| | | | | | | | | | | | | | | | | | | Any exceptions that occured at the view or controller level for a controller using ActionController::Live would cause the server to either hang with an open socket indefinitely, or immediately crash (depending on whether the server was launched with rails s or directly). Changed the behavior of exceptions to act the same as streaming templates for html requests, and allow for an on_error callback if needed. | ||||
* | | Remove unecessary variable call, `#sort!` always returns an array | Agis Anastasopoulos | 2013-04-07 | 1 | -1/+0 |
| | | |||||
* | | Prefer find_by over dynamic finders in rdoc | Sam Ruby | 2013-04-02 | 1 | -2/+2 |
| | | |||||
* | | Fix some typos | Vipul A M | 2013-03-24 | 1 | -1/+1 |
| | | |||||
* | | Fix documentation markup [ci skip] | Rafael Mendonça França | 2013-03-23 | 1 | -0/+2 |
| | | |||||
* | | StringIO is not required by default in JRuby | Arun Agrawal | 2013-03-22 | 1 | -0/+1 |
| | | |||||
* | | Fix broken ActionController#action_missing | Janko Luin | 2013-03-20 | 1 | -1/+1 |
| | | | | | | | | | | A recent change introduced the assumption that all controller actions are known beforehand, which is not true when using action_missing. | ||||
* | | Digest auth should not 500 when given a basic header. | Brad Dunbar | 2013-03-18 | 1 | -0/+1 |
|/ | |||||
* | Handle conditional get in live requests - this will prevent error when using ↵ | Bernard Potocki | 2013-03-14 | 1 | -0/+4 |
| | | | | stale on live streams(issue #9636) | ||||
* | Merge pull request #9626 from dasch/dasch/instrument-strong-params | José Valim | 2013-03-09 | 1 | -1/+2 |
|\ | | | | | Use AS::Notifications to instrument Strong Params | ||||
| * | Use the instrumentation framework to instrument Strong Params | Daniel Schierbeck | 2013-03-07 | 1 | -1/+2 |
| | | |||||
* | | ensure response.stream is closed | Sam Ruby | 2013-03-09 | 1 | -0/+1 |
|/ | |||||
* | fix respond_to without blocks not working if one of the blocks is all | grosser | 2013-02-24 | 1 | -1/+1 |
| | |||||
* | This cache is not needed | Santiago Pastorino | 2013-02-21 | 1 | -2/+1 |
| | |||||
* | Use composition to figure out the forgery protection strategy | Santiago Pastorino | 2013-02-21 | 1 | -9/+27 |
| | |||||
* | Rack::Test::UploadedFile is a permitted scalar | Fabio Kreusch | 2013-02-21 | 1 | -3/+4 |
| | |||||
* | Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator | Andrey Chernih | 2013-02-08 | 1 | -1/+1 |
| | |||||
* | Missing require hash/keys | Akira Matsuda | 2013-02-01 | 1 | -0/+2 |
| | |||||
* | Missing or unneeded require extract_options | Akira Matsuda | 2013-02-01 | 1 | -0/+1 |
| | |||||
* | Use \A in Regexps | Egor Homakov | 2013-02-01 | 1 | -1/+1 |
| | | | | | So, if there is redirect_to params[:q] i can send ?q=javascript:asdf()%0A/localpath Or something more nasty, so please use \A | ||||
* | Merge pull request #9032 from firmhouse/head-breaks-csrf | Santiago Pastorino | 2013-01-28 | 1 | -2/+2 |
|\ | | | | | Make HEAD work / convert to GET once more | ||||
| * | Added request.head? to forgery protection code | Michiel Sikkes | 2013-01-22 | 1 | -2/+2 |
| | | |||||
* | | Integrate Action Pack with Rack 1.5 | Carlos Antonio da Silva | 2013-01-25 | 1 | -3/+4 |
| | | | | | | | | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino] | ||||
* | | ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051] | Xavier Noria | 2013-01-23 | 1 | -2/+5 |
|/ | |||||
* | Only check for unpermmited parameters if | Rafael Mendonça França | 2013-01-22 | 1 | -1/+1 |
| | | | | action_on_unpermitted_parameters is present | ||||
* | avoid creating an object in every call | Xavier Noria | 2013-01-22 | 1 | -1/+2 |
| | | | | This was a suggestion of @carlosantoniodasilva, thanks! | ||||
* | Refactor grep call to remove .each | Carlos Antonio da Silva | 2013-01-20 | 1 | -1/+1 |
| | | | | Grep already yields the matching keys to the given block. | ||||
* | Use 1.9 hash style in docs/comments [ci skip] | Carlos Antonio da Silva | 2013-01-20 | 1 | -3/+3 |
| | |||||
* | Removing warning: shadowing outer local variable | Arun Agrawal | 2013-01-20 | 1 | -3/+3 |
| | |||||
* | strong parameters filters permitted scalars | Xavier Noria | 2013-01-20 | 1 | -22/+92 |
| | |||||
* | Restore and adapt the implementation reverted at | Rafael Mendonça França | 2013-01-19 | 1 | -19/+46 |
| | | | | | | https://github.com/rails/rails/commit/cc1c3c5be061e7572018f734e5239750ab449e3f Now instead of raise, we log by default in development and test | ||||
* | Added ability to raise or log on unpermitted params. | Thomas Drake-Brockman | 2013-01-20 | 1 | -0/+25 |
| | |||||
* | Revert "Merge pull request #8989 from robertomiranda/use-rails-4-find-by" | Guillermo Iguaran | 2013-01-18 | 1 | -2/+2 |
| | | | | | This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1. | ||||
* | User Rails 4 find_by | robertomiranda | 2013-01-18 | 1 | -2/+2 |
| | |||||
* | strong parameters exception handling | Brian Alexander | 2013-01-15 | 1 | -6/+0 |
| | |||||
* | Revert "log at debug level what line caused the redirect_to" | Carlos Antonio da Silva | 2013-01-15 | 1 | -1/+0 |
| | | | | | | | | This reverts commit 3fa00070047b5d019d39e691598ee2890283d052. Reason: This message is usually not accurate and annoying: Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'` |