aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* Backport 5c51cd0: #send_file leans on Rack::Sendfile to X-Accel-Redirect the ↵Jeremy Kemper2012-08-151-2/+22
| | | | file's path, so opening the file to set the response body is wasteful. Set a FileBody wrapper instead that responds to to_path and streams the file if needed.
* * Do not convert digest auth strings to symbols. CVE-2012-3424Aaron Patterson2012-07-261-2/+2
|
* Show in log correct wrapped keysDmitry Vorotilin2012-07-051-1/+2
|
* If content_type is explicitly passed to the :head method use the value or ↵Kunal Shah2012-05-071-1/+2
| | | | fallback
* Add a role option to wrap_parameters.Nick Ragaz2012-05-041-2/+3
| | | | The role option identifies which parameters are accessible and should be wrapped. The default role is :default.
* Add note about using 303 See Other for XHR requests other than GET/POSTAndrew White2012-04-301-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IE since version 6 and recently Chrome and Firefox have started following 302 redirects from XHR requests other than GET/POST using the original request method. This can lead to DELETE requests being redirected amongst other things. Although it doesn't directly affect the Rails framework since it doesn't return a 302 redirect to any non-GET/POST request a note has been added to raise awareness of the issue. Some references: Original article from @technoweenie: http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/ Hacker News discussion of the article: http://news.ycombinator.com/item?id=2903493 WebKit bug report: https://bugs.webkit.org/show_bug.cgi?id=46183 Firefox bug report and changeset: https://bugzilla.mozilla.org/show_bug.cgi?id=598304 https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d Chrome bug report: http://code.google.com/p/chromium/issues/detail?id=56373 HTTPbis bug report and changeset: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160 http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428 Roy T. Fielding's history of the issue: http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html Automated browser tests for the issue: http://www.mnot.net/javascript/xmlhttprequest/ Fixes #4144 (cherry picked from commit 24f143789a8989f3bccde14ff28067de25cafd87)
* Merge pull request #5456 from brianmario/redirect-sanitizationAaron Patterson2012-03-151-1/+1
| | | | Strip null bytes from Location header
* Set the rendered_format on respond_to.José Valim2012-03-071-0/+1
|
* Deprecate ActionController::SessionManagementSantiago Pastorino2012-03-061-0/+5
|
* Always passing a respond block from to responderPrem Sichanugrist2012-03-052-12/+13
| | | | | | | We should let the responder to decide what to do with the given overridden response block, and not short circuit it. Fixes #5280
* format lookup for partials is derived from the format in which the template ↵Santiago Pastorino2012-02-222-2/+2
| | | | | | is being rendered Closes #5025 part 2
* search private / protected methods in trunk rubyAaron Patterson2012-02-201-1/+1
|
* Fixed force_ssl redirects to include original query paramsRyan McGeary2012-02-061-0/+1
| | | | | | `ActionController.force_ssl` redirects http URLs to their https equivalent; however, when a URL contains a query string, the resulting redirect lacked the original query string.
* Clean up a bit default_response handling and cache format negotiation.José Valim2012-02-042-19/+17
|
* Fix override API response bug in respond_withPrem Sichanugrist2012-02-031-8/+23
| | | | | | | | | | Default responder was only using the given respond block when user requested for HTML format, or JSON/XML format with valid resource. This fix the responder so that it will use the given block regardless of the validity of the resource. Note that in this case you'll have to check for object's validity by yourself in the controller. Fixes #4796
* example bracket errorDamian Le Nouaille2012-01-261-1/+1
|
* Do not deprecate performed?José Valim2012-01-191-6/+0
|
* Remove duplicated constant definitionCarlos Antonio da Silva2012-01-171-3/+0
| | | | | ActionController::ActionControllerError is already defined in action_controller/metal/exceptions.
* Deprecate AC::UnknownError and AC::DoubleRenderErrorCarlos Antonio da Silva2012-01-171-2/+2
| | | | | Use the constants AbstractController::ActionNotFound and AbstractController::DoubleRenderError respectively instead.
* Deprecate default_charset= at controller levelCarlos Antonio da Silva2012-01-171-2/+4
|
* Add some deprecations for logic being removed in 4.0Carlos Antonio da Silva2012-01-171-2/+15
|
* Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228)Piotr Sarnacki2012-01-101-5/+8
|
* fix base64 requiresSergey Nartimov2012-01-031-1/+1
|
* deprecate ActiveSupport::Base64Sergey Nartimov2012-01-031-5/+5
| | | | extend and define ::Base64 if needed
* Remove unecessary config_accessors.José Valim2011-12-241-1/+1
|
* Show detailed exceptions no longer returns true if the request is local in ↵José Valim2011-12-161-1/+9
| | | | production.
* Fix diagnostics page for routing errors.José Valim2011-12-151-7/+2
|
* ParamsWrapper only wrap the accessible attributes when they were setJean-Francois Turcot2011-12-071-1/+8
|
* use classify in ParamsWrapper to derive model name from controller namelest2011-12-051-1/+1
|
* Minor enhancement by not unnecessarely escaping forward slashing within a ↵Overbryd2011-12-051-1/+2
| | | | curly regexp and by mentoining the protocol relative scheme in the internal comment
* Fix for redirect_to to respect urls with a network path reference like ↵Overbryd2011-12-051-2/+2
| | | | "//asset.host.com/resources/1235" see issue #3856
* Revert "Added ActiveRecord::Base#last_modified to work with the new ↵David Heinemeier Hansson2011-12-011-2/+2
| | | | | | | | fresh_when/stale? conditional get methods from Action Pack" Needless indirection with no added value. This reverts commit 535853e83b9092078035a5abb2aa242fba815c05.
* Added ActiveRecord::Base#last_modified to work with the new ↵David Heinemeier Hansson2011-12-011-2/+2
| | | | fresh_when/stale? conditional get methods from Action Pack
* Allow fresh_when/stale? to take a record instead of an options hash [DHH]David Heinemeier Hansson2011-12-011-4/+49
|
* Log 'Filter chain halted as CALLBACKNAME rendered or redirected' every time ↵José Valim2011-11-301-1/+6
| | | | a before callback halts.
* Revert the serializers API as other alternatives are now also under discussionJosé Valim2011-11-251-51/+0
|
* Add docs to serializers. Update CHANGELOGs.José Valim2011-11-251-0/+23
|
* Rely solely on active_model_serializer and remove the fancy constant lookup.José Valim2011-11-231-1/+3
|
* Merge branch 'master' into serializersJosé Valim2011-11-234-28/+18
|\
| * move show_detailed_exceptions? to Rescue modulelest2011-11-221-0/+10
| |
| * Merge pull request #3613 from mitio/fix-actionpack-responder-docsXavier Noria2011-11-111-4/+4
| |\ | | | | | | Fix wording and minor typos in the Responder RDoc
| | * Fix wording and minor typos in the Responder RDocDimitar Dimitrov2011-11-111-4/+4
| | |
| * | fix incorrect code exampleVijay Dev2011-11-071-1/+1
| | |
| * | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2011-10-301-2/+2
| |\ \
| | * | add namespacing when referring to ActionController::RedirectBackErrorNick Howard2011-10-251-2/+2
| | |/
| * / Responders now return 204 No Content for API requests without a response ↵José Valim2011-10-261-21/+1
| |/ | | | | | | body (as in the new scaffold)
* | Refactor to make renderers a SetJose and Yehuda2011-10-151-11/+9
| |
* | Initial commit of serializer supportJose and Yehuda2011-10-151-0/+26
|/
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2011-10-142-2/+4
|\
| * status is a number in Rails 3Akira Matsuda2011-10-121-2/+2
| |