aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* AC::Parameters#permit! permits hashes in array valuesXavier Noria2013-12-231-2/+4
|
* Move the null mime type to request.formatCarlos Antonio da Silva2013-12-231-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
* optimizes array conversion in AC::ParametersXavier Noria2013-12-211-2/+12
|
* refactors AC::Parameters#fetchXavier Noria2013-12-211-10/+3
| | | | | | | | AC::Parameters#fetch was refactored in 7171111 to prevent self mutation, but in doing so it hardcodes logic #convert_hashes_to_parameters is supposed to encapsulate. Better leave the delegation, and add a way to avoid mutating self in there.
* converts hashes in arrays of unfiltered params to unpermitted params [fixes ↵Xavier Noria2013-12-211-3/+10
| | | | #13382]
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-201-1/+1
|\
| * Typos. return -> returns. [ci skip]Lauro Caetano2013-12-031-1/+1
| |
* | Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-2/+7
| |
* | Merge pull request #13345 from jeremy/get-csrfJeremy Kemper2013-12-171-13/+61
|\ \ | | | | | | CSRF protection from cross-origin <script> tags
| * | CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
| | | | | | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* | | Some assorted fixes for the 4.1 release notes:Godfrey Chan2013-12-171-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | * Added release notes for secrets.yml and mentioned it in the highlights * Added release notes for Mailer previews and mentioned it in the highlights * Added release notes for Module#concerning * Removed mention for AV extraction from the highlights * Rearranged the major features to put highlighted features first * Various improvements and typo fixes [ci skip]
* | Fix syntax error in redirect_to examplePhilipe Fatio2013-12-141-1/+1
| | | | | | | | | | Without parenthesis, ruby assumes that curly braces denote the beginning of a block.
* | Merge pull request #13293 from akshay-vishnoi/typoCarlos Antonio da Silva2013-12-121-1/+1
|\ \ | | | | | | Spelling and Grammar checks [ci skip]
| * | Spelling and Grammar checksAkshay Vishnoi2013-12-121-1/+1
| | |
* | | Variants inline syntax documentation [ci skip]Łukasz Strzałkowski2013-12-121-0/+9
|/ / | | | | | | | | | | * Extend method documentation * Mention it in actionpack/CHANGELOG * Update release notes
* | Merge pull request #13288 from dvsuresh/fix_typoDamien Mathieu2013-12-121-1/+1
|\ \ | | | | | | Fix typo in action_controller responder.rb [ci skip]
| * | Fix typo in action_controller responder.rbdvsuresh2013-12-121-1/+1
| | |
* | | typos rectified [ci skip]Aayush khandelwal2013-12-121-1/+1
|/ /
* | Inline variants syntaxŁukasz Strzałkowski2013-12-101-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.
* | Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-15/+9
| | | | | | | | | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
* | Inline variants syntaxŁukasz Strzałkowski2013-12-081-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.
* | Variants can be declared without a block to signify their presence in the ↵David Heinemeier Hansson2013-12-071-1/+3
| | | | | | | | controller
* | Allow code execution in case no variant has been set with variant.noneDavid Heinemeier Hansson2013-12-071-4/+5
| |
* | Improve a couple exception messages related to variants and mime typesCarlos Antonio da Silva2013-12-031-2/+4
| | | | | | | | | | Avoid one-liner conditionals when they are too big. Avoid concatenating strings to build error messages. Improve messages a bit.
* | Add nodoc to added VariantFilter classCarlos Antonio da Silva2013-12-031-3/+3
| |
* | Action Pack VariantsŁukasz Strzałkowski2013-12-041-4/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* | Cleanups in comment about conditionalGuillermo Iguaran2013-12-031-1/+2
| |
* | Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-031-1/+1
|/ | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
* Revert "Used Yield instead of block.call" -- this causes all of ↵David Heinemeier Hansson2013-11-141-2/+2
| | | | | | atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep". This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
* Merge pull request #12889 from kuldeepaggarwal/speed_upsRafael Mendonça França2013-11-141-2/+2
|\ | | | | Used Yield instead of block.call
| * Used Yield instead of block.callKuldeep Aggarwal2013-11-151-2/+2
| |
* | #presence usedAkshay Vishnoi2013-11-141-5/+1
| |
* | Remove order attribute from collectorLukasz Strzalkowski2013-11-101-4/+3
|/ | | | Ruby 1.8 legacy. Since 1.9 hash preserves insertion order. No need for additional array to achieve this
* Improve wording in AC::ParameterMissing error messageGuillermo Iguaran2013-11-021-1/+1
|
* Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-021-23/+9
| | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* Merge pull request #9660 from ↵Guillermo Iguaran2013-11-011-9/+23
|\ | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-111-9/+23
| | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | Fix typo in method description in Responder classLin Reid2013-11-011-1/+1
| | | | | | | | Fixes a typo in the description for the call class method in Responder.
* | don't mutate hash with fetchDoug Cole2013-10-261-1/+8
| |
* | pass app config to controller helper proxyTima Maslyuchenko2013-10-241-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this fix application config become available when calling helper outisde of view config/application.rb #... config.asset_host = 'http://mycdn.com' #... Somewhere else ActionController::Base.helpers.asset_path('fallback.png') # => http://mycdn.com/assets/fallback.png
* | Fixing repond_with working directly on the options hashBlueHotDog2013-10-091-0/+1
| | | | | | | | | | | | | | | | This fixes an issue where the respond_with worked directly with the given options hash, so that if a user relied on it after calling respond_with, the hash wouldn't be the same. Fixes #12029
* | Strong parameters should permit nested number as key. Closes #12293kennyj2013-09-271-1/+5
| |
* | Fix regex used to find URI schemes in redirect_toDerek Prior2013-09-191-1/+1
| | | | | | | | | | The previous regex was allowing `_` in the URI scheme, which is not allowed by RFC 3986. This change brings the regex in line with the RFC.
* | Fix incorrect assert_redirected_to failure messageDerek Prior2013-09-191-19/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some instances, `assert_redirected_to` assertion was returning an incorrect and misleading failure message when the assertion failed. This was due to a disconnect in how the assertion computes the redirect string for the failure message and how `redirect_to` computes the string that is actually used for redirection. I made the `_compute_redirect_to_loaction` method used by `redirect_to` public and call that from the method `assert_redirect_to` uses to calculate the URL. The reveals a new test failure due to the regex used by `_compute_redirect_to_location` allow `_` in the URL scheme.
* | NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+3
| | | | | | | | Previously it was raising a NilException
* | Removing ActiveSupport::Concern, it's not neededAttila Domokos2013-09-131-2/+0
| |
* | Custom flash should be defined only for the class that defines it and it's ↵Ricardo de Cillo2013-09-131-1/+1
| | | | | | | | subclasses.
* | Merge pull request #12159 from nashby/issue-12149Rafael Mendonça França2013-09-121-1/+1
|\ \ | | | | | | do not break params filtering on nil values