Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | * Do not convert digest auth strings to symbols. CVE-2012-3424 | Aaron Patterson | 2012-07-26 | 1 | -2/+2 |
| | |||||
* | Show in log correct wrapped keys | Dmitry Vorotilin | 2012-07-05 | 1 | -1/+2 |
| | |||||
* | ActionController::Caching depends on RackDelegation and ↵ | Santiago Pastorino | 2012-06-13 | 1 | -0/+3 |
| | | | | AbstractController::Callbacks | ||||
* | Revert "fix the Flash middleware loading the session on every request (very ↵ | Rafael Mendonça França | 2012-06-05 | 1 | -0/+1 |
| | | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request). | ||||
* | If content_type is explicitly passed to the :head method use the value or ↵ | Kunal Shah | 2012-05-07 | 1 | -1/+2 |
| | | | | fallback | ||||
* | Add a role option to wrap_parameters. | Nick Ragaz | 2012-05-04 | 1 | -2/+3 |
| | | | | The role option identifies which parameters are accessible and should be wrapped. The default role is :default. | ||||
* | fix the Flash middleware loading the session on every request (very ↵ | Will Bryant | 2012-04-30 | 1 | -1/+0 |
| | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called | ||||
* | Add note about using 303 See Other for XHR requests other than GET/POST | Andrew White | 2012-04-30 | 1 | -0/+10 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IE since version 6 and recently Chrome and Firefox have started following 302 redirects from XHR requests other than GET/POST using the original request method. This can lead to DELETE requests being redirected amongst other things. Although it doesn't directly affect the Rails framework since it doesn't return a 302 redirect to any non-GET/POST request a note has been added to raise awareness of the issue. Some references: Original article from @technoweenie: http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/ Hacker News discussion of the article: http://news.ycombinator.com/item?id=2903493 WebKit bug report: https://bugs.webkit.org/show_bug.cgi?id=46183 Firefox bug report and changeset: https://bugzilla.mozilla.org/show_bug.cgi?id=598304 https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d Chrome bug report: http://code.google.com/p/chromium/issues/detail?id=56373 HTTPbis bug report and changeset: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160 http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428 Roy T. Fielding's history of the issue: http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html Automated browser tests for the issue: http://www.mnot.net/javascript/xmlhttprequest/ Fixes #4144 (cherry picked from commit 24f143789a8989f3bccde14ff28067de25cafd87) | ||||
* | Don't convert params if the request isn't HTML - fixes #5341 | Andrew White | 2012-04-29 | 1 | -6/+18 |
| | | | | | | | | (cherry picked from commit 7a80b69e00f68e673c6ceb5cc684aa9196ed3d9f) Conflicts: actionpack/test/controller/test_test.rb | ||||
* | We dont need to merge in the parameters as thats all being reset by the rack ↵ | David Heinemeier Hansson | 2012-03-20 | 1 | -1/+0 |
| | | | | headers (and its causing problems for Strong Parameters attempt of wrapping request.parameters because it will change in testing) | ||||
* | Merge pull request #5456 from brianmario/redirect-sanitization | Aaron Patterson | 2012-03-15 | 1 | -1/+1 |
| | | | | Strip null bytes from Location header | ||||
* | Remove ActionController::TestCase#rescue_action_in_public! | Piotr Sarnacki | 2012-03-15 | 1 | -5/+0 |
| | | | | | | This method has no effect since exception handling was moved to middlewares and ActionController tests do not use any middlewares. | ||||
* | Remove usage of deprecated module. | José Valim | 2012-03-07 | 1 | -1/+0 |
| | |||||
* | Set the rendered_format on respond_to. | José Valim | 2012-03-07 | 1 | -0/+1 |
| | |||||
* | Deprecate ActionController::SessionManagement | Santiago Pastorino | 2012-03-06 | 1 | -0/+5 |
| | |||||
* | Always passing a respond block from to responder | Prem Sichanugrist | 2012-03-05 | 2 | -12/+13 |
| | | | | | | | We should let the responder to decide what to do with the given overridden response block, and not short circuit it. Fixes #5280 | ||||
* | format lookup for partials is derived from the format in which the template ↵ | Santiago Pastorino | 2012-02-22 | 2 | -2/+2 |
| | | | | | | is being rendered Closes #5025 part 2 | ||||
* | search private / protected methods in trunk ruby | Aaron Patterson | 2012-02-20 | 1 | -1/+1 |
| | |||||
* | Rack body respond to each and not to join | Santiago Pastorino | 2012-02-14 | 1 | -2/+4 |
| | | | | | | | This fixes undef `to_str' for Rack::Chunked::Body when using caches_action + streaming on an action Closes #5027 | ||||
* | Fixed force_ssl redirects to include original query params | Ryan McGeary | 2012-02-06 | 1 | -0/+1 |
| | | | | | | `ActionController.force_ssl` redirects http URLs to their https equivalent; however, when a URL contains a query string, the resulting redirect lacked the original query string. | ||||
* | Clean up a bit default_response handling and cache format negotiation. | José Valim | 2012-02-04 | 2 | -19/+17 |
| | |||||
* | Fix override API response bug in respond_with | Prem Sichanugrist | 2012-02-03 | 1 | -8/+23 |
| | | | | | | | | | | Default responder was only using the given respond block when user requested for HTML format, or JSON/XML format with valid resource. This fix the responder so that it will use the given block regardless of the validity of the resource. Note that in this case you'll have to check for object's validity by yourself in the controller. Fixes #4796 | ||||
* | example bracket error | Damian Le Nouaille | 2012-01-26 | 1 | -1/+1 |
| | |||||
* | Do not deprecate performed? | José Valim | 2012-01-19 | 2 | -6/+4 |
| | |||||
* | Remove duplicated constant definition | Carlos Antonio da Silva | 2012-01-17 | 1 | -3/+0 |
| | | | | | ActionController::ActionControllerError is already defined in action_controller/metal/exceptions. | ||||
* | Deprecate AC::UnknownError and AC::DoubleRenderError | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+2 |
| | | | | | Use the constants AbstractController::ActionNotFound and AbstractController::DoubleRenderError respectively instead. | ||||
* | Deprecate default_charset= at controller level | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+4 |
| | |||||
* | Add some deprecations for logic being removed in 4.0 | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+15 |
| | |||||
* | Made an example a little more realistic | codesnik | 2012-01-11 | 1 | -1/+1 |
| | |||||
* | Rails initialization with initialize_on_precompile = false should set assets_dir | Santiago Pastorino | 2012-01-10 | 1 | -1/+4 |
| | |||||
* | Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228) | Piotr Sarnacki | 2012-01-10 | 1 | -5/+8 |
| | |||||
* | fix base64 requires | Sergey Nartimov | 2012-01-03 | 1 | -1/+1 |
| | |||||
* | deprecate ActiveSupport::Base64 | Sergey Nartimov | 2012-01-03 | 1 | -5/+5 |
| | | | | extend and define ::Base64 if needed | ||||
* | Remove unecessary config_accessors. | José Valim | 2011-12-24 | 2 | -4/+4 |
| | |||||
* | Provide a class optin for page_cache_compression. | José Valim | 2011-12-24 | 1 | -17/+20 |
| | |||||
* | Gzip files on page caching | Andrey A.I. Sitnik | 2011-12-24 | 1 | -4/+28 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2011-12-16 | 1 | -3/+3 |
|\ | |||||
| * | escape assigns[:person], assigns[person] etc in actioncontroller testcase | Nick Howard | 2011-12-14 | 1 | -3/+3 |
| | | |||||
* | | Show detailed exceptions no longer returns true if the request is local in ↵ | José Valim | 2011-12-16 | 1 | -1/+9 |
| | | | | | | | | production. | ||||
* | | Fix diagnostics page for routing errors. | José Valim | 2011-12-15 | 2 | -9/+2 |
|/ | |||||
* | logger adds a newline for us | Aaron Patterson | 2011-12-12 | 1 | -1/+0 |
| | |||||
* | Default relative_url_root to ENV["RAILS_RELATIVE_URL_ROOT"]. Fixes #3365 | Piotrek Okoński | 2011-12-12 | 1 | -0/+1 |
| | |||||
* | Fix extend -> include. | José Valim | 2011-12-09 | 1 | -2/+0 |
| | |||||
* | Make ActiveSupport::Benchmarkable a default module for ↵ | David Heinemeier Hansson | 2011-12-09 | 1 | -0/+2 |
| | | | | ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be *DHH* | ||||
* | ParamsWrapper only wrap the accessible attributes when they were set | Jean-Francois Turcot | 2011-12-07 | 1 | -1/+8 |
| | |||||
* | Fix bug in assert_template when using only `:layout` option | Prem Sichanugrist | 2011-12-06 | 1 | -13/+15 |
| | | | | | | | | | | Currently if you're do this: assert_template :layout => "foo" Regardless of what layout you were using, the test will always pass. This was broken since the introduction of :layout option in [d9375f3f]. We have a lot of test cases in actionpack/test/controller/layout_test.rb that use this feature. This will make sure that those test cases are not true negative. | ||||
* | Allowing string as url argument for expire_action | Thomas von Deyen | 2011-12-06 | 1 | -3/+2 |
| | |||||
* | use classify in ParamsWrapper to derive model name from controller name | lest | 2011-12-05 | 1 | -1/+1 |
| | |||||
* | Minor enhancement by not unnecessarely escaping forward slashing within a ↵ | Overbryd | 2011-12-05 | 1 | -1/+2 |
| | | | | curly regexp and by mentoining the protocol relative scheme in the internal comment | ||||
* | Fix for redirect_to to respect urls with a network path reference like ↵ | Overbryd | 2011-12-05 | 1 | -2/+2 |
| | | | | "//asset.host.com/resources/1235" see issue #3856 |