aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller
Commit message (Collapse)AuthorAgeFilesLines
* use Proc.new to automatically do parameter checking for usAaron Patterson2014-05-231-3/+1
|
* use symbol keys for path_parametersAaron Patterson2014-05-222-6/+6
|
* we can just use Ruby hereAaron Patterson2014-05-211-2/+2
|
* fix formatting and text for ActionController::Redirecting docLaurel Fan2014-05-211-4/+8
|
* Merge pull request #11346 from tomykaira/fix_10257Rafael Mendonça França2014-05-201-2/+14
|\ | | | | Check authentication scheme in Basic auth
| * Run login_procedure only when the auth_scheme is validtomykaira2013-07-081-7/+14
| |
| * Check authentication scheme in Basic authtomykaira2013-07-071-1/+6
| | | | | | | | | | | | | | | | | | | | `authenticate_with_http_basic` and its families should check the authentication schema is "Basic". Different schema, such as OAuth2 Bearer should be rejected by basic auth, but it was passing as the test shows. This fixes #10257.
* | Add ActionController::Renderers.remove.Zuhao Wan2014-05-201-0/+16
| |
* | fixes stack level too deep exception on action named 'status' returning ↵Christiaan Van den Poel2014-05-153-2/+6
| | | | | | | | 'head :ok'
* | Merge pull request #14137 from dasch/better-fragment-cache-instrumentationRafael Mendonça França2014-05-141-1/+7
|\ \ | | | | | | | | | | | | | | | | | | Add controller and action name to the fragment caching instrumentation payload Conflicts: actionpack/CHANGELOG.md
| * | Add controller and action name to the instrumentation payloadDaniel Schierbeck2014-05-101-1/+7
| | |
* | | Add multiple lines message support for SSE moduleayaya2014-05-121-1/+2
| | |
* | | Moved 'params[request_forgery_protection_token]' into its own method and ↵Tom Kadwill2014-05-061-1/+1
| | | | | | | | | | | | improved tests.
* | | Fix examples indent and improve #process docs a bit [ci skip]Carlos Antonio da Silva2014-05-041-16/+14
| | |
* | | Document ActionController::TestCase::Behavior#processGaurish Sharma2014-05-041-0/+27
|/ / | | | | | | [ci skip]
* | do not allocate strings while creating urlsAaron Patterson2014-04-301-1/+1
| |
* | don't allocate string on hash accessAaron Patterson2014-04-301-1/+1
| |
* | ActionController::Renderers documentation fixStevie Graham2014-04-201-2/+2
| | | | | | | | | | ActionController::Renderers::RENDERERS is an instance of Set. Docs incorrectly state that it's a Hash.
* | [ci skip] builtin -> built-inAkshay Vishnoi2014-04-201-1/+1
| |
* | Update AC::Metal documentation example [ci skip]Yury Velikanau2014-04-151-1/+2
| | | | | | | | Include proper module since AV was extracted form AP as mentioned in #14659.
* | Fix subscriptions not being unsubscribed.Guo Xiang Tan2014-04-141-5/+7
| |
* | Tiny doc fix for Strong ParametersIan C. Anderson2014-03-301-1/+1
| | | | | | - accepts_nested_attribute_for -> accepts_nested_attributes_for
* | Replace trivial regexp with string or index, twice as fastKelley Reynolds2014-03-281-1/+1
| |
* | update comments to reflect that options support is not availableFrederick Cheung2014-03-251-2/+2
| |
* | re-raise error if error occurs before committing in streamingKevin Casey2014-03-141-10/+11
| | | | | | | | update the tests, using an if-else
* | use the body proxy to freeze headersAaron Patterson2014-03-122-3/+9
| | | | | | | | | | | | avoid freezing the headers until the web server has actually read data from the body proxy. Once the webserver has read data, then we should throw an error if someone tries to set a header
* | just ask the response for the commit status, we do not need to ask the jarAaron Patterson2014-03-121-1/+1
| |
* | only write the jar if the response isn't committedAaron Patterson2014-03-122-5/+23
| | | | | | | | | | | | | | | | | | | | | | when streaming responses, we need to make sure the cookie jar is written to the headers before returning up the stack. This commit introduces a new method on the response object that writes the cookie jar to the headers as the response is committed. The middleware and test framework will not write the cookie headers if the response has already been committed. fixes #14352
* | Merge pull request #14280 from joho/make_csrf_failure_logging_optionalSantiago Pastorino2014-03-081-1/+7
|\ \ | | | | | | Make CSRF failure logging optional/configurable.
| * | Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-1/+7
| | | | | | | | | | | | | | | Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection which is on by default.
* | | Do note remove `Content-Type` when `render :body`Prem Sichanugrist2014-03-052-5/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | | | `render :body` should just not set the `Content-Type` header. By removing the header, it breaks the compatibility with other parts. After this commit, `render :body` will returns `text/html` content type, sets by default from `ActionDispatch::Response`, and it will preserve the overridden content type if you override it. Fixes #14197, #14238 This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
* | Add spaces to deep_munge log message.Shuhei Kagawa2014-03-031-3/+3
| |
* | use built-in exception handling in live controllersAaron Patterson2014-02-281-2/+5
| | | | | | | | | | | | when an exception happens in an action before the response has been committed, then we should re-raise the exception in the main thread. This lets us reuse the existing exception handling.
* | live controllers should have live responsesAaron Patterson2014-02-282-8/+36
| | | | | | | | | | | | detect the type of controller we're testing and return the right type of response based on that controller. This allows us to stop doing the weird sleep thing.
* | set the error callback to a nice default in case nobody set an error ↵Aaron Patterson2014-02-281-1/+1
| | | | | | | | callback and an error happens
* | Fix controller test not resetting @_url_optionsTony Wooster2014-02-262-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4f2cd3e9 introduced a bug by reordering the call to `@controller.recycle!` above the call to `build_request_uri`. The impact of this was that the `@_url_options` cache ends up not being reset between building a request URI (occurring within the test controller) and the firing of the actual request. We encountered this bug because we had the following setup: class MinimumReproducibleController < ActionController::Base before_filter { @param = 'param' } def index render text: url_for(params) end def default_url_options { custom_opt: @param } end end def test_index get :index # builds url, then fires actual request end The first step in `get :index` in the test suite would populate the @_url_options cache. The subsequent call to `url_for` inside of the controller action would then utilize the uncleared cache, thus never calling the now-updated default_url_options. This commit fixes this bug calling recycle! twice, and removes a call to set response_body, which should no longer be needed since we're recycling the request object explicitly.
* | Simple Sungularize ActionController::UnpermittedParameters error in case ↵Serj L2014-02-242-2/+2
| | | | | | | | when only 1 parameter is unpermitted.
* | Update Docs in favor to use render plain instead of text optionrobertomiranda2014-02-183-8/+8
| | | | | | | | ref #14062
* | Add `#no_content_type` attribute to `AD::Response`Prem Sichanugrist2014-02-182-8/+6
| | | | | | | | | | Setting this attribute to `true` will remove the content type header from the request. This is use in `render :body` feature.
* | Cleanup `ActionController::Rendering`Prem Sichanugrist2014-02-181-11/+27
| |
* | Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-2/+2
| | | | | | | | | | | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* | Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-181-2/+10
| | | | | | | | | | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* | Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-181-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* | Correct prestreaming controller response status.Kevin Casey2014-02-151-0/+2
| | | | | | | | | | | | if the controller action has not yet streamed any data, actions should process as normal, and errors should trigger the appropriate behavior (500, or in the case of ActionController::BadRequest, a 400 Bad Request)
* | No variant should also be picked up by variant.any if variant.none is not ↵David Heinemeier Hansson2014-02-131-1/+1
| | | | | | | | defined (just like any other variant)
* | Variant negotiationLukasz Strzalkowski2014-02-131-8/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow setting `request.variant` as an array - an order in which they will be rendered. For example: request.variant = [:tablet, :phone] respond_to do |format| format.html.none format.html.phone # this gets rendered end
* | Merge pull request #13863 from joshjordan/jsj-dont-throw-out-get-paramsRafael Mendonça França2014-02-011-4/+11
|\ \ | | | | | | | | | | | | | | | | | | Do not discard query parameters on requests that use wrap_parameters Conflicts: actionpack/CHANGELOG.md
| * | Do not discard query parameters on requests that use wrap_parametersJosh Jordan2014-01-301-4/+11
| | |
* | | Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+9
|/ / | | | | | | | | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* | Clear filtered request attributes between requests in testsAndrew White2014-01-271-0/+3
| | | | | | | | | | | | | | | | The request attributes filtered_parameters, filtered_env and filtered_path are memoized for performance reasons. However this can cause unusual behavior in tests where there are multiple calls to get, post, etc. Fixes #13803.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 07:15:05 +0000