aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller
Commit message (Collapse)AuthorAgeFilesLines
* Add note regarding CSRF for APIs, as a use-case for skipping it [ci skip]Zachary Scott2015-04-121-0/+4
|
* Apply comments from @jeremy regarding why HTML and Javascript requestsZachary Scott2015-04-121-0/+5
| | | | | | specifically are checked for CSRF, when dealing with the browser. [ci skip]
* update request_forgery_protection docs [ci skip]Vladimir Lyzo2015-04-121-7/+8
|
* Revert "Merge pull request #19682 from ↵Santiago Pastorino2015-04-122-6/+3
| | | | | | | supercaracal/fix_force_ssl_redirection_flash_error" This reverts commit d215620340be7cb29e2aa87aab22da5ec9e6e6a7, reversing changes made to bbbbfe1ac02162ecb5e9a7b560134a3221f129f3.
* fix fails to force_ssl_redirection if session_store is disabledTaishi Kasuga2015-04-092-3/+6
|
* Merge pull request #19666 from mikej/masterSantiago Pastorino2015-04-061-1/+1
|\ | | | | fix missing "if" in API docs for ActionController::Parameters#permit
| * fix missing "if" in API docs for ActionController::Parameters#permitMichael Josephson2015-04-061-1/+1
| |
* | Fix ActionPack tests after changes to missing template loggereileencodes2015-04-061-1/+1
|/ | | | | | | | | After merging #19377 ActionPack tests were missing a require for `ActiveSupport::LogSubscriber::TestHelper` and change didn't take into account that logger could be nil. Added the require and only log to info if logger exists. This wasn't caught earlier because these tests only run after a merge.
* head no_content when there is no template or action performedStephen Bussey2015-04-051-1/+6
|
* Fix a few typos [ci skip]Robin Dupret2015-04-051-3/+3
|
* Freeze static arguments for gsubbrainopia2015-04-022-3/+3
|
* Prefer string patterns for gsubbrainopia2015-04-022-3/+3
| | | | | | | | | | | | | | | | | https://github.com/ruby/ruby/pull/579 - there is a new optimization since ruby 2.2 Previously regexp patterns were faster (since a string was converted to regexp underneath anyway). But now string patterns are faster and better reflect the purpose. Benchmark.ips do |bm| bm.report('regexp') { 'this is ::a random string'.gsub(/::/, '/') } bm.report('string') { 'this is ::a random string'.gsub('::', '/') } bm.compare! end # string: 753724.4 i/s # regexp: 501443.1 i/s - 1.50x slower
* Merge pull request #19544 from shuhei/fix-parameters-const-missingXavier Noria2015-03-281-1/+1
|\ | | | | Return super in ActionController::Parameters.const_missing
| * Return super in ActionController::Parameters.const_missingShuhei Kagawa2015-03-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation of ActionController::Parameters.const_missing returns `ActionController::Parameters.always_permitted_parameters` even if its `super` returns a constant without raising error. This prevents its subclass in a autoloading module/class from taking advantage of autoloading constants. class SomeParameters < ActionController::Parameters def do_something DefinedSomewhere.do_something end end In the code above, `DefinedSomewhere` is to be autoloaded with `Module.const_missing` but `ActionController::Parameters.const_missing` returns `always_permitted_parameters` instead of the autoloaded constant. This pull request fixes the issue respecting `const_missing`'s `super`.
* | Provide friendlier access to request variantsGeorge Claghorn2015-03-241-6/+7
|/ | | | Closes #18933.
* Merge pull request #19291 from hired/return-truthy-value-from-headRafael Mendonça França2015-03-131-0/+2
|\ | | | | Return truthy value from head method
| * Return true from head methodJoel Hayhurst2015-03-121-0/+2
| | | | | | | | | | | | It was returning false in normal circumstances. This broke the `head :ok and return if` construct. Add appropriate test.
* | Use request.session.id instead of request.session_options[:id]Brian John2015-03-121-1/+1
|/ | | | | | | | | As of the upgrade to Rack 1.5, request.session_options[:id] is no longer populated. Reflect this change in the tests by using request.session.id instead. Related change in Rack: https://github.com/rack/rack/commit/83a270d6
* Fix documentation of url_for module [ci skip]Prathamesh Sonpatki2015-03-061-1/+4
| | | | | | | | | | | - The request needs to be instance of ActionDispatch::Request or an object that responds to host, optional_port, protocol and symbolized_path_parameter. - This documentation was correctly added in https://github.com/rails/rails/commit/e3b3f416b57f5642ea25078485f7e9394ad04526 but was changed to https://github.com/rails/rails/commit/e1ceae576e3911f3e6708b5d19a0e3ef63769eb7. - Fixes #16160.
* Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
|
* Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
|
* Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
|
* Tiny documentation edits [ci skip]Robin Dupret2015-03-031-1/+1
|
* [ci skip] Add documentation for Helpers#all_helpers_from_pathAnton Davydov2015-03-031-0/+4
|
* Removed non-standard and unused require 'active_support/deprecation' from ↵Vipul A M2015-02-271-1/+0
| | | | parts out of active_support.
* Try only to decode stringsRafael Mendonça França2015-02-181-2/+4
| | | | | This approach will avoid us to check for NoMethodError when trying to decode
* Merge pull request #18917 from lautis/non-string-csrf-tokenRafael Mendonça França2015-02-181-1/+1
|\ | | | | | | Handle non-string authenticity tokens
| * Handle non-string authenticity tokensVille Lautanala2015-02-121-1/+1
| | | | | | | | Non-string authenticity tokens raised NoMethodError when decoding the masked token.
* | Tiny documentation edits [ci skip]Robin Dupret2015-02-151-3/+3
| |
* | Implement http_cache_forever to ActionControllerArthur Neves2015-02-151-0/+18
|/ | | | | | | | | Add http_cache_forever to ActionController, so we can cache results forever. Things like static pages are a good candidate for this type of caching. This cache only controls caching headers, so it is up to the browser to cache those requests.
* Accept a collection in fresh_when and stale?claudiob2015-02-101-10/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The methods `fresh_when` and `stale?` from ActionController::ConditionalGet accept a single record as a short form for a hash. For instance ```ruby def show @article = Article.find(params[:id]) fresh_when(@article) end ``` is just a short form for: ```ruby def show @article = Article.find(params[:id]) fresh_when(etag: @article, last_modified: @article.created_at) end ``` This commit extends `fresh_when` and `stale?` to also accept a collection of records, so that a short form similar to the one above can be used in an `index` action. After this commit, the following code: ```ruby def index @article = Article.all fresh_when(etag: @articles, last_modified: @articles.maximum(:created_at)) end ``` can be simply written as: ```ruby def index @article = Article.all fresh_when(@articles) end ```
* Fix wrong kwarg "record" from #18872claudiob2015-02-101-1/+1
| | | | | | | | | | | | PR #18772 changed the parameters of `stale?` to use `kwargs`. [As for this comment](https://github.com/rails/rails/pull/18872/files#r24456288) the default value for the `etag` parameter should be `record`, not `nil`. This commit fixes the code and introduces a test that: - passed before #18872 - fails on the current master (after #18772) - passes again after setting the default value of `etag` to `record`.
* Convert stale? and fresh_when to use keyword arguments.Kasper Timm Hansen2015-02-101-12/+10
|
* Merge pull request #18771 from kirs/deprecate-xhrRafael Mendonça França2015-02-051-3/+18
|\ | | | | Migrating xhr methods to keyword arguments syntax
| * Migrating xhr methods to keyword arguments syntaxKir Shatrov2015-02-011-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | in `ActionController::TestCase` and `ActionDispatch::Integration` Old syntax: `xhr :get, :create, params: { id: 1 }` New syntax example: `get :create, params: { id: 1 }, xhr: true`
* | Merge pull request #18721 from sj26/pre-discard-flashAaron Patterson2015-02-011-0/+2
|\ \ | | | | | | Pre-discard flash messages
| * | Fix flash remaining after last flash deletedSamuel Cochran2015-01-291-0/+2
| | | | | | | | | | | | | | | | | | | | | Inside a controller functional test after the last flash is deleted it still persists the flash because to_session_value is nil. We should delete it from the session when the serialized version is nil, same as the flash middleware.
* | | Fix a typo in deprecation warning. #process takes method instead of http_method.Juanito Fatas2015-01-311-1/+1
| | |
* | | [ci skip] Document format parameter of process method in AC test_case.Juanito Fatas2015-01-311-0/+1
| |/ |/|
* | Use fixed fonts only in the name of the parameterRafael Mendonça França2015-01-291-8/+8
| |
* | Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-28/+93
|/ | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Fixed undefined method error when doing authentication.Zhang Kai Yu2015-01-241-2/+2
|
* Speed up `normalize_keys` by removing dup step.Kasper Timm Hansen2015-01-221-9/+6
| | | | | | | | Previously env was duplicated and then had it's keys mutated. This iterates through the hash twice. Using `transform_keys`, duplication and key mutation is a single iteration. `convert_symbols` was renamed to `http_header_format`.
* Add ActionController::Base.renderbrainopia2015-01-221-0/+3
|
* Add ActionController::Rendererbrainopia2015-01-222-0/+111
| | | | Render arbitrary templates outside of controller actions
* Add ActionController#build_with_envbrainopia2015-01-221-0/+6
| | | | | To have an easier way to setup a controller instance with custom environment
* Add `ActionController::Metal#set_request!`brainopia2015-01-212-4/+8
| | | | | Add `ActionController::Metal#set_request!` to set a request on controller instance without calling dispatch.
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-01-151-2/+2
|\
| * Better examples for fresh_when and stale?claudiob2015-01-061-2/+2
| | | | | | | | | | | | | | | | | | | | It is clearer and closer to reality to use `@article.updated_at` as the `:last_modified` parameter of `fresh_when` and `stale?`. Using `@article.created_at` would result in the cache never expiring, since the creation timestamp never changes. [ci skip]
* | Add prepend option to protect_from_forgery.Josef Šimánek2015-01-081-1/+8
| |