| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
Revert ensure external redirects are explicitly allowed
|
| | |
|
|\ \
| |/
|/| |
Template Handler Refactoring
|
| |
| |
| |
| | |
It's always called with 0 params, so just remove the parameter
|
| |
| |
| |
| |
| |
| |
| |
| | |
We are past 5.1 and it was not extrated yet, so while we still have
plans they will not be realized on 6.0, so it is better to not set
expectations of which release will exclude it just yet.
[ci skip]
|
| |
| |
| |
| | |
Add `fallback_location` and `allow_other_host` options to `redirect_to`.
|
|/
|
| |
I had to dig around the code to discover this, since I had a use case for the behavior.
|
| |
|
|
|
|
|
|
| |
We've switched from `Test::Unit::TestCase` to `ActiveSupport::TestCase`
since Rails 2.3.
See https://edgeguides.rubyonrails.org/2_3_release_notes.html#other-railties-changes
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently we sometimes find a redundant begin block in code review
(e.g. https://github.com/rails/rails/pull/33604#discussion_r209784205).
I'd like to enable `Style/RedundantBegin` cop to avoid that, since
rescue/else/ensure are allowed inside do/end blocks in Ruby 2.5
(https://bugs.ruby-lang.org/issues/12906), so we'd probably meets with
that situation than before.
|
|
|
|
|
|
|
|
|
|
| |
`Hash#transform_keys!`
Since Rails 6 requires Ruby 2.5.
https://github.com/ruby/ruby/blob/ruby_2_5/NEWS
Follow up #34754.
|
| |
|
| |
|
|
|
|
| |
[Gannon McGibbon + Josh Cheek]
|
|\
| |
| | |
ActionController::API *does* support cookies, sessions
|
| |
| |
| |
| |
| |
| |
| |
| | |
ActionController::Metal provides session support by delegating `session to the request (`"@_request"`)
https://github.com/rails/rails/blob/a3dcba42e2422eb9c2e77011a39ce72dc934b420/actionpack/lib/action_controller/metal.rb#L149
Though the ActionController::Cookies modules isn't included, it's really a convenience for providing a first class `cookies` object.
*all* ActionController::Metal subclasses support setting cookies via the `session` object.
|
|/
|
|
| |
or they would be listed in `action_methods`
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this method (#34210)
* Fix `ActionController::Parameters#each_value`
`each_value` should yield with "value" of the params instead of "value" as an array.
Related to #33979
* Add changelog entry about `ActionController::Parameters#each_value`.
Follow up #33979
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This PR adds the allocations to the instrumentation for template and
partial rendering.
Before:
```
Rendering posts/new.html.erb within layouts/application
Rendered posts/_form.html.erb (9.7ms)
Rendered posts/new.html.erb within layouts/application (10.9ms)
Completed 200 OK in 902ms (Views: 890.8ms | ActiveRecord: 0.8ms)
```
After:
```
Rendering posts/new.html.erb within layouts/application
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
```
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.
* Exclude these files not to auto correct false positive `Regexp#freeze`
- 'actionpack/lib/action_dispatch/journey/router/utils.rb'
- 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'
It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.
* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required
- 'actionpack/test/controller/test_case_test.rb'
- 'activemodel/test/cases/type/string_test.rb'
- 'activesupport/lib/active_support/core_ext/string/strip.rb'
- 'activesupport/test/core_ext/string_ext_test.rb'
- 'railties/test/generators/actions_test.rb'
|
| |
|
|\
| |
| | |
Encode Content-Disposition filenames on send_data and send_file
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`.
```ruby
# frozen_string_literal: true
require "bundler/inline"
gemfile(true) do
source "https://rubygems.org"
gem "benchmark-ips"
end
Benchmark.ips do |x|
x.report('+@') { +"" }
x.report('dup') { "".dup }
x.compare!
end
```
```
$ ruby -v benchmark.rb
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
Warming up --------------------------------------
+@ 282.289k i/100ms
dup 187.638k i/100ms
Calculating -------------------------------------
+@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s
dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s
Comparison:
+@: 6775299.3 i/s
dup: 3320400.7 i/s - 2.04x slower
```
|
| | |
|
|\ \
| |/
|/| |
Conditionally use `helper_method` in Flash concern
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I was attempting to use the `flash` functionality in a `Metal`
controller. When including the `flash` concern I received the following
error:
NoMethodError: undefined method `helper_method'....
Either:
- `AbstractController::Helpers` should be a dependency of
`ActionController::Flash`
- `ActionController::Flash` should not require the existence of
`AbstractController::Helpers`.
Since my use case (set a flash and redirect) has no need for the helper
method and that is a common use case, making the dependency conditional
seemed the better option.
NOTE: This is similar to issue #21067 only the error is within Rails
itself while that issue had the error within Devise.
|
| |
| |
| |
| | |
Two implemented but undocumented features are to help indicate that cache is fresh for 3 hours, and it may continue to be served stale for up to an additional 60 seconds to parallel requests for the same resource or up to 5 minutes while errors are being returned back while the initial synchronous revalidation is attempted.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running with code triage and derailed benchmarks and focusing on this file:
Before
16199 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.r
After
2280 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.rb
|
| | |
|
|\ \
| | |
| | | |
Finish converting whitelist and blacklist references
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Call block to #redirect_to in controller context
The documentation for ActionController::Redirecting states that a Proc
argument "will be executed in the controller's context." However,
unless #instance_eval is used (removed in 6b3ad0ca), that statement is
false for procs defined outside of the controller instance.
This commit restores the documented behavior.
Fixes #33731.
* Move test proc into a constant in another class
Per @rafaelfranca's suggestion.
[Steven Peckins + Rafael Mendonça França]
|
|/ /
| |
| |
| |
| | |
This updates the `respond_to` method to be code formatted rather than
plain text (as it refers to the method)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The regexp was introduced in 186ac4cdaa911a9af659a29f2179a19b99dea13b,
and looks cosmetic. While they should be functionally identical in
theory, in practice, case insensitive (but preserving) filesystems can
give results that are differently-cased from the pattern we supplied.
I don't know how to force the filesystem to do the surprising thing,
even when running in an environment that _could_, so no new test.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Layout/TrailingWhitespace
```
actionpack/lib/action_controller/metal/request_forgery_protection.rb:49:4:
C: Layout/TrailingWhitespace: Trailing whitespace detected.
#
^
```
Related to c3787494eda
- Performance/StartWith
```
tasks/release.rb:108:44: C: Performance/StartWith:
Use String#start_with? instead of a regex match anchored to the beginning of the string.
header += "* No changes.\n\n\n" if current_contents =~ /\A##/
```
|
|\ \
| |/
|/| |
fixes #27157 CSRF protection documentation
|
| |
| |
| |
| |
| | |
* removed reference to GET requests where it applies also to other HTTP verbs
* updated documentation to try and better explain how CSRF protection
works with XHR, and the potential exposure with CORS
|
|\ \
| | |
| | | |
Default content type for `head` is `text/html`
|
| | |
| | |
| | |
| | | |
Otherwise Mime::NullType will be returned as the `Content-Type` header.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Nesting respond_to calls can lead to unexpected behavior, so it should be
avoided. Currently, the first respond_to format match sets the content-type
for the resulting response. But, if a nested respond_to occurs, it is possible
to match on a different format. For example:
respond_to do |outer_type|
outer_type.js do
respond_to do |inner_type|
inner_type.html { render body: "HTML" }
end
end
end
Browsers will often include */* in their Accept headers. In the above example,
such a request would result in the outer_type.js match setting the content-
type of the response to text/javascript, while the inner_type.html match will
cause the actual response to return "HTML".
This change tries to minimize potential breakage by only raising an exception
if the nested respond_to calls are in conflict with each other. So, something
like the following example would not raise an exception:
respond_to do |outer_type|
outer_type.js do
respond_to do |inner_type|
inner_type.js { render body: "JS" }
end
end
end
While the above is nested, it doesn't affect the content-type of the response.
|
|\ \ \
| | | |
| | | | |
Turn on performance based cops
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use attr_reader/attr_writer instead of methods
method is 12% slower
Use flat_map over map.flatten(1)
flatten is 66% slower
Use hash[]= instead of hash.merge! with single arguments
merge! is 166% slower
See https://github.com/rails/rails/pull/32337 for more conversation
|
|/ / /
| | |
| | |
| | |
| | | |
http links will be redirected to the https version, but still better to
just directly link to the https version.
|