aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge pull request #14280 from joho/make_csrf_failure_logging_optionalSantiago Pastorino2014-03-081-1/+7
|\ \ | | | | | | Make CSRF failure logging optional/configurable.
| * | Make CSRF failure logging optional/configurable.John Barton (joho)2014-03-051-1/+7
| | | | | | | | | | | | | | | Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection which is on by default.
* | | Do note remove `Content-Type` when `render :body`Prem Sichanugrist2014-03-052-5/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | | | `render :body` should just not set the `Content-Type` header. By removing the header, it breaks the compatibility with other parts. After this commit, `render :body` will returns `text/html` content type, sets by default from `ActionDispatch::Response`, and it will preserve the overridden content type if you override it. Fixes #14197, #14238 This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
* | Add spaces to deep_munge log message.Shuhei Kagawa2014-03-031-3/+3
| |
* | use built-in exception handling in live controllersAaron Patterson2014-02-281-2/+5
| | | | | | | | | | | | when an exception happens in an action before the response has been committed, then we should re-raise the exception in the main thread. This lets us reuse the existing exception handling.
* | live controllers should have live responsesAaron Patterson2014-02-282-8/+36
| | | | | | | | | | | | detect the type of controller we're testing and return the right type of response based on that controller. This allows us to stop doing the weird sleep thing.
* | set the error callback to a nice default in case nobody set an error ↵Aaron Patterson2014-02-281-1/+1
| | | | | | | | callback and an error happens
* | Fix controller test not resetting @_url_optionsTony Wooster2014-02-262-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4f2cd3e9 introduced a bug by reordering the call to `@controller.recycle!` above the call to `build_request_uri`. The impact of this was that the `@_url_options` cache ends up not being reset between building a request URI (occurring within the test controller) and the firing of the actual request. We encountered this bug because we had the following setup: class MinimumReproducibleController < ActionController::Base before_filter { @param = 'param' } def index render text: url_for(params) end def default_url_options { custom_opt: @param } end end def test_index get :index # builds url, then fires actual request end The first step in `get :index` in the test suite would populate the @_url_options cache. The subsequent call to `url_for` inside of the controller action would then utilize the uncleared cache, thus never calling the now-updated default_url_options. This commit fixes this bug calling recycle! twice, and removes a call to set response_body, which should no longer be needed since we're recycling the request object explicitly.
* | Simple Sungularize ActionController::UnpermittedParameters error in case ↵Serj L2014-02-242-2/+2
| | | | | | | | when only 1 parameter is unpermitted.
* | Update Docs in favor to use render plain instead of text optionrobertomiranda2014-02-183-8/+8
| | | | | | | | ref #14062
* | Add `#no_content_type` attribute to `AD::Response`Prem Sichanugrist2014-02-182-8/+6
| | | | | | | | | | Setting this attribute to `true` will remove the content type header from the request. This is use in `render :body` feature.
* | Cleanup `ActionController::Rendering`Prem Sichanugrist2014-02-181-11/+27
| |
* | Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-2/+2
| | | | | | | | | | | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* | Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-181-2/+10
| | | | | | | | | | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* | Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-181-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* | Correct prestreaming controller response status.Kevin Casey2014-02-151-0/+2
| | | | | | | | | | | | if the controller action has not yet streamed any data, actions should process as normal, and errors should trigger the appropriate behavior (500, or in the case of ActionController::BadRequest, a 400 Bad Request)
* | No variant should also be picked up by variant.any if variant.none is not ↵David Heinemeier Hansson2014-02-131-1/+1
| | | | | | | | defined (just like any other variant)
* | Variant negotiationLukasz Strzalkowski2014-02-131-8/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow setting `request.variant` as an array - an order in which they will be rendered. For example: request.variant = [:tablet, :phone] respond_to do |format| format.html.none format.html.phone # this gets rendered end
* | Merge pull request #13863 from joshjordan/jsj-dont-throw-out-get-paramsRafael Mendonça França2014-02-011-4/+11
|\ \ | | | | | | | | | | | | | | | | | | Do not discard query parameters on requests that use wrap_parameters Conflicts: actionpack/CHANGELOG.md
| * | Do not discard query parameters on requests that use wrap_parametersJosh Jordan2014-01-301-4/+11
| | |
* | | Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+9
|/ / | | | | | | | | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* | Clear filtered request attributes between requests in testsAndrew White2014-01-271-0/+3
| | | | | | | | | | | | | | | | The request attributes filtered_parameters, filtered_env and filtered_path are memoized for performance reasons. However this can cause unusual behavior in tests where there are multiple calls to get, post, etc. Fixes #13803.
* | Merge branch 'master' into laurocaetano-fix_send_fileAaron Patterson2014-01-1011-57/+218
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (536 commits) doc, API example on how to use `Model#exists?` with multiple IDs. [ci skip] Restore DATABASE_URL even if it's nil in connection_handler test [ci skip] - error_messages_for has been deprecated since 2.3.8 - lets reduce any confusion for users Ensure Active Record connection consistency Revert "ask the fixture set for the sql statements" Check `respond_to` before delegation due to: https://github.com/ruby/ruby/commit/d781caaf313b8649948c107bba277e5ad7307314 Adding Hash#compact and Hash#compact! methods MySQL version 4.1 was EOL on December 31, 2009 We should at least recommend modern versions of MySQL to users. clear cache on body close so that cache remains during rendering add a more restricted codepath for templates fixes #13390 refactor generator tests to use block form of Tempfile Fix typo [ci skip] Move finish_template as the last public method in the generator Minor typos fix [ci skip] make `change_column_null` reversible. Closes #13576. create/drop test and development databases only if RAILS_ENV is nil Revert "Speedup String#to" typo fix in test name. [ci skip]. `core_ext/string/access.rb` test what we are documenting. Fix typo in image_tag documentation ... Conflicts: actionpack/CHANGELOG.md
| * | Add any/all support for variantsŁukasz Strzałkowski2013-12-261-27/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Like `format.any`, you can do the same with variants. It works for both inline: respond_to do |format| format.html.any { render text: "any" } format.html.phone { render text: "phone" } end and block syntax: respond_to do |format| format.html do |variant| variant.any(:tablet, :phablet){ render text: "any" } variant.phone { render text: "phone" } end end
| * | Improve font of some code in API documentation [ci skip]Chun-wei Kuo2013-12-261-1/+1
| | | | | | | | | | | | | | | * Add "<tt>" or "+" to improve font of some code and filenames in API documentation * Does not contain wording changes
| * | AC::Parameters#permit! permits hashes in array valuesXavier Noria2013-12-231-2/+4
| | |
| * | Move the null mime type to request.formatCarlos Antonio da Silva2013-12-231-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
| * | Add missing av/railtie requireŁukasz Strzałkowski2013-12-221-0/+1
| | |
| * | optimizes array conversion in AC::ParametersXavier Noria2013-12-211-2/+12
| | |
| * | refactors AC::Parameters#fetchXavier Noria2013-12-211-10/+3
| | | | | | | | | | | | | | | | | | | | | | | | AC::Parameters#fetch was refactored in 7171111 to prevent self mutation, but in doing so it hardcodes logic #convert_hashes_to_parameters is supposed to encapsulate. Better leave the delegation, and add a way to avoid mutating self in there.
| * | converts hashes in arrays of unfiltered params to unpermitted params [fixes ↵Xavier Noria2013-12-211-3/+10
| | | | | | | | | | | | #13382]
| * | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-201-1/+1
| |\ \
| | * | Typos. return -> returns. [ci skip]Lauro Caetano2013-12-031-1/+1
| | | |
| * | | Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-2/+7
| | | |
| * | | Merge pull request #13345 from jeremy/get-csrfJeremy Kemper2013-12-171-13/+61
| |\ \ \ | | | | | | | | | | CSRF protection from cross-origin <script> tags
| | * | | CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
| | | | | | | | | | | | | | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
| * | | | Some assorted fixes for the 4.1 release notes:Godfrey Chan2013-12-171-1/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added release notes for secrets.yml and mentioned it in the highlights * Added release notes for Mailer previews and mentioned it in the highlights * Added release notes for Module#concerning * Removed mention for AV extraction from the highlights * Rearranged the major features to put highlighted features first * Various improvements and typo fixes [ci skip]
| * | | Fix syntax error in redirect_to examplePhilipe Fatio2013-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | Without parenthesis, ruby assumes that curly braces denote the beginning of a block.
| * | | Merge pull request #13293 from akshay-vishnoi/typoCarlos Antonio da Silva2013-12-121-1/+1
| |\ \ \ | | | | | | | | | | Spelling and Grammar checks [ci skip]
| | * | | Spelling and Grammar checksAkshay Vishnoi2013-12-121-1/+1
| | | | |
| * | | | Variants inline syntax documentation [ci skip]Łukasz Strzałkowski2013-12-121-0/+9
| |/ / / | | | | | | | | | | | | | | | | | | | | * Extend method documentation * Mention it in actionpack/CHANGELOG * Update release notes
| * | | Merge pull request #13288 from dvsuresh/fix_typoDamien Mathieu2013-12-121-1/+1
| |\ \ \ | | | | | | | | | | Fix typo in action_controller responder.rb [ci skip]
| | * | | Fix typo in action_controller responder.rbdvsuresh2013-12-121-1/+1
| | | | |
| * | | | typos rectified [ci skip]Aayush khandelwal2013-12-121-1/+1
| |/ / /
| * | | Inline variants syntaxŁukasz Strzałkowski2013-12-101-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
| * | | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.
| * | | Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-15/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
| * | | Merge pull request #13235 from strzalek/variants-inlineDavid Heinemeier Hansson2013-12-081-9/+15
| |\ \ \ | | | | | | | | | | Inline syntax for variants
| | * | | Inline variants syntaxŁukasz Strzałkowski2013-12-081-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
| | * | | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.