aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/request.rb
Commit message (Collapse)AuthorAgeFilesLines
* Edited comment from request.rbhaneru2017-11-031-1/+1
|
* [Action Pack] require => require_relativeAkira Matsuda2017-10-211-7/+7
| | | | | This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f, d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
* Implement H2 Early Hints for Railseileencodes2017-10-041-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When puma/puma#1403 is merged Puma will support the Early Hints status code for sending assets before a request has finished. While the Early Hints spec is still in draft, this PR prepares Rails to allowing this status code. If the proxy server supports Early Hints, it will send H2 pushes to the client. This PR adds a method for setting Early Hints Link headers via Rails, and also automatically sends Early Hints if supported from the `stylesheet_link_tag` and the `javascript_include_tag`. Once puma supports Early Hints the `--early-hints` argument can be passed to the server to enable this or set in the puma config with `early_hints(true)`. Note that for Early Hints to work in the browser the requirements are 1) a proxy that can handle H2, and 2) HTTPS. To start the server with Early Hints enabled pass `--early-hints` to `rails s`. This has been verified to work with h2o, Puma, and Rails with Chrome. The commit adds a new option to the rails server to enable early hints for Puma. Early Hints spec: https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04 [Eileen M. Uchitelle, Aaron Patterson]
* Update links to use https link instead of http [ci skip]Yoshiyuki Hirano2017-08-221-8/+8
|
* Path parameters should default to UTF8eileencodes2017-08-011-3/+6
| | | | | | | | | | | | | | | | | | | | This commit changes the behavior such the path_params now default to UTF8 just like regular parameters. This also changes the behavior such that if a path parameter contains invalid UTF8 it returns a 400 bad request. Previously the behavior was to encode the path params as binary but that's not the same as query params. So this commit makes path params behave the same as query params. It's important to test with a path that's encoded as binary because that's how paths are encoded from the socket. The test that was altered was changed to make the behavior for bad encoding the same as query params. We want to treat path params the same as query params. The params in the test are invalid UTF8 so they should return a bad request. Fixes #29669 *Eileen M. Uchitelle, Aaron Patterson, & Tsukuru Tanimichi*
* Make actionpack frozen string friendlyKir Shatrov2017-07-241-1/+1
|
* [Action Pack] `rubocop -a --only Layout/EmptyLineAfterMagicComment`Koichi ITO2017-07-111-0/+1
|
* Prepare AP and AR to be frozen string friendlyKir Shatrov2017-07-061-0/+1
|
* [Action Dispatch] require => require_relativeAkira Matsuda2017-07-011-7/+7
|
* [docs] fix ActionDispatch documentationHrvoje Šimić2017-03-131-7/+7
|
* Use proper output format [ci skip] (#27498)प्रथमेश Sonpatki2016-12-291-1/+1
|
* Update request.rb --ci skipShardul Parab2016-12-291-0/+3
| | | | | | | | | | | | | | | | Documentation for ActionDispatch::Request#key? [ci skip] Update request.rb --ci skip Documentation for ActionDispatch::Request#key? [ci skip] Also made change after the review by @rafaelfranca . Update request.rb --ci skip Documentation for ActionDispatch::Request#key? [ci skip] Also made change after the review by @rafaelfranca . Update request.rb --ci skip
* Document and update API for `skip_parameter_encoding`Aaron Patterson2016-12-211-1/+1
| | | | | | | | This commit changes `parameter_encoding` to `skip_parameter_encoding`. `skip_parameter_encoding` will set encoding on all parameters to ASCII-8BIT for a given action on a particular controller. This allows the controller to handle data when the encoding of that data is unknown, for example file systems or truly binary parameters.
* Deprecated ActionDispatch::ParamsParser::ParamsParserRafael Mendonça França2016-10-101-1/+1
| | | | | | ActionDispatch::ParamsParser class was removed in favor of ActionDispatch::Http::Parameters so it is better to move the error constant to the new class.
* Add three new rubocop rulesRafael Mendonça França2016-08-161-1/+1
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* Allow specifying encoding of parameters by actionKerri Miller2016-08-091-0/+1
| | | | | At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action.
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-33/+33
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Check `request.path_parameters` encoding at the point they're setGrey Baker2016-07-141-12/+0
| | | | | | | | Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
* Fix request.reset_session for API controllersJon Moss2016-03-191-1/+0
| | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+4
| | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* Space OddityAkira Matsuda2016-01-141-1/+1
| | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* Stop violating law of demeter in response cookie_jareileencodes2015-12-061-0/+3
| | | | | | | | | | | This adds a new method to request and response so we don't need to violate the law of demeter. We are changing `Request` and `Response` so that they always have a `cookie_jar` This is a continuation on work to combine integration and controller test code bases in Rails.
* Push `before_sending` to super classeileencodes2015-12-061-0/+4
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-261-2/+2
|\ | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+2
| |
* | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ | |/ |/|
| * write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-031-2/+2
| |
* | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-231-1/+4
| |
* | Show helpful messages on invalid param. encodingsAgis Anastasopoulos2015-10-191-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change, given a route: # config/routes.rb get ':a' => "foo#bar" If one pointed to http://example.com/%BE (param `a` has invalid encoding), a `BadRequest` would be raised with the following non-informative message: ActionController::BadRequest From now on the message displayed is: Invalid parameter encoding: hi => "\xBE" Fixes #21923.
* | pull the flash methods in to their own moduleAaron Patterson2015-09-251-0/+3
| | | | | | | | | | | | We only want to activate flash when the user has enabled it. Api servers don't use flash, so add an empty implementation to the base Request object.
* | commit the flash after the controller finishes being servicedAaron Patterson2015-09-251-15/+0
| | | | | | | | | | Committing the flash needs to happen in order for the session to be written correctly, so lets guarantee that it actually does happen.
* | move flash committing to the request object.Aaron Patterson2015-09-251-0/+15
| | | | | | | | | | I'm doing this so that we can commit the flash to the session object Out of Band of the flash middleware
* | remove the request parameter from `parse_formatted_parameters`Aaron Patterson2015-09-181-1/+1
| | | | | | | | | | This is an instance method on the request object now so we don't need it anymore
* | push the parameter parsers on to the classAaron Patterson2015-09-181-25/+0
| | | | | | | | | | | | | | | | The middleware stack is a singleton in the application (one instance is shared for the entire application) which means that there was only one opportunity to set the parameter parsers. Since there is only one set of parameter parsers in an app, lets just configure them on the request class (since that is where they are used).
* | only wrap the strategy with exception handlingAaron Patterson2015-09-181-9/+10
| | | | | | | | | | | | we need to be more specific about exception handling when dealing with the parse strategies. The calls to `return yield` can also raise an exception, but we don't want to handle that in *this* code.
* | pull `normalize_encode_params` upAaron Patterson2015-09-181-2/+2
| | | | | | | | | | `normalize_encode_params` is common to all parser code paths, so we can pull that up and always apply it before assigning the request parameters
* | remove the `default` parameter from the parser methodAaron Patterson2015-09-181-8/+5
| | | | | | | | | | since there is only one "default" strategy now, we can just use the block parameter for that.
* | move parameter parsing to the request objectAaron Patterson2015-09-181-1/+34
| | | | | | | | | | All parameter parsing should be on the request object because the request object is the object that we ask for parameters.
* | fewer direct env manipulationsAaron Patterson2015-09-151-1/+1
| | | | | | | | this commit removes some direct access to `env`.
* | stop inheriting from Rack::RequestAaron Patterson2015-09-041-3/+5
| | | | | | | | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* | Merge pull request #21483 from justanshulsharma/add-ip6-addressEileen M. Uchitelle2015-09-031-1/+1
|\ \ | | | | | | [ci skip] Added localhost IPv6
| * | [ci skip] Added localhost IPv6Anshul Sharma2015-09-031-1/+1
| | |
* | | add a method for getting the http auth saltAaron Patterson2015-08-291-0/+4
| | |
* | | Code cleanupMarcin Olichwirowicz2015-08-271-2/+2
|/ / | | | | | | | | | | | | | | Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries and remove not used private method. Apparently this method was used in `ActionDispatch::Http::Request` - fixed by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
* | always return a controller class from the `controller_class` methodAaron Patterson2015-08-251-6/+13
| | | | | | | | | | now the caller can just treat it like a regular controller even though it will return a 404
* | Remove unused block argumentsAnshul Sharma2015-08-251-1/+1
| |
* | remove more direct access to `env`Aaron Patterson2015-08-241-1/+2
| |
* | stop using `@env` in the GET / POST methodsAaron Patterson2015-08-241-2/+7
| | | | | | | | | | I want to implement this with something besides `@env` in the future, so lets stop directly referencing it.
* | use a request object in the session middlewareAaron Patterson2015-08-221-2/+2
| | | | | | | | | | This commit allows us to use one request object rather than allocating multiple request objects to deal with the session.