aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/request.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add missing deprecation requireCarlos Antonio da Silva2011-02-111-0/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-1/+2
| | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* Add additional HTTP request methods from the following RFCs:Andrew White2010-11-021-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | * Hypertext Transfer Protocol -- HTTP/1.1 http://www.ietf.org/rfc/rfc2616.txt) * HTTP Extensions for Distributed Authoring -- WEBDAV http://www.ietf.org/rfc/rfc2518.txt * Versioning Extensions to WebDAV http://www.ietf.org/rfc/rfc3253.txt * Ordered Collections Protocol (WebDAV) http://www.ietf.org/rfc/rfc3648.txt * Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol http://www.ietf.org/rfc/rfc3744.txt * Web Distributed Authoring and Versioning (WebDAV) SEARCH http://www.ietf.org/rfc/rfc5323.txt * PATCH Method for HTTP http://www.ietf.org/rfc/rfc5789.txt [#2809 state:resolved] [#5895 state:resolved]
* make sure request parameters are accessible after rack throws an exception ↵Miles Egan2010-10-121-2/+2
| | | | | | parsing the query string [#3030 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Solve some warnings and a failing test.José Valim2010-10-031-1/+1
|
* dry up method checking in the request objectAaron Patterson2010-09-291-10/+9
|
* removes /i from the TRUSTED_PROXIES regexp, adds /x and comments for ↵Xavier Noria2010-09-121-2/+10
| | | | readability, adds a pointer to a Wikipedia section that documents the matched IPs
* gets rid of a double negation, no need to force exactly true/false in a ↵Xavier Noria2010-09-121-4/+4
| | | | predicate
* Revert "Setup explicit requires for files with exceptions. Removed them from ↵José Valim2010-09-021-1/+0
| | | | | | | | autoloading." Booting a new Rails application does not work after this commit [#5359 state:open] This reverts commit 38a421b34d0b414564e919f67d339fac067a56e6.
* Setup explicit requires for files with exceptions. Removed them from ↵Łukasz Strzałkowski2010-09-021-0/+1
| | | | | | autoloading. Signed-off-by: José Valim <jose.valim@gmail.com>
* Moves local_request? to require.local?Santiago Pastorino2010-08-131-0/+7
| | | | [#5361 state:committed]
* Just reading flash messages should not create a session if one does not ↵José Valim2010-06-251-0/+3
| | | | exist yet.
* Sessions should not be created until written to and session data should be ↵Michael Lovitt2010-06-231-1/+1
| | | | | | | | destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* remove executable permission from files that don't need it. [#4802 ↵rohit2010-06-201-0/+0
| | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Improve performance of commonly used request methodswycats2010-06-041-7/+19
|
* * Change the object used in routing constraints to be an instance ofwycats2010-04-031-21/+39
| | | | | | | | | | | ActionDispatch::Request rather than Rack::Request. * Changed ActionDispatch::Request#method to return a String, to be compatible with the Rack::Request superclass. * Changed ActionDispatch::Request#method to return the original method in the case of methodoverride and #request_method not to, to be compatible with Rack::Request
* Request#content_type exists in Rack::Request, and other parts of ↵wycats2010-03-281-3/+3
| | | | | | Rack::Request expect it to return a String. Split the Rails API so that Request#content_type returns a String, and Request#content_mime_type returns a Mime::Type object.
* Add memoizing to AD::RequestCarlhuda2010-03-081-0/+8
|
* Move remote_ip to a middleware:Carlhuda2010-03-031-30/+1
| | | | | * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
* Tidy up new filter_parameters implementation.José Valim2010-01-211-1/+1
|
* Move filter_parameter_logging logic out of the controller and create ↵Prem Sichanugrist2010-01-211-0/+1
| | | | | | ActionDispatch::ParametersFilter to handle parameter filteration instead. This will make filteration not depending on controller anymore. Signed-off-by: José Valim <jose.valim@gmail.com>
* Split ActionDispatch http in smaller chunks.José Valim2010-01-161-352/+27
|
* Move Flash into middlewareJoshua Peek2010-01-151-4/+0
|
* Make HEAD method masquerade as GET so requests are routed correctlyJoshua Peek2010-01-151-5/+7
|
* Referer and user agent are in Rack::RequestJoshua Peek2009-12-221-1/+1
|
* Added ActionDispatch::Request#authorization to access the http ↵David Heinemeier Hansson2009-12-201-0/+9
| | | | authentication header regardless of its proxy hiding [DHH]
* Allow autoloads to opt out of eager loadingJoshua Peek2009-12-121-1/+2
|
* Ruby 1.9.2: StringIO no longer has #pathJeremy Kemper2009-11-131-1/+1
|
* Object#tap is not needed for Ruby >= 1.8.7Xavier Noria2009-11-091-1/+0
|
* Unknown :format param should result in empty request.formatsJeremy Kemper2009-11-081-1/+1
|
* Break up inflector to reduce the dependency burden on dependency-les methods ↵Yehuda Katz2009-11-071-0/+1
| | | | like constantize.
* Caching refactoringYehuda Katz2009-10-291-5/+1
|
* Reorganize CSRF a bitYehuda Katz2009-10-281-0/+4
|
* Fixes expires_now and cleans things up a bitYehuda Katz2009-10-261-12/+9
|
* Got tests to pass with some more changes.Yehuda Katz2009-08-151-24/+12
| | | | | | | | | | | | | | | | * request.formats is much simpler now * For XHRs or Accept headers with a single item, we use the Accept header * For other requests, we use params[:format] or fallback to HTML * This is primarily to work around the fact that browsers provide completely broken Accept headers, so we have to whitelist the few cases we can specifically isolate and treat other requests as coming from the browser * For APIs, we can support single-item Accept headers, which disambiguates from the browsers * Requests to an action that only has an XML template from the browser will no longer find the template. This worked previously because most browsers provide a catch-all */*, but this was mostly accidental behavior. If you want to serve XML, either use the :xml format in links, or explicitly specify the XML template: render "template.xml".
* More perf work:Yehuda Katz2009-08-111-27/+10
| | | | | | | | | | | | | | * Move #set_cookie and #delete_cookie inline to optimize. These optimizations should almost certainly be sent back upstream to Rack. The optimization involves using an ivar for cookies instead of indexing into the headers each time. * Was able to use a bare Hash for headers now that cookies have their own joining semantics (some code assumed that the raw cookies were an Array). * Cache blankness of body on body= * Improve expand_cache_key for Arrays of a single element (common in our case) * Use a simple layout condition check unless conditions are used * Cache visible actions * Lazily load the UrlRewriter * Make etag an ivar that is set on prepare!
* This change causes some failing tests, but it should be possible to make ↵Yehuda Katz2009-08-111-11/+12
| | | | them pass with minimal performance impact.
* Allow to configure trusted proxies via ↵Felipe Talavera2009-08-091-2/+2
| | | | | | ActionController::Base.trusted_proxies [#2126 state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Refactor even more Responder. Move mime negotiation to request and added ↵José Valim2009-07-291-8/+34
| | | | | | respond_to class method. Signed-off-by: Yehuda Katz <wycats@gmail.com>
* Fixing pending tests and fixed some formats / partial rendering semanticsYehuda Katz + Carl Lerche2009-06-171-6/+4
|
* Speed up Request#formatsJeremy Kemper2009-05-231-6/+14
|
* Slightly modify things to get content type matching working without breaking ↵Yehuda Katz2009-05-231-2/+8
| | | | other code
* Remove some response content type concepts from ActionViewYehuda Katz + Carl Lerche2009-05-211-1/+1
|
* Cherry-pick core extensionsJeremy Kemper2009-05-131-0/+1
|
* Move TestRequest#query_parameters into AD TestRequestJoshua Peek2009-04-301-1/+1
|
* Start moving TestRequest and TestResponse into ActionDispatchJoshua Peek2009-04-301-16/+20
|
* Switch to action_dispatch rack namespace Joshua Peek2009-04-301-2/+2
|
* Delegate controller.session to request.session and deprecate response session Joshua Peek2009-04-271-8/+0
|
* Not sure why Request#session is missingJeremy Kemper2009-04-261-0/+8
|
* Inherit TestSession from Session::AbstractStore and add indifferent access ↵Joshua Peek2009-04-261-11/+3
| | | | to Session::AbstractStore.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 10:37:10 +0000