| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This bug affects `wss://` requests when running Action Cable in-app.
Fixes #23620.
|
| |
|
|
|
| |
Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020})
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds a new method to request and response so we don't need to
violate the law of demeter.
We are changing `Request` and `Response` so that they always have a
`cookie_jar`
This is a continuation on work to combine integration and controller
test code bases in Rails.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the `Live::Response` so we are consolidating methods
from `Live::Response` and `Response` by merging them together.
This adds an `#empty` method to the request so we don't need to
hard-code the empty array each time we call an empty
`ActionDispatch::Request`.
The work here is a continuation on combining controller and integration
test code bases into one.
|
| |\
| |
| |
| |
| | |
Add option to verify Origin header in CSRF checks
[Jeremy Daer + Rafael Mendonça França]
|
| | | |
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The initial attempt was to remove the method at all in
https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c.
The method overrides Rack's `#form_data?`
https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184.
Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this change, given a route:
# config/routes.rb
get ':a' => "foo#bar"
If one pointed to http://example.com/%BE (param `a` has invalid encoding),
a `BadRequest` would be raised with the following non-informative message:
ActionController::BadRequest
From now on the message displayed is:
Invalid parameter encoding: hi => "\xBE"
Fixes #21923.
|
| | |
| |
| |
| |
| |
| | |
We only want to activate flash when the user has enabled it. Api
servers don't use flash, so add an empty implementation to the base
Request object.
|
| | |
| |
| |
| |
| | |
Committing the flash needs to happen in order for the session to be
written correctly, so lets guarantee that it actually does happen.
|
| | |
| |
| |
| |
| | |
I'm doing this so that we can commit the flash to the session object Out
of Band of the flash middleware
|
| | |
| |
| |
| |
| | |
This is an instance method on the request object now so we don't need it
anymore
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The middleware stack is a singleton in the application (one instance is
shared for the entire application) which means that there was only one
opportunity to set the parameter parsers. Since there is only one set
of parameter parsers in an app, lets just configure them on the request
class (since that is where they are used).
|
| | |
| |
| |
| |
| |
| | |
we need to be more specific about exception handling when dealing with
the parse strategies. The calls to `return yield` can also raise an
exception, but we don't want to handle that in *this* code.
|
| | |
| |
| |
| |
| | |
`normalize_encode_params` is common to all parser code paths, so we can
pull that up and always apply it before assigning the request parameters
|
| | |
| |
| |
| |
| | |
since there is only one "default" strategy now, we can just use the
block parameter for that.
|
| | |
| |
| |
| |
| | |
All parameter parsing should be on the request object because the
request object is the object that we ask for parameters.
|
| | |
| |
| |
| | |
this commit removes some direct access to `env`.
|
| | |
| |
| |
| |
| |
| | |
Just include the modules necessary in the Request object to implement
the things we need. This should make it easier to build delegate
request objects because the API is smaller
|
| |\ \
| | |
| | | |
[ci skip] Added localhost IPv6
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries
and remove not used private method.
Apparently this method was used in `ActionDispatch::Http::Request` - fixed
by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
|
| | |
| |
| |
| |
| | |
now the caller can just treat it like a regular controller even though
it will return a 404
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
I want to implement this with something besides `@env` in the future, so
lets stop directly referencing it.
|
| | |
| |
| |
| |
| | |
This commit allows us to use one request object rather than allocating
multiple request objects to deal with the session.
|
| | |
| |
| |
| |
| | |
We're going to implement storing env values differently in the future,
so let's disconnect these methods from the instance variables
|
| | | |
|
| | |
| |
| |
| | |
we're already doing this with a bunch of other header data.
|
| | |
| |
| |
| | |
we have a method that knows how to get rack.input, so lets use that.
|
| | |
| |
| |
| |
| |
| | |
We need to abstract the internals of the request object away from this
instance variable so that the values for `@env` can be calculated in a
different way.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This refactoring moves the controller class name that was on the route
set to the request. The purpose of this refactoring is for changes we
need to move controller tests to integration tests, mainly being able to
access the controller on the request instead of having to go through
the router.
[Eileen M. Uchitelle & Aaron Patterson]
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
people should be accessing request information through the request
object, not via the env hash. If they really really want at the env
hash, then they can get it off the request.
|
| | |
| |
| |
| |
| |
| |
| | |
Actions are processed through `dispatch`, so they should have the
request set on them before any user land code can be executed. Lets
stop setting _env on the controller, and give access to it through the
`env` method.
|
| | |
| |
| |
| |
| | |
this is another place that we should stop directly accessing the env
hash and let the request object take care of that for us
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
again, we want to hide the contents of `env` from the implementation.
Allocate a request object to access the contents of env, but save
allocations due to string literal allocations when accessing the env
hash.
|
| | |
| |
| |
| |
| | |
hide the env key in the request object so that other code doesn't need
to know.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
This decouples the `call` method from knowing the SCRIPT_NAME key and
offloads decisions about how to access script_name
|
| | |
| |
| |
| |
| | |
Now that we have encoding strategies, we can just walk the params hash
once to encode as HWIA, and remove nils.
|
| | |
| |
| |
| | |
[Robin Dupret & Shunsuke Aida]
|
