aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Fix typo in headers commentGrey Baker2016-03-291-1/+1
|/ /
* / Fix request.reset_session for API controllersJon Moss2016-03-191-1/+0
|/ | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-031-1/+1
|
* Add documentation for #13897 [skip ci]Bart de Water2016-02-291-3/+9
|
* Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+4
| | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* Transform the mime object to symbol when registering the parsersRafael Mendonça França2016-02-221-4/+13
| | | | | This will keep our current API working without having the users to change their codebases.
* Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-221-2/+2
| | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* Merge pull request #23712 from ↵Rafael França2016-02-171-1/+1
|\ | | | | | | | | bf4/incorrect_to_accept_json_api_and_not_render_spec The JSON API media type should only work wih a JSON API handler
| * The JSON API media type should only work wih a JSON API handlerBenjamin Fleischer2016-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Since the media type 'application/vnd.api+json' is a spec, it is inappropriate to handle it with the JSON renderer. This PR removes support for a JSON API media type. I would recommend the media type be registered on its own as `jsonapi` when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added. Is related to work in https://github.com/rails/rails/pull/21496
* | application/gzip added as default mime type into mime type listMehmet Emin İNAÇ2016-02-131-0/+1
|/
* Add SVG as a default mime typeDavid Heinemeier Hansson2016-02-071-0/+1
|
* add missing requireAaron Patterson2016-02-051-0/+1
|
* Add documentation for #17573Jon Moss2016-02-011-0/+8
| | | | | | Fixes some parts of #23148. [ci skip]
* Add additional documentation on Headers#[] [ci skip]Tawan Sierek2016-01-291-1/+15
| | | | | | | | | | | | | | | | | | | | Issue #16519 covers confusion potentially caused by how HTTP headers, that contain underscores in their names, are retrieved through `ActionDispatch::Http::Headers#[]`. This confusion has its origin in how a CGI maps HTTP header names to variable names. Even though underscores in header names are rarely encountered, they are valid according to RFC822 [1]. Nonetheless CGI like variable names, as requested by the Rack specfication, will only contain underscores and therefore the original header name cannot be recovered after the Rack server passed on the environemnt hash. Please, see also the disscussion on StackOverflow [2], which also links to an explaination in the nginx documentation [3]. [1] http://www.ietf.org/rfc/rfc822.txt [2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names [3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers
* speed up accept header parsing a bit.Aaron Patterson2016-01-281-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accept header is taken from what Safari on El Capitan sends: ```ruby require 'benchmark/ips' require 'action_dispatch/http/mime_type' require 'active_support/all' accept = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Benchmark.ips do |x| x.report "omg" do Mime::Type.parse(accept) end end ``` Before: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.181k i/100ms ------------------------------------------------- omg 35.062k (±12.8%) i/s - 174.955k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.153k i/100ms ------------------------------------------------- omg 33.724k (±12.4%) i/s - 167.109k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.575k i/100ms ------------------------------------------------- omg 37.251k (±10.4%) i/s - 185.900k ``` After: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.365k i/100ms ------------------------------------------------- omg 40.069k (±16.1%) i/s - 198.535k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.168k i/100ms ------------------------------------------------- omg 47.596k (± 7.7%) i/s - 237.576k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.282k i/100ms ------------------------------------------------- omg 43.626k (±17.7%) i/s - 209.818k ```
* convert AcceptList to a regular classAaron Patterson2016-01-281-20/+19
| | | | | | | we never use this custom array outside the mime type `parse` method. We can reduce the interaction to just a regular array, so we should use that instead (IOW, there was nothing special about AcceptList so we should remove it).
* remove == from AcceptItemAaron Patterson2016-01-271-6/+7
| | | | | | | | Remove nonsense definition of == from `AcceptItem`. The definition only compared names and not `q` values or even object identity. The only use was in the `assort!` method that really just wanted the index of the item given the item's name. Instead we just change the caller to use `index` with the block form.
* remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
| | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-2/+16
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
| | | | | | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* | Space OddityAkira Matsuda2016-01-142-2/+2
| | | | | | | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* | Commit before freezing the headersMatthew Draper2016-01-122-1/+8
| | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-2/+2
| |
* | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-3/+3
| | | | | | | | | | | | is not a valid type Closes #22747
* | Remember the parameter hash we returnMatthew Draper2015-12-221-1/+1
|/ | | | Callers expect to be able to manipulate it.
* Avoid calling AD::MimeNegotiation#format_from_path_extension method twiceJorge Bejar2015-12-091-2/+2
|
* Do not add format key to request_paramsJorge Bejar2015-12-092-17/+11
| | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method
* Improve regexp in AC::Http::ParametersJorge Bejar2015-12-091-1/+1
|
* Response when error should be formatted properly in Rails API if local requestJorge Bejar2015-12-091-3/+3
|
* Use URL path extension as format in bad params exception handlingJorge Bejar2015-12-081-2/+17
|
* Only commit the cookie jar if it hasn't been committedeileencodes2015-12-061-1/+1
| | | | | | | We don't want to commit the cookie jar more than once because then we will be attempting to modify a frozen hash. Fixes Railties test failure caused by 492b134.
* Stop violating law of demeter in response cookie_jareileencodes2015-12-062-1/+4
| | | | | | | | | | | This adds a new method to request and response so we don't need to violate the law of demeter. We are changing `Request` and `Response` so that they always have a `cookie_jar` This is a continuation on work to combine integration and controller test code bases in Rails.
* Push `before_sending` to super classeileencodes2015-12-062-0/+6
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Shrink a couple of deprecation warnings to one-linersMatthew Draper2015-12-061-18/+8
| | | | | The previous spelling seemed a bit too generous with the whitespace, and looked out of place when amongst others.
* Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-1/+2
|\ | | | | In url_for, never append ? when the query string is empty anyway.
| * In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-261-2/+2
|\ \ | | | | | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * | Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+2
| | |
* | | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ \ | |/ / |/| |
| * | write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-032-4/+4
| |/ |/|
* | Remove dead codeRafael Mendonça França2015-10-281-5/+0
| | | | | | | | This is leftover from when `render nothing: true` rendered blank string.
* | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-231-1/+4
| |
* | Merge pull request #22003 from yui-knk/remove_needless_require_asYves Senn2015-10-201-1/+0
|\ \ | | | | | | Delete needless `require 'active_support/deprecation'`
| * | Delete needless `require 'active_support/deprecation'`yui-knk2015-10-201-1/+0
| | | | | | | | | | | | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* | | Show helpful messages on invalid param. encodingsAgis Anastasopoulos2015-10-191-3/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change, given a route: # config/routes.rb get ':a' => "foo#bar" If one pointed to http://example.com/%BE (param `a` has invalid encoding), a `BadRequest` would be raised with the following non-informative message: ActionController::BadRequest From now on the message displayed is: Invalid parameter encoding: hi => "\xBE" Fixes #21923.
* | use methods for accessing the cache control headersAaron Patterson2015-10-062-6/+9
| | | | | | | | | | Use the methods rack provides so we don't have to worry about the exact header key.