aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
* Add three new rubocop rulesRafael Mendonça França2016-08-162-2/+2
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* Make private method privateRafael Mendonça França2016-08-121-11/+11
|
* Given a hash (Rails 5) .from_hash must be usedJavier Julio2016-08-121-1/+1
| | | When initializing an `ActionDispatch::Http::Headers` object it takes a request object (Rails 5) whereas before it took a hash (Rails 4.x) but the documented example still shows a hash given to the constructor (due to commit 34fa6658dd1b779b21e586f01ee64c6f59ca1537) so this is just a documentation change to use the new `from_hash` method introduced in that earlier commit.
* Allow specifying encoding of parameters by actionKerri Miller2016-08-092-0/+17
| | | | | At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action.
* applies remaining conventions across the projectXavier Noria2016-08-063-4/+1
|
* normalizes indentation and whitespace across the projectXavier Noria2016-08-065-49/+49
|
* modernizes hash syntax in actionpackXavier Noria2016-08-062-2/+2
|
* applies new string literal convention in actionpack/libXavier Noria2016-08-0612-98/+98
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Also yield in parameters for a nil content_mime_typeJulian Nadeau2016-07-251-1/+1
|
* Fix failing requirement of duplicable in ParameterFilterVipul A M2016-07-161-0/+2
|
* Check `request.path_parameters` encoding at the point they're setGrey Baker2016-07-142-12/+7
| | | | | | | | Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
* Document and test ActionDispatch server_portTom Kadwill2016-05-121-0/+11
|
* Merge pull request #24982 from tomkadwill/improve_clarity_of_raw_host_with_portKasper Timm Hansen2016-05-111-3/+10
|\ | | | | Improve documentation and tests for raw_host_with_port and host_with_…
| * Improve documentation and tests for raw_host_with_port and host_with_portTom Kadwill2016-05-111-3/+10
| |
* | Merge pull request #24029 from ↵Sean Griffin2016-05-061-9/+24
|\ \ | | | | | | | | | | | | | | | | | | rthbound/dont-call-each-when-calling-body-on-response Dont call each when calling body on response to fix #23964 Fixes #23964
| * | Fixes #23964Ryan T. Hosford2016-03-131-9/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adds #each_chunk to ActionDispatch::Response. it's a method which will be called by ActionDispatch::Response#each. - Make Response#each a proper method instead of delegating to @stream - In Live, instead of overriding #each, override #each_chunk. - `#each` should just spit out @str_body if it's already set - Adds #test_set_header_after_read_body_during_action to prove this fixes #23964 - Adds #test_each_isnt_called_if_str_body_is_written to ensure #each_chunk is not called when @str_body is available - Call `@response.sent!` in AC::TestCase's #perform so a test response acts a bit more like a real response. Makes test that call `#assert_stream_closed` pass again. - Additionally assert `#committed?` in `#assert_stream_closed` - Make test that was calling @response.stream.each pass again by calling @response.each instead.
* | | Remove last uses of `@env[]` and `@env[]=`Jon Moss2016-04-281-1/+1
| |/ |/| | | | | | | | | | | | | | | Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in favor of using `set_header`, `get_header`, etc. (Here's an [example commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)). This PR should remove the last uses of these methods, and fully convert them to the newly standardized API.
* | Merge pull request #24318 from bogdanvlviv/patch-1Rafael Mendonça França2016-04-121-1/+1
|\ \ | | | | | | | | | extension synonyms yml and yaml
| * | extension synonyms yml and yamlBogdan2016-03-271-1/+1
| | |
* | | Strong ETag validatorsJeremy Daer2016-03-311-15/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | Fix typo in headers commentGrey Baker2016-03-291-1/+1
|/ /
* / Fix request.reset_session for API controllersJon Moss2016-03-191-1/+0
|/ | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-031-1/+1
|
* Add documentation for #13897 [skip ci]Bart de Water2016-02-291-3/+9
|
* Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+4
| | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* Transform the mime object to symbol when registering the parsersRafael Mendonça França2016-02-221-4/+13
| | | | | This will keep our current API working without having the users to change their codebases.
* Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-221-2/+2
| | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* Merge pull request #23712 from ↵Rafael França2016-02-171-1/+1
|\ | | | | | | | | bf4/incorrect_to_accept_json_api_and_not_render_spec The JSON API media type should only work wih a JSON API handler
| * The JSON API media type should only work wih a JSON API handlerBenjamin Fleischer2016-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Since the media type 'application/vnd.api+json' is a spec, it is inappropriate to handle it with the JSON renderer. This PR removes support for a JSON API media type. I would recommend the media type be registered on its own as `jsonapi` when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added. Is related to work in https://github.com/rails/rails/pull/21496
* | application/gzip added as default mime type into mime type listMehmet Emin İNAÇ2016-02-131-0/+1
|/
* Add SVG as a default mime typeDavid Heinemeier Hansson2016-02-071-0/+1
|
* add missing requireAaron Patterson2016-02-051-0/+1
|
* Add documentation for #17573Jon Moss2016-02-011-0/+8
| | | | | | Fixes some parts of #23148. [ci skip]
* Add additional documentation on Headers#[] [ci skip]Tawan Sierek2016-01-291-1/+15
| | | | | | | | | | | | | | | | | | | | Issue #16519 covers confusion potentially caused by how HTTP headers, that contain underscores in their names, are retrieved through `ActionDispatch::Http::Headers#[]`. This confusion has its origin in how a CGI maps HTTP header names to variable names. Even though underscores in header names are rarely encountered, they are valid according to RFC822 [1]. Nonetheless CGI like variable names, as requested by the Rack specfication, will only contain underscores and therefore the original header name cannot be recovered after the Rack server passed on the environemnt hash. Please, see also the disscussion on StackOverflow [2], which also links to an explaination in the nginx documentation [3]. [1] http://www.ietf.org/rfc/rfc822.txt [2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names [3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers
* speed up accept header parsing a bit.Aaron Patterson2016-01-281-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accept header is taken from what Safari on El Capitan sends: ```ruby require 'benchmark/ips' require 'action_dispatch/http/mime_type' require 'active_support/all' accept = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Benchmark.ips do |x| x.report "omg" do Mime::Type.parse(accept) end end ``` Before: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.181k i/100ms ------------------------------------------------- omg 35.062k (±12.8%) i/s - 174.955k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.153k i/100ms ------------------------------------------------- omg 33.724k (±12.4%) i/s - 167.109k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.575k i/100ms ------------------------------------------------- omg 37.251k (±10.4%) i/s - 185.900k ``` After: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.365k i/100ms ------------------------------------------------- omg 40.069k (±16.1%) i/s - 198.535k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.168k i/100ms ------------------------------------------------- omg 47.596k (± 7.7%) i/s - 237.576k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.282k i/100ms ------------------------------------------------- omg 43.626k (±17.7%) i/s - 209.818k ```
* convert AcceptList to a regular classAaron Patterson2016-01-281-20/+19
| | | | | | | we never use this custom array outside the mime type `parse` method. We can reduce the interaction to just a regular array, so we should use that instead (IOW, there was nothing special about AcceptList so we should remove it).
* remove == from AcceptItemAaron Patterson2016-01-271-6/+7
| | | | | | | | Remove nonsense definition of == from `AcceptItem`. The definition only compared names and not `q` values or even object identity. The only use was in the `assort!` method that really just wanted the index of the item given the item's name. Instead we just change the caller to use `index` with the block form.
* remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
| | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-2/+16
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
| | | | | | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* | Space OddityAkira Matsuda2016-01-142-2/+2
| | | | | | | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* | Commit before freezing the headersMatthew Draper2016-01-122-1/+8
| | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-2/+2
| |
* | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-3/+3
| | | | | | | | | | | | is not a valid type Closes #22747
* | Remember the parameter hash we returnMatthew Draper2015-12-221-1/+1
|/ | | | Callers expect to be able to manipulate it.
* Avoid calling AD::MimeNegotiation#format_from_path_extension method twiceJorge Bejar2015-12-091-2/+2
|
* Do not add format key to request_paramsJorge Bejar2015-12-092-17/+11
| | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method