aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Reset the request parameters after a constraints checkAndrew White2012-05-031-0/+4
| | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510. (cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
* backporting #4918 to 3.2 stable; adding extra test for accept header given ↵Aditya Sanghi2012-02-171-1/+3
| | | | by googlebot
* Add original_fullpath and original_url methods to RequestPiotr Sarnacki2012-01-101-0/+8
|
* Allow symbols to be passed for extension aliasesJustin Campbell2011-12-171-1/+1
|
* Fix url_for options[:subdomain] to allow objects as valueschoonkeat2011-12-141-1/+1
| | | | * e.g. blog_url(subdomain: current_user) instead of blog_url(subdomain: current_user.to_param)
* use Array#join so that file encoding doesn't impact returned string.Aaron Patterson2011-12-121-3/+3
| | | | Fixes #3957
* Remove dead broken code from AD::RequestJosé Valim2011-12-081-8/+0
|
* Use freezed string constant. Some string literals is used repeatedly.kennyj2011-12-083-24/+40
|
* Use default charset when we read content type without charset.kennyj2011-12-071-1/+1
|
* Fix ActionDispatch::Request method explanationsTravis Pew2011-11-281-5/+5
| | | | | | | | The methods, "post?", "put?", "head?", etc. contain an incorrect explanation. They state that they are equivalent to request_method == :type, but this is not accurate because the methods convert the string to a symbol. They are actually equivalent to: request_method_symbol == :type
* Merge pull request #3617 from indirect/remote_ipJosé Valim2011-11-131-18/+1
|\ | | | | refactor RemoteIp middleware
| * refactor RemoteIp middlewareAndre Arko2011-11-111-18/+1
| | | | | | | | | | | | | | | | | | | | | | - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
* | Unneeded require memoizableAkira Matsuda2011-11-121-2/+0
|/
* Fix trouble using :subdomain in development environment when using ↵Bradford Folkens2011-11-081-1/+1
| | | | | | | | | | | | | | | | numeric addresses. See-also pull request #3561 from 3-1-stable Otherwise the following occurs: TypeError: can't convert nil into String /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:75:in host_or_subdomain_and_domain' /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:37:in url_for' /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/routing/url_for.rb:147:in test_subdomain_may_be_accepted_with_numeric_host' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/testing/setup_and_teardown.rb:67:in run' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:426:in send' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:81:in run'
* Added X-Request-Id tracking and TaggedLogging to easily log that and other ↵David Heinemeier Hansson2011-10-191-0/+10
| | | | production concerns
* / is allowed in URI fragmentsJeremy Kemper2011-10-131-1/+1
|
* Clean up subdomain code a bit.José Valim2011-10-041-2/+2
|
* :subdomain can now be specified with a value of false in url_for, allowing ↵Kamil Sobieraj2011-10-041-3/+5
| | | | for subdomain(s) removal from the host during link generation. Closes #2025
* Implement Mime::Type#respond_to? (consistently with #method_missing)Evgeniy Dolzhenko2011-09-251-0/+4
|
* removing backwards compatibility moduleAaron Patterson2011-09-121-1/+1
|
* Refactor ActionDispatch::Http::UploadedFileDaniel Schierbeck2011-08-281-14/+3
|
* document meta methodVijay Dev2011-08-041-3/+3
|
* Check Accept and Content-Type headers before evaluating them in xhr ↵ogeidix2011-07-191-1/+2
| | | | | | requests. Closes #2119 An xhr request must have an "Accept" or "Content-type" header in order to be considered a request with valid_accept_header.
* TODO fix explicitly loading exceptations, autoload removedVishnu Atrai2011-07-111-0/+1
|
* Fix test to use Mime::ZipArun Agrawal2011-06-281-3/+3
|
* Register some commonly used mime types (png, jpeg, pdf, zip etc.) per defaultEsad Hajdarevic2011-06-281-0/+12
|
* Remove usage of memoizable from ActionPack.José Valim2011-06-161-3/+3
|
* all requests are utf-8. Don't use the external encoding.Damien Mathieu2011-06-141-3/+2
|
* encode the uploaded file's name in the default external encoding - Closes #869Damien Mathieu2011-06-141-1/+12
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-252-5/+5
|\ | | | | | | | | | | Conflicts: actionmailer/lib/action_mailer/base.rb activesupport/lib/active_support/core_ext/kernel/requires.rb
| * Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-232-5/+5
| |
* | removed deprecated methods, and related tests, from ActionPackJosh Kalderimis2011-05-242-30/+1
| |
* | Make :status an attr_reader to avoid unnecessary warning when replacing status=wycats2011-05-221-1/+2
|/
* Dump and load rack-cache stuff.José Valim2011-05-171-2/+6
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-141-1/+1
|\ | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt
| * minor correction to the ActionDispatch::Http::URL subdomain docsJosh Kalderimis2011-05-041-1/+1
| |
* | Fix previous commit by allowing a proc to be given as response_body. This is ↵José Valim2011-05-102-29/+53
| | | | | | | | deprecated and is going to be removed in future releases.
* | Only show dump of regular env methods on exception screen (not all the rack ↵David Heinemeier Hansson2011-05-041-4/+5
|/ | | | crap) [DHH]
* Fix .subdomain regression.José Valim2011-05-041-1/+1
|
* More performance optimizations.José Valim2011-05-031-5/+0
|
* Improve performance for filtered parameters and add tests.José Valim2011-05-031-0/+5
|
* Add ignore_accept_header config to AD::Request.José Valim2011-05-021-5/+22
|
* Fix tests on 1.8 by explicitly checking for strings (which also improves ↵José Valim2011-04-201-1/+9
| | | | performance).
* Do not inherit from Rack::Response, remove a shit-ton of unused code.José Valim2011-04-191-53/+48
|
* Filter sensitive query string parameters in the log [#6244 state:committed]Prem Sichanugrist & Xavier Noria2011-03-111-4/+17
| | | | | | This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria <fxn@hashref.com>
* Filter params that return nil for to_param and allow through false valuesAndrew White2011-03-091-1/+1
|
* Add missing deprecation requireCarlos Antonio da Silva2011-02-111-0/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-1/+2
| | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* Use Mime::Type references.José Valim2011-02-081-1/+5
|