aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
...
* speed up accept header parsing a bit.Aaron Patterson2016-01-281-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accept header is taken from what Safari on El Capitan sends: ```ruby require 'benchmark/ips' require 'action_dispatch/http/mime_type' require 'active_support/all' accept = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Benchmark.ips do |x| x.report "omg" do Mime::Type.parse(accept) end end ``` Before: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.181k i/100ms ------------------------------------------------- omg 35.062k (±12.8%) i/s - 174.955k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.153k i/100ms ------------------------------------------------- omg 33.724k (±12.4%) i/s - 167.109k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.575k i/100ms ------------------------------------------------- omg 37.251k (±10.4%) i/s - 185.900k ``` After: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.365k i/100ms ------------------------------------------------- omg 40.069k (±16.1%) i/s - 198.535k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.168k i/100ms ------------------------------------------------- omg 47.596k (± 7.7%) i/s - 237.576k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.282k i/100ms ------------------------------------------------- omg 43.626k (±17.7%) i/s - 209.818k ```
* convert AcceptList to a regular classAaron Patterson2016-01-281-20/+19
| | | | | | | we never use this custom array outside the mime type `parse` method. We can reduce the interaction to just a regular array, so we should use that instead (IOW, there was nothing special about AcceptList so we should remove it).
* remove == from AcceptItemAaron Patterson2016-01-271-6/+7
| | | | | | | | Remove nonsense definition of == from `AcceptItem`. The definition only compared names and not `q` values or even object identity. The only use was in the `assort!` method that really just wanted the index of the item given the item's name. Instead we just change the caller to use `index` with the block form.
* remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
| | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-2/+16
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
| | | | | | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* | Space OddityAkira Matsuda2016-01-142-2/+2
| | | | | | | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* | Commit before freezing the headersMatthew Draper2016-01-122-1/+8
| | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-2/+2
| |
* | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-3/+3
| | | | | | | | | | | | is not a valid type Closes #22747
* | Remember the parameter hash we returnMatthew Draper2015-12-221-1/+1
|/ | | | Callers expect to be able to manipulate it.
* Avoid calling AD::MimeNegotiation#format_from_path_extension method twiceJorge Bejar2015-12-091-2/+2
|
* Do not add format key to request_paramsJorge Bejar2015-12-092-17/+11
| | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method
* Improve regexp in AC::Http::ParametersJorge Bejar2015-12-091-1/+1
|
* Response when error should be formatted properly in Rails API if local requestJorge Bejar2015-12-091-3/+3
|
* Use URL path extension as format in bad params exception handlingJorge Bejar2015-12-081-2/+17
|
* Only commit the cookie jar if it hasn't been committedeileencodes2015-12-061-1/+1
| | | | | | | We don't want to commit the cookie jar more than once because then we will be attempting to modify a frozen hash. Fixes Railties test failure caused by 492b134.
* Stop violating law of demeter in response cookie_jareileencodes2015-12-062-1/+4
| | | | | | | | | | | This adds a new method to request and response so we don't need to violate the law of demeter. We are changing `Request` and `Response` so that they always have a `cookie_jar` This is a continuation on work to combine integration and controller test code bases in Rails.
* Push `before_sending` to super classeileencodes2015-12-062-0/+6
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Shrink a couple of deprecation warnings to one-linersMatthew Draper2015-12-061-18/+8
| | | | | The previous spelling seemed a bit too generous with the whitespace, and looked out of place when amongst others.
* Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-1/+2
|\ | | | | In url_for, never append ? when the query string is empty anyway.
| * In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-261-2/+2
|\ \ | | | | | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * | Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+2
| | |
* | | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ \ | |/ / |/| |
| * | write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-032-4/+4
| |/ |/|
* | Remove dead codeRafael Mendonça França2015-10-281-5/+0
| | | | | | | | This is leftover from when `render nothing: true` rendered blank string.
* | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-231-1/+4
| |
* | Merge pull request #22003 from yui-knk/remove_needless_require_asYves Senn2015-10-201-1/+0
|\ \ | | | | | | Delete needless `require 'active_support/deprecation'`
| * | Delete needless `require 'active_support/deprecation'`yui-knk2015-10-201-1/+0
| | | | | | | | | | | | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* | | Show helpful messages on invalid param. encodingsAgis Anastasopoulos2015-10-191-3/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change, given a route: # config/routes.rb get ':a' => "foo#bar" If one pointed to http://example.com/%BE (param `a` has invalid encoding), a `BadRequest` would be raised with the following non-informative message: ActionController::BadRequest From now on the message displayed is: Invalid parameter encoding: hi => "\xBE" Fixes #21923.
* | use methods for accessing the cache control headersAaron Patterson2015-10-062-6/+9
| | | | | | | | | | Use the methods rack provides so we don't have to worry about the exact header key.
* | etag header is in Rack, so use it's response methodsAaron Patterson2015-10-061-6/+2
| | | | | | | | | | Rack implements the Etag header manipulation methods, so we can use those instead of ours.
* | Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-065-51/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* | move file sending to the response objectAaron Patterson2015-10-051-1/+39
| | | | | | | | | | | | | | Just a slight refactor that delegates file sending to the response object. This gives us the advantage that if a webserver (in the future) provides a response object that knows how to do accelerated file serving, it can implement this method.
* | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-10-041-2/+2
|\ \
| * | Revert "proper raise ArgumentError, divided large text new line"Rafael Mendonça França2015-09-281-3/+3
| | | | | | | | | | | | This reverts commit 4147ab730e807f622e5260a5f876749ff41fef26.
| * | proper raise ArgumentError, divided large text new lineGaurav Sharma2015-09-291-3/+3
| | |
| * | Renamed ‘Return’ to ‘Returns’ [ci skip]Ronak Jangir2015-09-281-2/+2
| | |
* | | Introduce `Headers#add`. Move `Response#add_header` upstream.Jeremy Daer2015-10-033-23/+8
| | | | | | | | | | | | | | | | | | | | | * Introduce `ActionDispatch::Http::Headers#add` to add a value to a multivalued header. * Move `Response#add_header` upstream: https://github.com/rack/rack/pull/957 * Match upstream `Response#have_header?` -> `#has_header?` name change.
* | | Response#add_header for adding to multi-valued headers like VaryJeremy Daer2015-10-011-0/+20
| | |
* | | Merge pull request #21768 from Gaurav2728/gaurav-doc_fix_for_mimeRafael Mendonça França2015-09-251-1/+1
|\ \ \ | | | | | | | | fix Mime type in doc since mime types via constants is deprecated [ci…
| * | | fix Mime type in doc since mime types via constants is deprecated [ci skip]Gaurav Sharma2015-09-261-1/+1
| | | |
* | | | pull the flash methods in to their own moduleAaron Patterson2015-09-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | We only want to activate flash when the user has enabled it. Api servers don't use flash, so add an empty implementation to the base Request object.
* | | | commit the flash after the controller finishes being servicedAaron Patterson2015-09-251-15/+0
| | | | | | | | | | | | | | | | | | | | Committing the flash needs to happen in order for the session to be written correctly, so lets guarantee that it actually does happen.
* | | | move flash committing to the request object.Aaron Patterson2015-09-251-0/+15
|/ / / | | | | | | | | | | | | I'm doing this so that we can commit the flash to the session object Out of Band of the flash middleware
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 03:23:23 +0000