aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
* Add documentation for #17573Jon Moss2016-02-011-0/+8
| | | | | | Fixes some parts of #23148. [ci skip]
* Add additional documentation on Headers#[] [ci skip]Tawan Sierek2016-01-291-1/+15
| | | | | | | | | | | | | | | | | | | | Issue #16519 covers confusion potentially caused by how HTTP headers, that contain underscores in their names, are retrieved through `ActionDispatch::Http::Headers#[]`. This confusion has its origin in how a CGI maps HTTP header names to variable names. Even though underscores in header names are rarely encountered, they are valid according to RFC822 [1]. Nonetheless CGI like variable names, as requested by the Rack specfication, will only contain underscores and therefore the original header name cannot be recovered after the Rack server passed on the environemnt hash. Please, see also the disscussion on StackOverflow [2], which also links to an explaination in the nginx documentation [3]. [1] http://www.ietf.org/rfc/rfc822.txt [2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names [3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers
* speed up accept header parsing a bit.Aaron Patterson2016-01-281-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accept header is taken from what Safari on El Capitan sends: ```ruby require 'benchmark/ips' require 'action_dispatch/http/mime_type' require 'active_support/all' accept = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Benchmark.ips do |x| x.report "omg" do Mime::Type.parse(accept) end end ``` Before: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.181k i/100ms ------------------------------------------------- omg 35.062k (±12.8%) i/s - 174.955k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.153k i/100ms ------------------------------------------------- omg 33.724k (±12.4%) i/s - 167.109k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.575k i/100ms ------------------------------------------------- omg 37.251k (±10.4%) i/s - 185.900k ``` After: ``` [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 3.365k i/100ms ------------------------------------------------- omg 40.069k (±16.1%) i/s - 198.535k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.168k i/100ms ------------------------------------------------- omg 47.596k (± 7.7%) i/s - 237.576k [aaron@TC actionpack (master)]$ be ruby ../x.rb Calculating ------------------------------------- omg 4.282k i/100ms ------------------------------------------------- omg 43.626k (±17.7%) i/s - 209.818k ```
* convert AcceptList to a regular classAaron Patterson2016-01-281-20/+19
| | | | | | | we never use this custom array outside the mime type `parse` method. We can reduce the interaction to just a regular array, so we should use that instead (IOW, there was nothing special about AcceptList so we should remove it).
* remove == from AcceptItemAaron Patterson2016-01-271-6/+7
| | | | | | | | Remove nonsense definition of == from `AcceptItem`. The definition only compared names and not `q` values or even object identity. The only use was in the `assort!` method that really just wanted the index of the item given the item's name. Instead we just change the caller to use `index` with the block form.
* remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
| | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-2/+16
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
| | | | | | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* | Space OddityAkira Matsuda2016-01-142-2/+2
| | | | | | | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* | Commit before freezing the headersMatthew Draper2016-01-122-1/+8
| | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-2/+2
| |
* | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-3/+3
| | | | | | | | | | | | is not a valid type Closes #22747
* | Remember the parameter hash we returnMatthew Draper2015-12-221-1/+1
|/ | | | Callers expect to be able to manipulate it.
* Avoid calling AD::MimeNegotiation#format_from_path_extension method twiceJorge Bejar2015-12-091-2/+2
|
* Do not add format key to request_paramsJorge Bejar2015-12-092-17/+11
| | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method
* Improve regexp in AC::Http::ParametersJorge Bejar2015-12-091-1/+1
|
* Response when error should be formatted properly in Rails API if local requestJorge Bejar2015-12-091-3/+3
|
* Use URL path extension as format in bad params exception handlingJorge Bejar2015-12-081-2/+17
|
* Only commit the cookie jar if it hasn't been committedeileencodes2015-12-061-1/+1
| | | | | | | We don't want to commit the cookie jar more than once because then we will be attempting to modify a frozen hash. Fixes Railties test failure caused by 492b134.
* Stop violating law of demeter in response cookie_jareileencodes2015-12-062-1/+4
| | | | | | | | | | | This adds a new method to request and response so we don't need to violate the law of demeter. We are changing `Request` and `Response` so that they always have a `cookie_jar` This is a continuation on work to combine integration and controller test code bases in Rails.
* Push `before_sending` to super classeileencodes2015-12-062-0/+6
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Shrink a couple of deprecation warnings to one-linersMatthew Draper2015-12-061-18/+8
| | | | | The previous spelling seemed a bit too generous with the whitespace, and looked out of place when amongst others.
* Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-1/+2
|\ | | | | In url_for, never append ? when the query string is empty anyway.
| * In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-261-2/+2
|\ \ | | | | | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * | Add option to verify Origin header in CSRF checksBen Toews2015-11-251-2/+2
| | |
* | | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ \ | |/ / |/| |
| * | write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-032-4/+4
| |/ |/|
* | Remove dead codeRafael Mendonça França2015-10-281-5/+0
| | | | | | | | This is leftover from when `render nothing: true` rendered blank string.
* | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-231-1/+4
| |
* | Merge pull request #22003 from yui-knk/remove_needless_require_asYves Senn2015-10-201-1/+0
|\ \ | | | | | | Delete needless `require 'active_support/deprecation'`
| * | Delete needless `require 'active_support/deprecation'`yui-knk2015-10-201-1/+0
| | | | | | | | | | | | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* | | Show helpful messages on invalid param. encodingsAgis Anastasopoulos2015-10-191-3/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change, given a route: # config/routes.rb get ':a' => "foo#bar" If one pointed to http://example.com/%BE (param `a` has invalid encoding), a `BadRequest` would be raised with the following non-informative message: ActionController::BadRequest From now on the message displayed is: Invalid parameter encoding: hi => "\xBE" Fixes #21923.
* | use methods for accessing the cache control headersAaron Patterson2015-10-062-6/+9
| | | | | | | | | | Use the methods rack provides so we don't have to worry about the exact header key.
* | etag header is in Rack, so use it's response methodsAaron Patterson2015-10-061-6/+2
| | | | | | | | | | Rack implements the Etag header manipulation methods, so we can use those instead of ours.
* | Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-065-51/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* | move file sending to the response objectAaron Patterson2015-10-051-1/+39
| | | | | | | | | | | | | | Just a slight refactor that delegates file sending to the response object. This gives us the advantage that if a webserver (in the future) provides a response object that knows how to do accelerated file serving, it can implement this method.
* | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-10-041-2/+2
|\ \
| * | Revert "proper raise ArgumentError, divided large text new line"Rafael Mendonça França2015-09-281-3/+3
| | | | | | | | | | | | This reverts commit 4147ab730e807f622e5260a5f876749ff41fef26.
| * | proper raise ArgumentError, divided large text new lineGaurav Sharma2015-09-291-3/+3
| | |
| * | Renamed ‘Return’ to ‘Returns’ [ci skip]Ronak Jangir2015-09-281-2/+2
| | |
* | | Introduce `Headers#add`. Move `Response#add_header` upstream.Jeremy Daer2015-10-033-23/+8
| | | | | | | | | | | | | | | | | | | | | * Introduce `ActionDispatch::Http::Headers#add` to add a value to a multivalued header. * Move `Response#add_header` upstream: https://github.com/rack/rack/pull/957 * Match upstream `Response#have_header?` -> `#has_header?` name change.
* | | Response#add_header for adding to multi-valued headers like VaryJeremy Daer2015-10-011-0/+20
| | |
* | | Merge pull request #21768 from Gaurav2728/gaurav-doc_fix_for_mimeRafael Mendonça França2015-09-251-1/+1
|\ \ \ | | | | | | | | fix Mime type in doc since mime types via constants is deprecated [ci…
| * | | fix Mime type in doc since mime types via constants is deprecated [ci skip]Gaurav Sharma2015-09-261-1/+1
| | | |
* | | | pull the flash methods in to their own moduleAaron Patterson2015-09-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | We only want to activate flash when the user has enabled it. Api servers don't use flash, so add an empty implementation to the base Request object.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 18:41:39 +0000