aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
* Filter sensitive query string parameters in the log [#6244 state:committed]Prem Sichanugrist & Xavier Noria2011-03-111-4/+17
| | | | | | This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria <fxn@hashref.com>
* Filter params that return nil for to_param and allow through false valuesAndrew White2011-03-091-1/+1
|
* Add missing deprecation requireCarlos Antonio da Silva2011-02-111-0/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-1/+2
| | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* Use Mime::Type references.José Valim2011-02-081-1/+5
|
* Protocol-relative URL support.Stephen Celis2011-02-021-2/+5
| | | | | | [#5774 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* removing more unused variablesAaron Patterson2011-01-171-1/+1
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2010-12-051-2/+2
|\
| * Fix mime type doc typosCarlos Antonio da Silva2010-12-041-2/+2
| |
* | Wrap everything in class << self.José Valim2010-12-031-42/+37
| |
* | Merge remote branch 'joshk/redirect_routing'José Valim2010-12-031-0/+52
|\ \ | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG actionpack/lib/action_controller/metal/mime_responds.rb Signed-off-by: José Valim <jose.valim@gmail.com>
| * | The redirect routing method now allows for a hash of options which only ↵Josh Kalderimis2010-11-301-0/+52
| |/ | | | | | | changes the relevant parts of the url, or an object which responds to call can be supplied so common redirect rules can be easily reused. This commit includes a change where url generation from parts has been moved to AD::Http::URL as a class method.
* | Fix tests on 1.9.2.José Valim2010-11-281-6/+9
| |
* | trailing star mimes should respect the order in which mime types are defined.José Valim2010-11-281-7/+11
|/
* process text/* if it appears in the middle ofNeeraj Singh2010-11-251-1/+5
| | | | HTTP_ACCEPT parameter
* processing image/* is an odditity because there isNeeraj Singh2010-11-251-1/+1
| | | | | | a test case which expects image/* to not to be expanded. So I am leaving image/* as it is and process only text/* and application/*
* unregister method implementation and testNeeraj Singh2010-11-251-0/+12
|
* port_string bought back to life as it is part of the public apiJosh Kalderimis2010-11-241-3/+8
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* :subdomain, :domain and :tld_length options can now be used in url_for, ↵Josh Kalderimis2010-11-231-20/+39
| | | | | | allowing for easy manipulation of the host during link generation. Signed-off-by: José Valim <jose.valim@gmail.com>
* remove select, collect and then inject withNeeraj Singh2010-11-221-1/+1
| | | | | | something better Signed-off-by: José Valim <jose.valim@gmail.com>
* string include method is 10x faster than creatingNeeraj Singh2010-11-221-1/+1
| | | | | | a new regex object every single time Signed-off-by: José Valim <jose.valim@gmail.com>
* Compile regex only onceNeeraj Singh2010-11-221-3/+5
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* implement code that handles text/*, appplication/*,Neeraj Singh2010-11-221-1/+16
| | | | | | and image/* Signed-off-by: José Valim <jose.valim@gmail.com>
* declare regex as a constantNeeraj Singh2010-11-221-1/+3
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* do not assume that there is no space betweenNeeraj Singh2010-11-221-1/+1
| | | | | | leading */* and comma Signed-off-by: José Valim <jose.valim@gmail.com>
* current code ignores http header "Accept" if itNeeraj Singh2010-11-221-1/+1
| | | | | | | | | | | has ....,*/* . It is possible to a device to send request such that */* appear at the beginning of the "Accept" header. This patch ensures that "Accept" header is ignored for such cases too. Signed-off-by: José Valim <jose.valim@gmail.com>
* use_accept_header is no longer supportedNeeraj Singh2010-11-211-1/+1
|
* delegating path and open to internal tempfileAaron Patterson2010-11-181-2/+8
|
* Brought the domain method in AD http url inline with subdomain where ↵Josh Kalderimis2010-11-161-1/+2
| | | | @@tld_length is used by default. Also set the default value of @@tld_length to 1.
* Add additional HTTP request methods from the following RFCs:Andrew White2010-11-021-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | * Hypertext Transfer Protocol -- HTTP/1.1 http://www.ietf.org/rfc/rfc2616.txt) * HTTP Extensions for Distributed Authoring -- WEBDAV http://www.ietf.org/rfc/rfc2518.txt * Versioning Extensions to WebDAV http://www.ietf.org/rfc/rfc3253.txt * Ordered Collections Protocol (WebDAV) http://www.ietf.org/rfc/rfc3648.txt * Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol http://www.ietf.org/rfc/rfc3744.txt * Web Distributed Authoring and Versioning (WebDAV) SEARCH http://www.ietf.org/rfc/rfc5323.txt * PATCH Method for HTTP http://www.ietf.org/rfc/rfc5789.txt [#2809 state:resolved] [#5895 state:resolved]
* Fix loop introduced by rack:dda892dJeremy Kemper2010-10-261-6/+1
|
* Remove rack-cache-purge.José Valim2010-10-261-9/+0
|
* Fix status initialization when custom status providedKrekoten' Marjan2010-10-181-2/+2
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Change def to attr_reader + aliasKrekoten' Marjan2010-10-181-10/+3
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* make sure request parameters are accessible after rack throws an exception ↵Miles Egan2010-10-121-2/+2
| | | | | | parsing the query string [#3030 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* only forwarding enough methods to work. People should grab the delegate ↵Aaron Patterson2010-10-041-5/+8
| | | | tempfile if they really need to do hard work
* making sure respond_to? works properlyAaron Patterson2010-10-041-0/+5
|
* raising an argument error if tempfile is not providedAaron Patterson2010-10-041-0/+1
|
* delegate to the @tempfile instance variableAaron Patterson2010-10-041-13/+5
|
* Solve some warnings and a failing test.José Valim2010-10-031-1/+1
|
* Move ETag and ConditionalGet logic from AD::Response to the middleware stack.José Valim2010-10-032-22/+2
|
* Rely on Rack::Session stores API for more compatibility across the Ruby world.José Valim2010-10-031-5/+0
|
* dry up method checking in the request objectAaron Patterson2010-09-291-10/+9
|
* @_etag is not used anywhere.José Valim2010-09-291-2/+0
|
* Merge remote branch 'miloops/warnings'José Valim2010-09-271-0/+1
|\ | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/url_for.rb
| * Initialize @_etag.Emilio Tagua2010-09-271-0/+1
| |
* | Cache 2 of Request's commonly called methods.thedarkone2010-09-271-2/+2
|/
* Improve performance of applications using file uploads by not busting the ↵Carl Lerche2010-09-221-29/+20
| | | | method cache on every request containing a file upload.
* First pass at Rack::Cachewycats2010-09-131-0/+67
|
* removes /i from the TRUSTED_PROXIES regexp, adds /x and comments for ↵Xavier Noria2010-09-121-2/+10
| | | | readability, adds a pointer to a Wikipedia section that documents the matched IPs