Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Filter sensitive query string parameters in the log [#6244 state:committed] | Prem Sichanugrist & Xavier Noria | 2011-03-11 | 1 | -4/+17 |
| | | | | | | This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria <fxn@hashref.com> | ||||
* | Filter params that return nil for to_param and allow through false values | Andrew White | 2011-03-09 | 1 | -1/+1 |
| | |||||
* | Add missing deprecation require | Carlos Antonio da Silva | 2011-02-11 | 1 | -0/+1 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Change the CSRF whitelisting to only apply to get requests | Michael Koziarski | 2011-02-08 | 1 | -1/+2 |
| | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447 | ||||
* | Use Mime::Type references. | José Valim | 2011-02-08 | 1 | -1/+5 |
| | |||||
* | Protocol-relative URL support. | Stephen Celis | 2011-02-02 | 1 | -2/+5 |
| | | | | | | [#5774 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | removing more unused variables | Aaron Patterson | 2011-01-17 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2010-12-05 | 1 | -2/+2 |
|\ | |||||
| * | Fix mime type doc typos | Carlos Antonio da Silva | 2010-12-04 | 1 | -2/+2 |
| | | |||||
* | | Wrap everything in class << self. | José Valim | 2010-12-03 | 1 | -42/+37 |
| | | |||||
* | | Merge remote branch 'joshk/redirect_routing' | José Valim | 2010-12-03 | 1 | -0/+52 |
|\ \ | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG actionpack/lib/action_controller/metal/mime_responds.rb Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
| * | | The redirect routing method now allows for a hash of options which only ↵ | Josh Kalderimis | 2010-11-30 | 1 | -0/+52 |
| |/ | | | | | | | changes the relevant parts of the url, or an object which responds to call can be supplied so common redirect rules can be easily reused. This commit includes a change where url generation from parts has been moved to AD::Http::URL as a class method. | ||||
* | | Fix tests on 1.9.2. | José Valim | 2010-11-28 | 1 | -6/+9 |
| | | |||||
* | | trailing star mimes should respect the order in which mime types are defined. | José Valim | 2010-11-28 | 1 | -7/+11 |
|/ | |||||
* | process text/* if it appears in the middle of | Neeraj Singh | 2010-11-25 | 1 | -1/+5 |
| | | | | HTTP_ACCEPT parameter | ||||
* | processing image/* is an odditity because there is | Neeraj Singh | 2010-11-25 | 1 | -1/+1 |
| | | | | | | a test case which expects image/* to not to be expanded. So I am leaving image/* as it is and process only text/* and application/* | ||||
* | unregister method implementation and test | Neeraj Singh | 2010-11-25 | 1 | -0/+12 |
| | |||||
* | port_string bought back to life as it is part of the public api | Josh Kalderimis | 2010-11-24 | 1 | -3/+8 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | :subdomain, :domain and :tld_length options can now be used in url_for, ↵ | Josh Kalderimis | 2010-11-23 | 1 | -20/+39 |
| | | | | | | allowing for easy manipulation of the host during link generation. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | remove select, collect and then inject with | Neeraj Singh | 2010-11-22 | 1 | -1/+1 |
| | | | | | | something better Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | string include method is 10x faster than creating | Neeraj Singh | 2010-11-22 | 1 | -1/+1 |
| | | | | | | a new regex object every single time Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Compile regex only once | Neeraj Singh | 2010-11-22 | 1 | -3/+5 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | implement code that handles text/*, appplication/*, | Neeraj Singh | 2010-11-22 | 1 | -1/+16 |
| | | | | | | and image/* Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | declare regex as a constant | Neeraj Singh | 2010-11-22 | 1 | -1/+3 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | do not assume that there is no space between | Neeraj Singh | 2010-11-22 | 1 | -1/+1 |
| | | | | | | leading */* and comma Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | current code ignores http header "Accept" if it | Neeraj Singh | 2010-11-22 | 1 | -1/+1 |
| | | | | | | | | | | | has ....,*/* . It is possible to a device to send request such that */* appear at the beginning of the "Accept" header. This patch ensures that "Accept" header is ignored for such cases too. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | use_accept_header is no longer supported | Neeraj Singh | 2010-11-21 | 1 | -1/+1 |
| | |||||
* | delegating path and open to internal tempfile | Aaron Patterson | 2010-11-18 | 1 | -2/+8 |
| | |||||
* | Brought the domain method in AD http url inline with subdomain where ↵ | Josh Kalderimis | 2010-11-16 | 1 | -1/+2 |
| | | | | @@tld_length is used by default. Also set the default value of @@tld_length to 1. | ||||
* | Add additional HTTP request methods from the following RFCs: | Andrew White | 2010-11-02 | 1 | -2/+19 |
| | | | | | | | | | | | | | | | | | | | | | | | | | * Hypertext Transfer Protocol -- HTTP/1.1 http://www.ietf.org/rfc/rfc2616.txt) * HTTP Extensions for Distributed Authoring -- WEBDAV http://www.ietf.org/rfc/rfc2518.txt * Versioning Extensions to WebDAV http://www.ietf.org/rfc/rfc3253.txt * Ordered Collections Protocol (WebDAV) http://www.ietf.org/rfc/rfc3648.txt * Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol http://www.ietf.org/rfc/rfc3744.txt * Web Distributed Authoring and Versioning (WebDAV) SEARCH http://www.ietf.org/rfc/rfc5323.txt * PATCH Method for HTTP http://www.ietf.org/rfc/rfc5789.txt [#2809 state:resolved] [#5895 state:resolved] | ||||
* | Fix loop introduced by rack:dda892d | Jeremy Kemper | 2010-10-26 | 1 | -6/+1 |
| | |||||
* | Remove rack-cache-purge. | José Valim | 2010-10-26 | 1 | -9/+0 |
| | |||||
* | Fix status initialization when custom status provided | Krekoten' Marjan | 2010-10-18 | 1 | -2/+2 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Change def to attr_reader + alias | Krekoten' Marjan | 2010-10-18 | 1 | -10/+3 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | make sure request parameters are accessible after rack throws an exception ↵ | Miles Egan | 2010-10-12 | 1 | -2/+2 |
| | | | | | | parsing the query string [#3030 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | only forwarding enough methods to work. People should grab the delegate ↵ | Aaron Patterson | 2010-10-04 | 1 | -5/+8 |
| | | | | tempfile if they really need to do hard work | ||||
* | making sure respond_to? works properly | Aaron Patterson | 2010-10-04 | 1 | -0/+5 |
| | |||||
* | raising an argument error if tempfile is not provided | Aaron Patterson | 2010-10-04 | 1 | -0/+1 |
| | |||||
* | delegate to the @tempfile instance variable | Aaron Patterson | 2010-10-04 | 1 | -13/+5 |
| | |||||
* | Solve some warnings and a failing test. | José Valim | 2010-10-03 | 1 | -1/+1 |
| | |||||
* | Move ETag and ConditionalGet logic from AD::Response to the middleware stack. | José Valim | 2010-10-03 | 2 | -22/+2 |
| | |||||
* | Rely on Rack::Session stores API for more compatibility across the Ruby world. | José Valim | 2010-10-03 | 1 | -5/+0 |
| | |||||
* | dry up method checking in the request object | Aaron Patterson | 2010-09-29 | 1 | -10/+9 |
| | |||||
* | @_etag is not used anywhere. | José Valim | 2010-09-29 | 1 | -2/+0 |
| | |||||
* | Merge remote branch 'miloops/warnings' | José Valim | 2010-09-27 | 1 | -0/+1 |
|\ | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/url_for.rb | ||||
| * | Initialize @_etag. | Emilio Tagua | 2010-09-27 | 1 | -0/+1 |
| | | |||||
* | | Cache 2 of Request's commonly called methods. | thedarkone | 2010-09-27 | 1 | -2/+2 |
|/ | |||||
* | Improve performance of applications using file uploads by not busting the ↵ | Carl Lerche | 2010-09-22 | 1 | -29/+20 |
| | | | | method cache on every request containing a file upload. | ||||
* | First pass at Rack::Cache | wycats | 2010-09-13 | 1 | -0/+67 |
| | |||||
* | removes /i from the TRUSTED_PROXIES regexp, adds /x and comments for ↵ | Xavier Noria | 2010-09-12 | 1 | -2/+10 |
| | | | | readability, adds a pointer to a Wikipedia section that documents the matched IPs |