aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/templates/rescues
Commit message (Collapse)AuthorAgeFilesLines
* fix NameErrorkurosawat2019-02-052-2/+2
| | | | NameError: uninitialized constant ActionView::CompiledTemplates::ActiveStorage
* Recommend adding the requested domain to hosts whitelist only in developmentMarc Schütz2019-01-232-4/+4
|
* Introduce a guard against DNS rebinding attacksGenadi Samokovarov2018-12-152-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ActionDispatch::HostAuthorization is a new middleware that prevent against DNS rebinding and other Host header attacks. By default it is included only in the development environment with the following configuration: Rails.application.config.hosts = [ IPAddr.new("0.0.0.0/0"), # All IPv4 addresses. IPAddr.new("::/0"), # All IPv6 addresses. "localhost" # The localhost reserved domain. ] In other environments, `Rails.application.config.hosts` is empty and no Host header checks will be done. If you want to guard against header attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" The host of a request is checked against the hosts entries with the case operator (#===), which lets hosts support entries of type RegExp, Proc and IPAddr to name a few. Here is an example with a regexp. # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << ".product.com"
* Merge pull request #33229 from ↵Matthew Draper2018-07-252-2/+2
|\ | | | | | | | | albertoalmagro/albertoalmagro/prefer-rails-command-over-bin-rails Prefer rails command over bin/rails
| * Recommend use of rails over bin/railsAlberto Almagro2018-07-062-2/+2
| | | | | | | | | | | | | | | | | | As discussed in #33203 rails command already looks for, and runs, bin/rails if it is present. We were mixing recommendations within guides and USAGE guidelines, in some files we recommended using rails, in others bin/rails and in some cases we even had both options mixed together.
* | Show nested exceptions on the debug viewYuki Nishijima2018-07-157-46/+76
|/
* Use the same tag as other views to display the error messageyuuji.yaginuma2018-04-231-1/+1
| | | | | | | | | Since other views use the `h2` tag, should also use `h2` on `missing_exact_template.html.erb`. https://github.com/rails/rails/blob/76acaf6eb9ef3635e4c6f2ca9dba34edb50f541d/actionpack/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb#L5 https://github.com/rails/rails/blob/76acaf6eb9ef3635e4c6f2ca9dba34edb50f541d/actionpack/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb#L11 https://github.com/rails/rails/blob/76acaf6eb9ef3635e4c6f2ca9dba34edb50f541d/actionpack/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb#L5
* Create MissingExactTemplate exception with separate templateVinicius Stock2018-04-202-0/+22
|
* Help if Active Storage tables are missingClaudio B2017-12-212-0/+34
| | | | | | When a user tries to create a new attachment or blog and the matching table is missing from the database (`active_storage_attachments` and `active_storage_blobs` by default), an informative error is displayed that invites users to run the `active_storage:install` task.
* Prevent source line wrapping in rescue layoutDave Gynn2017-10-311-0/+1
| | | | | | Long source lines cause line wrapping in the extracted source section of the rescue handler page which can make the line numbers not match up with the source lines.
* Add text template for source codeTijmen Brommet2015-11-032-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a request is made with AJAX and an error occurs, Rails will render a text-template for the exception instead of the HTML error page (#11960). The `.text.erb` variant of the `_source` template is currently missing, causing HTML to be rendered in the response. This commit adds the text template. To keep the page scannable we only only show the first three source extracts. Related to #14745. Before: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index <div class="source " id="frame-source-0"> <div class="info"> Extracted source (around line <strong>#3</strong>): </div> <div class="data"> <table cellpadding="0" cellspacing="0" class="lines"> <tr> ``` After: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index Extracted source (around line #3): *3 raise ```
* Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-032-2/+2
|
* Refactor debug viewKir Shatrov2014-12-021-21/+2
| | | Avoid logic in ERB and use helpers
* Pretty-print request params on exception pageKir Shatrov2014-12-011-1/+8
|
* Show source view and backtrace on missing template errorsGenadi Samokovarov2014-11-242-0/+6
| | | | | | | | | This will help you debug missing template errors, especially if they come from a programmatic template selection. Thanks to @dhh for suggesting that. As a bonus, also show request and response info on the routing error page for consistency.
* Rename #source_extract to #source_extracts in ExceptionWrapperGenadi Samokovarov2014-11-161-5/+5
| | | | | It returns multiple source extracts since 1ed264bc. Also cleaned its result structure, as we no longer need the file in a code extract.
* Don't let #{application,framework,full}_trace be nilGenadi Samokovarov2014-11-161-20/+18
| | | | | | Those three can be nil when exception backtrace is nil. This happens and that forced a couple of nil guards in the code. I'm proposing to make those always return an array, even on nil backtrace.
* Show the user’s application in the source window and select the correct ↵Byron Bischoff2014-10-232-2/+2
| | | | trace list, closes #17312
* Use Hash#each_key instead of Hash#keys.eachErik Michaels-Ober2014-09-291-1/+1
| | | | | | Hash#keys.each allocates an array of keys; Hash#each_key iterates through the keys without allocating a new array. This is the reason why Hash#each_key exists.
* this should be accessing the hash, not calling a methodAaron Patterson2014-08-131-1/+1
|
* Retrieve source code for the entire stack traceRyan Dao2014-08-086-59/+67
| | | | | | Provide the ability to extract the source code of the entire exception stack trace, not just the frame raising the error. This improves debugging capability of the error page, especially for framework-related errors.
* Display diagnostics in text format for xhr requestVlad Bokov2014-04-142-0/+9
|
* Display exceptions in text format for xhr requestKir Shatrov2013-08-2212-0/+63
|
* Escape the message of an exception in debug_exceptions to avoid bad renderingAdrien Siami2013-08-215-5/+5
|
* Add styling to h1Tim Krajcar2013-05-021-0/+6
|
* Use camelize instead of capitalize on error screenNikolay Shebanov2013-04-101-1/+1
|
* change array of array to hashVipul A M2013-04-091-6/+4
|
* Mark unused variables and make some style fixesAgis Anastasopoulos2013-04-081-1/+1
| | | | It'd be a nice convention to mark the unused variables like this, now that Ruby 2 will issue no warnings for such vars being unused.
* Change useless tr to gsubrobertomiranda2013-03-061-2/+2
|
* change useless gsub to trrobertomiranda2013-03-052-3/+3
|
* Return false on toggle on error pagesBartlomiej Kozal2013-02-172-6/+7
|
* Move table routes formatter class to the inspector and rename itCarlos Antonio da Silva2013-01-061-1/+1
| | | | | | | It feels more consistent to have this class called "HtmlTableFormatter", and to have it here with the routes inspector and console formatter, since it's used for both routing error exceptions and the rails info page.
* Close container div tag in routing error pageCarlos Antonio da Silva2013-01-051-9/+11
|
* Move style to head to make routes page valid html5Carlos Antonio da Silva2013-01-051-0/+2
|
* display mountable engine routes on RoutingError.Yves Senn2013-01-051-2/+2
|
* Remove unnecessary `ERB::Util::h`Ryunosuke SATO2013-01-057-17/+17
| | | | It is automatically applied when strings is unsafe for html.
* move error page js into script tagGosha Arinich2013-01-043-5/+27
|
* fix env toggling, improve error page stylingGosha Arinich2013-01-032-12/+10
|
* Fixing closing </p>Guillermo Iguaran2013-01-021-1/+1
|
* Fix a number of validation/style errors:Sam Ruby2013-01-022-8/+7
| | | | | | | | | | * <pre> is not allowed to be nested inside of <p> elements in HTML * Indentation of </p> doesn't match corresponding <p> * <p> element not explicitly closed * One more </div> than <div> In each case, the template was fixed to match how a HTML5 parser would "see" the resulting page.
* Merge pull request #8688 from goshakkk/error-page-toggleGuillermo Iguaran2013-01-021-3/+3
|\ | | | | Allow toggling dumps on error page
| * allow toggling dumps instead of just showingGosha Arinich2013-01-021-3/+3
| |
* | Cleanup some unnecessary CSS on the new error page and reformat some lines.Lucas Mazza2013-01-021-12/+13
| |
* | add source line paddingGosha Arinich2013-01-021-0/+4
|/
* Fix indent in UnknownAction templateGuillermo Iguaran2013-01-011-1/+1
|
* Summary and Details HTML elements aren't supported in all modern browsersGuillermo Iguaran2012-12-312-12/+12
|
* Add style to AV::Template::Error exception pageGuillermo Iguaran2012-12-311-13/+40
|
* Improve line-height to have better line spacing in exception messageGuillermo Iguaran2012-12-311-0/+1
|
* Add new style to Routing Error pageGuillermo Iguaran2012-12-311-19/+22
|
* Styling for exception pageGuillermo Iguaran2012-12-316-29/+150
|