Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Improve documentation around the cookie store auto-upgrade to encryption | Trevor Turk | 2013-04-01 | 1 | -22/+37 |
| | |||||
* | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵ | Trevor Turk | 2013-03-28 | 2 | -74/+78 |
| | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config | ||||
* | if cookie is tampered with then nil is returned [ci skip] | Neeraj Singh | 2013-03-25 | 1 | -4/+2 |
| | | | | | | if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned. | ||||
* | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵ | Trevor Turk | 2013-03-24 | 1 | -99/+99 |
| | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4 | ||||
* | Fix some typos | Vipul A M | 2013-03-24 | 1 | -1/+1 |
| | |||||
* | Change useless tr to gsub | robertomiranda | 2013-03-06 | 1 | -2/+2 |
| | |||||
* | change useless gsub to tr | robertomiranda | 2013-03-05 | 2 | -3/+3 |
| | |||||
* | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-02-26 | 2 | -2/+2 |
|\ | |||||
| * | Typo fix. | Carson McDonald | 2013-02-21 | 1 | -1/+1 |
| | | |||||
| * | improve grammar describing ActionDispatch::Cookies::CookieJar#delete | Weston Platter | 2013-02-19 | 1 | -1/+1 |
| | | |||||
| * | improve grammar describing ActionDispatch::Cookies::CookieJar#delete | Weston Platter | 2013-02-19 | 1 | -1/+1 |
| | | |||||
* | | Remove XML Parser from ActionDispatch | Prem Sichanugrist | 2013-02-20 | 1 | -23/+3 |
| | | | | | | | | | | If you want an ability to parse XML parameters, please install `actionpack-xml_parser` gem. | ||||
* | | InvalidMessage is in ActiveSupport::MessageEncryptor namespace | Santiago Pastorino | 2013-02-19 | 1 | -1/+1 |
| | | | | | | | | Closes #9302 | ||||
* | | Gist URLs are now namespaced | Akira Matsuda | 2013-02-18 | 1 | -1/+1 |
| | | | | | | | | see: https://github.com/blog/1406-namespaced-gists | ||||
* | | Return false on toggle on error pages | Bartlomiej Kozal | 2013-02-17 | 2 | -6/+7 |
|/ | |||||
* | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-02-15 | 1 | -1/+1 |
|\ | | | | | | | | | Conflicts: guides/source/upgrading_ruby_on_rails.md | ||||
| * | Fix typo. | Carson McDonald | 2013-02-11 | 1 | -1/+1 |
| | | | | | | | | [ci skip] | ||||
* | | Add missing require to AP | Carlos Antonio da Silva | 2013-02-08 | 1 | -0/+1 |
| | | |||||
* | | Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator | Andrey Chernih | 2013-02-08 | 1 | -4/+8 |
|/ | |||||
* | Remove BestStandardsSupport middleware | Guillermo Iguaran | 2013-01-29 | 1 | -30/+0 |
| | |||||
* | Use Encoding::UTF_8 constant :do_not_litter: | Akira Matsuda | 2013-01-28 | 1 | -1/+1 |
| | |||||
* | add fetch to CookieJar | Aaron Patterson | 2013-01-27 | 1 | -0/+4 |
| | |||||
* | In Browser Path Matching with Javascript | schneems | 2013-01-20 | 2 | -11/+99 |
| | | | | | | | | | | | When debugging routes ,it can sometimes be difficult to understand exactly how the paths are matched. This PR adds a JS based path matching widget to the `/rails/info/routes` output. You can enter in a path, and it will tell you which of the routes that path matches, while preserving order (top match wins). The matching widget in action:  Prior to this PR the only way to check matching paths is via mental math, or typing in a path in the url bar and seeing where it goes. This feature will be an invaluable debugging tool by dramatically decreasing the time needed to check a path match. ATP actionpack | ||||
* | Merge pull request #8958 from balexand/strong_parameters_exception_handling | Rafael Mendonça França | 2013-01-15 | 1 | -1/+2 |
|\ | | | | | Strong parameters exception handling | ||||
| * | strong parameters exception handling | Brian Alexander | 2013-01-15 | 1 | -1/+2 |
| | | |||||
* | | Remove header bloat introduced by BestStandardsSupport middleware | Edward Anderson | 2013-01-15 | 1 | -1/+3 |
|/ | | | | The same headers were being duplicated on every request. | ||||
* | Fix regression introduced in pull request 8812 | Sam Ruby | 2013-01-11 | 1 | -1/+2 |
| | | | | See https://github.com/rails/rails/pull/8812#commitcomment-2416514 | ||||
* | Fix json params parsing regression for non-object JSON content. | Dylan Smith | 2013-01-11 | 1 | -2/+2 |
| | | | | Fixes #8845. | ||||
* | Merge pull request #8824 from mjtko/fix/cookie-store-inheritance | Santiago Pastorino | 2013-01-08 | 2 | -5/+26 |
|\ | | | | | Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372] | ||||
| * | Revert cb3181e - no longer required. | Mark J. Titorenko | 2013-01-08 | 1 | -2/+0 |
| | | |||||
| * | Fix CookieStore middleware inheritance hierarchy s.t. it inherits from ↵ | Mark J. Titorenko | 2013-01-08 | 1 | -3/+26 |
| | | | | | | | | Rack::Session::Abstract::ID rather than Rack::Session::Cookie. | ||||
* | | remove yaml as a param parser :burn: | Aaron Patterson | 2013-01-08 | 1 | -2/+0 |
| | | | | | | | | | | If you revert this commit, I will hunt you down, I will make you regret ever terrible thing you've ever done, I will make you suffer. | ||||
* | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
* | | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 1 | -2/+2 |
| | | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | ||||
* | | Merge branch 'master-sec' | Aaron Patterson | 2013-01-08 | 1 | -2/+2 |
|\ \ | | | | | | | | | | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu | ||||
| * | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-07 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
* | | | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-01-09 | 2 | -9/+17 |
|\ \ \ | | | | | | | | | | | | | | | | | Conflicts: guides/source/getting_started.md | ||||
| * | | | extract alert= and notice= examples to FlashHash#now [ci skip] | Francesco Rodriguez | 2013-01-03 | 1 | -17/+15 |
| | | | | |||||
| * | | | Add examples `alert=` and `notice=`, using memes | lambda_ | 2013-01-03 | 1 | -0/+10 |
| | | | | |||||
| * | | | Change `Example for` to `Example of` | lambda_ | 2013-01-03 | 1 | -2/+2 |
| | | | | |||||
* | | | | Eliminate Rack::File headers deprecation warning | Sam Ruby | 2013-01-08 | 1 | -1/+1 |
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html rake test produces: "Rack::File headers parameter replaces cache_control after Rack 1.5." Despite what the message says, it appears that the hearders parameter change will be effective as of Rack 1.5: https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24 | ||||
* | | | Avoid Rack security warning no secret provided | Santiago Pastorino | 2013-01-08 | 1 | -0/+2 |
| |/ |/| | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie." | ||||
* | | refactor ShowExceptions' #call to use def-rescue instead of begin-rescue | Gosha Arinich | 2013-01-07 | 1 | -7/+4 |
| | | |||||
* | | remove begin-rescue in favor of def-rescue | Gosha Arinich | 2013-01-07 | 1 | -10/+9 |
| | | |||||
* | | Fix operators precedence issue | Rafael Mendonça França | 2013-01-06 | 1 | -1/+1 |
| | | |||||
* | | Merge pull request #8787 from tank-bohr/master | Rafael Mendonça França | 2013-01-06 | 1 | -2/+2 |
|\ \ | | | | | | | masgn and response variable | ||||
| * | | return multiple assingment and response variable | tank-bohr | 2013-01-07 | 1 | -2/+2 |
| | | | |||||
* | | | Merge pull request #8785 from goshakkk/refactor-debug-exceptions | Rafael Mendonça França | 2013-01-06 | 1 | -2/+1 |
|\ \ \ | |/ / |/| | | Refactor DebugExceptions | ||||
| * | | refactor DebugExceptions by combining two conditionals into one | Gosha Arinich | 2013-01-07 | 1 | -2/+1 |
| | | | |||||
* | | | Reduce number of Strings a bit | Akira Matsuda | 2013-01-07 | 1 | -3/+3 |
|/ / |