aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant code.Guo Xiang Tan2014-05-201-3/+2
|
* Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-1/+1
|\ | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-1/+1
| | | | | | | | Fixes #12638.
* | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | Display diagnostics in text format for xhr requestVlad Bokov2014-04-142-0/+9
| |
* | Update documentation to use Rails.application insteadMarcel Morgan2014-04-131-1/+1
| | | | | | | | | | | | | | References to ``AppName::Application` removed in favour of ``Rails.application`` as generated with a new rails 4.1 app. [ci skip]
* | Split search results into 'exact matches' and 'fuzzy matches'.Winston2014-04-111-60/+96
| | | | | | | | - also refactored the javascript.
* | Improve CSS styling for routing error html page.Winston2014-04-111-7/+25
| |
* | Implement fuzzy matching for route search on routing error html page.Winston2014-04-111-8/+10
| |
* | Avoid URI parsingAndriel Nuernberg2014-04-091-5/+8
| | | | | | | | | | This parsing is unecessary once the Request object already has the needed information.
* | Append link to bad code to backtrace when exception is SyntaxErrorBoris Kuznetsov2014-03-271-0/+8
| |
* | The digest option is no longer honoured since Rails 3.0 [ci skip]Godfrey Chan2014-03-201-1/+1
| | | | | | | | Closes #8513
* | only write the jar if the response isn't committedAaron Patterson2014-03-121-5/+16
| | | | | | | | | | | | | | | | | | | | | | when streaming responses, we need to make sure the cookie jar is written to the headers before returning up the stack. This commit introduces a new method on the response object that writes the cookie jar to the headers as the response is committed. The middleware and test framework will not write the cookie headers if the response has already been committed. fixes #14352
* | :scissors:Zachary Scott2014-02-231-1/+1
| | | | | | | | This commit also addresses rails/docrails#169 and rails/rails#14159
* | Fix parameter naming in RemoteIp middleware constructor methodKalabiYau2014-02-181-2/+2
| | | | | | | | | | Was custom_proxies in inline docs, but should be and defined in constructor as custom_proxies
* | rm warning about variable shadowingGodfrey Chan2014-02-111-2/+2
| |
* | Migrate hash-based cookie values correctlyGodfrey Chan2014-02-111-2/+4
| |
* | Missed FlashHash#replaceGodfrey Chan2014-02-111-1/+1
| |
* | Fixed broken flash testsGodfrey Chan2014-02-111-1/+1
| |
* | Re-write legacy (marshal) cookies on readGodfrey Chan2014-02-111-20/+40
| |
* | Stringify the incoming hash in FlashHashGuillermo Iguaran2014-02-111-1/+3
| | | | | | | | | | Stringify the incoming as well to handle incoming symbol keys from marshalled sessions
* | Convert FlashHash in a Hash with indifferent accessGuillermo Iguaran2014-02-111-4/+15
| |
* | Added HybridSerializer to upgrade existing marshal cookies (wip: need tests)Godfrey Chan2014-02-111-0/+14
| |
* | Renamed session_serializer option to cookies_serializerGodfrey Chan2014-02-113-42/+30
| |
* | Updated the cookie docs to use the safer JSON.{generate,parse}Godfrey Chan2014-02-081-5/+5
| | | | | | | | cc @senny
* | Rely on backticks instead of tt tags [ci skip]Robin Dupret2014-02-081-2/+2
| | | | | | | | | | Since the language in code blocks is inferred, if the code contains tt tags, the block will be parsed as XML for instance while it is Ruby.
* | docs, Cookie values are String based. Closes #12860. [ci skip]Yves Senn2014-02-081-7/+7
| |
* | Modify the session serializer implementationGuillermo Iguaran2014-01-301-3/+5
| | | | | | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* | Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-293-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* | always use a block for cleanup / prepare callbacks so we can clean the ↵Aaron Patterson2014-01-281-0/+9
| | | | | | | | method signature
* | scope is not necessaryAaron Patterson2014-01-281-2/+2
| |
* | Fix Encoding::CompatibilityError when public path is UTF-8Andrew White2013-12-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling from blowing up before an application has had chance to deal with possibly invalid urls. However this has a negative side effect of making it an incompatible encoding if the application's public path has UTF-8 characters in it. To work around the problem we check to see if the path has a valid encoding once it has been unescaped. If it is not valid then we can return early since it will not match any file anyway. Fixes #13518
* | Update secret_key_base Docsrobertomiranda2013-12-152-10/+11
| |
* | Spelling and Grammar checksAkshay Vishnoi2013-12-121-2/+2
| |
* | Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-031-1/+1
| |
* | [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-2/+2
| |
* | class methods moved to already defined class<<self blockAkshay Vishnoi2013-11-151-6/+6
| |
* | Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-021-2/+1
| | | | | | | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* | Merge pull request #9660 from ↵Guillermo Iguaran2013-11-011-1/+2
|\ \ | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * | Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-111-1/+2
| | | | | | | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | | Warnings removed for ruby trunkArun Agrawal2013-11-011-1/+1
| |/ |/| | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
* | Remove surprise if from show_exception middlewarePrem Sichanugrist2013-10-271-2/+5
| | | | | | This increase the readability within the rescue block.
* | Merge branch 'fix-ip-spoof-errors' of https://github.com/tamird/rails into ↵Andrew White2013-09-301-1/+1
|\ \ | | | | | | | | | tamird-fix-ip-spoof-errors
| * | make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-1/+1
| | |
* | | Display exceptions in text format for xhr requestKir Shatrov2013-08-2213-13/+84
| | |
* | | Escape the message of an exception in debug_exceptions to avoid bad renderingAdrien Siami2013-08-215-5/+5
| | |
* | | Use Request#raw_post instead Request#bodyPaul Nikitochkin2013-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In order to get raw_post to be not empty after ParamsParser#parse_formatted_parameters, added rewinding of body stream input on parsing json params. Closes #11345
* | | Space is not required for Set-Cookie headerYamagishi Kazutoshi2013-07-051-1/+1
| | |
* | | Missing closing + in documentation [ci skip]Edho Arief2013-07-041-1/+1
| | |
* | | Merge pull request #11069 from ykzts/actiondispatch-ssl-secure-flag-igonore-caseGuillermo Iguaran2013-06-241-1/+1
|\ \ \ | | | | | | | | Flag cookies as secure with ignore case in ActionDispatch::SSL
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-28 12:32:40 +0000