aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-2/+3
| | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
* Merge pull request #16467 from strzalek/cookies-digest-config-option2Godfrey Chan2014-08-171-3/+9
|\ | | | | | | | | | | | | | | Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
| * Add config option for cookies digestŁukasz Strzałkowski2014-08-121-3/+9
| | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
* | Merge pull request #16484 from strzalek/remove-redundant-null-serializerGodfrey Chan2014-08-171-16/+7
|\ \ | | | | | | Remove redundant NullSerializer
| * | Remove redundant NullSerializerŁukasz Strzałkowski2014-08-131-16/+7
| |/ | | | | | | Use one from ActiveSupport::MessageEncryptor module.
* | this should be accessing the hash, not calling a methodAaron Patterson2014-08-131-1/+1
| |
* | use 'based on' instead of 'based off' [ci skip]Akshay Vishnoi2014-08-121-1/+1
| |
* | Revert "Merge pull request #16434 from strzalek/cookies-digest-config-option"Santiago Pastorino2014-08-081-8/+2
| | | | | | | | | | | | | | This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699. IT BROKE THE BUILD!!!
* | Add config option for cookies digestŁukasz Strzałkowski2014-08-081-2/+8
|/ | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = \SHA256'
* Retrieve source code for the entire stack traceRyan Dao2014-08-088-69/+109
| | | | | | Provide the ability to extract the source code of the entire exception stack trace, not just the frame raising the error. This improves debugging capability of the error page, especially for framework-related errors.
* Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-041-3/+3
| | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
* Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-0/+1
| | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
* Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-2/+2
| | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* Fix weird comment. [CI SKIP]Guo Xiang Tan2014-07-091-2/+2
|
* [ci skip] /javascript/ -> JavaScript - cover whole appAkshay Vishnoi2014-07-041-1/+1
|
* flash doesn't pass objects #15522 [ci skip]Nishant Modak2014-07-011-3/+6
|
* [ci skip] Fix capitalizationAkshay Vishnoi2014-06-071-2/+2
|
* Escape user input before showing in the page.Rafael Mendonça França2014-05-261-2/+2
| | | | | | This is not a security issue since this page is not present in production and user have to type something in the field but is better to escape the input.
* Remove redundant code.Guo Xiang Tan2014-05-201-3/+2
|
* Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-1/+1
|\ | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-1/+1
| | | | | | | | Fixes #12638.
* | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | Display diagnostics in text format for xhr requestVlad Bokov2014-04-142-0/+9
| |
* | Update documentation to use Rails.application insteadMarcel Morgan2014-04-131-1/+1
| | | | | | | | | | | | | | References to ``AppName::Application` removed in favour of ``Rails.application`` as generated with a new rails 4.1 app. [ci skip]
* | Split search results into 'exact matches' and 'fuzzy matches'.Winston2014-04-111-60/+96
| | | | | | | | - also refactored the javascript.
* | Improve CSS styling for routing error html page.Winston2014-04-111-7/+25
| |
* | Implement fuzzy matching for route search on routing error html page.Winston2014-04-111-8/+10
| |
* | Avoid URI parsingAndriel Nuernberg2014-04-091-5/+8
| | | | | | | | | | This parsing is unecessary once the Request object already has the needed information.
* | Append link to bad code to backtrace when exception is SyntaxErrorBoris Kuznetsov2014-03-271-0/+8
| |
* | The digest option is no longer honoured since Rails 3.0 [ci skip]Godfrey Chan2014-03-201-1/+1
| | | | | | | | Closes #8513
* | only write the jar if the response isn't committedAaron Patterson2014-03-121-5/+16
| | | | | | | | | | | | | | | | | | | | | | when streaming responses, we need to make sure the cookie jar is written to the headers before returning up the stack. This commit introduces a new method on the response object that writes the cookie jar to the headers as the response is committed. The middleware and test framework will not write the cookie headers if the response has already been committed. fixes #14352
* | :scissors:Zachary Scott2014-02-231-1/+1
| | | | | | | | This commit also addresses rails/docrails#169 and rails/rails#14159
* | Fix parameter naming in RemoteIp middleware constructor methodKalabiYau2014-02-181-2/+2
| | | | | | | | | | Was custom_proxies in inline docs, but should be and defined in constructor as custom_proxies
* | rm warning about variable shadowingGodfrey Chan2014-02-111-2/+2
| |
* | Migrate hash-based cookie values correctlyGodfrey Chan2014-02-111-2/+4
| |
* | Missed FlashHash#replaceGodfrey Chan2014-02-111-1/+1
| |
* | Fixed broken flash testsGodfrey Chan2014-02-111-1/+1
| |
* | Re-write legacy (marshal) cookies on readGodfrey Chan2014-02-111-20/+40
| |
* | Stringify the incoming hash in FlashHashGuillermo Iguaran2014-02-111-1/+3
| | | | | | | | | | Stringify the incoming as well to handle incoming symbol keys from marshalled sessions
* | Convert FlashHash in a Hash with indifferent accessGuillermo Iguaran2014-02-111-4/+15
| |
* | Added HybridSerializer to upgrade existing marshal cookies (wip: need tests)Godfrey Chan2014-02-111-0/+14
| |
* | Renamed session_serializer option to cookies_serializerGodfrey Chan2014-02-113-42/+30
| |
* | Updated the cookie docs to use the safer JSON.{generate,parse}Godfrey Chan2014-02-081-5/+5
| | | | | | | | cc @senny
* | Rely on backticks instead of tt tags [ci skip]Robin Dupret2014-02-081-2/+2
| | | | | | | | | | Since the language in code blocks is inferred, if the code contains tt tags, the block will be parsed as XML for instance while it is Ruby.
* | docs, Cookie values are String based. Closes #12860. [ci skip]Yves Senn2014-02-081-7/+7
| |
* | Modify the session serializer implementationGuillermo Iguaran2014-01-301-3/+5
| | | | | | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* | Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-293-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* | always use a block for cleanup / prepare callbacks so we can clean the ↵Aaron Patterson2014-01-281-0/+9
| | | | | | | | method signature
* | scope is not necessaryAaron Patterson2014-01-281-2/+2
| |
* | Fix Encoding::CompatibilityError when public path is UTF-8Andrew White2013-12-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling from blowing up before an application has had chance to deal with possibly invalid urls. However this has a negative side effect of making it an incompatible encoding if the application's public path has UTF-8 characters in it. To work around the problem we check to see if the path has a valid encoding once it has been unescaped. If it is not valid then we can return early since it will not match any file anyway. Fixes #13518
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 13:13:15 +0000