| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
actionpack/lib/action_controller/metal/mime_responds.rb
actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
activerecord/lib/active_record/type/value.rb
|
| |
| |
| |
| | |
[skip ci]
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Use the Active Support JSON encoder for cookie jars using the `:json` or
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
cookies by defining the `#as_json` hook on such objects.
Fixes #16520.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Cookies digest config option (pt. 2)
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/middleware/cookies.rb
|
| | |
| | |
| | |
| | |
| | |
| | | |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
|\ \ \
| | | |
| | | | |
Remove redundant NullSerializer
|
| |/ /
| | |
| | |
| | | |
Use one from ActiveSupport::MessageEncryptor module.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing
changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699.
IT BROKE THE BUILD!!!
|
|/ /
| |
| |
| |
| |
| | |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = \SHA256'
|
| |
| |
| |
| |
| |
| | |
Provide the ability to extract the source code of the entire exception stack
trace, not just the frame raising the error. This improves debugging
capability of the error page, especially for framework-related errors.
|
|/
|
|
|
|
| |
Fixed broken test.
Thanks Stephen Richards for reporting.
|
|
|
|
|
|
|
|
|
|
| |
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
for the exception defined in `ExceptionWrapper`, so the path the user was
visiting when an exception occurred was not previously available to any custom
exceptions_app.
The original `PATH_INFO` is now stashed in
`env["action_dispatch.original_path"]`.
|
|
|
|
|
|
|
|
|
|
| |
Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.
Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This is not a security issue since this page is not present in
production and user have to type something in the field but is better to
escape the input.
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Make remote_ip detection properly handle private IPv6 addresses
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| | |
Fixes #12638.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
References to ``AppName::Application` removed in favour of ``Rails.application``
as generated with a new rails 4.1 app.
[ci skip]
|
| |
| |
| |
| | |
- also refactored the javascript.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This parsing is unecessary once the Request object already has the
needed information.
|
| | |
|
| |
| |
| |
| | |
Closes #8513
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when streaming responses, we need to make sure the cookie jar is written
to the headers before returning up the stack. This commit introduces a
new method on the response object that writes the cookie jar to the
headers as the response is committed. The middleware and test framework
will not write the cookie headers if the response has already been
committed.
fixes #14352
|
| |
| |
| |
| | |
This commit also addresses rails/docrails#169 and rails/rails#14159
|
| |
| |
| |
| |
| | |
Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Stringify the incoming as well to handle incoming symbol keys from
marshalled sessions
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
cc @senny
|
| |
| |
| |
| |
| | |
Since the language in code blocks is inferred, if the code contains tt
tags, the block will be parsed as XML for instance while it is Ruby.
|
| | |
|