Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Rely on backticks instead of tt tags [ci skip] | Robin Dupret | 2014-02-08 | 1 | -2/+2 |
| | | | | | Since the language in code blocks is inferred, if the code contains tt tags, the block will be parsed as XML for instance while it is Ruby. | ||||
* | docs, Cookie values are String based. Closes #12860. [ci skip] | Yves Senn | 2014-02-08 | 1 | -7/+7 |
| | |||||
* | Modify the session serializer implementation | Guillermo Iguaran | 2014-01-30 | 1 | -3/+5 |
| | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes. | ||||
* | Allow session serializer key in config.session_store | Lukasz Sarnacki | 2014-01-29 | 3 | -2/+41 |
| | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt. | ||||
* | always use a block for cleanup / prepare callbacks so we can clean the ↵ | Aaron Patterson | 2014-01-28 | 1 | -0/+9 |
| | | | | method signature | ||||
* | scope is not necessary | Aaron Patterson | 2014-01-28 | 1 | -2/+2 |
| | |||||
* | Fix Encoding::CompatibilityError when public path is UTF-8 | Andrew White | 2013-12-29 | 1 | -3/+3 |
| | | | | | | | | | | | | | | In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling from blowing up before an application has had chance to deal with possibly invalid urls. However this has a negative side effect of making it an incompatible encoding if the application's public path has UTF-8 characters in it. To work around the problem we check to see if the path has a valid encoding once it has been unescaped. If it is not valid then we can return early since it will not match any file anyway. Fixes #13518 | ||||
* | Update secret_key_base Docs | robertomiranda | 2013-12-15 | 2 | -10/+11 |
| | |||||
* | Spelling and Grammar checks | Akshay Vishnoi | 2013-12-12 | 1 | -2/+2 |
| | |||||
* | Remove deprecated cattr_* requires | Genadi Samokovarov | 2013-12-03 | 1 | -1/+1 |
| | |||||
* | [ci skip] Removing some gender sensitive object pronouns | Tejas Dinkar | 2013-12-02 | 1 | -2/+2 |
| | |||||
* | class methods moved to already defined class<<self block | Akshay Vishnoi | 2013-11-15 | 1 | -6/+6 |
| | |||||
* | Revert "Merge pull request #9660 from ↵ | Guillermo Iguaran | 2013-11-02 | 1 | -2/+1 |
| | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493 | ||||
* | Merge pull request #9660 from ↵ | Guillermo Iguaran | 2013-11-01 | 1 | -1/+2 |
|\ | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty | ||||
| * | Change ActionController::Parameters#require behavior when value is empty | Sebastian Sogamoso | 2013-03-11 | 1 | -1/+2 |
| | | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty. | ||||
* | | Warnings removed for ruby trunk | Arun Agrawal | 2013-11-01 | 1 | -1/+1 |
| | | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb | ||||
* | | Remove surprise if from show_exception middleware | Prem Sichanugrist | 2013-10-27 | 1 | -2/+5 |
| | | | | | | This increase the readability within the rescue block. | ||||
* | | Merge branch 'fix-ip-spoof-errors' of https://github.com/tamird/rails into ↵ | Andrew White | 2013-09-30 | 1 | -1/+1 |
|\ \ | | | | | | | | | | tamird-fix-ip-spoof-errors | ||||
| * | | make sure both headers are set before checking for ip spoofing | Tamir Duberstein | 2013-06-04 | 1 | -1/+1 |
| | | | |||||
* | | | Display exceptions in text format for xhr request | Kir Shatrov | 2013-08-22 | 13 | -13/+84 |
| | | | |||||
* | | | Escape the message of an exception in debug_exceptions to avoid bad rendering | Adrien Siami | 2013-08-21 | 5 | -5/+5 |
| | | | |||||
* | | | Use Request#raw_post instead Request#body | Paul Nikitochkin | 2013-07-08 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | In order to get raw_post to be not empty after ParamsParser#parse_formatted_parameters, added rewinding of body stream input on parsing json params. Closes #11345 | ||||
* | | | Space is not required for Set-Cookie header | Yamagishi Kazutoshi | 2013-07-05 | 1 | -1/+1 |
| | | | |||||
* | | | Missing closing + in documentation [ci skip] | Edho Arief | 2013-07-04 | 1 | -1/+1 |
| | | | |||||
* | | | Merge pull request #11069 from ykzts/actiondispatch-ssl-secure-flag-igonore-case | Guillermo Iguaran | 2013-06-24 | 1 | -1/+1 |
|\ \ \ | | | | | | | | | Flag cookies as secure with ignore case in ActionDispatch::SSL | ||||
| * | | | Flag cookies as secure with ignore case in ActionDispatch::SSL | Yamagishi Kazutoshi | 2013-06-24 | 1 | -1/+1 |
| | | | | |||||
* | | | | ActionDispatch:SSL: don't include STS header in non-https responses | Geoff Buesing | 2013-06-23 | 1 | -2/+1 |
|/ / / | |||||
* / / | Grammar nazi at work [ci skip] | Paweł Gościcki | 2013-06-12 | 1 | -1/+1 |
|/ / | |||||
* | | Extract ActionDispatch::Request#deep_munge | Genadi Samokovarov | 2013-05-30 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | ActionDispatch::Request#deep_munge was introduced as a private method, but was turned into a public one for the use of ActionDispatch::ParamsParser. I have extracted it into ActionDispatch::Request::Utils, so it does not get mixed up with the Request public methods. | ||||
* | | Fixing build broken by this change | Arun Agrawal | 2013-05-13 | 1 | -2/+2 |
| | | | | | | | | c43ca06ca091fc09e2c86bb051ac92b648f12b64 | ||||
* | | Code cleanup for ActionDispatch::Flash#call | Julian Vargas | 2013-05-12 | 1 | -9/+3 |
| | | | | | | | | | | | | | | The nested `if` was replaced by using `presence` which takes account for the given hash when it is `nil` or when it is empty. The `else` was removed because what it was doing was to assign to `env[KEY]` the value it already had. | ||||
* | | remove variable and fix warning | Vipul A M | 2013-05-09 | 1 | -1/+0 |
| | | |||||
* | | Fix that JSON and XML exception responses should give the HTTP error message ↵ | Jeremy Kemper | 2013-05-08 | 1 | -2/+2 |
| | | | | | | | | for their status, by default, not the message from the underlying exception | ||||
* | | Add styling to h1 | Tim Krajcar | 2013-05-02 | 1 | -0/+6 |
| | | |||||
* | | Merge pull request #9857 from yyyc514/bad_params_should_400 | Aaron Patterson | 2013-04-30 | 1 | -0/+1 |
|\ \ | | | | | | | failure to parse params should trigger a 400 Bad Request | ||||
| * | | failure to parse params should trigger a 400 Bad Request | Josh Goebel | 2013-03-21 | 1 | -0/+1 |
| |/ | |||||
* | | Return a 405 response for unknown HTTP methods | Lewis Marshall | 2013-04-22 | 1 | -0/+1 |
| | | |||||
* | | Use camelize instead of capitalize on error screen | Nikolay Shebanov | 2013-04-10 | 1 | -1/+1 |
| | | |||||
* | | change array of array to hash | Vipul A M | 2013-04-09 | 1 | -6/+4 |
| | | |||||
* | | Mark unused variables and make some style fixes | Agis Anastasopoulos | 2013-04-08 | 2 | -2/+2 |
| | | | | | | | | It'd be a nice convention to mark the unused variables like this, now that Ruby 2 will issue no warnings for such vars being unused. | ||||
* | | Merge pull request #10061 from trevorturk/dummy-key-generator-rename | Santiago Pastorino | 2013-04-02 | 1 | -1/+1 |
|\ \ | | | | | | | Rename DummyKeyGenerator -> LegacyKeyGenerator | ||||
| * | | Rename DummyKeyGenerator -> LegacyKeyGenerator | Trevor Turk | 2013-04-02 | 1 | -1/+1 |
| | | | |||||
* | | | :scissors: spacing after private | Trevor Turk | 2013-04-02 | 1 | -3/+0 |
| | | | |||||
* | | | Be consistent when talking about cookies, key -> name | Trevor Turk | 2013-04-02 | 1 | -25/+25 |
| | | | |||||
* | | | Fix permanent cookie jar accessor typo | Trevor Turk | 2013-04-02 | 1 | -1/+1 |
|/ / | |||||
* | | Improve documentation around the cookie store auto-upgrade to encryption | Trevor Turk | 2013-04-01 | 1 | -22/+37 |
| | | |||||
* | | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵ | Trevor Turk | 2013-03-28 | 2 | -74/+78 |
| | | | | | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config | ||||
* | | if cookie is tampered with then nil is returned [ci skip] | Neeraj Singh | 2013-03-25 | 1 | -4/+2 |
| | | | | | | | | | | | | if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned. | ||||
* | | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵ | Trevor Turk | 2013-03-24 | 1 | -99/+99 |
| | | | | | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4 | ||||
* | | Fix some typos | Vipul A M | 2013-03-24 | 1 | -1/+1 |
|/ |