aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Rely on backticks instead of tt tags [ci skip]Robin Dupret2014-02-081-2/+2
| | | | | Since the language in code blocks is inferred, if the code contains tt tags, the block will be parsed as XML for instance while it is Ruby.
* docs, Cookie values are String based. Closes #12860. [ci skip]Yves Senn2014-02-081-7/+7
|
* Modify the session serializer implementationGuillermo Iguaran2014-01-301-3/+5
| | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-293-2/+41
| | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* always use a block for cleanup / prepare callbacks so we can clean the ↵Aaron Patterson2014-01-281-0/+9
| | | | method signature
* scope is not necessaryAaron Patterson2014-01-281-2/+2
|
* Fix Encoding::CompatibilityError when public path is UTF-8Andrew White2013-12-291-3/+3
| | | | | | | | | | | | | | In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling from blowing up before an application has had chance to deal with possibly invalid urls. However this has a negative side effect of making it an incompatible encoding if the application's public path has UTF-8 characters in it. To work around the problem we check to see if the path has a valid encoding once it has been unescaped. If it is not valid then we can return early since it will not match any file anyway. Fixes #13518
* Update secret_key_base Docsrobertomiranda2013-12-152-10/+11
|
* Spelling and Grammar checksAkshay Vishnoi2013-12-121-2/+2
|
* Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-031-1/+1
|
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-2/+2
|
* class methods moved to already defined class<<self blockAkshay Vishnoi2013-11-151-6/+6
|
* Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-021-2/+1
| | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* Merge pull request #9660 from ↵Guillermo Iguaran2013-11-011-1/+2
|\ | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-111-1/+2
| | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | Warnings removed for ruby trunkArun Agrawal2013-11-011-1/+1
| | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
* | Remove surprise if from show_exception middlewarePrem Sichanugrist2013-10-271-2/+5
| | | | | | This increase the readability within the rescue block.
* | Merge branch 'fix-ip-spoof-errors' of https://github.com/tamird/rails into ↵Andrew White2013-09-301-1/+1
|\ \ | | | | | | | | | tamird-fix-ip-spoof-errors
| * | make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-1/+1
| | |
* | | Display exceptions in text format for xhr requestKir Shatrov2013-08-2213-13/+84
| | |
* | | Escape the message of an exception in debug_exceptions to avoid bad renderingAdrien Siami2013-08-215-5/+5
| | |
* | | Use Request#raw_post instead Request#bodyPaul Nikitochkin2013-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In order to get raw_post to be not empty after ParamsParser#parse_formatted_parameters, added rewinding of body stream input on parsing json params. Closes #11345
* | | Space is not required for Set-Cookie headerYamagishi Kazutoshi2013-07-051-1/+1
| | |
* | | Missing closing + in documentation [ci skip]Edho Arief2013-07-041-1/+1
| | |
* | | Merge pull request #11069 from ykzts/actiondispatch-ssl-secure-flag-igonore-caseGuillermo Iguaran2013-06-241-1/+1
|\ \ \ | | | | | | | | Flag cookies as secure with ignore case in ActionDispatch::SSL
| * | | Flag cookies as secure with ignore case in ActionDispatch::SSLYamagishi Kazutoshi2013-06-241-1/+1
| | | |
* | | | ActionDispatch:SSL: don't include STS header in non-https responsesGeoff Buesing2013-06-231-2/+1
|/ / /
* / / Grammar nazi at work [ci skip]Paweł Gościcki2013-06-121-1/+1
|/ /
* | Extract ActionDispatch::Request#deep_mungeGenadi Samokovarov2013-05-301-1/+1
| | | | | | | | | | | | | | | | | | ActionDispatch::Request#deep_munge was introduced as a private method, but was turned into a public one for the use of ActionDispatch::ParamsParser. I have extracted it into ActionDispatch::Request::Utils, so it does not get mixed up with the Request public methods.
* | Fixing build broken by this changeArun Agrawal2013-05-131-2/+2
| | | | | | | | c43ca06ca091fc09e2c86bb051ac92b648f12b64
* | Code cleanup for ActionDispatch::Flash#callJulian Vargas2013-05-121-9/+3
| | | | | | | | | | | | | | The nested `if` was replaced by using `presence` which takes account for the given hash when it is `nil` or when it is empty. The `else` was removed because what it was doing was to assign to `env[KEY]` the value it already had.
* | remove variable and fix warningVipul A M2013-05-091-1/+0
| |
* | Fix that JSON and XML exception responses should give the HTTP error message ↵Jeremy Kemper2013-05-081-2/+2
| | | | | | | | for their status, by default, not the message from the underlying exception
* | Add styling to h1Tim Krajcar2013-05-021-0/+6
| |
* | Merge pull request #9857 from yyyc514/bad_params_should_400Aaron Patterson2013-04-301-0/+1
|\ \ | | | | | | failure to parse params should trigger a 400 Bad Request
| * | failure to parse params should trigger a 400 Bad RequestJosh Goebel2013-03-211-0/+1
| |/
* | Return a 405 response for unknown HTTP methodsLewis Marshall2013-04-221-0/+1
| |
* | Use camelize instead of capitalize on error screenNikolay Shebanov2013-04-101-1/+1
| |
* | change array of array to hashVipul A M2013-04-091-6/+4
| |
* | Mark unused variables and make some style fixesAgis Anastasopoulos2013-04-082-2/+2
| | | | | | | | It'd be a nice convention to mark the unused variables like this, now that Ruby 2 will issue no warnings for such vars being unused.
* | Merge pull request #10061 from trevorturk/dummy-key-generator-renameSantiago Pastorino2013-04-021-1/+1
|\ \ | | | | | | Rename DummyKeyGenerator -> LegacyKeyGenerator
| * | Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-1/+1
| | |
* | | :scissors: spacing after privateTrevor Turk2013-04-021-3/+0
| | |
* | | Be consistent when talking about cookies, key -> nameTrevor Turk2013-04-021-25/+25
| | |
* | | Fix permanent cookie jar accessor typoTrevor Turk2013-04-021-1/+1
|/ /
* | Improve documentation around the cookie store auto-upgrade to encryptionTrevor Turk2013-04-011-22/+37
| |
* | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵Trevor Turk2013-03-282-74/+78
| | | | | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config
* | if cookie is tampered with then nil is returned [ci skip]Neeraj Singh2013-03-251-4/+2
| | | | | | | | | | | | if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned.
* | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵Trevor Turk2013-03-241-99/+99
| | | | | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4
* | Fix some typosVipul A M2013-03-241-1/+1
|/