| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
same elsewhere
|
| |
|
|\
| |
| |
| | |
allow 'all' for :domain option in addition to :all
|
| | |
|
| |
| |
| |
| | |
This reverts commit c59734f756b79c39486c45273d2cc5d42cd0c864.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes #6421
|
| |
| |
| |
| | |
We should remove this dependency later.
|
| |
| |
| | |
Avoid logic in ERB and use helpers
|
| | |
|
| |
| |
| |
| |
| |
| | |
Update cookies.rb
Conflicts:
actionpack/lib/action_dispatch/middleware/cookies.rb
|
|\ \
| | |
| | | |
Adding simple docs for ActionDispatch::Flash::FlashHash#to_session_value
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Do not rescue Exception in ActionDispatch::ParamsParser
|
| |/ /
| | |
| | |
| | |
| | | |
Unlike ShowExceptions or PublicExceptions, ParamsParser shouldn't
transform exceptions like Interrupt and NoMemoryError into ParserError.
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This will help you debug missing template errors, especially if they
come from a programmatic template selection. Thanks to @dhh for
suggesting that.
As a bonus, also show request and response info on the routing error
page for consistency.
|
| |
| |
| |
| | |
cc ddce3dd
|
|\ \
| | |
| | | |
Rename #source_extract to #source_extracts in ExceptionWrapper
|
| | |
| | |
| | |
| | |
| | | |
It returns multiple source extracts since 1ed264bc. Also cleaned its
result structure, as we no longer need the file in a code extract.
|
|\ \ \
| | | |
| | | | |
Don't double check trace origin in ExceptionWrapper#traces
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
If a trace isn't an application one, then it comes from a framework.
That's the definition of framework trace. We can speed up the traces
generation if we don't double check that.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since dbcbbcf2bc58e8971672b143d1c52c0244e33f26 the full trace is shown
by default on routing errors. While this is a nice feature to have, it
does take the attention off the routes table in this view and I think
this is what most of the people look for in this page.
Added an exception to the default trace switching rule to remove that
noise.
|
| |
| |
| |
| |
| |
| | |
Those three can be nil when exception backtrace is nil. This happens and
that forced a couple of nil guards in the code. I'm proposing to make
those always return an array, even on nil backtrace.
|
| |
| |
| |
| | |
Closes #17586
|
|\ \
| | |
| | |
| | | |
Allow fallback to LegacyKeyGenerator when secret_key_base is not set but secrets.secret_token is
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
|/ /
| |
| |
| |
| | |
ActionDispatch::ExceptionWrapper seems to be the more natural place for
this method to live in.
|
|\ \
| | |
| | |
| | |
| | | |
* master-sec:
FileHandler should not be called for files outside the root
|
| | |
| | |
| | |
| | |
| | | |
FileHandler#matches? should return false for files that are outside the
"root" path.
|
| | |
| | |
| | |
| | | |
trace list, closes #17312
|
|/ /
| |
| |
| | |
Fixes #15967
|
| |
| |
| |
| |
| |
| | |
Hash#keys.each allocates an array of keys; Hash#each_key iterates through the
keys without allocating a new array. This is the reason why Hash#each_key
exists.
|
| |
| |
| |
| |
| |
| |
| |
| | |
IPAddr::InvalidAddressError does not exist in Ruby 1.9.3
and fails for JRuby in 1.9 mode.
As IPAddr::InvalidAddressError is a subclass of ArgumentError
(via IPAddr::Error) just rescuing ArgumentError is fine.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Dir.glob can be a security concern. The original use was to provide logic of fallback files. Example a request to `/` should render the file from `/public/index.html`. We can replace the dir glob with the specific logic it represents. The glob {,index,index.html} will look for the current path, then in the directory of the path with index file and then in the directory of the path with index.html. This PR replaces the glob logic by manually checking each potential match. Best case scenario this results in one less file API request, worst case, this has one more file API request.
Related to #16464
Update: added a test for when a file of a given name (`public/bar.html` and a directory `public/bar` both exist in the same root directory. Changed logic to accommodate this scenario.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- don't mutate PATH_INFO in env, test
- test fallback content type matches Rack::File
- change assertion style
- make HTTP_ACCEPT_ENCODING comparison case insensitive
- return gzip path from method instead of true/false so we don't have to assume later
- don't allocate un-needed hash.
Original comments:
https://github.com/rails/rails/commit/
cfaaacd9763642e91761de54c90669a88d772e5a#commitcomment-7468728
cc @jeremy
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactored IP address checking in ActionDispatch::RemoteIp to rely on
the IPAddr class instead of the unwieldly regular expression to match
IP addresses. This commit keeps the same api but allows users to pass
IPAddr objects to config.action_dispatch.trusted_proxies in addition
to passing strings and regular expressions.
Example:
# config/environments/production.rb
config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
|
| |
| |
| |
| |
| |
| | |
If someone is using ActionDispatch::Static to serve assets and makes it past the `match?` then the file exists on disk and it will be served. This PR adds in logic that checks to see if the file being served is already compressed (via gzip) and on disk, if it is it will be served as long as the client can handle gzip encoding. If not, then a non gzip file will be served.
This additional logic slows down an individual asset request but should speed up the consumer experience as compressed files are served and production applications should be delivered with a CDN. This PR allows a CDN to cache a gzip file by setting the `Vary` header appropriately. In net this should speed up a production application that are using Rails as an origin for a CDN. Non-asset request speed is not affected in this PR.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionpack/lib/action_controller/metal/mime_responds.rb
actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
activerecord/lib/active_record/type/value.rb
|
| | |
| | |
| | |
| | | |
[skip ci]
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use the Active Support JSON encoder for cookie jars using the `:json` or
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
cookies by defining the `#as_json` hook on such objects.
Fixes #16520.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Cookies digest config option (pt. 2)
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/middleware/cookies.rb
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
|\ \ \ \
| | | | |
| | | | | |
Remove redundant NullSerializer
|
| |/ / /
| | | |
| | | |
| | | | |
Use one from ActiveSupport::MessageEncryptor module.
|
| | | | |
|
| | | | |
|