aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
* make sure both headers are set before checking for ip spoofingTamir Duberstein2013-10-011-1/+1
|
* Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+3
| | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* Merge pull request #8907 from rubys/masterRafael Mendonça França2013-01-121-1/+2
| | | | Fix regression introduced in pull 8812
* Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-2/+2
| | | | Backports #8855.
* Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-081-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-081-2/+2
| | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
| * Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Merge pull request #8812 from rubys/masterCarlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | Eliminate Rack::File headers deprecation warning
* | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
| | | | | | | | | | | | | | | | (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2) [ci skip] Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
* | Merge pull request #8093 from nikitug/keep_app_x_ua_compatibleCarlos Antonio da Silva2012-11-081-1/+7
|/ | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md
* log 404 status when ActiveRecord::RecordNotFound was raised (#7646)Yves Senn2012-09-171-2/+6
| | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_controller/log_subscriber.rb
* Dont stream back cookie value if it was set to the same valuebrainopia2012-08-101-4/+6
|
* Revert "Revert "Merge pull request #6084 from ↵brainopia2012-08-101-0/+7
| | | | | | brainopia/support_for_magic_domain_on_all_stores"" This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4.
* Revert "Merge pull request #6084 from ↵Rafael Mendonça França2012-08-051-7/+0
| | | | | | | | brainopia/support_for_magic_domain_on_all_stores" This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186. This commit was supposed to fix a bug but it add more failures.
* Merge pull request #6084 from brainopia/support_for_magic_domain_on_all_storesJosé Valim2012-08-021-0/+7
| | | | Support cookie jar options for all cookie stores
* adds a missing require from Active SupportXavier Noria2012-07-281-0/+1
| | | | This file uses mattr_accessor.
* Revert "fix the Flash middleware loading the session on every request (very ↵Rafael Mendonça França2012-06-051-3/+6
| | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request).
* remove unnecessary memcache equire in ActionDispatch::Session::CacheStoreBrian Durand2012-05-261-1/+0
|
* fix the Flash middleware loading the session on every request (very ↵Will Bryant2012-04-301-6/+3
| | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
* Return the same session data object when setting session idCarlos Antonio da Silva2012-03-241-1/+1
| | | | | | | | Make sure to return the same hash object instead of returning a new one. Returning a new one causes failures on cookie store tests, where it tests for the 'Set-Cookie' header with the session signature. This is due to the hash ordering changes on Ruby 1.8.7-p358.
* fix ArgumentError being raised in case of invalid byte sequencesMichael Reinsch2012-03-081-0/+1
|
* Simplify regexpAndrew White2012-02-171-1/+1
|
* Fix ActionDispatch::Static to serve files with unencoded PCHARAndrew White2012-02-171-2/+10
| | | | | | | | | | | RFC 3986[1] allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir[] we need to escape any glob characters in the path. [1]: http://www.ietf.org/rfc/rfc3986.txt
* Merge pull request #4879 from kennyj/fix_4873José Valim2012-02-041-2/+3
| | | | Fix GH #4873. Allow swapping same class middleware.
* Add begin/ensure block since we are returning.José Valim2012-01-141-3/+5
|
* Use a BodyProxy instead of including a Module that responds to close.Santiago Pastorino2012-01-132-14/+31
| | | | Closes #4441 if Active Record is disabled assets are delivered correctly
* add help text to routing errorschneems2011-12-171-8/+13
| | | | | | When a newcomer hits the routing error page they are often confused about how to trouble shoot the next step. Adding a simple help text can gently remind coders where to get more help.
* ShowExceptions should understand X-Cascade responses from exceptions app.José Valim2011-12-163-6/+16
|
* Improve the specs on exceptions app.José Valim2011-12-161-1/+6
|
* Extract the rendering of public exceptions pages into a Rack app.José Valim2011-12-162-33/+48
|
* Get rid of the close checks since we cannot reliably close the session anyway.José Valim2011-12-164-27/+0
|
* Close the response body on cascade pass, closes #3975.José Valim2011-12-141-0/+2
|
* log exception backtrace when all backtrace lines silencedSergey Nartimov2011-12-131-1/+4
|
* Allow reloader to be configured.José Valim2011-12-121-14/+38
|
* Fix failing cascade exception.José Valim2011-12-032-2/+3
|
* Try to play nice with plugins doing monkey patches.José Valim2011-12-021-0/+5
|
* Split and improve show and debug exceptions middlewares.José Valim2011-12-011-11/+11
|
* Split ShowExceptions responsibilities in two middlewares.José Valim2011-12-013-82/+106
|
* Add a deprecation to old show exceptions API (even though it was not public).José Valim2011-12-011-0/+14
|
* Add an ExceptionWrapper that wraps an exception and provide convenience helpers.José Valim2011-12-012-74/+100
|
* Allow rescue responses to be configured through a railtie.José Valim2011-12-011-8/+4
|
* put backtrace_cleaner to envlest2011-11-281-13/+13
|
* middlewares should use logger from envlest2011-11-252-9/+13
|
* configuration option to always write cookielest2011-11-231-1/+4
|
* Remove unreachable code, and add additional testcases.kennyj2011-11-241-6/+1
|
* deprecation warning, changelog entrylest2011-11-221-1/+3
|
* add ActionController::Metal#show_detailed_exceptions?lest2011-11-221-9/+7
|
* It should be @calculated_ip not @calculate_ipArun Agrawal2011-11-171-1/+1
| | | | We are using @calculated_ip. @calculate_ip is no where used
* Initialize our instance variables.Aaron Patterson2011-11-161-1/+3
|