Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | make sure both headers are set before checking for ip spoofing | Tamir Duberstein | 2013-10-01 | 1 | -1/+1 |
| | |||||
* | Merge pull request #8914 from nilbus/fix-header-bloat | Rafael Mendonça França | 2013-01-15 | 1 | -1/+3 |
| | | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md | ||||
* | Merge pull request #8907 from rubys/master | Rafael Mendonça França | 2013-01-12 | 1 | -1/+2 |
| | | | | Fix regression introduced in pull 8812 | ||||
* | Fix JSON params parsing regression for non-object JSON content. | Dylan Smith | 2013-01-11 | 1 | -2/+2 |
| | | | | Backports #8855. | ||||
* | Merge branch '3-2-sec' into 3-2-secmerge | Aaron Patterson | 2013-01-08 | 1 | -2/+2 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md | ||||
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -2/+2 |
| | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu | ||||
| * | Avoid Rack security warning no secret provided | Santiago Pastorino | 2013-01-08 | 1 | -0/+2 |
| | | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie." | ||||
* | | Merge pull request #8812 from rubys/master | Carlos Antonio da Silva | 2013-01-08 | 1 | -1/+1 |
| | | | | | | | | Eliminate Rack::File headers deprecation warning | ||||
* | | Avoid Rack security warning no secret provided | Santiago Pastorino | 2013-01-08 | 1 | -0/+2 |
| | | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie." | ||||
* | | Remove suggestion that Procs can be used as session secrets. | James Coglan | 2013-01-05 | 1 | -7/+4 |
| | | | | | | | | | | | | | | | | (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2) [ci skip] Signed-off-by: Andrew White <andyw@pixeltrix.co.uk> | ||||
* | | Merge pull request #8093 from nikitug/keep_app_x_ua_compatible | Carlos Antonio da Silva | 2012-11-08 | 1 | -1/+7 |
|/ | | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md | ||||
* | log 404 status when ActiveRecord::RecordNotFound was raised (#7646) | Yves Senn | 2012-09-17 | 1 | -2/+6 |
| | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_controller/log_subscriber.rb | ||||
* | Dont stream back cookie value if it was set to the same value | brainopia | 2012-08-10 | 1 | -4/+6 |
| | |||||
* | Revert "Revert "Merge pull request #6084 from ↵ | brainopia | 2012-08-10 | 1 | -0/+7 |
| | | | | | | brainopia/support_for_magic_domain_on_all_stores"" This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4. | ||||
* | Revert "Merge pull request #6084 from ↵ | Rafael Mendonça França | 2012-08-05 | 1 | -7/+0 |
| | | | | | | | | brainopia/support_for_magic_domain_on_all_stores" This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186. This commit was supposed to fix a bug but it add more failures. | ||||
* | Merge pull request #6084 from brainopia/support_for_magic_domain_on_all_stores | José Valim | 2012-08-02 | 1 | -0/+7 |
| | | | | Support cookie jar options for all cookie stores | ||||
* | adds a missing require from Active Support | Xavier Noria | 2012-07-28 | 1 | -0/+1 |
| | | | | This file uses mattr_accessor. | ||||
* | Revert "fix the Flash middleware loading the session on every request (very ↵ | Rafael Mendonça França | 2012-06-05 | 1 | -3/+6 |
| | | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request). | ||||
* | remove unnecessary memcache equire in ActionDispatch::Session::CacheStore | Brian Durand | 2012-05-26 | 1 | -1/+0 |
| | |||||
* | fix the Flash middleware loading the session on every request (very ↵ | Will Bryant | 2012-04-30 | 1 | -6/+3 |
| | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called | ||||
* | Return the same session data object when setting session id | Carlos Antonio da Silva | 2012-03-24 | 1 | -1/+1 |
| | | | | | | | | Make sure to return the same hash object instead of returning a new one. Returning a new one causes failures on cookie store tests, where it tests for the 'Set-Cookie' header with the session signature. This is due to the hash ordering changes on Ruby 1.8.7-p358. | ||||
* | fix ArgumentError being raised in case of invalid byte sequences | Michael Reinsch | 2012-03-08 | 1 | -0/+1 |
| | |||||
* | Simplify regexp | Andrew White | 2012-02-17 | 1 | -1/+1 |
| | |||||
* | Fix ActionDispatch::Static to serve files with unencoded PCHAR | Andrew White | 2012-02-17 | 1 | -2/+10 |
| | | | | | | | | | | | RFC 3986[1] allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir[] we need to escape any glob characters in the path. [1]: http://www.ietf.org/rfc/rfc3986.txt | ||||
* | Merge pull request #4879 from kennyj/fix_4873 | José Valim | 2012-02-04 | 1 | -2/+3 |
| | | | | Fix GH #4873. Allow swapping same class middleware. | ||||
* | Add begin/ensure block since we are returning. | José Valim | 2012-01-14 | 1 | -3/+5 |
| | |||||
* | Use a BodyProxy instead of including a Module that responds to close. | Santiago Pastorino | 2012-01-13 | 2 | -14/+31 |
| | | | | Closes #4441 if Active Record is disabled assets are delivered correctly | ||||
* | add help text to routing error | schneems | 2011-12-17 | 1 | -8/+13 |
| | | | | | | When a newcomer hits the routing error page they are often confused about how to trouble shoot the next step. Adding a simple help text can gently remind coders where to get more help. | ||||
* | ShowExceptions should understand X-Cascade responses from exceptions app. | José Valim | 2011-12-16 | 3 | -6/+16 |
| | |||||
* | Improve the specs on exceptions app. | José Valim | 2011-12-16 | 1 | -1/+6 |
| | |||||
* | Extract the rendering of public exceptions pages into a Rack app. | José Valim | 2011-12-16 | 2 | -33/+48 |
| | |||||
* | Get rid of the close checks since we cannot reliably close the session anyway. | José Valim | 2011-12-16 | 4 | -27/+0 |
| | |||||
* | Close the response body on cascade pass, closes #3975. | José Valim | 2011-12-14 | 1 | -0/+2 |
| | |||||
* | log exception backtrace when all backtrace lines silenced | Sergey Nartimov | 2011-12-13 | 1 | -1/+4 |
| | |||||
* | Allow reloader to be configured. | José Valim | 2011-12-12 | 1 | -14/+38 |
| | |||||
* | Fix failing cascade exception. | José Valim | 2011-12-03 | 2 | -2/+3 |
| | |||||
* | Try to play nice with plugins doing monkey patches. | José Valim | 2011-12-02 | 1 | -0/+5 |
| | |||||
* | Split and improve show and debug exceptions middlewares. | José Valim | 2011-12-01 | 1 | -11/+11 |
| | |||||
* | Split ShowExceptions responsibilities in two middlewares. | José Valim | 2011-12-01 | 3 | -82/+106 |
| | |||||
* | Add a deprecation to old show exceptions API (even though it was not public). | José Valim | 2011-12-01 | 1 | -0/+14 |
| | |||||
* | Add an ExceptionWrapper that wraps an exception and provide convenience helpers. | José Valim | 2011-12-01 | 2 | -74/+100 |
| | |||||
* | Allow rescue responses to be configured through a railtie. | José Valim | 2011-12-01 | 1 | -8/+4 |
| | |||||
* | put backtrace_cleaner to env | lest | 2011-11-28 | 1 | -13/+13 |
| | |||||
* | middlewares should use logger from env | lest | 2011-11-25 | 2 | -9/+13 |
| | |||||
* | configuration option to always write cookie | lest | 2011-11-23 | 1 | -1/+4 |
| | |||||
* | Remove unreachable code, and add additional testcases. | kennyj | 2011-11-24 | 1 | -6/+1 |
| | |||||
* | deprecation warning, changelog entry | lest | 2011-11-22 | 1 | -1/+3 |
| | |||||
* | add ActionController::Metal#show_detailed_exceptions? | lest | 2011-11-22 | 1 | -9/+7 |
| | |||||
* | It should be @calculated_ip not @calculate_ip | Arun Agrawal | 2011-11-17 | 1 | -1/+1 |
| | | | | We are using @calculated_ip. @calculate_ip is no where used | ||||
* | Initialize our instance variables. | Aaron Patterson | 2011-11-16 | 1 | -1/+3 |
| |