aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
...
* | Refactor ActionDispatch::RemoteIpSam Aarons2014-08-211-52/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
* | Enable gzip compression by defaultschneems2014-08-201-14/+40
| | | | | | | | | | | | If someone is using ActionDispatch::Static to serve assets and makes it past the `match?` then the file exists on disk and it will be served. This PR adds in logic that checks to see if the file being served is already compressed (via gzip) and on disk, if it is it will be served as long as the client can handle gzip encoding. If not, then a non gzip file will be served. This additional logic slows down an individual asset request but should speed up the consumer experience as compressed files are served and production applications should be delivered with a CDN. This PR allows a CDN to cache a gzip file by setting the `Vary` header appropriately. In net this should speed up a production application that are using Rails as an origin for a CDN. Non-asset request speed is not affected in this PR.
* | Merge branch 'master' of github.com:rails/docrailsVijay Dev2014-08-192-0/+29
|\ \ | | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/mime_responds.rb actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb activerecord/lib/active_record/type/value.rb
| * | Uppercase HTML in docs.Hendy Tanata2014-08-081-1/+1
| | | | | | | | | | | | [skip ci]
| * | [ci skip] Document ActionDispatch::Staticschneems2014-08-051-0/+9
| | |
| * | [ci skip] document ActionDispatch::FileHandlerschneems2014-08-051-0/+10
| | |
| * | [ci skip] Document PublicExceptions middlewareschneems2014-08-051-0/+10
| | |
* | | Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
* | | Merge pull request #16467 from strzalek/cookies-digest-config-option2Godfrey Chan2014-08-171-3/+9
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
| * | | Add config option for cookies digestŁukasz Strzałkowski2014-08-121-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
* | | | Merge pull request #16484 from strzalek/remove-redundant-null-serializerGodfrey Chan2014-08-171-16/+7
|\ \ \ \ | | | | | | | | | | Remove redundant NullSerializer
| * | | | Remove redundant NullSerializerŁukasz Strzałkowski2014-08-131-16/+7
| |/ / / | | | | | | | | | | | | Use one from ActiveSupport::MessageEncryptor module.
* | | | this should be accessing the hash, not calling a methodAaron Patterson2014-08-131-1/+1
| | | |
* | | | use 'based on' instead of 'based off' [ci skip]Akshay Vishnoi2014-08-121-1/+1
| | | |
* | | | Revert "Merge pull request #16434 from strzalek/cookies-digest-config-option"Santiago Pastorino2014-08-081-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699. IT BROKE THE BUILD!!!
* | | | Add config option for cookies digestŁukasz Strzałkowski2014-08-081-2/+8
|/ / / | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = \SHA256'
* | | Retrieve source code for the entire stack traceRyan Dao2014-08-088-69/+109
| | | | | | | | | | | | | | | | | | Provide the ability to extract the source code of the entire exception stack trace, not just the frame raising the error. This improves debugging capability of the error page, especially for framework-related errors.
* | | Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-041-3/+3
|/ / | | | | | | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
* | Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-0/+1
| | | | | | | | | | | | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
* | Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-2/+2
| | | | | | | | | | | | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* | Fix weird comment. [CI SKIP]Guo Xiang Tan2014-07-091-2/+2
| |
* | [ci skip] /javascript/ -> JavaScript - cover whole appAkshay Vishnoi2014-07-041-1/+1
| |
* | flash doesn't pass objects #15522 [ci skip]Nishant Modak2014-07-011-3/+6
| |
* | [ci skip] Fix capitalizationAkshay Vishnoi2014-06-071-2/+2
| |
* | Escape user input before showing in the page.Rafael Mendonça França2014-05-261-2/+2
| | | | | | | | | | | | This is not a security issue since this page is not present in production and user have to type something in the field but is better to escape the input.
* | Remove redundant code.Guo Xiang Tan2014-05-201-3/+2
| |
* | Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-1/+1
|\ \ | | | | | | | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * | Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-1/+1
| | | | | | | | | | | | Fixes #12638.
* | | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | | Display diagnostics in text format for xhr requestVlad Bokov2014-04-142-0/+9
| | |
* | | Update documentation to use Rails.application insteadMarcel Morgan2014-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | References to ``AppName::Application` removed in favour of ``Rails.application`` as generated with a new rails 4.1 app. [ci skip]
* | | Split search results into 'exact matches' and 'fuzzy matches'.Winston2014-04-111-60/+96
| | | | | | | | | | | | - also refactored the javascript.
* | | Improve CSS styling for routing error html page.Winston2014-04-111-7/+25
| | |
* | | Implement fuzzy matching for route search on routing error html page.Winston2014-04-111-8/+10
| | |
* | | Avoid URI parsingAndriel Nuernberg2014-04-091-5/+8
| | | | | | | | | | | | | | | This parsing is unecessary once the Request object already has the needed information.
* | | Append link to bad code to backtrace when exception is SyntaxErrorBoris Kuznetsov2014-03-271-0/+8
| | |
* | | The digest option is no longer honoured since Rails 3.0 [ci skip]Godfrey Chan2014-03-201-1/+1
| | | | | | | | | | | | Closes #8513
* | | only write the jar if the response isn't committedAaron Patterson2014-03-121-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when streaming responses, we need to make sure the cookie jar is written to the headers before returning up the stack. This commit introduces a new method on the response object that writes the cookie jar to the headers as the response is committed. The middleware and test framework will not write the cookie headers if the response has already been committed. fixes #14352
* | | :scissors:Zachary Scott2014-02-231-1/+1
| | | | | | | | | | | | This commit also addresses rails/docrails#169 and rails/rails#14159
* | | Fix parameter naming in RemoteIp middleware constructor methodKalabiYau2014-02-181-2/+2
| | | | | | | | | | | | | | | Was custom_proxies in inline docs, but should be and defined in constructor as custom_proxies
* | | rm warning about variable shadowingGodfrey Chan2014-02-111-2/+2
| | |
* | | Migrate hash-based cookie values correctlyGodfrey Chan2014-02-111-2/+4
| | |
* | | Missed FlashHash#replaceGodfrey Chan2014-02-111-1/+1
| | |
* | | Fixed broken flash testsGodfrey Chan2014-02-111-1/+1
| | |
* | | Re-write legacy (marshal) cookies on readGodfrey Chan2014-02-111-20/+40
| | |
* | | Stringify the incoming hash in FlashHashGuillermo Iguaran2014-02-111-1/+3
| | | | | | | | | | | | | | | Stringify the incoming as well to handle incoming symbol keys from marshalled sessions
* | | Convert FlashHash in a Hash with indifferent accessGuillermo Iguaran2014-02-111-4/+15
| | |
* | | Added HybridSerializer to upgrade existing marshal cookies (wip: need tests)Godfrey Chan2014-02-111-0/+14
| | |
* | | Renamed session_serializer option to cookies_serializerGodfrey Chan2014-02-113-42/+30
| | |
* | | Updated the cookie docs to use the safer JSON.{generate,parse}Godfrey Chan2014-02-081-5/+5
| | | | | | | | | | | | cc @senny