aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
|
* Close container div tag in routing error pageCarlos Antonio da Silva2013-01-051-9/+11
|
* Move style to head to make routes page valid html5Carlos Antonio da Silva2013-01-052-4/+6
|
* display mountable engine routes on RoutingError.Yves Senn2013-01-052-8/+23
|
* Allow use of durations for ActionDispatch::SSL configurationAndrew White2013-01-041-1/+1
|
* Remove unnecessary `ERB::Util::h`Ryunosuke SATO2013-01-057-17/+17
| | | | It is automatically applied when strings is unsafe for html.
* Suppress warning about IO#lines in Ruby 2.0Ryunosuke SATO2013-01-041-1/+1
| | | | actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:99: IO#lines is deprecated; use #each_line instead
* move error page js into script tagGosha Arinich2013-01-043-5/+27
|
* Merge pull request #8713 from goshakkk/better-error-pageGuillermo Iguaran2013-01-032-12/+10
|\ | | | | Fix env toggling, improve error page styling
| * fix env toggling, improve error page stylingGosha Arinich2013-01-032-12/+10
| |
* | Explain the possible precautionsAndre Arko2013-01-021-3/+4
| |
* | Restore original remote_ip algorithm.Andre Arko2013-01-021-53/+112
|/ | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* Fixing closing </p>Guillermo Iguaran2013-01-021-1/+1
|
* Fix a number of validation/style errors:Sam Ruby2013-01-022-8/+7
| | | | | | | | | | * <pre> is not allowed to be nested inside of <p> elements in HTML * Indentation of </p> doesn't match corresponding <p> * <p> element not explicitly closed * One more </div> than <div> In each case, the template was fixed to match how a HTML5 parser would "see" the resulting page.
* Merge pull request #8688 from goshakkk/error-page-toggleGuillermo Iguaran2013-01-021-3/+3
|\ | | | | Allow toggling dumps on error page
| * allow toggling dumps instead of just showingGosha Arinich2013-01-021-3/+3
| |
* | Cleanup some unnecessary CSS on the new error page and reformat some lines.Lucas Mazza2013-01-021-12/+13
| |
* | add source line paddingGosha Arinich2013-01-021-0/+4
|/
* remove meaningless AS::FrozenObjectErrorAkira Matsuda2013-01-021-1/+0
|
* Fix indent in UnknownAction templateGuillermo Iguaran2013-01-011-1/+1
|
* Summary and Details HTML elements aren't supported in all modern browsersGuillermo Iguaran2012-12-312-12/+12
|
* Add style to AV::Template::Error exception pageGuillermo Iguaran2012-12-312-14/+42
|
* Improve line-height to have better line spacing in exception messageGuillermo Iguaran2012-12-311-0/+1
|
* Add new style to Routing Error pageGuillermo Iguaran2012-12-311-19/+22
|
* Styling for exception pageGuillermo Iguaran2012-12-316-29/+150
|
* Add source extract to detailed exception pageGuillermo Iguaran2012-12-314-2/+34
|
* Define [], []=, permanent, signed and encrypted as the only allowed methods ↵Santiago Pastorino2012-12-301-9/+57
| | | | for the non Raw Cookie classes
* We need to check explictly that env['action_dispatch.show_exceptions']Rafael Mendonça França2012-12-261-1/+1
| | | | | | is false. If it is nil we can't raise the exception
* more descriptive return parametersHrvoje Šimić2012-12-261-4/+3
|
* Minor js review [ci skip]Carlos Antonio da Silva2012-12-181-7/+7
| | | | Remove/add ; where necessary, fix indentation.
* Format routes as html on debug pageschneems2012-12-174-2/+76
| | | | | | | | | When someone gets a routing exception, the routes are rendered (starting in Rails 4.0). This PR brings parity between the html routes in the `rails/info/routes` path and when rendered from an exception. This is the continuation of #8521 which brought html formatted routes. In addition to bringing parity to the two views, we're keeping our views DRY by rendering off of the same partials. In this case Railties depends on partials provided by ActionDispatch. I'm open to alternative implementations. Ideally both views will use the same code so any improvements or updates to it will be reproduced on both. <hr /> ![](http://f.cl.ly/items/3O1D0K1v0j0i343O3T3T/Screen%20Shot%202012-12-17%20at%203.07.20%20PM.png)
* DebugExceptions `File.join` => `File.expand_path`schneems2012-12-161-1/+1
|
* Remove nodoc from FlashHash #[]= [ci skip]Pablo Torres2012-12-011-1/+1
|
* Revert "Remove trailing whitespaces"Florent Guilleux2012-12-011-1/+1
| | | | This reverts commit 90c887fa7d0c454b7533e208daefc342dea4d5f3.
* Remove trailing whitespacesFlorent Guilleux2012-12-011-1/+1
|
* Merge pull request #8183 from jcoglan/objectless_sessionsJon Leighton2012-11-211-10/+24
|\ | | | | Store FlashHashes in the session as plain hashes
| * Store FlashHashes in the session as plain hashes rather than custom objects ↵James Coglan2012-11-091-10/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with unstable class names and instance variables. Refactor FlashHash to take values for its ivars in the constructor, to pretty up FlashHash.from_session_value. Remove stale comment on FlashHash: it is no longer Marshaled in the session so we can change its implementation. Remove blank lines I introduced in controller/test_case.rb. Unit tests for FlashHash#to_session_value. Put in a compatibility layer to accept FlashHash serializations from Rails 3.0+. Test that Rails 3.2 session flashes are correctly converted to the new format. Remove code path for processing Rails 3.0 FlashHashes since they can no longer deserialize. Fix session['flash'] deletion condition: it will never be empty?, it will either be nil or a hash with 'discard' and 'flashes' keys.
* | Fix UpgradeSignatureToEncryptionCookieStore docSantiago Pastorino2012-11-191-9/+4
| |
* | Improve UpgradeSignatureToEncryptionCookieStore docsSantiago Pastorino2012-11-161-1/+14
| | | | | | | | | | I suck at English, please help me reviewing this <3 <3 <3 [ci skip]
* | Add UpgradeSignatureToEncryptionCookieStoreSantiago Pastorino2012-11-162-2/+25
| | | | | | | | | | | | This allows easy upgrading from the old signed Cookie Store <= 3.2 or the deprecated one in 4.0 (the ones that doesn't use key derivation) to the new one that signs using key derivation
* | Call get_cookie to allow the method to be overriden by subclassesSantiago Pastorino2012-11-161-1/+1
| |
* | Add missing env param to get_cookieSantiago Pastorino2012-11-161-1/+1
| |
* | Merge pull request #8112 from rails/encrypted_cookiesSantiago Pastorino2012-11-152-34/+95
|\ \ | | | | | | Encrypted cookies
| * | Disallow ability to use EncryptedCookieJar with DummyKeyGeneratorSantiago Pastorino2012-11-031-0/+5
| | | | | | | | | | | | | | | Developers must set config.secret_key_base in config/initializers/secret_token.rb
| * | Rename secret_token_key to secret_key_baseSantiago Pastorino2012-11-031-3/+3
| | |
| * | Move ensure_secret_secure to DummyKeyGeneratorSantiago Pastorino2012-11-031-24/+0
| | |
| * | Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-11/+22
| | |
| * | Add encrypted cookie storeSantiago Pastorino2012-11-031-3/+20
| | |
| * | Add cookie.encrypted which returns an EncryptedCookieJarSantiago Pastorino2012-11-031-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | How to use it? cookies.encrypted[:discount] = 45 => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/ cookies.encrypted[:discount] => 45
| * | Sign cookies using key deriverSantiago Pastorino2012-11-031-15/+19
| |/