| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
|
|
| |
This way we can get the relative_url_root from the application without
setting another global value
|
|
|
|
|
|
| |
Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment
variable is not prepended to the path when `url_for` is called.
If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.
|
| |
|
|
|
|
|
|
| |
We are setting this header to chrome=1 for Chrome Frame and this will be
retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for
details
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
The new option allows any Ruby namespace to be registered and set
up for eager load. We are effectively exposing the structure existing
in Rails since v3.0 for all developers in order to make their applications
thread-safe and CoW friendly.
|
|
|
|
| |
With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
|
|
|
|
|
|
| |
ActionDispatch railtie is a better place for
config.action_dispatch.default_headers settings, users can continue
overriding those settings in their configuration files if needed.
|
| |
|
|
|
|
|
|
| |
that info
Closes #5245
|
|
|
|
| |
the update action of resources
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PATCH is the correct HTML verb to map to the #update action. The
semantics for PATCH allows for partial updates, whereas PUT requires a
complete replacement.
Changes:
* adds config.default_method_for_update you can set to :patch
* optionally use PATCH instead of PUT in resource routes and forms
* adds the #patch verb to routes to detect PATCH requests
* adds #patch? to Request
* changes documentation and comments to indicate support for PATCH
This change maintains complete backwards compatibility by keeping :put
as the default for config.default_method_for_update.
|
|
|
|
|
| |
This should be set globally as a configuration, using
`config.action_dispatch.default_charset` instead
|
|
|
|
| |
set AD::IntegrationTest.app in railtie initializer
|
|
|
|
| |
time.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
set a particular value for it. This allows servers to set it through
X-Sendfile-Type, read
https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more
info. Anyways you can force this value in your production.rb
|
| |
|
| |
|
|
|
|
|
|
|
| |
action_dispatch.prepare_dispatcher per commit #48bf667a8b1
See line note:
http://github.com/rails/rails/commit/7fae0aa4ac116bcbf522a9a4f19972c653d366fa#commitcomment-145148
|
| |
|
|
|
|
| |
ensuring all configuration options were applied.
|
|
|
|
|
|
| |
available standards support. This ensures that IE doesn't go into quirks mode because it has been blacklisted by too many users pressing the incompatible button. It also tells IE to use the ChromeFrame renderer, if the user has installed the plugin.
This guarantees that the best available standards support will be used on the client.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
[#4315 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
| |
Provide a default in production.rb that can be modified, so that
people who care about sendfile performance in production mode can
get better performance easily.
|
|
|
|
| |
remove railtie_name and engine_name and allow to set the configuration object.
|
|
|
|
| |
ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
|
| |
|
|
|
|
|
| |
* ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check
* ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
|
|
|
|
|
|
|
|
|
|
| |
* Add the Rack::Sendfile middleware
* Make the header to use configurable via config.action_dispatch.x_sendfile_header (default to "X-Sendfile").
* Add Railties tests to confirm that these work
* Remove the :stream, :buffer_size, and :x_senfile default options to send_file
* Change the log subscriber to always say "Sent file"
* Add deprecation warnings for options that are now no-ops
Note that servers can configure this by setting X-Sendfile-Type. Hosting companies and those creating packages of servers specially designed for Rails applications are encouraged to specify this header so that this can work transparently.
|
| |
|