aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/railtie.rb
Commit message (Collapse)AuthorAgeFilesLines
* Purpose Metadata For Signed And Encrypted CookiesAssain2018-08-121-0/+1
| | | | | | | | | | | | | | | | Purpose metadata prevents cookie values from being copy-pasted and ensures that the cookie is used only for its originally intended purpose. The Purpose and Expiry metadata are embedded inside signed/encrypted cookies and will not be readable on previous versions of Rails. We can switch off purpose and expiry metadata embedded in signed and encrypted cookies using config.action_dispatch.use_cookies_with_metadata = false if you want your cookies to be readable on older versions of Rails.
* Add 'Referrer-Policy' header to default headers setGuillermo Iguaran2018-01-081-1/+2
|
* Add secure `X-Download-Options` and `X-Permitted-Cross-Domain-Policies` to ↵Guillermo Iguaran2017-12-091-1/+3
| | | | default headers set.
* Add key rotation cookies middlewareMichael Coyne2017-09-241-2/+4
| | | | | | Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* AEAD encrypted cookies and sessionsMichael Coyne2017-05-221-0/+3
| | | | | | | | | | | | | | | | This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted.
* Remove deprecated callbacks from ActionDispatch middlewaresRafael Mendonça França2017-01-311-2/+0
|
* Add three new rubocop rulesRafael Mendonça França2016-08-161-2/+2
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-7/+7
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Don't reference Rails.application from inside a componentMatthew Draper2016-03-021-0/+2
|
* pass a config to the route setAaron Patterson2015-03-051-2/+0
| | | | | This way we can get the relative_url_root from the application without setting another global value
* Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`.Yasyf Mohamedali2015-02-241-0/+2
| | | | | | Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.
* Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+2
|
* Don't set X-UA-Compatible header by defaultGuillermo Iguaran2013-06-131-2/+1
| | | | | | We are setting this header to chrome=1 for Chrome Frame and this will be retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for details
* Add 'X-UA-Compatible' => 'chrome=1' to default headersGuillermo Iguaran2013-01-291-1/+2
|
* Remove BestStandardsSupport middlewareGuillermo Iguaran2013-01-291-1/+0
|
* nodoc AD & AV railties classesCarlos Duclos2012-12-011-1/+1
|
* Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-0/+4
|
* config.action_dispatch.rack_cache should set explicitly to enable Rack::CacheGuillermo Iguaran2012-10-041-6/+1
|
* Get rid of config.preload_frameworks in favor of config.eager_load_namespacesJosé Valim2012-08-211-0/+2
| | | | | | | The new option allows any Ruby namespace to be registered and set up for eager load. We are effectively exposing the structure existing in Rails since v3.0 for all developers in order to make their applications thread-safe and CoW friendly.
* Added X-Content-Type-Options to the header defaults.Jim Jones2012-08-181-1/+2
| | | | With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
* Move AD default_headers configurations to railtieGuillermo Iguaran2012-08-101-0/+5
| | | | | | ActionDispatch railtie is a better place for config.action_dispatch.default_headers settings, users can continue overriding those settings in their configuration files if needed.
* introduce default_headers configEgor Homakov2012-08-091-0/+1
|
* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to check ↵Santiago Pastorino2012-03-031-1/+1
| | | | | | that info Closes #5245
* uses PATCH for the forms of persisted records, and routes PATCH and PUT to ↵Xavier Noria2012-02-241-1/+0
| | | | the update action of resources
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-0/+1
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* Remove deprecated default_charset= from AC::BaseCarlos Antonio da Silva2012-01-171-1/+2
| | | | | This should be set globally as a configuration, using `config.action_dispatch.default_charset` instead
* remove Rails application fallback from AD::IntegrationTestSergey Nartimov2011-12-231-0/+2
| | | | set AD::IntegrationTest.app in railtie initializer
* Assign config.encoding to AD::Response.default_charset at the initialization ↵kennyj2011-12-071-0/+1
| | | | time.
* Add an ExceptionWrapper that wraps an exception and provide convenience helpers.José Valim2011-12-011-2/+2
|
* Allow rescue responses to be configured through a railtie.José Valim2011-12-011-1/+12
|
* configuration option to always write cookielest2011-11-231-1/+3
|
* stop circular require warningsAaron Patterson2011-08-241-1/+0
|
* x_sendfile_header now defaults to nil and production.rb env file doesn'tSantiago Pastorino2011-08-071-1/+1
| | | | | | | set a particular value for it. This allows servers to set it through X-Sendfile-Type, read https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more info. Anyways you can force this value in your production.rb
* Allow ignore_accept_header through configuration option.José Valim2011-05-021-0/+2
|
* First pass at Rack::Cachewycats2010-09-131-0/+1
|
* Partial revert of commit #7fae0aa4ac116 removing ↵Mikel Lindsaar2010-09-111-5/+0
| | | | | | | action_dispatch.prepare_dispatcher per commit #48bf667a8b1 See line note: http://github.com/rails/rails/commit/7fae0aa4ac116bcbf522a9a4f19972c653d366fa#commitcomment-145148
* Add configuration option for tld lengthSimon Jefford2010-09-091-0/+10
|
* Ensure routes are loaded only after the initialization process finishes, ↵José Valim2010-09-021-5/+0
| | | | ensuring all configuration options were applied.
* Add a header that tells Internet Explorer (all versions) to use the best ↵wycats2010-07-271-1/+2
| | | | | | available standards support. This ensures that IE doesn't go into quirks mode because it has been blacklisted by too many users pressing the incompatible button. It also tells IE to use the ChromeFrame renderer, if the user has installed the plugin. This guarantees that the best available standards support will be used on the client.
* Use the new ActiveSupport::FileUpdateChecker instead of RoutesReloader.José Valim2010-06-201-1/+1
|
* Kill legacy dispatcher.José Valim2010-05-181-2/+0
|
* Add a test which ensures action_dispatch.show_exceptions is properly disabled.José Valim2010-04-021-1/+1
|
* Raise exceptions instead of rendering error templates in test environment ↵Rolf Bjaanes2010-04-021-1/+2
| | | | | | [#4315 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Make X-Sendfile default to "" so it works correctly in dev mode.wycats2010-03-261-1/+1
| | | | | Provide a default in production.rb that can be modified, so that people who care about sendfile performance in production mode can get better performance easily.
* Move application configuration to the application configuration object, ↵José Valim2010-03-261-2/+1
| | | | remove railtie_name and engine_name and allow to set the configuration object.
* Deprecated ActionController::Base.session_options= and ↵Carlhuda2010-03-041-2/+0
| | | | ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
* Move session and session_store onto ActionDispatch and add deprecation warningsCarlhuda2010-03-041-0/+2
|