| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose metadata prevents cookie values from being
copy-pasted and ensures that the cookie is used only
for its originally intended purpose.
The Purpose and Expiry metadata are embedded inside signed/encrypted
cookies and will not be readable on previous versions of Rails.
We can switch off purpose and expiry metadata embedded in
signed and encrypted cookies using
config.action_dispatch.use_cookies_with_metadata = false
if you want your cookies to be readable on older versions of Rails.
|
| |
|
|
|
|
| |
default headers set.
|
|
|
|
|
|
| |
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
|
|
| |
This way we can get the relative_url_root from the application without
setting another global value
|
|
|
|
|
|
| |
Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment
variable is not prepended to the path when `url_for` is called.
If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.
|
| |
|
|
|
|
|
|
| |
We are setting this header to chrome=1 for Chrome Frame and this will be
retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for
details
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
The new option allows any Ruby namespace to be registered and set
up for eager load. We are effectively exposing the structure existing
in Rails since v3.0 for all developers in order to make their applications
thread-safe and CoW friendly.
|
|
|
|
| |
With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
|
|
|
|
|
|
| |
ActionDispatch railtie is a better place for
config.action_dispatch.default_headers settings, users can continue
overriding those settings in their configuration files if needed.
|
| |
|
|
|
|
|
|
| |
that info
Closes #5245
|
|
|
|
| |
the update action of resources
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PATCH is the correct HTML verb to map to the #update action. The
semantics for PATCH allows for partial updates, whereas PUT requires a
complete replacement.
Changes:
* adds config.default_method_for_update you can set to :patch
* optionally use PATCH instead of PUT in resource routes and forms
* adds the #patch verb to routes to detect PATCH requests
* adds #patch? to Request
* changes documentation and comments to indicate support for PATCH
This change maintains complete backwards compatibility by keeping :put
as the default for config.default_method_for_update.
|
|
|
|
|
| |
This should be set globally as a configuration, using
`config.action_dispatch.default_charset` instead
|
|
|
|
| |
set AD::IntegrationTest.app in railtie initializer
|
|
|
|
| |
time.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
set a particular value for it. This allows servers to set it through
X-Sendfile-Type, read
https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more
info. Anyways you can force this value in your production.rb
|
| |
|
| |
|
|
|
|
|
|
|
| |
action_dispatch.prepare_dispatcher per commit #48bf667a8b1
See line note:
http://github.com/rails/rails/commit/7fae0aa4ac116bcbf522a9a4f19972c653d366fa#commitcomment-145148
|
| |
|
|
|
|
| |
ensuring all configuration options were applied.
|
|
|
|
|
|
| |
available standards support. This ensures that IE doesn't go into quirks mode because it has been blacklisted by too many users pressing the incompatible button. It also tells IE to use the ChromeFrame renderer, if the user has installed the plugin.
This guarantees that the best available standards support will be used on the client.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
[#4315 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
| |
Provide a default in production.rb that can be modified, so that
people who care about sendfile performance in production mode can
get better performance easily.
|
|
|
|
| |
remove railtie_name and engine_name and allow to set the configuration object.
|
|
|
|
| |
ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
|
| |
|