| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Since this protection is now in Parameters we can use it instead of
reimplementing again.
|
|\
| |
| | |
[docs] fix ActionDispatch documentation
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Action View overrides `url_for` in the view context to render paths by
default when using `url_for` and this means that direct route helpers
don't get the full url when called with the url suffix. To fix this
always call the original `url_for`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Not all requirements can be expressed in terms of polymorphic url
options so add a `route_for` method that allows calling another
direct route (or regular named route) which a set of arguments, e.g:
resources :buckets
direct :recordable do |recording|
route_for(:bucket, recording.bucket)
end
direct :threadable do |threadable|
route_for(:recordable, threadable.parent)
end
This maintains the context of the original caller, e.g.
threadable_path(threadable) # => /buckets/1
threadable_url(threadable) # => http://example.com/buckets/1
|
|/
|
|
|
|
|
|
|
|
| |
In 9b654d4 some params munging was added to ensure that they were
set whenever `recognize_path` would call either a proc or callable
constraint. Since we no longer mutate the environment hash within
the method it's now unnecessary and actually causes params to leak
between route matches before checking constraints.
Fixes #28398.
|
| |
|
| |
|
|
|
|
|
| |
Use a separate method called `resolve` for the custom polymorphic
mapping to clarify the API.
|
| |
|
| |
|
|
|
|
|
|
| |
Using `undef_method` means that when a route is removed any other
implementations of that method in the ancestor chain are inaccessible
so instead use `remove_method` which restores access to the ancestor.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the use of `direct` to specify custom mappings for polymorphic_url, e.g:
resource :basket
direct(class: "Basket") { [:basket] }
This will then generate the following:
>> link_to "Basket", @basket
=> <a href="/basket">Basket</a>
More importantly it will generate the correct url when used with `form_for`.
Fixes #1769.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the definition of custom url helpers that will be available
automatically wherever standard url helpers are available. The
current solution is to create helper methods in ApplicationHelper
or some other helper module and this isn't a great solution since
the url helper module can be called directly or included in another
class which doesn't include the normal helper modules.
Reference #22512.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The singleton url_for on Rails.application.routes.url_helpers isn't the
same as the url_for you get when you include the module in your class as
the latter has support for polymorphic style routes, etc. whereas the
former accepts only a hash and is the underlying implementation defined
on ActionDispatch::Routing::RouteSet.
This commit changes the singleton method to call through a proxy instance
so that it gets the full range of features specified in the documentation
for url_for.
|
|
|
|
|
|
|
|
|
|
|
|
| |
`AD::Journey::GTG::Simulator` is lazily built the first time
`Journey::Router#find_routes` is invoked, which happens when
the first request is served.
On large applications with many routes, building the simulator
can take several hundred milliseconds (~700ms for us).
Triggering this initialization during the boot process reduces
the impact of deploys on the application response time.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently a misleading "missing required keys" error is thrown when a param
fails to match the constraints of a particular route. This commit ensures that
these params are recognised as unmatching rather than missing.
Note: this means that a different error message will be provided between
optimized and non-optimized path helpers, due to the fact that the former does
not check constraints when matching routes.
Fixes #26470.
|
|
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But comments was still kept absolute position. This commit aligns
comments with method definitions for consistency.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
| |
I always appreciate having a bit more information as to why something is
now an error. We can use this error to tell people why what they were
previously doing is insecure and give them hints on how to fix it.
Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
|
|\
| |
| |
| | |
Refactor handling of :action default in routing
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The longstanding convention in Rails is that if the :action parameter
is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1
this was handled slightly differently than other routing defaults by
deleting it from the route options and adding it to the recall parameters.
With the recent focus of removing unnecessary duplications this has
exposed a problem in this strategy - we are now mutating the request's
path parameters and causing problems for later url generation. This will
typically affect url_for rather a named url helper since the latter
explicitly pass :controller, :action, etc.
The fix is to add a default for :action in the route class if the path
contains an :action segment and no default is passed. This change also
revealed an issue with the parameterized part expiry in that it doesn't
follow a right to left order - as soon as a dynamic segment is required
then all other segments become required.
Fixes #23019.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- we are ending sentences properly
- fixing of space issues
- fixed continuity issues in some sentences.
Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 .
This change reverts making sure we add '.' at end of deprecation sentences.
This is to keep sentences within Rails itself consistent and with a '.' at the end.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up to #23980.
- Fix grammar: "be remove" -> "be removed".
- Wrap lines at 80 chars.
Lurvely ;-)
|
|/
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
| |
|
|
|
|
|
|
|
|
| |
- Earlier only Hash was allowed as params argument to url_helpers.
- Now ActionController::Parameters instances will also be allowed.
- If the params are not secured then it will raise an ArgumentError to
indicate that constructing URLs with non-secure params is not recommended.
- Fixes #22832.
|
| |
|
|
|
|
|
| |
This code was added for migration from Rails 3.1 to upper,
now we are developing Rails 5.
|
|
|
| |
`Forwardable` has been used in the past
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating the url for a mounted engine through its proxy, the path should be the sum of three parts:
1. Any `SCRIPT_NAME` request header or the value of `ActionDispatch::Routing::RouteSet#relative_url_root`.
2. A prefix (the engine's mounted path).
3. The path of the named route inside the engine.
Since commit https://github.com/rails/rails/commit/44ff0313c121f528a68b3bd21d6c7a96f313e3d3, this has been broken. Step 2 has been changed to:
2. A prefix (the value of `ActionDispatch::Routing::RouteSet#relative_url_root` + the engine's mounted path).
The value of `ActionDispatch::Routing::RouteSet#relative_url_root` is taken into account in step 1 of the route generation and should be ignored when generating the mounted engine's prefix in step 2.
This commit fixes the regression by having `ActionDispatch::Routing::RouteSet#url_for` check `options[:relative_url_root]` before falling back to `ActionDispatch::Routing::RouteSet#relative_url_root`. The prefix generating code then sets `options[:relative_url_root]` to an empty string. This empty string is used instead of `ActionDispatch::Routing::RouteSet#relative_url_root` and avoids the duplicate `relative_url_root` value in the final result.
This resolves #20920 and resolves #21459
|
|
|
|
|
|
|
|
|
|
| |
Controllers should always have a request and response when responding.
Since we make this The Rule(tm), then controllers don't need to be
somewhere in limbo between "asking a response object for a rack
response" or "I, myself contain a rack response". This duality leads to
conditionals spread through the codebase that we can delete:
* https://github.com/rails/rails/blob/85a78d9358aa728298cd020cdc842b55c16f9549/actionpack/lib/action_controller/metal.rb#L221-L223
|
|
|
|
| |
This saves a lambda and request allocation on each request.
|
|
|
|
|
| |
controllers should always go through the `action` class method so that
their middleware is respected.
|
|
|
|
|
| |
now the caller can just treat it like a regular controller even though
it will return a 404
|
|
|
|
|
| |
the dispatcher class isn't configurable anymore, so pull up allocation
to the method that needs it.
|
|
|
|
|
|
| |
Now that we don't have subclasses depending on this method (they augment
the request class instead of the dispatch class) we can remove this
method and directly ask the request object for the controller class
|
| |
|
|
|
|
| |
we don't need it anymore. We always use the same dispatcher in tests.
|
|
|
|
|
|
| |
controller class resolution has been moved to the request object, so we
should override that method instead of relying on the RouteSet to
generate the controller class.
|
| |
|