| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- For old apps which are not setting any value for hsts[:subdomains],
a deprecation warning will be shown saying that hsts[:subdomains] will
be turned on by default in Rails 5.1. Currently it will be set to
false for backward compatibility.
- Adjusted tests to reflect this change.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) Because if you forget to add Secure; to the session cookie, it will leak to http:// subdomain in some cases
2) Because http:// subdomain can Cookie Bomb/cookie force main domain or be used for phishing.
That's why *by default* it must include subdomains as it's much more common scenario. Very few websites *intend* to leave their blog.app.com working over http:// while having everything else encrypted.
Yes, many developers forget to add subdomains=true by default, believe me :)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing
changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39.
This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| | |
|
|\ \
| | |
| | |
| | | |
Give Sessions Indifferent Access
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This bug affects `wss://` requests when running Action Cable in-app.
Fixes #23620.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is meant to provide a way for Action Cable, Sprockets, and possibly
other Rack applications to mark themselves as internal, and to exclude
themselves from the routing inspector, and thus `rails routes` / `rake
routes`.
I think this is the only way to have mounted Rack apps be marked as
internal, within AD/Journey. Another option would be to create an array
of regexes for internal apps, and then to iterate over that everytime a
request comes through. Also, I only had the first `add_route` method set
`internal`'s default to false, to avoid littering it all over the
codebase.
|
| | |
| | |
| | |
| | |
| | | |
This will keep our current API working without having the users to
change their codebases.
|
| | |
| | |
| | |
| | |
| | |
| | | |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
| | | |
|
|\ \ \
| | | |
| | | | |
Remove unused Journey code
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- `VERSION` shouldn't be there anymore since Journey is technically part
of Action Dispatch now (and thus Action Pack, and follows the normal
Rails versioning scheme)
- `backwards.rb` was only in the file tree because early in the history
or Journey (back in 2011!), it was moved from under the Rack namespace, to its own
namespace, Journey! This file is no longer required, and is assigning
constants that are no longer needed.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
bf4/incorrect_to_accept_json_api_and_not_render_spec
The JSON API media type should only work wih a JSON API handler
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since the media type 'application/vnd.api+json' is a spec,
it is inappropriate to handle it with the JSON renderer.
This PR removes support for a JSON API media type.
I would recommend the media type be registered on its own as `jsonapi`
when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added.
Is related to work in https://github.com/rails/rails/pull/21496
|
| |/ /
|/| |
| | |
| | | |
This change was added in #23203 and it was not conforming our code style.
|
|\ \ \
| | | |
| | | | |
application/gzip added as default mime type into mime type list
|
| | | | |
|
|\ \ \ \
| |_|/ /
|/| | | |
WIP: Errors in logs should show log tags as well.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Changed formatted_code_for to return array of logs to be tagged for each line
- Changed some render tests to match new behaviour of return
Fixes #22979
|
|\ \ \ \
| | | | |
| | | | | |
Use a URL instead of an URL everywhere
|
| | |/ /
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Multiple cookie values should be separated by '; ' according
to RFC 6265, section 5.4.4[1].
[1]: https://tools.ietf.org/html/rfc6265#section-5.4
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
into ma2gedev-should-escape-cookie
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Get an incorrect cookie value in controller action method
if cookie value contains an escapable string.
|
| |/ / /
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
Fix routes to match verb and URL path with -g option also.
|
| | | | | |
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Yesterday, when improving how `parsed_body` extracted a parser I wrote
77bbf1e. Then I thought that was too many changes in one commit
and broke it up locally... or so I thought.
When pushed the extra commits removed the changes! Wups!
In shame, lob those changes together here:
* 3b94c38 which meant to fix the CHANGELOG syntax error.
* 5007df5 which meant to mention `parsed_body` in the docs.
* 036a7a0 which meant to memoize the `parsed_body`.
|
|\ \ \ \
| | | | |
| | | | | |
Fix argument passing to rake routes
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Fixed related documentation and usage all around
Fixes #23561
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It's common to use several assertions on the parsed response. The response
bodies aren't meant to be mutated. People should make new test requests
instead.
Thus, it should be safe to memoize the parsing.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Little easier to understand when you know the method that's used.
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We're not guaranteed to have a `RequestEncoder` to assign on `get` requests
because we aren't extracting the parser from the response content type.
Until now.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When testing:
```ruby
post articles_path, params: { article: { title: 'Ahoy!' } }, as: :json
```
It's common to want to make assertions on the response body. Perhaps the
server responded with JSON, so you write `JSON.parse(response.body)`.
But that gets tedious real quick.
Instead add `parsed_body` which will automatically parse the reponse
body as what the last request was encoded `as`.
|
|\ \ \ \
| |/ / /
|/| | | |
Add `as` to encode a request as a specific mime type.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Turns
```
post articles_path(format: :json), params: { article: { name: 'Ahoy!' } }.to_json,
headers: { 'Content-Type' => 'application/json' }
```
into
```
post articles_path, params: { article: { name: 'Ahoy!' } }, as: :json
```
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Prototype, you have served us well. But you are no longer how we make an
XMLHttpRequest. RIP
|
|\ \ \ \
| | | | |
| | | | | |
Duplicate assert_generates options before modifying it
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some places were saying filter, while others said filter_options, spare the ambiguity
and use filter throughout.
This inlines a needless local variable and clarifies a route filter consists of defaults
and values to match against.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Assume the filter is a string, if it wasn't a hash and isn't nil. Remove needless else
and rely on Ruby's default nil return.
Add spaces within hash braces.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add options for rake routes task
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add two options: `-c` and `-g`.
`-g` option returns the urls name, verb and path fields that match the pattern.
`-c` option returns the urls for specific controller.
Fixes #18902, and Fixes #20420
[Anton Davydov & Vipul A M]
|