aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Start passing cipher from EncryptedCookieJar since we use it to determine ↵Vipul A M2016-09-011-7/+5
| | | | key length
* Follow up of #25602Vipul A M2016-09-011-4/+6
| | | | | | | | | Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts. keys of same value but different lenght and greater than key size of cipher, produce the same results as reproduced at https://gist.github.com/rhenium/b81355fe816dcfae459cc5eadfc4f6f9 Since our default cipher is 'aes-256-cbc', key length for which is 32 bytes, limit the length of key being passed to Encryptor to 32 bytes. This continues to support backwards compat with any existing signed data, already encrupted and signed with 32+ byte keys. Also fixes the passing of this value in multiple tests.
* Override `respond_to_missing?` instead of `respond_to?` when possibleSean Griffin2016-08-312-2/+2
| | | | | | | | | | This was almost every case where we are overriding `respond_to?` in a way that mirrors a parallel implementation of `method_missing`. There is one remaining case in Active Model that should probably do the same thing, but had a sufficiently strange implementation that I want to investigate it separately. Fixes #26333.
* Merge pull request #26317 from maclover7/jm-fix-26298Aaron Patterson2016-08-291-8/+15
|\ | | | | Allow `send_file` to declare a charset
| * Remove default argument, and extract internal convenience methodJon Moss2016-08-291-6/+12
| |
| * Allow `send_file` to declare a charsetJon Moss2016-08-291-4/+5
| | | | | | | | | | | | Removed my patch in favor of @tenderlove's less invasive approach. [Aaron Patterson & Jon Moss]
* | Fix nested multiple rootsRyo Hashimoto2016-08-291-1/+1
|/ | | | | | | | | | | | | | | The PR #20940 enabled the use of multiple roots with different constraints at the top level but unfortunately didn't work when those roots were inside a namespace and also broke the use of root inside a namespace after a top level root was defined because the check for the existence of the named route used the global :root name and not the namespaced name. This is fixed by using the name_for_action method to expand the :root name to the full namespaced name. We can pass nil for the second argument as we're not dealing with resource definitions so don't need to handle the cases for edit and new routes. Fixes #26148.
* Missing key should throw KeyErroreileencodes2016-08-261-1/+1
| | | | | | It should not throw a NameError, but should throw a KeyError. Fixes #26278
* Merge pull request #26235 from ↵Sean Griffin2016-08-241-1/+5
|\ | | | | | | | | samphippen/allow-early-setting-of-integration-session Allow the `integration_sesion` to be set early on ActionDispatch::Integration::Runner.
| * Move setting of integration session to constructor.Sam Phippen2016-08-211-1/+5
| | | | | | | | This allows us to not `||=` in `before_setup`.
| * Allow the `integration_sesion` to be set early on ↵Sam Phippen2016-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ActionDispatch::Integration::Runner. In commit fa63448420d3385dbd043aca22dba973b45b8bb2, @tenderlove changed the behaviour of the way `integration_session` is set up in this object. It used to be the case that the first time it was accessed, it was memoized with nil, however, this means that if it had already been set it was not replaced. After that commit, it is now always set to `nil` in the execution of `before_setup`. In RSpec, users are able to invoke `host!` in `before(:all)` blocks, which execute well before `before_setup` is ever invoked (which happens in what is equivalent to a `before(:each)` block, for each test. `host!` causes the integration session to be set up to correctly change the host, but after fa63448420d3385dbd043aca22dba973b45b8bb2 the `integration_session` gets overwritten, meaning that users lose their `host!` configuration (see https://github.com/rspec/rspec-rails/issues/1662). This commit changes the behaviour back to memoizing with `nil`, as opposed to directly overwriting with `nil`. This causes the correct behaviour to occur in RSpec, and unless I'm mistaken will also ensure that users who want to modify their integration sessions early in rails will also be able to do so.
* | Return 307 status instead of 301 when rerouting POST requests to SSLChirag Singhal2016-08-221-1/+9
| | | | | | | | | | | | | | | | | | | | | | When `config.force_ssl` is set to `true`, any POST/PUT/DELETE requests coming in to non-secure url are being redirected with a 301 status. However, when that happens, the request is converted to a GET request and ends up hitting a different action on the controller. Since we can not do non-GET redirects, we can instead redirect with a 307 status code instead to indicate to the caller that a fresh request should be tried preserving the original request method. `rack-ssl` gem which was used to achieve this before we had this middleware directly baked into Rails also used to do the same, ref: https://github.com/josh/rack-ssl/blob/master/lib/rack/ssl.rb#L54 This would be specially important for any apps switching from older version of Rails or apps which expose an API through Rails.
* | Fix `ActionDispatch::Http::URL` docs [ci skip]Ryoji Yoshioka2016-08-221-65/+21
|/ | | | Use ActionDispatch::Request instead of Request because ActionDispatch::Request no longer inherits from Rack::Request.
* Change method visibility to be privateRafael Mendonça França2016-08-171-57/+57
| | | | | Those methods are only using inside this module and by a private method so they all should be private.
* Push :defaults extraction down one levelRafael Mendonça França2016-08-171-60/+60
| | | | | | | | | | | | | Since e852daa6976cc6b6b28ad0c80a188c06e226df3c only the verb methods where extracting the defaults options. It was merged a fix for the `root` method in 31fbbb7faccba25b2e3b5e10b8fca1468579d629 but `match` was still broken since `:defaults` where not extracted. This was causing routes defined using `match` and having the `:defaults` keys to not be recognized. To fix this it was extracted a new private method with the actual content of `match` and the `:defaults` extracting was moved to `match`.
* Merge pull request #26156 from sfaxon/route_visualizer_fixRafael França2016-08-161-1/+3
|\ | | | | fix Rails.application.routes.router.visualizer for router debugging
| * fix Rails.application.routes.router.visualizer for router debuggingSeth Faxon2016-08-131-1/+3
| | | | | | | | fixes error due to Routes#partitioned_routes being removed
* | Add three new rubocop rulesRafael Mendonça França2016-08-1615-25/+25
| | | | | | | | | | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* | [ci skip] Link to the request helpers documentation.Kasper Timm Hansen2016-08-141-0/+3
| | | | | | | | | | | | It's tough for people without the knowledge of where the `get` and friends integration test helpers are defined to find documentation for them. Add a link to the main integration test documentation.
* | [ci skip] Update integration test request encoding documentation.Kasper Timm Hansen2016-08-141-13/+14
|/ | | | | | | * Give the section a header to distinguish it from the general doc. * Replace backticks with + signs to fit SDoc. * Use double quoted strings. * Clarify how `parsed_body` works — it doesn't depend on `as` anymore.
* Make private method privateRafael Mendonça França2016-08-121-11/+11
|
* Given a hash (Rails 5) .from_hash must be usedJavier Julio2016-08-121-1/+1
| | | When initializing an `ActionDispatch::Http::Headers` object it takes a request object (Rails 5) whereas before it took a hash (Rails 4.x) but the documented example still shows a hash given to the constructor (due to commit 34fa6658dd1b779b21e586f01ee64c6f59ca1537) so this is just a documentation change to use the new `from_hash` method introduced in that earlier commit.
* Allow specifying encoding of parameters by actionKerri Miller2016-08-093-1/+18
| | | | | At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action.
* revises more Lint/EndAlignment offensesXavier Noria2016-08-083-8/+8
|
* Fix Accept header overridden when "xhr: true" in integration testDavid Chen2016-08-071-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | In integration test when specify the "Accept" header with "xhr: true" option, the Accept header is overridden with a default xhr Accept header. The issue only affects HTTP header "Accept" but not CGI variable "HTTP_ACCEPT". For example: get '/page', headers: { 'Accept' => 'application/json' }, xhr: true # This is WRONG! And the response.content_type is also affected. # It should be "application/json" assert_equal "text/javascript, text/html, ...", request.accept assert_equal 'text/html', response.content_type The issue is in `ActionDispatch::Integration::RequestHelpers`. When setting "xhr: true" the helper sets a default HTTP_ACCEPT if blank. But the code doesn't consider supporting both HTTP header style and CGI variable style. For detail see this GitHub issue: https://github.com/rails/rails/issues/25859
* Add `Style/EmptyLines` in `.rubocop.yml` and remove extra empty linesRyuta Kamizono2016-08-072-3/+0
|
* applies remaining conventions across the projectXavier Noria2016-08-0613-16/+5
|
* normalizes indentation and whitespace across the projectXavier Noria2016-08-0626-734/+733
|
* remove redundant curlies from hash argumentsXavier Noria2016-08-065-5/+5
|
* modernizes hash syntax in actionpackXavier Noria2016-08-0612-26/+26
|
* applies new string literal convention in actionpack/libXavier Noria2016-08-0663-387/+387
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Fix GET JSON integration test request to use method overrideeileencodes2016-08-051-1/+6
| | | | | | | | | | | | | | | | | | When a `GET` request is sent `as: :json` in an integration test the test should use Rack's method override to change to a post request so the paramters are included in the postdata. Otherwise it will not encode the parameters correctly for the integration test. Because integration test sets up it's own middleware, `Rack::MethodOverride` needs to be included in the integration tests as well. `headers ||= {}` was moved so that headers are never nil. They should default to a hash. Fixes #26033 [Eileen M. Uchitelle & Aaron Patterson]
* Merge pull request #25913 from chrisarcand/fix-keyed-defaults-with-rootRafael Mendonça França2016-07-271-1/+8
|\ | | | | | | Fix keyed defaults with root
| * Fix 'defaults' option for root routeChris Arcand2016-07-211-1/+8
| | | | | | | | | | | | | | | | | | The merging of the 'defaults' option was moved up the stack in e852daa This allows us to see where these options originate from the standard HttpHelpers (get, post, patch, put, delete) Unfortunately this move didn't incorporate the 'root' method, which has always allowed the same 'defaults' option before.
* | There are some cases where @@app is not definedSantiago Pastorino2016-07-261-1/+5
| |
* | Return ActionDispatch.test_app when no app is set on IntegrationTest.app methodSantiago Pastorino2016-07-261-1/+1
| | | | | | | | Fixes #25926
* | Also yield in parameters for a nil content_mime_typeJulian Nadeau2016-07-251-1/+1
|/
* Fix failing requirement of duplicable in ParameterFilterVipul A M2016-07-161-0/+2
|
* Check `request.path_parameters` encoding at the point they're setGrey Baker2016-07-143-13/+7
| | | | | | | | Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
* Merge pull request #25798 from ↵Matthew Draper2016-07-141-3/+3
|\ | | | | | | | | greysteil/dont-raise-unknown-http-method-low-in-stack Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static
| * Don't raise ActionController::UnknownHttpMethod from ActionDispatch::StaticGrey Baker2016-07-131-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `ActionDispatch::Static` middleware is used low down in the stack to serve static assets before doing much processing. Since it's called from so low in the stack, we don't have access to the request ID at this point, and generally won't have any exception handling defined (by default `ShowExceptions` is added to the stack quite a bit higher and relies on logging and request ID). Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3 this middleware would ignore unknown HTTP methods, and an exception about these would be raised higher in the stack. After that commit, however, that exception will be raised here. If we want to keep `ActionDispatch::Static` so low in the stack (I think we do) we should suppress the `ActionController::UnknownHttpMethod` exception here, and instead let it be raised higher up the stack, once we've had a chance to define exception handling behaviour. This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to `ActionDispatch::FileHandler`, which won't raise an `ActionController::UnknownHttpMethod` error. If an unknown method is passed, it should exception higher in the stack instead, once we've had a chance to define exception handling behaviour.`
* | Merge pull request #25771 from kaspth/make-test-response-assign-response-parserKasper Timm Hansen2016-07-133-57/+64
|\ \ | |/ |/| Let TestResponse assign a parser.
| * Let TestResponse assign a parser.Kasper Timm Hansen2016-07-103-57/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously we'd only assign a response parser when a request came through Action Dispatch integration tests. This made calls to `parsed_body` when a TestResponse was manually instantiated — though own doing or perhaps from a framework — unintentionally blow up because no parser was set at that time. The response can lookup a parser entirely through its own ivars. Extract request encoder to its own file and assume that a viable content type is present at TestResponse instantiation. Since the default response parser is a no-op, making `parsed_body` equal to `body`, no exceptions will be thrown.
* | Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`Grey Baker2016-07-121-2/+2
|/ | | | | | | | | | | | Rack [recently](https://github.com/rack/rack/commit/7e7a3890449b5cf5b86929c79373506e5f1909fb) moved the namespace of its `ParameterTypeError` and `InvalidParameterError` errors. Whilst an alias for the old name was added, the logic in `ActionDispatch::ExceptionWrapper` was still broken by this change, since it relies on the class name. This PR updates `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespaced errors correctly. We no longer need to worry about the old names, since Rails specifies Rack ~> 2.0.
* Add a test case for verifying `cookie_only` is set even if user tries to set ↵Prathamesh Sonpatki2016-07-071-1/+1
| | | | it false
* [ci skip] Correct defaults in documentation for ActionDispatch::SSLTim Rogers2016-07-061-4/+5
| | | | `config.ssl_options` permits configuring various options for the middleware. Default options for HSTS (specified with the `:hsts` key in the options hash) are specified in `.default_hsts_options`. The documentation did not make clear these defaults, and in one case was wrong.
* Deprecate usage of nil as route pathVolmer2016-07-051-0/+6
| | | | | | | | | | | | | | | | | | | In Rails 4 these kind of routes used to work: ```ruby scope '/*id', controller: :builds, as: :build do get action: :show end ``` But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for paths specified as strings or symbols. Implicit `nil` paths are just ignored, with no deprecation warnings or errors. Routes are simply not created. This come as a surprise for people migrating to Rails 5, since the lack of logs or errors makes hard to understand where the problem is. This commit introduces a deprecation warning in case of path as `nil`, while still allowing the route definition.
* Fix conditional order broken in ea40ec56.Kasper Timm Hansen2016-07-021-2/+2
|
* Merge pull request #25344 from matthewd/debug-locksMatthew Draper2016-07-021-0/+122
|\ | | | | ActionDispatch::DebugLocks
| * Provide a middleware to debug misbehaving locksMatthew Draper2016-06-101-0/+122
| | | | | | | | | | Only intended to be enabled when in use; by necessity, it sits above any reasonable access control.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 14:01:39 +0000