aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
...
* | :nail_care:Rafael Mendonça França2016-02-251-2/+2
| |
* | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-251-1/+12
|\ \ | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | Update documentation and deprecation messagePrathamesh Sonpatki2016-02-251-3/+3
| | |
| * | Added deprecation for older appsPrathamesh Sonpatki2016-02-251-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | - For old apps which are not setting any value for hsts[:subdomains], a deprecation warning will be shown saying that hsts[:subdomains] will be turned on by default in Rails 5.1. Currently it will be set to false for backward compatibility. - Adjusted tests to reflect this change.
| * | HSTS without IncludeSubdomains is often uselessEgor Homakov2016-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | 1) Because if you forget to add Secure; to the session cookie, it will leak to http:// subdomain in some cases 2) Because http:// subdomain can Cookie Bomb/cookie force main domain or be used for phishing. That's why *by default* it must include subdomains as it's much more common scenario. Very few websites *intend* to leave their blog.app.com working over http:// while having everything else encrypted. Yes, many developers forget to add subdomains=true by default, believe me :)
* | | Revert "Merge pull request #20851 from tomprats/indifferent-sessions"Matthew Draper2016-02-261-2/+2
| | | | | | | | | | | | | | | | | | | | | This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39. This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
* | | Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-261-8/+14
|/ / | | | | | | | | | | | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* | [ci skip] Replace usage of rake routes with rails routesAbhishek Jain2016-02-252-2/+2
| |
* | Merge pull request #20851 from tomprats/indifferent-sessionsRafael Mendonça França2016-02-241-16/+10
|\ \ | | | | | | | | | Give Sessions Indifferent Access
| * | Update Session to utilize indiffernt accessTom Prats2016-01-301-14/+8
| | |
| * | Update session to have indifferent accessTom Prats2016-01-291-2/+2
| | |
* | | Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+4
| | | | | | | | | | | | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* | | Add `internal` attribute to routesJon Moss2016-02-223-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to provide a way for Action Cable, Sprockets, and possibly other Rack applications to mark themselves as internal, and to exclude themselves from the routing inspector, and thus `rails routes` / `rake routes`. I think this is the only way to have mounted Rack apps be marked as internal, within AD/Journey. Another option would be to create an array of regexes for internal apps, and then to iterate over that everytime a request comes through. Also, I only had the first `add_route` method set `internal`'s default to false, to avoid littering it all over the codebase.
* | | Transform the mime object to symbol when registering the parsersRafael Mendonça França2016-02-222-4/+14
| | | | | | | | | | | | | | | This will keep our current API working without having the users to change their codebases.
* | | Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-221-2/+2
| | | | | | | | | | | | | | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* | | Fix typographical errorGustavo Villa2016-02-221-1/+1
| | |
* | | Merge pull request #23729 from maclover7/rm-unused-journeyRafael França2016-02-172-8/+0
|\ \ \ | | | | | | | | Remove unused Journey code
| * | | Remove unused Journey codeJon Moss2016-02-172-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - `VERSION` shouldn't be there anymore since Journey is technically part of Action Dispatch now (and thus Action Pack, and follows the normal Rails versioning scheme) - `backwards.rb` was only in the file tree because early in the history or Journey (back in 2011!), it was moved from under the Rack namespace, to its own namespace, Journey! This file is no longer required, and is assigning constants that are no longer needed.
* | | | Merge pull request #23712 from ↵Rafael França2016-02-171-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | bf4/incorrect_to_accept_json_api_and_not_render_spec The JSON API media type should only work wih a JSON API handler
| * | | | The JSON API media type should only work wih a JSON API handlerBenjamin Fleischer2016-02-161-1/+1
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the media type 'application/vnd.api+json' is a spec, it is inappropriate to handle it with the JSON renderer. This PR removes support for a JSON API media type. I would recommend the media type be registered on its own as `jsonapi` when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added. Is related to work in https://github.com/rails/rails/pull/21496
* | | | Fix code styleRafael Mendonça França2016-02-171-3/+4
| |/ / |/| | | | | | | | This change was added in #23203 and it was not conforming our code style.
* | | Merge pull request #23661 from meinac/add_gzip_mime_typeRichard Schneeman2016-02-161-0/+1
|\ \ \ | | | | | | | | application/gzip added as default mime type into mime type list
| * | | application/gzip added as default mime type into mime type listMehmet Emin İNAÇ2016-02-131-0/+1
| | | |
* | | | Merge pull request #23203 from vipulnsward/22979-show-tags-on-exceptionRichard Schneeman2016-02-161-7/+11
|\ \ \ \ | |_|/ / |/| | | WIP: Errors in logs should show log tags as well.
| * | | WIP: Errors in logs should show log tags as well.Vipul A M2016-02-121-7/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Changed formatted_code_for to return array of logs to be tagged for each line - Changed some render tests to match new behaviour of return Fixes #22979
* | | | Merge pull request #23692 from abhishekjain16/docsYves Senn2016-02-162-2/+2
|\ \ \ \ | | | | | | | | | | Use a URL instead of an URL everywhere
| * | | | Use a URL instead of an URL everywhereAbhishek Jain2016-02-152-2/+2
| | |/ / | |/| |
* | | | Join values using '; ' as per RFC specAndrew White2016-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Multiple cookie values should be separated by '; ' according to RFC 6265, section 5.4.4[1]. [1]: https://tools.ietf.org/html/rfc6265#section-5.4
* | | | Add require and move escape to private methodAndrew White2016-02-161-1/+6
| | | |
* | | | Merge branch 'should-escape-cookie' of https://github.com/ma2gedev/rails ↵Andrew White2016-02-161-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | into ma2gedev-should-escape-cookie
| * | | | Escape cookie's key and value in ActionController::TestCaseTakayuki Matsubara2015-12-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Get an incorrect cookie value in controller action method if cookie value contains an escapable string.
* | | | | Corrected secret_key_basevs4vijay2016-02-151-1/+1
| |/ / / |/| | |
* | | | Merge pull request #23611 from abhishekjain16/routes_optionsKasper Timm Hansen2016-02-121-2/+3
|\ \ \ \ | | | | | | | | | | Fix routes to match verb and URL path with -g option also.
| * | | | Fixes routes to match verbs and path with -g optionAbhishek Jain2016-02-111-2/+3
| | | | |
* | | | | Add fixes accidentally removed.Kasper Timm Hansen2016-02-122-2/+3
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yesterday, when improving how `parsed_body` extracted a parser I wrote 77bbf1e. Then I thought that was too many changes in one commit and broke it up locally... or so I thought. When pushed the extra commits removed the changes! Wups! In shame, lob those changes together here: * 3b94c38 which meant to fix the CHANGELOG syntax error. * 5007df5 which meant to mention `parsed_body` in the docs. * 036a7a0 which meant to memoize the `parsed_body`.
* | | | Merge pull request #23612 from vipulnsward/23561-fix-routes-argsKasper Timm Hansen2016-02-121-2/+1
|\ \ \ \ | | | | | | | | | | Fix argument passing to rake routes
| * | | | - Fixed and removed long arguments to rake routesVipul A M2016-02-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixed related documentation and usage all around Fixes #23561
* | | | | Memoize `parsed_body`.Kasper Timm Hansen2016-02-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's common to use several assertions on the parsed response. The response bodies aren't meant to be mutated. People should make new test requests instead. Thus, it should be safe to memoize the parsing.
* | | | | [ci skip] Mention `parsed_body` in docs.Kasper Timm Hansen2016-02-111-2/+1
| | | | | | | | | | | | | | | | | | | | Little easier to understand when you know the method that's used.
* | | | | Make `parsed_body` extract parser from the content type.Kasper Timm Hansen2016-02-112-5/+9
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | We're not guaranteed to have a `RequestEncoder` to assign on `get` requests because we aren't extracting the parser from the response content type. Until now.
* | | | Add `parsed_body` to spare writing out parsing routines.Kasper Timm Hansen2016-02-102-12/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When testing: ```ruby post articles_path, params: { article: { title: 'Ahoy!' } }, as: :json ``` It's common to want to make assertions on the response body. Perhaps the server responded with JSON, so you write `JSON.parse(response.body)`. But that gets tedious real quick. Instead add `parsed_body` which will automatically parse the reponse body as what the last request was encoded `as`.
* | | | Merge pull request #21671 from kaspth/integration-request-encoding-helpersDavid Heinemeier Hansson2016-02-101-4/+79
|\ \ \ \ | |/ / / |/| | | Add `as` to encode a request as a specific mime type.
| * | | Add `as` to encode a request as a specific mime type.Kasper Timm Hansen2016-01-041-4/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Turns ``` post articles_path(format: :json), params: { article: { name: 'Ahoy!' } }.to_json, headers: { 'Content-Type' => 'application/json' } ``` into ``` post articles_path, params: { article: { name: 'Ahoy!' } }, as: :json ```
* | | | Add SVG as a default mime typeDavid Heinemeier Hansson2016-02-071-0/+1
| | | |
* | | | add missing requireAaron Patterson2016-02-051-0/+1
| | | |
* | | | Sleep well, sweet princeSean Griffin2016-02-021-1/+1
| | | | | | | | | | | | | | | | | | | | Prototype, you have served us well. But you are no longer how we make an XMLHttpRequest. RIP
* | | | Merge pull request #23396 from pschambacher/pschambacher/fix_assert_generatesRafael França2016-02-021-0/+1
|\ \ \ \ | | | | | | | | | | Duplicate assert_generates options before modifying it
| * | | | Duplicate assert_generates options before modifying itPierre Schambacher2016-02-011-0/+1
| | | | |
* | | | | Converge on filter.Kasper Timm Hansen2016-02-011-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some places were saying filter, while others said filter_options, spare the ambiguity and use filter throughout. This inlines a needless local variable and clarifies a route filter consists of defaults and values to match against.
* | | | | Simplify filter normalization.Kasper Timm Hansen2016-02-011-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assume the filter is a string, if it wasn't a hash and isn't nil. Remove needless else and rely on Ruby's default nil return. Add spaces within hash braces.