aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
...
* | | remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | | | | | | | | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* | | change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | | | | | | | | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* | | change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
| | | | | | | | | | | | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* | | Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-2/+16
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * | | stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* | | | Merge pull request #23140 from rails/fix-search-for-custom-routesAaron Patterson2016-01-201-14/+20
|\ \ \ \ | | | | | | | | | | Fix marking of custom routes for Journey
| * | | | Fix marking of custom routes for JourneyAndrew White2016-01-201-14/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Mapper build_path method marks routes where path parameters are part of a path segment as custom routes by altering the regular expression, e.g: get '/foo-:bar', to: 'foo#bar' There were some edge cases where certain constructs weren't being picked up and this commit fixes those. Fixes #23069.
* | | | | Merge pull request #17573 from zerothabhishek/masterGodfrey Chan2016-01-201-1/+1
|\ \ \ \ \ | |/ / / / |/| | | | Response etags to always be weak: Prefixed 'W/' to value returned by Act...
| * | | | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
| | | | | | | | | | | | | | | | | | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* | | | | Revert "Remove literal? check to fix issue with prefixed optionals"eileencodes2016-01-201-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 5d1b7c3b441654e8008dcd303f5367883ec660a6. The change here didn't actually fix the issue it was trying to fix, and this isn't the correct way to fix either issue. The problem is switching from the builder to grouping with find_all/regex is now very dependent on how you structure your path pattern.
* | | | Revert "Its ideal to set Vary: Accept-Encoding, irrespective of whether ↵schneems2016-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gzipped version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any." This reverts commit 067c52f608568e35181830a5c1016e382650e655. Conversation: https://github.com/rails/rails/pull/23120#issuecomment-173007011
* | | | Its ideal to set Vary: Accept-Encoding, irrespective of whether gzipped ↵Vipul A M2016-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any. For ref: https://www.fastly.com/blog/best-practices-for-using-the-vary-header This change sets `Vary` header always, to be on safer side
* | | | Remove literal? check to fix issue with prefixed optionalseileencodes2016-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit d993cb3 `build_path` was changed from using `grep` to `find_all` to save array allocations. This change was a little too aggressive in that when the dash comes before the symbol like `/omg-:song` the symbol is skipped. Removing the check for `n.right.left.literal?` fixes this issue, but does add back some allocations. The number of allocations are still well less than before. I've added a regression test to test this behavior for the future. Fixes #23069. Array allocations as of d993cb3: ``` {:T_SYMBOL=>11} {:T_REGEXP=>17} {:T_STRUCT=>6500} {:T_MATCH=>12004} {:T_OBJECT=>91009} {:T_DATA=>100088} {:T_HASH=>114013} {:T_STRING=>159637} {:T_ARRAY=>321056} {:T_IMEMO=>351133} ``` Array allocations after this change: ``` {:T_SYMBOL=>11} {:T_REGEXP=>1017} {:T_STRUCT=>6500} {:T_MATCH=>12004} {:T_DATA=>84092} {:T_OBJECT=>87009} {:T_HASH=>110015} {:T_STRING=>166152} {:T_ARRAY=>322056} {:T_NODE=>343558} ```
* | | | Fix typo in docs [ci skip]Rebecca Skinner2016-01-141-2/+2
| | | |
* | | | Space OddityAkira Matsuda2016-01-143-4/+4
| | | | | | | | | | | | | | | | | | | | Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020}) [ci skip]
* | | | Merge pull request #22935 from cllns/add-status-name-to-outputRafael França2016-01-122-14/+63
|\ \ \ \ | | | | | | | | | | Add HTTP status name to output of tests
| * | | | Add both HTTP Response Code and Type to assertion messagesSean Collins2016-01-122-14/+63
| | | | | | | | | | | | | | | | | | | | | | | | | Also, refactor logic to convert between symbol and response code, via the AssertionResponse class
* | | | | Merge pull request #23035 from jkowens/fix-null-byteRafael França2016-01-121-1/+5
|\ \ \ \ \ | |/ / / / |/| | | | Prevent static middleware from attempting to serve a request with a null byte
| * | | | Prevent attempt to serve a request with a null byteJordan Owens2016-01-121-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | File paths cannot contain null byte characters and methods that do path operations such as Rack::Utils#clean_path_info will raise unwanted errors.
* | | | | Commit before freezing the headersMatthew Draper2016-01-122-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | | | | Better error message when running `rake routes` with CONTROLLER arg:Edouard CHIN2016-01-071-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - `CONTROLLER` argument can now be supplied in different ways (Rails::WelcomeController, Rails::Welcome, rails/welcome) - If `CONTROLLER` argument was supplied but it does not exist, will warn the user that this controller does not exist - If `CONTROLLER` argument was supplied and no routes could be found matching this filter, will warn the user that no routes were found matching the supplied filter - If no routes were defined in the config/routes.rb file, will warn the user with the original message
* | | | | Merge pull request #20109 from prathamesh-sonpatki/keep-only-one-rootKasper Timm Hansen2016-01-071-21/+21
|\ \ \ \ \ | | | | | | | | | | | | Remove original root method from Base module and kept overridden implementation in Resources module.
| * | | | | Kept overridden root method and removed original methodPrathamesh Sonpatki2016-01-071-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The root method is defined and documented in Base module and decorated in Resources module. - The documentation in Base module actually talks about method signature of decorated method from Resources module. - Argument handling was moved to decorated method in https://github.com/rails/rails/commit/977455cc2efb94f40b4c0d46d1842be198ed7c4c to handle options such as :as with directly passed path parameter. - To avoid the confusion, removed original root method from Base module and only kept overridden version in Resources module. - References - https://github.com/rails/rails/pull/12208 & https://github.com/rails/rails/pull/12208#issuecomment-24350897.
* | | | | | Allow AC::Parameters as an argument to url_helpersPrathamesh Sonpatki2016-01-071-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Earlier only Hash was allowed as params argument to url_helpers. - Now ActionController::Parameters instances will also be allowed. - If the params are not secured then it will raise an ArgumentError to indicate that constructing URLs with non-secure params is not recommended. - Fixes #22832.
* | | | | | Replace x.times.map{} with Array.new(x){}Viktar Basharymau2016-01-021-1/+1
| |/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The former is slightly more readable, performant and has fewer method calls. ```ruby Benchmark.ips do |x| x.report('times.map') { 5.times.map{} } x.report('Array.new') { Array.new(5){} } x.compare! end __END__ Calculating ------------------------------------- times.map 21.188k i/100ms Array.new 30.449k i/100ms ------------------------------------------------- times.map 311.613k (± 3.5%) i/s - 1.568M Array.new 590.374k (± 1.2%) i/s - 2.954M Comparison: Array.new: 590373.6 i/s times.map: 311612.8 i/s - 1.89x slower ```
* | | | | Merge pull request #22826 from timrogers/actiondispatch-ssl-configRafael França2015-12-311-8/+12
|\ \ \ \ \ | |_|_|/ / |/| | | | Configurable redirect and secure cookies for ActionDispatch::SSL
| * | | | Flexible configuration for ActionDispatch::SSLTim Rogers2015-12-291-8/+12
| | |_|/ | |/| |
* | | | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-2/+2
| | | |
* | | | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-3/+3
|/ / / | | | | | | | | | | | | | | | is not a valid type Closes #22747
* | | Improve RDoc documentation of ActionDispatch::SSLTim Rogers2015-12-241-12/+14
| | |
* | | Add #== back to ActionDispatch::MiddlewareStack::MiddlewareJon Moss2015-12-211-0/+9
| | | | | | | | | | | | | | | This was causing bug #22738 to occur. Also added extra tests to make sure everything is A-OK.
* | | Remember the parameter hash we returnMatthew Draper2015-12-221-1/+1
| |/ |/| | | | | Callers expect to be able to manipulate it.
* | Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-181-1/+4
|\ \ | | | | | | Prevent ActionController::Parameters in url_for
| * | Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-1/+4
| | |
* | | Refer to rails command instead of rake in a bunch of placesDavid Heinemeier Hansson2015-12-182-2/+2
| | | | | | | | | | | | Still more to do. Please assist!
* | | Merge pull request #22564 from maximeg/legit_name_errorsSean Griffin2015-12-141-2/+4
|\ \ \ | |/ / |/| | Don't catch all NameError to reraise as ActionController::RoutingError
| * | Don't catch all NameError to reraise as ActionController::RoutingError #22368Maxime Garcia2015-12-121-2/+4
| | |
* | | Remove ActionController::TestCase from documentationeileencodes2015-12-121-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Rails 5.1 `ActionController::TestCase` will be moved out of Rails into it's own gem. Please use `ActionDispatch::IntegrationTest` going foward. Because this will be moved to a gem I used `# :stopdoc:` instead of deleting the documentation. This will remove it from the Rails documentation but still leave the method documented for when we move it to a gem. Guides have been updated to use the routing structure used in Integration and all test examples have been updated to inherit from `ActionDispatch::IntegrationTest` instead of `ActionController::TestCase. Fixes #22496
* | Show redirect response code in assert_response messagesJon Atack2015-12-111-10/+8
| | | | | | | | | | | | | | | | | | | | | | | | Follow-up to PR #19977, which helpfully added the redirection path to the error message of assert_response if response is a redirection, but which removed the response code, obscuring the type of redirect. This PR: - brings back the response code in the error message, - updates the tests so the new messages can be tested, - and adds test cases for the change.
* | Merge pull request #22514 from ↵Rafael França2015-12-111-1/+1
|\ \ | | | | | | | | | | | | prathamesh-sonpatki/use-assert-over-assert-predicate Use assert over assert_predicate in assert_response
| * | Use assert over assert_predicate in assert_responsePrathamesh Sonpatki2015-12-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - `assert_predicate` appends its own error message at the end of message generated by `assert_response` and because of that the error message displays the whole `response` object. - For eg. Expected response to be a <success>, but was a redirect to <http://test.host/posts>. Expected #<ActionDispatch::TestResponse:0x007fb1cc1cf6f8....(lambda)>}>> to be successful?. - Complete message can be found here - https://gist.github.com/prathamesh-sonpatki/055afb74b66108e71ded#file-gistfile1-txt-L19. - After this change the message from `assert_predicate` won't be displayed and only message generated by `assert_response` will be shown as follows: Expected response to be a <success>, but was a redirect to <http://test.host/posts>
* | | Avoid calling AD::MimeNegotiation#format_from_path_extension method twiceJorge Bejar2015-12-091-2/+2
| | |
* | | Avoid warning because of the mime typeJorge Bejar2015-12-091-1/+1
| | |
* | | Do not add format key to request_paramsJorge Bejar2015-12-092-17/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method
* | | DebugException initialize with a response_format valueJorge Bejar2015-12-091-6/+7
| | |
* | | Better name for method in DebugExceptions middlewareJorge Bejar2015-12-091-2/+2
| | |
* | | Improve regexp in AC::Http::ParametersJorge Bejar2015-12-091-1/+1
| | |
* | | Minor cleanup in AD::DebugExceptionsJorge Bejar2015-12-091-6/+9
| | |
* | | Remove unneeded args in AD::DebugExceptionsJorge Bejar2015-12-091-1/+0
| | |
* | | New hash syntax in AD::DebugExceptionsJorge Bejar2015-12-091-4/+4
| | |