aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Add back in Oxford CommaJon Moss2016-05-191-1/+1
| | | | | | per [API documentation guidelines](http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#oxford-comma) [ci skip]
* Merge pull request #25070 from josedonizetti/fix_example_routes_docArthur Nogueira Neves2016-05-191-3/+3
|\ | | | | fix named route example [ci skip]
| * fix named route example [ci skip]Jose Donizetti2016-05-191-3/+3
| |
* | Support for unified Integer class in Ruby 2.4+Jeremy Daer2016-05-182-12/+8
|/ | | | | | | | Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005 * Forward compat with new unified Integer class in Ruby 2.4+. * Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3. * Drops needless Fixnum distinction in docs, preferring Integer.
* Document and test ActionDispatch server_portTom Kadwill2016-05-121-0/+11
|
* Merge pull request #24982 from tomkadwill/improve_clarity_of_raw_host_with_portKasper Timm Hansen2016-05-111-3/+10
|\ | | | | Improve documentation and tests for raw_host_with_port and host_with_…
| * Improve documentation and tests for raw_host_with_port and host_with_portTom Kadwill2016-05-111-3/+10
| |
* | Merge pull request #24912 from prathamesh-sonpatki/api-fix-response-formatSantiago Pastorino2016-05-111-8/+12
|\ \ | | | | | | API only apps: Preserve request format for HTML requests too
| * | API only apps: Preserve request format for HTML requests tooPrathamesh Sonpatki2016-05-111-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Earlier we were responding with JSON format for HTML requests in a API app. - Now we will respond with HTML format for such requests in API apps. - Also earlier we were not testing the API app's JSON requests properly. We were actually sending HTML requests. Now we send correct JSON requests. Also added more test coverage. - Based on the discussion from this commit - https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614. [Prathamesh Sonpatki, Jorge Bejar]
* | | use Rack::Utils.valid_path? to check pathJordan Owens2016-05-091-6/+2
| | | | | | | | | | | | This commit uses the new method in Rack to check if a path is valid.
* | | Replace `loop` to `until`Molchanov Andrey2016-05-071-2/+1
| | |
* | | Make flash messages cookie compatible with Rails 4Rafael Mendonça França2016-05-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In #18721 we removed the discard key from the session hash used to flash messages and that broke compatibility with Rails 4 applications because they try to map in the discarded flash messages and it returns nil. Fixes #24726.
* | | Merge pull request #24029 from ↵Sean Griffin2016-05-061-9/+24
|\ \ \ | |/ / |/| | | | | | | | | | | | | | rthbound/dont-call-each-when-calling-body-on-response Dont call each when calling body on response to fix #23964 Fixes #23964
| * | Fixes #23964Ryan T. Hosford2016-03-131-9/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adds #each_chunk to ActionDispatch::Response. it's a method which will be called by ActionDispatch::Response#each. - Make Response#each a proper method instead of delegating to @stream - In Live, instead of overriding #each, override #each_chunk. - `#each` should just spit out @str_body if it's already set - Adds #test_set_header_after_read_body_during_action to prove this fixes #23964 - Adds #test_each_isnt_called_if_str_body_is_written to ensure #each_chunk is not called when @str_body is available - Call `@response.sent!` in AC::TestCase's #perform so a test response acts a bit more like a real response. Makes test that call `#assert_stream_closed` pass again. - Additionally assert `#committed?` in `#assert_stream_closed` - Make test that was calling @response.stream.each pass again by calling @response.each instead.
* | | Ensure compatibility between ActionDispatch::Request::Session and RackJon Moss2016-05-041-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding the `each` method is required for ensuring compatibility between Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted within Rails, and wish to use its session tooling. Prior to this, there was an inconsistency between ActionDispatch::Request::Session and Rack::Session::Cookie, due to the absence of the `each` method. This should hopefully fix that error. :) For a full integration test with Sinatra and a standalone Rack application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470. Solves #15843.
* | | Remove last uses of `@env[]` and `@env[]=`Jon Moss2016-04-282-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in favor of using `set_header`, `get_header`, etc. (Here's an [example commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)). This PR should remove the last uses of these methods, and fully convert them to the newly standardized API.
* | | Add more info to insecure URL generation errorDerek Prior2016-04-263-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
* | | Merge pull request #23103 from rails/refactor-handling-of-action-defaultJeremy Daer2016-04-244-18/+13
|\ \ \ | | | | | | | | | | | | Refactor handling of :action default in routing
| * | | Refactor handling of :action default in routingAndrew White2016-02-164-18/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The longstanding convention in Rails is that if the :action parameter is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1 this was handled slightly differently than other routing defaults by deleting it from the route options and adding it to the recall parameters. With the recent focus of removing unnecessary duplications this has exposed a problem in this strategy - we are now mutating the request's path parameters and causing problems for later url generation. This will typically affect url_for rather a named url helper since the latter explicitly pass :controller, :action, etc. The fix is to add a default for :action in the route class if the path contains an :action segment and no default is passed. This change also revealed an issue with the parameterized part expiry in that it doesn't follow a right to left order - as soon as a dynamic segment is required then all other segments become required. Fixes #23019.
* | | | Deprecate `request_via_redirect` method.Prathamesh Sonpatki2016-04-241-5/+6
| |_|/ |/| | | | | | | | | | | | | | | | | | | | - Followup of https://github.com/rails/rails/issues/18693. - I think we missed deprecating `request_via_redirect` in that pull request. - Originally requested by DHH here https://github.com/rails/rails/issues/18333.
* | | Merge pull request #24031 from ↵Jeremy Daer2016-04-191-2/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-031-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | Merge pull request #24318 from bogdanvlviv/patch-1Rafael Mendonça França2016-04-121-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | extension synonyms yml and yaml
| * | | | extension synonyms yml and yamlBogdan2016-03-271-1/+1
| | | | |
* | | | | Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-123-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - we are ending sentences properly - fixing of space issues - fixed continuity issues in some sentences. Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 . This change reverts making sure we add '.' at end of deprecation sentences. This is to keep sentences within Rails itself consistent and with a '.' at the end.
* | | | | Strong ETag validatorsJeremy Daer2016-03-311-15/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | | | Fix deprecation warning for ParamsParser instance :smile:Prathamesh Sonpatki2016-03-301-1/+1
| | | | |
* | | | | Deprecate ActionDispatch::ParamsParser instance.Rafael Mendonça França2016-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related with 38d2bf5fd1f3e014f2397898d371c339baa627b1. cc @tenderlove
* | | | | Fix typo in headers commentGrey Baker2016-03-291-1/+1
|/ / / /
* | | | Fix request.reset_session for API controllersJon Moss2016-03-192-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* | | | [skip ci] Reorder paragraphsDamir2016-03-101-3/+3
| | | | | | | | | | | | The previous order made sense [when `match` was used twice to point to two different actions](https://github.com/rails/rails/commit/7305ef842b675bf965f063de681a96294577fb84). In this case the note was misleading as posting to `/posts/:id` would still route to `show` action.
* | | | extract ActionDispatch::IntegrationTest::BehaviorScott Bronson2016-03-071-22/+35
| | | | | | | | | | | | | | | | | | | | Similar to 176fbfd6, this makes it possible for other test frameworks to hook into Rails integration test facilities.
* | | | Prevent not-intended loading of `ActionDispatch::IntegrationTest`yui-knk2016-03-071-0/+2
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | After 9d378747326d26cf1afdac4433ead22967af0984 `ActionDispatch::IntegrationTest` class is loaded and defined in all Rails environments, not only test but also production. This is not-intended loading of a class which is only used in test environment. To prevent not-intended loading, add `ActiveSupport.run_load_hooks` to `ActionDispatch::IntegrationTest` with `action_dispatch_integration_test` name and use it in `ActionMailer`.
* | | [ci skip] Fix constrain_to documentation.Kasper Timm Hansen2016-03-031-1/+1
| | | | | | | | | | | | | | | Forgot to update the documentation on the line just above the one I was changing in 4933132. Well done, Kasper :+1:
* | | Rename constrain_to to exclude.Kasper Timm Hansen2016-03-031-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some. The `constrain_to` option inverts this, so it sounds like the middleware only handles a few requests, rather than the majority with a few routes to opt out of the redirect. Renaming to `exclude` matches this intent more closely.
* | | Merge pull request #24027 from mechanicles/a-to-anXavier Noria2016-03-032-2/+2
|\ \ \ | |/ / |/| | Change 'a HTTP' to 'an HTTP' [ci skip]
| * | Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-032-2/+2
| | |
* | | Niceify the dynamic routes deprecation messagesJon Atack2016-03-031-2/+8
|/ / | | | | | | | | | | | | | | | | | | Follow-up to #23980. - Fix grammar: "be remove" -> "be removed". - Wrap lines at 80 chars. Lurvely ;-)
* | Do not run app.executor callbacks in integration testsJorge Bejar and Santiago Pastorino2016-03-021-11/+2
| | | | | | | | | | | | | | | | This reverts changes made to integration tests in PR #23807. The issue happens when using capybara with a driver that needs to start a server in a separate thread like (poltergeist, selenium, etc). Both threads the capybara server one and the test thread end running syncronize over the interlock.
* | Merge pull request #23980 from rails/deprecate-controller-action-segmentsAndrew White2016-03-011-0/+9
|\ \ | | | | | | Deprecate :controller and :action path parameters
| * | Deprecate :controller and :action path parametersAndrew White2016-03-011-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | | Don't reference Rails.application from inside a componentMatthew Draper2016-03-022-10/+8
| | |
* | | Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-025-80/+58
|/ / | | | | | | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* | Merge pull request #23963 from gsamokovarov/exception-wrapper-no-ac-requireKasper Timm Hansen2016-02-291-1/+0
|\ \ | | | | | | Drop Action Controller require in ActionDispatch::ExceptionWrapper
| * | Drop Action Controller require in ActionDispatch::ExceptionWrapperGenadi Samokovarov2016-02-291-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We only reference the Action Controller error classes by name in ActionDispatch::ExceptionWrapper, so there is no need to explicitly require them. It drops a tiny coupling between Action Dispatch and Action Controller, so it makes me feel warm inside. We still have a lot of others AC requires in the AD code base, but here, we can save it. [ci skip]
* | | Add documentation for #13897 [skip ci]Bart de Water2016-02-291-3/+9
|/ /
* | add `constraint_to` option to SSL middlewareGreg Molnar2016-02-281-2/+6
| |
* | :nail_care:Rafael Mendonça França2016-02-251-2/+2
| |
* | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-251-1/+12
|\ \ | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | Update documentation and deprecation messagePrathamesh Sonpatki2016-02-251-3/+3
| | |