| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
per [API documentation guidelines](http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#oxford-comma)
[ci skip]
|
|\
| |
| | |
fix named route example [ci skip]
|
| | |
|
|/
|
|
|
|
|
|
| |
Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005
* Forward compat with new unified Integer class in Ruby 2.4+.
* Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3.
* Drops needless Fixnum distinction in docs, preferring Integer.
|
| |
|
|\
| |
| | |
Improve documentation and tests for raw_host_with_port and host_with_…
|
| | |
|
|\ \
| | |
| | | |
API only apps: Preserve request format for HTML requests too
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Earlier we were responding with JSON format for HTML requests in a API
app.
- Now we will respond with HTML format for such requests in API apps.
- Also earlier we were not testing the API app's JSON requests
properly. We were actually sending HTML requests. Now we send correct
JSON requests. Also added more test coverage.
- Based on the discussion from this commit -
https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614.
[Prathamesh Sonpatki, Jorge Bejar]
|
| | |
| | |
| | |
| | | |
This commit uses the new method in Rack to check if a path is valid.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In #18721 we removed the discard key from the session hash used to flash
messages and that broke compatibility with Rails 4 applications because they
try to map in the discarded flash messages and it returns nil.
Fixes #24726.
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
rthbound/dont-call-each-when-calling-body-on-response
Dont call each when calling body on response to fix #23964
Fixes #23964
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Adds #each_chunk to ActionDispatch::Response. it's a method which
will be called by ActionDispatch::Response#each.
- Make Response#each a proper method instead of delegating to @stream
- In Live, instead of overriding #each, override #each_chunk.
- `#each` should just spit out @str_body if it's already set
- Adds #test_set_header_after_read_body_during_action
to prove this fixes #23964
- Adds #test_each_isnt_called_if_str_body_is_written to
ensure #each_chunk is not called when @str_body is available
- Call `@response.sent!` in AC::TestCase's #perform so a test response
acts a bit more like a real response. Makes test that call `#assert_stream_closed`
pass again.
- Additionally assert `#committed?` in `#assert_stream_closed`
- Make test that was calling @response.stream.each pass again by
calling @response.each instead.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adding the `each` method is required for ensuring compatibility between
Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted
within Rails, and wish to use its session tooling. Prior to this, there
was an inconsistency between ActionDispatch::Request::Session and
Rack::Session::Cookie, due to the absence of the `each` method. This
should hopefully fix that error. :)
For a full integration test with Sinatra and a standalone Rack
application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470.
Solves #15843.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in
favor of using `set_header`, `get_header`, etc. (Here's an [example
commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)).
This PR should remove the last uses of these methods, and fully convert
them to the newly standardized API.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I always appreciate having a bit more information as to why something is
now an error. We can use this error to tell people why what they were
previously doing is insecure and give them hints on how to fix it.
Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | | |
Refactor handling of :action default in routing
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The longstanding convention in Rails is that if the :action parameter
is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1
this was handled slightly differently than other routing defaults by
deleting it from the route options and adding it to the recall parameters.
With the recent focus of removing unnecessary duplications this has
exposed a problem in this strategy - we are now mutating the request's
path parameters and causing problems for later url generation. This will
typically affect url_for rather a named url helper since the latter
explicitly pass :controller, :action, etc.
The fix is to add a default for :action in the route class if the path
contains an :action segment and no default is passed. This change also
revealed an issue with the parameterized part expiry in that it doesn't
follow a right to left order - as soon as a dynamic segment is required
then all other segments become required.
Fixes #23019.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
- Followup of https://github.com/rails/rails/issues/18693.
- I think we missed deprecating `request_via_redirect` in that pull
request.
- Originally requested by DHH here
https://github.com/rails/rails/issues/18333.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
samphilipd/sam/do_not_clobber_options_in_route_definitions
Do not destructively mutate passed options hash in route definitions
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Fixes #24030
An example scope might be specified as such:
```ruby
HTML = { constraints: { format: :html } }.freeze
scope HTML do
get 'x'
end
```
This currently raises an error because the mapper attempts to
destructively modify the passed options hash. This is dangerous because
this options hash might even be shared with other scopes.
We should instead always instantiate a new object instead of modifying
the passed options.
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
extension synonyms yml and yaml
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- we are ending sentences properly
- fixing of space issues
- fixed continuity issues in some sentences.
Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 .
This change reverts making sure we add '.' at end of deprecation sentences.
This is to keep sentences within Rails itself consistent and with a '.' at the end.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options
for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag.
Strong ETags are desirable when you're serving byte-for-byte identical
responses that support Range requests, like PDFs or videos (typically
done by reproxying the response from a backend storage service).
Also desirable when fronted by some CDNs that support strong ETags
only, like Akamai.
* No longer strips quotes (`"`) from ETag values before comparing them.
Quotes are significant, part of the ETag. A quoted ETag and an unquoted
one are not the same entity.
* Support `If-None-Match: *`. Rarely useful for GET requests; meant
to provide some optimistic concurrency control for PUT requests.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Related with 38d2bf5fd1f3e014f2397898d371c339baa627b1.
cc @tenderlove
|
|/ / / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Due to that `ActionDispatch::Flash` (the flash API's middleware) is not
included for API controllers, the `request.reset_session` method, which
relies on there being a `flash=` method which is in fact defined by the
middleware, was previously breaking. Similarly to how
add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be
overridden by the flash middleware in order to ensure non-breakage, this
is how flashes are now reset.
Fixes #24222
|
| | | |
| | | |
| | | | |
The previous order made sense [when `match` was used twice to point to two different actions](https://github.com/rails/rails/commit/7305ef842b675bf965f063de681a96294577fb84). In this case the note was misleading as posting to `/posts/:id` would still route to `show` action.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Similar to 176fbfd6, this makes it possible for other test
frameworks to hook into Rails integration test facilities.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After 9d378747326d26cf1afdac4433ead22967af0984 `ActionDispatch::IntegrationTest`
class is loaded and defined in all Rails environments, not only test but also
production. This is not-intended loading of a class which is only used in
test environment.
To prevent not-intended loading, add `ActiveSupport.run_load_hooks` to
`ActionDispatch::IntegrationTest` with `action_dispatch_integration_test` name
and use it in `ActionMailer`.
|
| | |
| | |
| | |
| | |
| | | |
Forgot to update the documentation on the line just above the one
I was changing in 4933132. Well done, Kasper :+1:
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some.
The `constrain_to` option inverts this, so it sounds like the middleware
only handles a few requests, rather than the majority with a few routes to
opt out of the redirect.
Renaming to `exclude` matches this intent more closely.
|
|\ \ \
| |/ /
|/| | |
Change 'a HTTP' to 'an HTTP' [ci skip]
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up to #23980.
- Fix grammar: "be remove" -> "be removed".
- Wrap lines at 80 chars.
Lurvely ;-)
|
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts changes made to integration tests in PR #23807.
The issue happens when using capybara with a driver that needs to start a
server in a separate thread like (poltergeist, selenium, etc).
Both threads the capybara server one and the test thread end running
syncronize over the interlock.
|
|\ \
| | |
| | | |
Deprecate :controller and :action path parameters
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
| | | |
|
|/ /
| |
| |
| |
| |
| | |
These should allow external code to run blocks of user code to do
"work", at a similar unit size to a web request, without needing to get
intimate with ActionDipatch.
|
|\ \
| | |
| | | |
Drop Action Controller require in ActionDispatch::ExceptionWrapper
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We only reference the Action Controller error classes by name in
ActionDispatch::ExceptionWrapper, so there is no need to explicitly
require them.
It drops a tiny coupling between Action Dispatch and Action Controller,
so it makes me feel warm inside. We still have a lot of others AC
requires in the AD code base, but here, we can save it.
[ci skip]
|
|/ / |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Enable HSTS with IncludeSubdomains header by default for new apps
|
| | | |
|