aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | Pull up parse to the legacy upgrading moduleKasper Timm Hansen2015-09-081-10/+5
| | | | | | | | It was the same in both legacy versions of the signed and encrypted cookie jars.
* | Call super to remove the decrypt_and_verify methodKasper Timm Hansen2015-09-081-8/+4
| | | | | | | | The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
* | Call super to remove the verify methodKasper Timm Hansen2015-09-081-8/+2
| | | | | | | | | | `SignedCookieJar`'s parse method already attempts to verify the message, so we can just call super and try the old verifier if it fails.
* | Add parse method to share deserialization logic.Kasper Timm Hansen2015-09-081-19/+12
| | | | | | | | Cuts down on the duplicated reading parts.
* | Add commit in the EncryptedCookieJarKasper Timm Hansen2015-09-081-17/+7
| | | | | | | | Gets rid of the option parsing and makes what the encryptor does stand out.
* | Use commit in the SignedCookieJarKasper Timm Hansen2015-09-081-15/+6
| | | | | | | | Lets us avoid worrying about parsing the options and doing just what we need.
* | Add commit method to share option normalizationKasper Timm Hansen2015-09-081-4/+12
| | | | | | | | Remove the clutter to make PermanentCookieJar's one change stand out.
* | Add AbstractCookieJar class.Kasper Timm Hansen2015-09-081-1/+3
| | | | | | | | Eventually this will be the superclass of all the chained jars.
* | Merge pull request #21502 from ↵Rafael Mendonça França2015-09-081-1/+2
|\ \ | | | | | | | | | | | | | | | bernerdschaefer/bs-polymorphic-url_for-dups-arguments `url_for` does not modify polymorphic options
| * | `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* | | Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-071-36/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* | | implement abstract store methodsAaron Patterson2015-09-042-5/+5
| | | | | | | | | | | | converts old ID methods to the new abstract store methods in Rack
* | | stop using deprecated Abstract::ID classAaron Patterson2015-09-044-4/+4
| | |
* | | stop inheriting from Rack::RequestAaron Patterson2015-09-0411-21/+23
| | | | | | | | | | | | | | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* | | use `Rack::Utils.unescape_path` to unescape pathsAaron Patterson2015-09-041-3/+3
|/ / | | | | | | | | | | Escaping and unescaping paths is different than query parameters, and we need to respect that. This commit uses the new method in Rack to escape and unescape paths. Fixes #11816
* | Merge pull request #21483 from justanshulsharma/add-ip6-addressEileen M. Uchitelle2015-09-031-1/+1
|\ \ | | | | | | [ci skip] Added localhost IPv6
| * | [ci skip] Added localhost IPv6Anshul Sharma2015-09-031-1/+1
| | |
* | | Fix route creation when format is a blank stringeileencodes2015-09-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit bff61ba, while reducing allocations, caused a regression when an empty format is passed to a route. This can happen in cases where you're using an anchor tag, for example: `https://example.com/parent/575256966.#child_1032289285`. Because of this change `format` was getting sent in `parameterized_parts` when previously it was not included. This resulted in blank `format`'s being returned as `.` when if there was an extension included it would be `.extension`. Since there was no extension this caused incorrect URL's. The test shows this would result in `/posts/show/1.` instead of `/posts/show/1` which causes bad urls since the format is not present.
* | | typo "description not clear corrected with proper description and ↵kishore-mohan2015-09-021-2/+2
| | | | | | | | | | | | action_controller_overview file Rails' -> Rails" [ci skip]
* | | Remove not used requiresMarcin Olichwirowicz2015-09-017-13/+2
| | |
* | | Fix bug where cookies mutated by request were not persistedeileencodes2015-09-012-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
* | | Merge pull request #19788 from cmdrclueless/actionpack_http_url_ipv6Rafael Mendonça França2015-09-011-1/+1
|\ \ \ | | | | | | | | Fix broken IPv6 addresses handling
| * | | Fix broken IPv6 addresses handlingBrian Weaver2015-04-161-1/+1
| | | |
* | | | Merge pull request #21298 from rodzyn/remove_dead_codeRafael Mendonça França2015-09-011-4/+0
|\ \ \ \ | | | | | | | | | | Remove dead code
| * | | | Remove dead codeMarcin Olichwirowicz2015-08-191-4/+0
| | | | |
* | | | | add a method for getting the http auth saltAaron Patterson2015-08-292-2/+6
| | | | |
* | | | | env to get_header conversionAaron Patterson2015-08-291-1/+1
| | | | |
* | | | | fixes example for consistency [ci skip]Xavier Noria2015-08-291-3/+3
| | | | |
* | | | | swaps words [ci skip]Xavier Noria2015-08-291-1/+1
| | | | |
* | | | | revamps the docs of strong params require [ci skip]Xavier Noria2015-08-291-9/+40
| | | | | | | | | | | | | | | | | | | | References #19565.
* | | | | Set the content-type to `text/html` if the options[:html] is trueakihiro172015-08-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this commit, we set the content-type to `text/html` in AbstractController if the `options[:html]` is true so that we don't include ActionView::Rendering into ActionController::Metal to set it properly. I removed the if `options[:plain]` statement because `AbstractController#rendered_format` returns `Mime::TEXT` by default.
* | | | | revises 877e42eXavier Noria2015-08-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * A string in the example lacked quotes. * The tests asserted stuff about :last_name, whereas test params do not have that key. * But, the first one passed, why? After hitting my head against the wall and doing some obscure rituals realized the new #require had an important typo, wanted to iterate over the array argument (key), but it ran over its own hash keys (method #keys). * Modified the test to prevent the same typo to happen again. * The second test assigned to an unused variable safe_params that has been therefore removed. * Grammar of the second test description. * Since I was on it, reworded both test descriptions.
* | | | | [Feature] params.require requires array of paramsGaurish Sharma2015-08-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this: ```ruby params.require(:person).require(:first_name) params.require(:person).require(:last_name) ``` Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line: ```ruby params.require(:person).require([:first_name, :last_name]) ``` Comments welcome
* | | | | Merge pull request #21396 from rodzyn/code-cleanupGuillermo Iguaran2015-08-282-13/+2
|\ \ \ \ \ | | | | | | | | | | | | Code cleanup
| * | | | | Code cleanupMarcin Olichwirowicz2015-08-272-13/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries and remove not used private method. Apparently this method was used in `ActionDispatch::Http::Request` - fixed by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
* | | | | | Revert "this always sets :public to false, so just do that"Aaron Patterson2015-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit cae2b5bb59212961c4a35c939381ebece48d1177. I am an idiot.
* | | | | | this always sets :public to false, so just do thatAaron Patterson2015-08-271-1/+1
| | | | | |
* | | | | | remove dependency on `@cache_control` ivarAaron Patterson2015-08-271-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | eventually we'll remove this instance variable, but this is the first step
* | | | | | remove `@etag` ivarAaron Patterson2015-08-271-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we're storing the value in the headers hash, so lets just store the value in one place.
* | | | | | use the abstract API in modulesAaron Patterson2015-08-272-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modules should be using the API that the abstract modules use so that we can move these modules between implementations
* | | | | | remove useless conditionalAaron Patterson2015-08-271-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cookies are always stored as a string in the header hash, so it will not need to be joined.
* | | | | | implement the API required by the abstract Rack request.Aaron Patterson2015-08-271-16/+8
| | | | | |
* | | | | | use the non-hash dependent Rack utils APIAaron Patterson2015-08-271-2/+2
| |_|_|/ / |/| | | | | | | | | | | | | | eventually we will refactor this to not know about header hashes
* | | | | Merge pull request #21384 from ↵Yves Senn2015-08-271-2/+2
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | jeremyf/updating-ActionController-TestSession-to-behave-as-a-hash-with-indifferent Updating TestSession to access with indifference
| * | | | Updating TestSession to access with indifferenceJeremy Friesen2015-08-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following Rails code failed (with a `KeyError` exception) under test: ```ruby class ApplicationController < ActionController::Base def user_strategy # At this point: # ```ruby # session == { # "user_strategy"=>"email", # "user_identifying_value"=>"hello@world.com" # } # ``` if session.key?(:user_strategy) session.fetch(:user_strategy) end end end ``` When I checked the session's keys (`session.keys`), I got an array of strings. If I accessed `session[:user_strategy]` I got the expected `'email'` value. However if I used `session.fetch(:user_strategy)` I got a `KeyError` exception. This appears to be a Rails 4.2.4 regression (as the code works under Rails 4.2.3). Closes #21383
* | | | | remove redefined methodAaron Patterson2015-08-261-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Rack::Response::Helpers implements this method, so we can safely remove it
* | | | | Remove useless conditionalAaron Patterson2015-08-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | If the response method is defined, then calling `response` will return a response.
* | | | | remove useless codeAaron Patterson2015-08-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If AV::Rendering is mixed in, then `rendered_format` will be calculated based on the current `lookup_context`, but calling `_process_format` will set the `rendered_format` back on to the same lookup context where we got the information in the first place! Instead of getting information from an object, then setting the same information back on to that object, lets just do nothing instead!
* | | | | only call self.content_type= when there is a responseAaron Patterson2015-08-263-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | Apparently the AbstractController (whatever "abstract" means) is expected to work without a request and response.
* | | | | Pull `plain` content type handling up to `render`Aaron Patterson2015-08-262-8/+5
| | | | | | | | | | | | | | | | | | | | | | | | | `render` is the only possible source for the `plain` option. Pulling the conditional up to the `render` method removes far away conditionals