aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Apply comments from @jeremy regarding why HTML and Javascript requestsZachary Scott2015-04-121-0/+5
| | | | | | | | | | | | | | | | | | specifically are checked for CSRF, when dealing with the browser. [ci skip]
* | | update request_forgery_protection docs [ci skip]Vladimir Lyzo2015-04-121-7/+8
| | |
* | | Revert "Merge pull request #19682 from ↵Santiago Pastorino2015-04-122-6/+3
|/ / | | | | | | | | | | | | supercaracal/fix_force_ssl_redirection_flash_error" This reverts commit d215620340be7cb29e2aa87aab22da5ec9e6e6a7, reversing changes made to bbbbfe1ac02162ecb5e9a7b560134a3221f129f3.
* | [Rails4 regression] prevent thin and puma cause error in Non ASCII URL on ↵Toshi MARUYAMA2015-04-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Windows * https://github.com/rails/rails/issues/19187 * https://github.com/rails/rails/pull/19533 * https://github.com/macournoyer/thin/issues/268 These are serious Rails 4 regression for Redmine Bitnami Windows users. https://community.bitnami.com/t/problems-with-3-0-1-installation-see-report-inside/30195/ It is not caused on webrick users. Related: * https://github.com/rack/rack/issues/732#issuecomment-67677272 * https://github.com/phusion/passenger/issues/1328
* | fix fails to force_ssl_redirection if session_store is disabledTaishi Kasuga2015-04-092-3/+6
| |
* | Merge pull request #19700 from tancnle/trivial-shallow-nesting-depth-countRafael Mendonça França2015-04-081-1/+1
|\ \ | | | | | | A shorter and more concise version of select..size
| * | A shorter and more concise version of select..sizeTan Le2015-04-091-1/+1
| | |
* | | Merge pull request #19633 from y00rb/sort_router_parameters_duplicated_keysRafael Mendonça França2015-04-082-2/+2
|\ \ \ | | | | | | | | avoid error when sort mixture keys in symbol and string
| * | | sort_by instead of sortYang Bo2015-04-082-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | it is avoid sort errot within different and mixed keys. used `sort_by` + `block` to list parameter by keys. keep minimum changes
* | | | remove new line between doc and methodBruce Park2015-04-071-1/+0
| | | |
* | | | added docs for ActionDispatch::Request::Session#createBruce Park2015-04-071-1/+3
| | | |
* | | | Merge pull request #19029 from iainbeeston/skipping-undefined-callbacksRafael Mendonça França2015-04-061-3/+3
|\ \ \ \ | | | | | | | | | | Raise ArgumentError if an unrecognised callback is skipped
| * | | | Raise ArgumentError if an unrecognised callback is skippedIain Beeston2015-04-031-3/+3
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present, if you skip a callback that hasn't been defined, activesupport callbacks silently does nothing. However, it's easy to mistype the name of a callback and mistakenly think that it's being skipped, when it is not. This problem even exists in the current test suite. CallbacksTest::SkipCallbacksTest#test_skip_person attempts to skip callbacks that were never set up. This PR changes `skip_callback` to raise an `ArgumentError` if the specified callback cannot be found.
* | | | Merge pull request #19666 from mikej/masterSantiago Pastorino2015-04-061-1/+1
|\ \ \ \ | | | | | | | | | | fix missing "if" in API docs for ActionController::Parameters#permit
| * | | | fix missing "if" in API docs for ActionController::Parameters#permitMichael Josephson2015-04-061-1/+1
| | | | |
* | | | | Fix ActionPack tests after changes to missing template loggereileencodes2015-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After merging #19377 ActionPack tests were missing a require for `ActiveSupport::LogSubscriber::TestHelper` and change didn't take into account that logger could be nil. Added the require and only log to info if logger exists. This wasn't caught earlier because these tests only run after a merge.
* | | | | Merge pull request #19665 from eileencodes/fix-parse_query-method-signatureEileen M. Uchitelle2015-04-061-1/+1
|\ \ \ \ \ | |/ / / / |/| | | | Fix method signature of `parse_query` to match rack
| * | | | Fix method signature of `parse_query` to match rackeileencodes2015-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recently rack was changed to have a second argument on the `parse_query` method (in rack/rack#781). Rails relies on this and it's `parse_query` method was complaining about missing the second argument. I changed the arguments to `*` so we don't have this issue in the future.
* | | | | head no_content when there is no template or action performedStephen Bussey2015-04-051-1/+6
|/ / / /
* / / / Fix a few typos [ci skip]Robin Dupret2015-04-051-3/+3
|/ / /
* | | Freeze static arguments for gsubbrainopia2015-04-022-3/+3
| | |
* | | Prefer string patterns for gsubbrainopia2015-04-022-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/ruby/ruby/pull/579 - there is a new optimization since ruby 2.2 Previously regexp patterns were faster (since a string was converted to regexp underneath anyway). But now string patterns are faster and better reflect the purpose. Benchmark.ips do |bm| bm.report('regexp') { 'this is ::a random string'.gsub(/::/, '/') } bm.report('string') { 'this is ::a random string'.gsub('::', '/') } bm.compare! end # string: 753724.4 i/s # regexp: 501443.1 i/s - 1.50x slower
* | | Merge pull request #19544 from shuhei/fix-parameters-const-missingXavier Noria2015-03-281-1/+1
|\ \ \ | | | | | | | | Return super in ActionController::Parameters.const_missing
| * | | Return super in ActionController::Parameters.const_missingShuhei Kagawa2015-03-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation of ActionController::Parameters.const_missing returns `ActionController::Parameters.always_permitted_parameters` even if its `super` returns a constant without raising error. This prevents its subclass in a autoloading module/class from taking advantage of autoloading constants. class SomeParameters < ActionController::Parameters def do_something DefinedSomewhere.do_something end end In the code above, `DefinedSomewhere` is to be autoloaded with `Module.const_missing` but `ActionController::Parameters.const_missing` returns `always_permitted_parameters` instead of the autoloaded constant. This pull request fixes the issue respecting `const_missing`'s `super`.
* | | | Add ActiveSupport::ArrayInquirer and Array#inquiryGeorge Claghorn2015-03-241-27/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wrapping an array in an `ArrayInquirer` gives a friendlier way to check its string-like contents. For example, `request.variant` returns an `ArrayInquirer` object. To check a request's variants, you can call: request.variant.phone? request.variant.any?(:phone, :tablet) ...instead of: request.variant.include?(:phone) request.variant.any? { |v| v.in?([:phone, :tablet]) } `Array#inquiry` is a shortcut for wrapping the receiving array in an `ArrayInquirer`: pets = [:cat, :dog] pets.cat? # => true pets.ferret? # => false pets.any?(:cat, :ferret} # => true
* | | | Provide friendlier access to request variantsGeorge Claghorn2015-03-242-13/+41
|/ / / | | | | | | | | | Closes #18933.
* | | Fix ActionDispatch::PublicExceptions returning string rack statusRyan Tomayko2015-03-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The status returned in the rack [status, headers, body] array was a string, which can cause problems with middleware that assumes the status will be a Fixnum. This likely never surfaced because other middleware to_i the status returned from downstream apps before passing it on.
* | | Fix handling of empty X_FORWARDED_HOST header.adam2015-03-201-1/+1
| | | | | | | | | | | | | | | | | | Previously, an empty X_FORWARDED_HOST header would cause Actiondispatch::Http:URL.raw_host_with_port to return nil, causing Actiondispatch::Http:URL.host to raise a NoMethodError.
* | | Compare content_type with Mime::XML instead of regexpBoris Peterbarg2015-03-161-1/+1
| | | | | | | | | | | | | | | Regexp is broken for both content types including charsets and for integration tests, where the content_type is a Mime::Type and not String
* | | Merge pull request #19291 from hired/return-truthy-value-from-headRafael Mendonça França2015-03-131-0/+2
|\ \ \ | | | | | | | | Return truthy value from head method
| * | | Return true from head methodJoel Hayhurst2015-03-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | It was returning false in normal circumstances. This broke the `head :ok and return if` construct. Add appropriate test.
* | | | Merge pull request #19309 from f1sherman/dont-set-session-options-idGuillermo Iguaran2015-03-121-1/+1
|\ \ \ \ | | | | | | | | | | Use request.session.id instead of request.session_options[:id]
| * | | | Use request.session.id instead of request.session_options[:id]Brian John2015-03-121-1/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of the upgrade to Rack 1.5, request.session_options[:id] is no longer populated. Reflect this change in the tests by using request.session.id instead. Related change in Rack: https://github.com/rack/rack/commit/83a270d6
* | | | Also skip Content-Encoding and Vary header if 304Kohei Suzuki2015-03-121-3/+4
| | | |
* | | | 304 response should not include Content-Type headerKohei Suzuki2015-03-101-1/+3
|/ / / | | | | | | | | | | | | Rack::Lint raises an error saying "Content-Type header found in 304 response, not allowed".
* | | Call super last in before_setupeileencodes2015-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the reasons 4cf3b8a, 303567e, and fa63448 needed to be reverted in 7142059. The revert has been reverted and this fixes the issues caused previously. If we call `super` first we will end up nuking the session settings in the application tests that do `setup do` - so any session login or cookie settings will not be persisted thoughout the test sessions. Calling `super` last prevents `@integration_session` from getting nuked and set to nil if it's already set. Test added to prevent regression of this behavior in the future.
* | | Revert "Revert integration test refactoring that caused app test regressions"eileencodes2015-03-091-14/+10
| | | | | | | | | | | | This reverts commit 714205988315d2f98aa3e749747c44470e18676b.
* | | update integration test example as is not output deprecation warning [ci skip]yuuji.yaginuma2015-03-071-7/+8
| | |
* | | Fix documentation of url_for module [ci skip]Prathamesh Sonpatki2015-03-061-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The request needs to be instance of ActionDispatch::Request or an object that responds to host, optional_port, protocol and symbolized_path_parameter. - This documentation was correctly added in https://github.com/rails/rails/commit/e3b3f416b57f5642ea25078485f7e9394ad04526 but was changed to https://github.com/rails/rails/commit/e1ceae576e3911f3e6708b5d19a0e3ef63769eb7. - Fixes #16160.
* | | pass a config to the route setAaron Patterson2015-03-052-5/+19
| | | | | | | | | | | | | | | This way we can get the relative_url_root from the application without setting another global value
* | | Merge pull request #19215 from ↵Sean Griffin2015-03-052-4/+2
|\ \ \ | | | | | | | | | | | | | | | | gsamokovarov/revert-ruby-2-2-0-kwarg-crash-workarounds Revert work arounds for upstream Ruby 2.2.0 kwargs bug
| * | | Revert work arounds for upstream Ruby 2.2.0 kwargs bugGenadi Samokovarov2015-03-052-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bug caused a segfault and you can find more info about it at: https://bugs.ruby-lang.org/issues/10685. We did a couple of work arounds, but 2.2.1 rolled out and those aren't needed anymore. Here are the reverted commits: - Revert "Work around for upstream Ruby bug #10685", commit 707a433870e9e06af688f85a4aedc64a90791a64. - Revert "Fix segmentation fault in ActionPack tests", commit 22e0a22d5f98e162290d9820891d8191e720ad3b. I'm also bumping the Ruby version check to 2.2.1 to prevent future segfaults.
* | | | nodoc filtered_location [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
| | | |
* | | | Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
|/ / /
* | | Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
| | |
* | | Doc fix [ci skip]Sushruth Sivaramakrishnan2015-03-051-1/+1
| | |
* | | Drop request class from RouteSet constructor.Aaron Patterson2015-03-041-4/+7
| | | | | | | | | | | | | | | If you would like to use a custom request class, please subclass and implemet the `request_class` method.
* | | Tiny documentation edits [ci skip]Robin Dupret2015-03-031-1/+1
| | |
* | | Merge pull request #18775 from yasyf/issue_5122Rafael Mendonça França2015-03-032-1/+5
|\ \ \ | | | | | | | | | | | | Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`
| * | | Fallback to RAILS_RELATIVE_URL_ROOT in `url_for`.Yasyf Mohamedali2015-02-242-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) is set, it takes precedence.