aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #31289 from witlessbird/fips-compatibilityEileen M. Uchitelle2017-12-141-1/+1
|\ | | | | Initial support for running Rails on FIPS-certified systems
| * Introduced `ActiveSupport::Digest` that allows to specify hash function ↵Dmitri Dolguikh2017-12-121-1/+1
| | | | | | | | | | | | | | | | implementation and defaults to `Digest::MD5`. Replaced calls to `::Digest::MD5.hexdigest` with calls to `ActiveSupport::Digest.hexdigest`.
* | Enable `Layout/LeadingCommentSpace` to not allow cosmetic changes in the futureRyuta Kamizono2017-12-141-10/+10
| | | | | | | | Follow up of #31432.
* | Change the system tests to set Puma as default server only when the user ↵Guillermo Iguaran2017-12-091-1/+1
| | | | | | | | haven't specified manually another server.
* | Add secure `X-Download-Options` and `X-Permitted-Cross-Domain-Policies` to ↵Guillermo Iguaran2017-12-091-1/+3
| | | | | | | | default headers set.
* | Merge pull request #30780 from ↵Sean Griffin2017-12-071-0/+10
|\ \ | | | | | | | | | | | | JackMc/fix-chrome-referrer-invalidauthenticitytoken Fix issue #30658 by checking explicitly for 'null' referrer
| * | Add a better error message when a "null" Origin header occursJack McCracken2017-11-031-0/+10
| | |
* | | Add headless firefox driver to System Testsbogdanvlviv2017-12-072-3/+18
| | |
* | | Yield array from AC::Parameters#each for block with one argDominic Cleal2017-12-061-1/+1
| | | | | | | | | | | | Matches Hash#each behaviour as used in Rails 4.
* | | Add missing requireyuuji.yaginuma2017-12-051-0/+2
| | | | | | | | | | | | | | | | | | | | | Follow up of 3c442b6df91e291ebbf17f37444414bf5f10fbe6 Without this require, it will fail when run CSP test alone. Ref: https://travis-ci.org/rails/rails/jobs/311715758#L2976
* | | Fix CSP copy boolean directives (#31326)Simon Dawson2017-12-051-5/+1
| |/ |/| | | Use Object#deep_dup to safely duplicate policy values
* | Make screenshots default to "simple" formateileencodes2017-11-291-10/+6
| | | | | | | | | | | | | | | | | | Not everyone uses iTerm2 and whereas Terminal.app on a mac just ignores that and outputs the path, other terminals like those on Ubuntu do not. A friendlier default is one that works by default. Closes #31159 Closes #30957
* | Fix typo in mime type registeringGuillermo Iguaran2017-11-291-1/+1
| |
* | Restore mpeg mime type, delete less common mime typesGuillermo Iguaran2017-11-291-9/+4
| | | | | | | | See discussion in #31251
* | Register "audio/mp4" mime type with :m4a symbolGuillermo Iguaran2017-11-291-1/+1
| |
* | Register most popular audio/video/font mime types supported by modern browsersGuillermo Iguaran2017-11-281-1/+19
| |
* | Preparing for 5.2.0.beta2 releaseRafael Mendonça França2017-11-281-1/+1
| |
* | Fix optimized url helpers when using relative url rootAndrew White2017-11-281-0/+10
| | | | | | | | Fixes #31220.
* | Preparing for 5.2.0.beta1 releaseRafael Mendonça França2017-11-271-1/+1
| |
* | Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-276-0/+263
| | | | | | | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* | Merge pull request #24510 from ↵Rafael Mendonça França2017-11-252-9/+6
|\ \ | | | | | | | | | | | | | | | vipulnsward/make-variable_size_secure_compare-public Make variable_size_secure_compare public
| * | Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,Vipul A M2017-06-072-9/+6
| | | | | | | | | | | | | | | | | | | | | to make it not leak length information even for variable length string. Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, and started raising `ArgumentError` in case of length mismatch of passed strings.
* | | Merge pull request #31195 from mltsy/patch-2Vipul A M2017-11-241-1/+1
|\ \ \ | | | | | | | | Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
| * | | Fix tld_length documentationJoe Marty2017-11-211-1/+1
| | | | | | | | | | | | Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
* | | | Fix CustomUrls#direct doc formattingT.J. Schuck2017-11-221-6/+6
| | | | | | | | | | | | | | | | | | | | Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead. [ci skip]
* | | | Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-223-6/+6
|/ / / | | | | | | [ci skip]
* | | Bump RuboCop to 0.51.0Koichi ITO2017-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Summary RuboCop 0.51.0 was released. https://github.com/bbatsov/rubocop/releases/tag/v0.51.0 And rubocop-0-51 channel is available in Code Climate. https://github.com/codeclimate/codeclimate-rubocop/issues/109 This PR will bump RuboCop to 0.51.0 and fixes the following new offenses. ```console % bundle exec rubocop Inspecting 2358 files (snip) Offenses: actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. [key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')] ^^^^ activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. assert_raise(LoadError) { require 'no_this_file_don\'t_exist' } ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2358 files inspected, 2 offenses detected ```
* | | Merge pull request #31078 from aeroastro/feature/fix-typoRafael França2017-11-091-2/+2
|\ \ \ | | | | | | | | Fix typoes on ActionDispatch::HTTP::FilterParameters
| * | | Fix typo on ActionDispatc::HTTP::FilterParametersTakumasa Ochi2017-11-071-2/+2
| | | |
* | | | Merge pull request #22435 from yui-knk/fix_engine_route_testRafael Mendonça França2017-11-063-6/+15
|\ \ \ \ | | | | | | | | | | | | | | | Make `assert_recognizes` to traverse mounted engines
| * | | | Make `assert_recognizes` to traverse mounted enginesyui-knk2016-04-233-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit paths of mounted engines are not traversed when `assert_recognizes` is called, causing strange test results. This commit enable to traverse mounted paths.
* | | | | Explicitly pass window handle to `resize_window_to`yuuji.yaginuma2017-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike `resize_window`, `resize_window_to` has three arguments. https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143 Therefore, if pass only width and height just like `resize_window`, `ArgumentError`will be raised. To prevent this, explicitly pass window handler. Follow up of #31046
* | | | | Merge pull request #31055 from ↵Ryuta Kamizono2017-11-051-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | y-yagi/show_request_forgery_protection_methods_in_api_doc Show `RequestForgeryProtection` methods in api doc [ci skip]
| * | | | | Show `RequestForgeryProtection` methods in api doc [ci skip]yuuji.yaginuma2017-11-051-0/+1
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several methods of `RequestForgeryProtection` are not showed in the api doc even though `:doc:` is specified. (e.g. `form_authenticity_param`) http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html These methods are listed in the doc of v4.1. http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html This is due to the influence of `:nodoc:` added in #18102, methods after `CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc. Therefore, in order to show the method like originally, added `startdoc` after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
* | | | | Merge pull request #31046 from NARKOZ/fix-capybara-webkit-deprecationEileen M. Uchitelle2017-11-041-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Fix Capybara::Webkit::Driver#resize_window deprecation warning
| * | | | | Fix Capybara::Webkit::Driver#resize_window deprecation warningNihad Abbasov2017-11-041-1/+1
| |/ / / / | | | | | | | | | | | | | | | | | | | | >[DEPRECATION] Capybara::Webkit::Driver#resize_window is deprecated. Please use Capybara::Window#resize_to instead.
* / / / / Improve docs of ActionDispatch::Routing::Mapperbogdanvlviv2017-11-031-4/+14
|/ / / /
* | | | Merge pull request #31034 from haneru/edit-commentEileen M. Uchitelle2017-11-021-1/+1
|\ \ \ \ | | | | | | | | | | [ci skip]Fix typo in comments.
| * | | | Edited comment from request.rbhaneru2017-11-031-1/+1
| | | | |
* | | | | Prevent source line wrapping in rescue layoutDave Gynn2017-10-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Long source lines cause line wrapping in the extracted source section of the rescue handler page which can make the line numbers not match up with the source lines.
* | | | | removed unnecessary returnsShuhei Kitagawa2017-10-281-1/+1
|/ / / /
* | | | Merge pull request #31003 from y-yagi/add_load_hook_for_system_test_caseRyuta Kamizono2017-10-281-0/+2
|\ \ \ \ | | | | | | | | | | Add load hook for `ActionDispatch::SystemTestCase`
| * | | | Add load hook for `ActionDispatch::SystemTestCase`yuuji.yaginuma2017-10-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is useful to extend `SystemTestCase`. Also, since other test classes already have load hooks, should also be in `SystemTestCase`. Ref: 0510208dd1ff23baa619884c0abcae4d141fae53
* | | | | Merge pull request #31001 from eugeneius/rm_x_post_data_format_docRyuta Kamizono2017-10-281-3/+0
|\ \ \ \ \ | | | | | | | | | | | | Remove mention of X-Post-Data-Format header [ci skip]
| * | | | | Remove mention of X-Post-Data-Format header [ci skip]Eugene Kenny2017-10-281-3/+0
| |/ / / / | | | | | | | | | | | | | | | | | | | | Support for this header was removed when `actionpack-xml_parser` was extracted, and has since been dropped from the gem.
* / / / / Puma Rack handler is required by CapybaraGuillermo Iguaran2017-10-281-2/+0
|/ / / / | | | | | | | | See: https://github.com/teamcapybara/capybara/blob/7d693f068c44f6a460336da70fb6e9e5f94f3db9/lib/capybara.rb#L450
* | | | checking for nested attributes when attribute names specified to wrap them ↵Kelton Manzanares2017-10-251-6/+7
| | | | | | | | | | | | | | | | as well
* | | | Fixed functionality to include method in params_wrapper.rbRyan Perez2017-10-251-0/+7
| | | | | | | | | | | | | | | | to properly wrap all attributes, including those which are nested.
* | | | Require capybara 2.15 because we depend on the new puma integrationRafael Mendonça França2017-10-251-1/+1
| | | |
* | | | specify minimum capybara version for system testsJoe Francis2017-10-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Upgraded rails applications may have a Gemfile without a new enough capybara to run system tests. Setting a version here gives the user a more direct error message than they get otherwise. Resolves #30952