aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-0/+1
| | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
* Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-2/+2
| | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* Removed single space padding from empty response body.Godfrey Chan2014-07-101-6/+2
| | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into ↵Aaron Patterson2014-07-101-1/+1
|\ | | | | | | | | | | | | | | | | | | gcampbell-rosetta_flash * 'rosetta_flash' of https://github.com/gcampbell/rails: Address CVE-2014-4671 (JSONP Flash exploit) Conflicts: actionpack/CHANGELOG.md
| * Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-091-1/+1
| | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | Force encoding of US-ASCII to UTF-8 in unescape_uri.Karl Entwistle2014-07-101-5/+7
| | | | | | | | | | | | | | | | | | Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104.
* | Merge pull request #16091 from tgxworld/reduce_creation_of_subscribersSantiago Pastorino2014-07-091-17/+13
|\ \ | |/ |/| Reduce number of subscriptions created.
| * Reduce number of subscriptions created.Guo Xiang Tan2014-07-081-17/+13
| |
* | Fix weird comment. [CI SKIP]Guo Xiang Tan2014-07-091-2/+2
| |
* | Merge pull request #13999 from jamox/update_rackAaron Patterson2014-07-082-12/+11
|\ \ | |/ |/| This updates rails to use edge rack
| * Since upgrading rack we can remove unnecessary string encodingsJarmo Isotalo2014-05-191-9/+2
| | | | | | | | https://github.com/rack/rack/commit/5a5aee36
| * Upgraded rackJarmo Isotalo2014-05-191-3/+9
| | | | | | | | | | | | | | | | As Rack has some non backwards compatible changes added required modifications to keep behaviour in rails close to same as before. Also modified generators to include rack/rack for not yet released version of rack
* | remove the mounted_helpers respond_to checkAaron Patterson2014-07-071-1/+1
| | | | | | | | It always responds to mounted_helpers now
* | always test against a routed rack app so there are always url_helpersAaron Patterson2014-07-071-1/+1
| |
* | Generate shallow paths for all children of shallow resources.Seb Jacobs2014-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit shallow resources would only generate paths for non-direct children (with a nested depth greater than 1). Take the following routes file. resources :blogs do resources :posts, shallow: true do resources :comments do resources :tags end end end This would generate shallow paths for `tags` nested under `posts`, e.g `/posts/:id/tags/`, however it would not generate shallow paths for `comments` nested under `posts`, e.g `/posts/:id/comments/new`. This commit changes the behaviour of the route mapper so that it generate paths for direct children of shallow resources, for example if you take the previous routes file, this will now generate shallow paths for `comments` nested under `posts`, .e.g `posts/:id/comments/new`. This was the behaviour in Rails `4.0.4` however this was broken in @jcoglan's fix for another routes related issue[1]. This also fixes an issue[2] reported by @smdern. [1] https://github.com/rails/rails/commit/d0e5963 [2] https://github.com/rails/rails/issues/15783
* | Merge pull request #16013 from tgxworld/remove_symbolized_path_parametersRafael Mendonça França2014-07-043-5/+5
|\ \ | | | | | | Remove symbolized_path_parameters.
| * | Remove symbolized_path_parameters.Guo Xiang Tan2014-07-023-5/+5
| | | | | | | | | | | | This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
* | | Merge pull request #16011 from xjlu/token_and_optionsRafael Mendonça França2014-07-041-1/+1
|\ \ \ | | | | | | | | Improve token_and_options regex and test
| * | | Improve token_and_options regex and testXinjiang Lu2014-07-011-1/+1
| | | | | | | | | | | | | | | | add a test case to test the regex for the helper method raw_params
* | | | [ci skip] /javascript/ -> JavaScript - cover whole appAkshay Vishnoi2014-07-041-1/+1
| | | |
* | | | Change the JSON renderer to enforce the 'JS' Content TypeLucas Mazza2014-07-021-1/+4
| |/ / |/| | | | | | | | | | | | | | | | | The controller can set the response format as 'JSON' before the renderer code be evaluated, so we must replace it when necessary. Fixes #15081
* | | flash doesn't pass objects #15522 [ci skip]Nishant Modak2014-07-011-3/+6
|/ /
* | makes it sound less misleadingShunsukeAida2014-07-021-2/+2
| |
* | Fix doc unwanted dl Admin:: [ci skip]Ciro Santilli2014-07-011-1/+1
| |
* | push host / port / protocol extraction upAaron Patterson2014-06-301-6/+6
| | | | | | | | Then we only need to extract host once.
* | Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-272-5/+24
|\ \ | | | | | | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
| * | Improvements per code review.Rafael Chacón2014-06-271-4/+3
| | | | | | | | | | | | | | | | | | * General style fixes. * Add changes to configuration guide. * Add missing tests.
| * | Add always_permitted_parameters as an option.Rafael Chacón2014-06-262-5/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | * This commit adds back the always_permitted_parameters configuration option to strong paramaters. * The initial pull requests where this feature was added are the following: - https://github.com/rails/rails/pull/12682 - https://github.com/rails/strong_parameters/pull/174
* | | Merge pull request #15836 from DNNX/router-swap-select-sortRafael Mendonça França2014-06-241-1/+2
|\ \ \ | | | | | | | | Replace x.sort_by!.select! with x.select!.sort_by!
| * | | Replace x.sort_by!.select! with x.select!.sort_by!Viktar Basharymau2014-06-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latter has the same speed as the former in the worst case and faster in general, because it is always better to sort less items. Unfortunately, `routes.select!{...}.sort_by!{...}` is not possible here because `select!` returns `nil`, so select! and sort! must be done in two steps.
* | | | `:nodoc: all` does not remove the constants from the API. [ci skip]Yves Senn2014-06-241-1/+1
|/ / / | | | | | | | | | | | | Need to add individual `:nodoc:` for nested classes / modules to completely remove the constants from the API.
* | | Merge pull request #15537 from tgxworld/fix_state_leakMatthew Draper2014-06-201-1/+0
|\ \ \ | | | | | | | | Fix state leak.
| * | | Prevent state leak.Guo Xiang Tan2014-06-051-1/+0
| | | |
* | | | add both branches to the only_path conditionalAaron Patterson2014-06-191-6/+6
| | | |
* | | | Relpace `=~ Regexp.new str` with `.include? str` in AC::Base#_valid_action_name?Viktar Basharymau2014-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because it is more natural way to test substring inclusion. Also, in this particular case it is much faster. In general, using `Regexp.new str` for such kind of things is dangerous. The string must be escaped, unless you know what you're doing. Example: Regexp.new "\\" # HELLO WINDOWS # RegexpError: too short escape sequence: /\/ The right way to do this is escape the string Regexp.new Regexp.escape "\\" # => /\\/ Here is the benchmark showing how faster `include?` call is. ``` require 'benchmark/ips' Benchmark.ips do |x| x.report('include?') { !"index".to_s.include? File::SEPARATOR } x.report(' !~ ') { "index" !~ Regexp.new(File::SEPARATOR) } end __END__ Calculating ------------------------------------- include? 75754 i/100ms !~ 21089 i/100ms ------------------------------------------------- include? 3172882.3 (±4.5%) i/s - 15832586 in 5.000659s !~ 322918.8 (±8.6%) i/s - 1602764 in 4.999509s ``` Extra `.to_s` call is needed to handle the case when `action_name` is `nil`. If it is omitted, some tests fail.
* | | | [ci skip] /javascript/ ~> JavaScriptAditya Kapoor2014-06-171-3/+3
| | | |
* | | | Merge pull request #15744 from mmozuras/special_keys_setYves Senn2014-06-161-1/+1
|\ \ \ \ | | | | | | | | | | Change Http::Cache::SPECIAL_KEYS from Array to Set
| * | | | Change Http::Cache::SPECIAL_KEYS from Array to SetMindaugas Mozūras2014-06-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Slightly improves performance, for example, a simple benchmark: ```ruby require 'benchmark/ips' require 'set' SPECIAL_KEYS = %w[extras no-cache max-age public must-revalidate] SPECIAL_KEYS_SET = Set.new(SPECIAL_KEYS) directive = 'must-revalidate' Benchmark.ips do |x| x.report('array') { SPECIAL_KEYS.include?(directive) } x.report('set') { SPECIAL_KEYS_SET.include?(directive) } end ``` Output: ``` ------------------------------------- array 67926 i/100ms set 74054 i/100ms ------------------------------------- array 2318423.4 (±2.8%) i/s - 11615346 in 5.014899s set 3387981.8 (±4.7%) i/s - 16958366 in 5.019355s ```
* | | | | Merge pull request #15743 from tgxworld/remove_unused_parametersYves Senn2014-06-161-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Remove unused parameter.
| * | | | | Remove unused parameter.Guo Xiang Tan2014-06-151-1/+1
| |/ / / /
* / / / / Remove unused param 'separators' from RouteSet#build_pathMindaugas Mozūras2014-06-151-2/+2
|/ / / /
* | | | Fix request's path_info when a rack app mounted at '/'.Larry Lv2014-06-141-0/+1
| | | | | | | | | | | | | | | | Fixes issue #15511.
* | | | Merge pull request #15692 from sromano/falseClassMatthew Draper2014-06-141-1/+6
|\ \ \ \ | | | | | | | | | | | | | | | ActionController::Parameters#require now accepts FalseClass values
| * | | | ActionController::Parameters#require now accepts FalseClass valuesSergio Romano2014-06-131-0/+1
|/ / / / | | | | | | | | | | | | Fixes #15685.
* | | | Merge pull request #15682 from tgxworld/controller_test_processRafael Mendonça França2014-06-131-2/+5
|\ \ \ \ | | | | | | | | | | Set flash in test session when necessary.
| * | | | Set flash in test session when necessary.Guo Xiang Tan2014-06-121-2/+5
| | | | | | | | | | | | | | | | | | | | `to_session_value` returns nil when empty.
* | | | | Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-2/+2
| | | | |
* | | | | Set the status before of setting the response bodyGuillermo Iguaran2014-06-131-2/+2
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | The 401 status should be set first because setting the response body in a live controller also closes the response to further changes. Fixes #14229.
* | | | only check named_host? once in normalize_hostAaron Patterson2014-06-121-3/+7
| | | |
* | | | lookup subdomain from the options hash once, defaulting to trueAaron Patterson2014-06-121-2/+2
| | | | | | | | | | | | | | | | | | | | if the subdomain wasn't specified, it's the same as if specifying :subdomain as `true`, so we can default the value to `true` safely.