aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | Deprecate `request_via_redirect` method.Prathamesh Sonpatki2016-04-241-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Followup of https://github.com/rails/rails/issues/18693. - I think we missed deprecating `request_via_redirect` in that pull request. - Originally requested by DHH here https://github.com/rails/rails/issues/18333.
* | | | | Merge pull request #24697 from tomkadwill/action_pack_typos_2Vipul A M2016-04-234-10/+10
|\ \ \ \ \ | |/ / / / |/| | | | Actionpack documentation typos [ci skip]
| * | | | Actionpack documentation typos [ci skip]Tom Kadwill2016-04-234-10/+10
| | |/ / | |/| |
* | | | Merge pull request #24669 from tomkadwill/action_pack_typosVipul A M2016-04-222-11/+10
|\ \ \ \ | | | | | | | | | | Actioncable and Actionpack documentation typos [ci skip]
| * | | | Actioncable and Actionpack documentation typos [ci skip]Tom Kadwill2016-04-212-11/+10
| |/ / /
* / / / Fix ApplicationController.renderer.defaults.merge!Jon Moss2016-04-201-1/+1
|/ / / | | | | | | | | | | | | | | | | | | Previously, users were trying to modify a frozen Hash. Includes a regression test :) Fixes #22975
* | | Merge pull request #24031 from ↵Jeremy Daer2016-04-191-2/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-031-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | Update send_data documentation [ci skip]Anton Rieder2016-04-191-1/+1
| | | | | | | | | | | | Add missing period after sentence.
* | | | Filter scalar values when params permit hashes or arraysSean Griffin2016-04-151-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`
* | | | Merge pull request #24318 from bogdanvlviv/patch-1Rafael Mendonça França2016-04-121-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | extension synonyms yml and yaml
| * | | | extension synonyms yml and yamlBogdan2016-03-271-1/+1
| | | | |
* | | | | Merge pull request #24504 from nickmalcolm/masterVipul A M2016-04-121-1/+6
|\ \ \ \ \ | | | | | | | | | | | | Encourage best practice in the HTTP Token authentication example code
| * | | | | [ci skip] This modifies the HTTP Token authentication example's ↵Nick Malcolm2016-04-121-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | `authenticate` method, to use the `secure_compare` method with two constant-length strings. This defends against timing attacks, and is best practice. Using `==` for sensitive actions is not recommended, and this was the source of a CVE fixed in October 2015: https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbda
* | | | | | Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-124-5/+5
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - we are ending sentences properly - fixing of space issues - fixed continuity issues in some sentences. Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 . This change reverts making sure we add '.' at end of deprecation sentences. This is to keep sentences within Rails itself consistent and with a '.' at the end.
* | | | | quick edits on the AC::API RDoc [ci skip]Xavier Noria2016-04-051-19/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular, the fact that ApplicationController is the only one inheriting from AC::API is not a default. You could say at most that generators generate them that way, but the creation of controllers is something which is out of our control because programmers write controllers by hand. Instead, we can say that normally, conventionally, as in the majority of Rails apps, that is the actually the case.
* | | | | Fixes #24239Ryan T. Hosford2016-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | - skip calling helper_method if it's not there: if we don't have helpers, we needn't define one. - tests that an api controller can include and use ActionController::Cookies
* | | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-04-031-0/+7
|\ \ \ \ \
| * | | | | [ci skip] Fix example of ActionController::Parameters#to_unsafe_hPrathamesh Sonpatki2016-03-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | - Added missing `"`.
| * | | | | Add example for ActionController::Parameters#to_unsafe_hGaurish Sharma2016-03-121-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | [ci-skip]
* | | | | | Grammar fixes based on pass over ETag doc changesVipul A M2016-04-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | Grammer fix in comment: capitalize first word in sentence [ci skip].utilum2016-04-021-1/+1
| | | | | |
* | | | | | Strong ETag validatorsJeremy Daer2016-03-312-28/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | | | | Fix deprecation warning for ParamsParser instance :smile:Prathamesh Sonpatki2016-03-301-1/+1
| | | | | |
* | | | | | Deprecate ActionDispatch::ParamsParser instance.Rafael Mendonça França2016-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related with 38d2bf5fd1f3e014f2397898d371c339baa627b1. cc @tenderlove
* | | | | | Fix typo in headers commentGrey Baker2016-03-291-1/+1
| |/ / / / |/| | | |
* | | | | Merge pull request #24037 from ↵Jeremy Daer2016-03-231-53/+34
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | jeremy/implicit-render-raises-on-browser-GET-requests-only Are you missing that template or did you omit it on purpose?
| * | | | | Refinement of our "are you missing a template or did you omit it on ↵Jeremy Daer2016-03-031-53/+34
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | purpose?" heuristics Narrows the "are you in a browser, viewing the page?" check to exclude non-GET requests. Allows content-less APIs to use implicit responses without having to set a fake request format. This will need further attention. If you forget to redirect from a POST to a GET, you'll get a 204 No Content response that browsers will typically treat as… do nothing. It'll seem like the form just didn't work and knowing where to start debugging is non-obvious. On the flip side, redirecting from POST and others is the default, done everywhere, so it's less likely to be removed or otherwise missed. Alternatives are to do more explicit browser sniffing. Ref #23827.
* | | | | Fix typo for redirect_backArkadiusz Fal2016-03-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | indetical -> identical [skip ci]
* | | | | Fix request.reset_session for API controllersJon Moss2016-03-192-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* | | | | Add explanation about accepts_nested_attributes_for keys in the strong ↵Bart de Water2016-03-121-2/+3
| | | | | | | | | | | | | | | | | | | | parameters documentation [skip ci]
* | | | | Break up a circular require between AP/AVSean Griffin2016-03-113-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now referencing the constant `AbstractController::Rendering` causes `ActionView::Base` to be loaded, and thus the load hooks for action_view are run. If that load hook references any part of action view that then references action controller (such as `ActionView::TestCase`), the constant `AbstractController::Rendering` will attempt to be autoloaded and blow up. With this change, `ActionView::LoadPaths` no longer requires `ActionView::Base` (which it had no reason to require). There was a needed class from `AbstractController::Base` in the Rendering module, which I've moved into its own file so we don't need to load all of `AbstractController::Base` there. This commit fixes https://github.com/rails/rails-controller-testing/issues/21
* | | | | Use the most highest priority exception handler when cause is setSean Griffin2016-03-111-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was some subtle breakage caused by #18774, when we removed `#original_exception` in favor of `#cause`. However, `#cause` is automatically set by Ruby when raising an exception from a rescue block. With this change, we will use whichever handler has the highest priority (whichever call to `rescue_from` came last). In cases where the outer has lower precidence than the cause, but the outer is what should be handled, cause will need to be explicitly unset. Fixes #23925
* | | | | Merge pull request #22854 from jcoyne/missing_templateSean Griffin2016-03-111-1/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | Default rendering behavior if respond_to collector doesn't have a block.
| * | | | | Render default template if block doesn't renderJustin Coyne2016-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a `respond_to` collector doesn't have a response, then a `:no_content` response should be rendered. This brings the default rendering behavior introduced by https://github.com/rails/rails/issues/19036 to controller methods employing `respond_to`
* | | | | | [skip ci] Reorder paragraphsDamir2016-03-101-3/+3
| | | | | | | | | | | | | | | | | | The previous order made sense [when `match` was used twice to point to two different actions](https://github.com/rails/rails/commit/7305ef842b675bf965f063de681a96294577fb84). In this case the note was misleading as posting to `/posts/:id` would still route to `show` action.
* | | | | | add return values to example [ci skip]yuuji.yaginuma2016-03-101-1/+1
| | | | | |
* | | | | | Add `ActionController::Parameters#dig`Sean Griffin2016-03-091-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method will only be added when used with Ruby 2.3.0 or greater. This method has the same behavior as `Hash#dig`, except it will convert hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
* | | | | | Pass headers through to payload for logging.Gareth du Plooy2016-03-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
* | | | | | extract ActionDispatch::IntegrationTest::BehaviorScott Bronson2016-03-071-22/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to 176fbfd6, this makes it possible for other test frameworks to hook into Rails integration test facilities.
* | | | | | Merge pull request #24086 from yui-knk/do_not_ad_integration_test_classYves Senn2016-03-071-0/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | Prevent not-intended loading of `ActionDispatch::IntegrationTest`
| * | | | | | Prevent not-intended loading of `ActionDispatch::IntegrationTest`yui-knk2016-03-071-0/+2
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After 9d378747326d26cf1afdac4433ead22967af0984 `ActionDispatch::IntegrationTest` class is loaded and defined in all Rails environments, not only test but also production. This is not-intended loading of a class which is only used in test environment. To prevent not-intended loading, add `ActiveSupport.run_load_hooks` to `ActionDispatch::IntegrationTest` with `action_dispatch_integration_test` name and use it in `ActionMailer`.
* | | | | | Merge pull request #24091 from mcfiredrill/fix-helper-method-docsRafael França2016-03-071-1/+2
|\ \ \ \ \ \ | |/ / / / / |/| | | | | clarify that helper_method makes both methods available in the view [ci skip]
| * | | | | clarify that helper_method makes both methods available in the viewTony Miller2016-03-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's probably obvious to most, but clarify that `:helper_method` will make both of these methods available to the view.
* | | | | | Remove http_cache_forever's version parameterJean Boussier2016-03-051-4/+2
| |_|/ / / |/| | | |
* | | | | [ci skip] Fix constrain_to documentation.Kasper Timm Hansen2016-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Forgot to update the documentation on the line just above the one I was changing in 4933132. Well done, Kasper :+1:
* | | | | Rename constrain_to to exclude.Kasper Timm Hansen2016-03-031-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some. The `constrain_to` option inverts this, so it sounds like the middleware only handles a few requests, rather than the majority with a few routes to opt out of the redirect. Renaming to `exclude` matches this intent more closely.
* | | | | Merge pull request #24027 from mechanicles/a-to-anXavier Noria2016-03-034-7/+7
|\ \ \ \ \ | |_|_|/ / |/| | | | Change 'a HTTP' to 'an HTTP' [ci skip]
| * | | | Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-034-7/+7
| | | | |
* | | | | Niceify the dynamic routes deprecation messagesJon Atack2016-03-031-2/+8
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up to #23980. - Fix grammar: "be remove" -> "be removed". - Wrap lines at 80 chars. Lurvely ;-)