| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| | |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|\ \
| | |
| | |
| | |
| | |
| | | |
vipulnsward/make-variable_size_secure_compare-public
Make variable_size_secure_compare public
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
to make it not leak length information even for variable length string.
Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`,
and started raising `ArgumentError` in case of length mismatch of passed strings.
|
|\ \ \
| | | |
| | | | |
Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
|
| | | |
| | | |
| | | | |
Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead.
[ci skip]
|
|/ / /
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
## Summary
RuboCop 0.51.0 was released.
https://github.com/bbatsov/rubocop/releases/tag/v0.51.0
And rubocop-0-51 channel is available in Code Climate.
https://github.com/codeclimate/codeclimate-rubocop/issues/109
This PR will bump RuboCop to 0.51.0 and fixes the following new
offenses.
```console
% bundle exec rubocop
Inspecting 2358 files
(snip)
Offenses:
actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C:
Prefer double-quoted strings unless you need single quotes to avoid
extra backslashes for escaping.
[key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')]
^^^^
activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer
double-quoted strings unless you need single quotes to avoid extra
backslashes for escaping.
assert_raise(LoadError) { require 'no_this_file_don\'t_exist' }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
2358 files inspected, 2 offenses detected
```
|
|\ \ \
| | | |
| | | | |
Fix typoes on ActionDispatch::HTTP::FilterParameters
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
Make `assert_recognizes` to traverse mounted engines
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Before this commit paths of mounted engines are not traversed
when `assert_recognizes` is called, causing strange test results.
This commit enable to traverse mounted paths.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Unlike `resize_window`, `resize_window_to` has three arguments.
https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143
Therefore, if pass only width and height just like `resize_window`,
`ArgumentError`will be raised.
To prevent this, explicitly pass window handler.
Follow up of #31046
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
y-yagi/show_request_forgery_protection_methods_in_api_doc
Show `RequestForgeryProtection` methods in api doc [ci skip]
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Several methods of `RequestForgeryProtection` are not showed in the api
doc even though `:doc:` is specified.
(e.g. `form_authenticity_param`)
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
These methods are listed in the doc of v4.1.
http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html
This is due to the influence of `:nodoc:` added in #18102, methods after
`CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc.
Therefore, in order to show the method like originally, added `startdoc`
after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix Capybara::Webkit::Driver#resize_window deprecation warning
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | | |
>[DEPRECATION] Capybara::Webkit::Driver#resize_window is
deprecated. Please use Capybara::Window#resize_to instead.
|
|/ / / / |
|
|\ \ \ \
| | | | |
| | | | | |
[ci skip]Fix typo in comments.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Long source lines cause line wrapping in the extracted
source section of the rescue handler page which can make
the line numbers not match up with the source lines.
|
|/ / / / |
|
|\ \ \ \
| | | | |
| | | | | |
Add load hook for `ActionDispatch::SystemTestCase`
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is useful to extend `SystemTestCase`.
Also, since other test classes already have load hooks, should also be
in `SystemTestCase`.
Ref: 0510208dd1ff23baa619884c0abcae4d141fae53
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove mention of X-Post-Data-Format header [ci skip]
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | | |
Support for this header was removed when `actionpack-xml_parser` was
extracted, and has since been dropped from the gem.
|
|/ / / /
| | | |
| | | | |
See: https://github.com/teamcapybara/capybara/blob/7d693f068c44f6a460336da70fb6e9e5f94f3db9/lib/capybara.rb#L450
|
| | | |
| | | |
| | | |
| | | | |
as well
|
| | | |
| | | |
| | | |
| | | | |
to properly wrap all attributes, including those which are nested.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Upgraded rails applications may have a Gemfile without a new enough
capybara to run system tests. Setting a version here gives the user a
more direct error message than they get otherwise. Resolves #30952
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f,
d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`:api:` tag was removed in 5349f231 since RDoc doesn't support `:api:`
tag. But those methods are not private API, they are public API for
renderers. The renderers should be able to know that they can override
this method.
|
| | | |
| | | |
| | | |
| | | | |
`UnknownController` was added in b1999be, but it is not used anywhere.
|
|\ \ \ \
| | | | |
| | | | | |
Add headless chrome driver to System Tests
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This method added by 1008511. It is unnecessary because it is no longer called
by 19c3495.
|
|/ / / / |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When puma/puma#1403 is merged Puma will support the Early Hints status
code for sending assets before a request has finished.
While the Early Hints spec is still in draft, this PR prepares Rails to
allowing this status code.
If the proxy server supports Early Hints, it will send H2 pushes to the
client.
This PR adds a method for setting Early Hints Link headers via Rails,
and also automatically sends Early Hints if supported from the
`stylesheet_link_tag` and the `javascript_include_tag`.
Once puma supports Early Hints the `--early-hints` argument can be
passed to the server to enable this or set in the puma config with
`early_hints(true)`. Note that for Early Hints to work
in the browser the requirements are 1) a proxy that can handle H2,
and 2) HTTPS.
To start the server with Early Hints enabled pass `--early-hints` to
`rails s`.
This has been verified to work with h2o, Puma, and Rails with Chrome.
The commit adds a new option to the rails server to enable early hints
for Puma.
Early Hints spec:
https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04
[Eileen M. Uchitelle, Aaron Patterson]
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently `:api:` tag has leaked on the doc directly since RDoc doesn't
support `:api:` tag directive.
http://api.rubyonrails.org/v5.1/classes/AbstractController/Rendering.html
So `:api: private` doesn't work as expected. We are using `:nodoc:` for
the purpose.
Related #13989.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This code has been changed with https://github.com/rails/rails/pull/30735/files#diff-8e5f6b33c191ad6dec07f3288345a13fL47.
However, `active_support/time` is not load automatically, so if use
Action Pack alone, `days` method can not use and an error occurs.
In this case, I think that there is no problem by specifying a value
with Integer.
|
|\ \ \ \
| | | | |
| | | | | |
Fix formatting in ActionDispatch::SSL middleware docs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Before: https://monosnap.com/file/J6xewF0tYpm6dC9nSTe82ddsHAOcM5.png
After: https://monosnap.com/file/0tCYicLXNqRHAEMDb81u0aLb3gH9Wf.png
[ci skip]
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
mikeycgto/actiondispatch-use-aead-encrypted-cookies-patch
Fixes for use_authenticated_cookie_encryption
|