aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-276-0/+263
| | | | | | | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* | Merge pull request #24510 from ↵Rafael Mendonça França2017-11-252-9/+6
|\ \ | | | | | | | | | | | | | | | vipulnsward/make-variable_size_secure_compare-public Make variable_size_secure_compare public
| * | Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,Vipul A M2017-06-072-9/+6
| | | | | | | | | | | | | | | | | | | | | to make it not leak length information even for variable length string. Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, and started raising `ArgumentError` in case of length mismatch of passed strings.
* | | Merge pull request #31195 from mltsy/patch-2Vipul A M2017-11-241-1/+1
|\ \ \ | | | | | | | | Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
| * | | Fix tld_length documentationJoe Marty2017-11-211-1/+1
| | | | | | | | | | | | Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
* | | | Fix CustomUrls#direct doc formattingT.J. Schuck2017-11-221-6/+6
| | | | | | | | | | | | | | | | | | | | Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead. [ci skip]
* | | | Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-223-6/+6
|/ / / | | | | | | [ci skip]
* | | Bump RuboCop to 0.51.0Koichi ITO2017-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Summary RuboCop 0.51.0 was released. https://github.com/bbatsov/rubocop/releases/tag/v0.51.0 And rubocop-0-51 channel is available in Code Climate. https://github.com/codeclimate/codeclimate-rubocop/issues/109 This PR will bump RuboCop to 0.51.0 and fixes the following new offenses. ```console % bundle exec rubocop Inspecting 2358 files (snip) Offenses: actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. [key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')] ^^^^ activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. assert_raise(LoadError) { require 'no_this_file_don\'t_exist' } ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2358 files inspected, 2 offenses detected ```
* | | Merge pull request #31078 from aeroastro/feature/fix-typoRafael França2017-11-091-2/+2
|\ \ \ | | | | | | | | Fix typoes on ActionDispatch::HTTP::FilterParameters
| * | | Fix typo on ActionDispatc::HTTP::FilterParametersTakumasa Ochi2017-11-071-2/+2
| | | |
* | | | Merge pull request #22435 from yui-knk/fix_engine_route_testRafael Mendonça França2017-11-063-6/+15
|\ \ \ \ | | | | | | | | | | | | | | | Make `assert_recognizes` to traverse mounted engines
| * | | | Make `assert_recognizes` to traverse mounted enginesyui-knk2016-04-233-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit paths of mounted engines are not traversed when `assert_recognizes` is called, causing strange test results. This commit enable to traverse mounted paths.
* | | | | Explicitly pass window handle to `resize_window_to`yuuji.yaginuma2017-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike `resize_window`, `resize_window_to` has three arguments. https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143 Therefore, if pass only width and height just like `resize_window`, `ArgumentError`will be raised. To prevent this, explicitly pass window handler. Follow up of #31046
* | | | | Merge pull request #31055 from ↵Ryuta Kamizono2017-11-051-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | y-yagi/show_request_forgery_protection_methods_in_api_doc Show `RequestForgeryProtection` methods in api doc [ci skip]
| * | | | | Show `RequestForgeryProtection` methods in api doc [ci skip]yuuji.yaginuma2017-11-051-0/+1
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several methods of `RequestForgeryProtection` are not showed in the api doc even though `:doc:` is specified. (e.g. `form_authenticity_param`) http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html These methods are listed in the doc of v4.1. http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html This is due to the influence of `:nodoc:` added in #18102, methods after `CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc. Therefore, in order to show the method like originally, added `startdoc` after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
* | | | | Merge pull request #31046 from NARKOZ/fix-capybara-webkit-deprecationEileen M. Uchitelle2017-11-041-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Fix Capybara::Webkit::Driver#resize_window deprecation warning
| * | | | | Fix Capybara::Webkit::Driver#resize_window deprecation warningNihad Abbasov2017-11-041-1/+1
| |/ / / / | | | | | | | | | | | | | | | | | | | | >[DEPRECATION] Capybara::Webkit::Driver#resize_window is deprecated. Please use Capybara::Window#resize_to instead.
* / / / / Improve docs of ActionDispatch::Routing::Mapperbogdanvlviv2017-11-031-4/+14
|/ / / /
* | | | Merge pull request #31034 from haneru/edit-commentEileen M. Uchitelle2017-11-021-1/+1
|\ \ \ \ | | | | | | | | | | [ci skip]Fix typo in comments.
| * | | | Edited comment from request.rbhaneru2017-11-031-1/+1
| | | | |
* | | | | Prevent source line wrapping in rescue layoutDave Gynn2017-10-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Long source lines cause line wrapping in the extracted source section of the rescue handler page which can make the line numbers not match up with the source lines.
* | | | | removed unnecessary returnsShuhei Kitagawa2017-10-281-1/+1
|/ / / /
* | | | Merge pull request #31003 from y-yagi/add_load_hook_for_system_test_caseRyuta Kamizono2017-10-281-0/+2
|\ \ \ \ | | | | | | | | | | Add load hook for `ActionDispatch::SystemTestCase`
| * | | | Add load hook for `ActionDispatch::SystemTestCase`yuuji.yaginuma2017-10-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is useful to extend `SystemTestCase`. Also, since other test classes already have load hooks, should also be in `SystemTestCase`. Ref: 0510208dd1ff23baa619884c0abcae4d141fae53
* | | | | Merge pull request #31001 from eugeneius/rm_x_post_data_format_docRyuta Kamizono2017-10-281-3/+0
|\ \ \ \ \ | | | | | | | | | | | | Remove mention of X-Post-Data-Format header [ci skip]
| * | | | | Remove mention of X-Post-Data-Format header [ci skip]Eugene Kenny2017-10-281-3/+0
| |/ / / / | | | | | | | | | | | | | | | | | | | | Support for this header was removed when `actionpack-xml_parser` was extracted, and has since been dropped from the gem.
* / / / / Puma Rack handler is required by CapybaraGuillermo Iguaran2017-10-281-2/+0
|/ / / / | | | | | | | | See: https://github.com/teamcapybara/capybara/blob/7d693f068c44f6a460336da70fb6e9e5f94f3db9/lib/capybara.rb#L450
* | | | checking for nested attributes when attribute names specified to wrap them ↵Kelton Manzanares2017-10-251-6/+7
| | | | | | | | | | | | | | | | as well
* | | | Fixed functionality to include method in params_wrapper.rbRyan Perez2017-10-251-0/+7
| | | | | | | | | | | | | | | | to properly wrap all attributes, including those which are nested.
* | | | Require capybara 2.15 because we depend on the new puma integrationRafael Mendonça França2017-10-251-1/+1
| | | |
* | | | specify minimum capybara version for system testsJoe Francis2017-10-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Upgraded rails applications may have a Gemfile without a new enough capybara to run system tests. Setting a version here gives the user a more direct error message than they get otherwise. Resolves #30952
* | | | Change the deprecation horizon of the dynamic routes segment to 6.0Rafael Mendonça França2017-10-231-2/+2
| | | |
* | | | Remove deprecated `ActionController::ParamsParser::ParseError`Rafael Mendonça França2017-10-231-5/+0
| | | |
* | | | [Action Pack] require => require_relativeAkira Matsuda2017-10-2137-70/+70
| | | | | | | | | | | | | | | | | | | | This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f, d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
* | | | Keep `:api: plugin` methods in the doc [ci skip]Ryuta Kamizono2017-10-202-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `:api:` tag was removed in 5349f231 since RDoc doesn't support `:api:` tag. But those methods are not private API, they are public API for renderers. The renderers should be able to know that they can override this method.
* | | | Remove unused `UnknownController` classyuuji.yaginuma2017-10-181-3/+0
| | | | | | | | | | | | | | | | `UnknownController` was added in b1999be, but it is not used anywhere.
* | | | Merge pull request #30876 from y-yagi/selenium_chrome_headlessEileen M. Uchitelle2017-10-172-1/+19
|\ \ \ \ | | | | | | | | | | Add headless chrome driver to System Tests
| * | | | Add headless chrome driver to System Testsyuuji.yaginuma2017-10-172-1/+19
| | | | |
* | | | | Remove unused `before_filters`yuuji.yaginuma2017-10-151-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | This method added by 1008511. It is unnecessary because it is no longer called by 19c3495.
* | | | | [ci skip]Enable link to ActionDispatch::Integration::Session#process in rdocwillnet2017-10-121-12/+12
|/ / / /
* | | | Fix some typos.Mike Boone2017-10-101-1/+1
| | | |
* | | | Add allow_other_host option to redirect_back methodTim Masliuchenko2017-10-101-7/+16
| | | |
* | | | Exception message for SystemTestCase#get etc..yalab2017-10-081-1/+1
| | | |
* | | | Implement H2 Early Hints for Railseileencodes2017-10-041-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When puma/puma#1403 is merged Puma will support the Early Hints status code for sending assets before a request has finished. While the Early Hints spec is still in draft, this PR prepares Rails to allowing this status code. If the proxy server supports Early Hints, it will send H2 pushes to the client. This PR adds a method for setting Early Hints Link headers via Rails, and also automatically sends Early Hints if supported from the `stylesheet_link_tag` and the `javascript_include_tag`. Once puma supports Early Hints the `--early-hints` argument can be passed to the server to enable this or set in the puma config with `early_hints(true)`. Note that for Early Hints to work in the browser the requirements are 1) a proxy that can handle H2, and 2) HTTPS. To start the server with Early Hints enabled pass `--early-hints` to `rails s`. This has been verified to work with h2o, Puma, and Rails with Chrome. The commit adds a new option to the rails server to enable early hints for Puma. Early Hints spec: https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04 [Eileen M. Uchitelle, Aaron Patterson]
* | | | Make internal methods in `AbstractController::Rendering` to privateRyuta Kamizono2017-10-021-0/+1
| | | |
* | | | Remove `:api:` tag that has leaked on the doc directly [ci skip]Ryuta Kamizono2017-09-303-19/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently `:api:` tag has leaked on the doc directly since RDoc doesn't support `:api:` tag directive. http://api.rubyonrails.org/v5.1/classes/AbstractController/Rendering.html So `:api: private` doesn't work as expected. We are using `:nodoc:` for the purpose. Related #13989.
* | | | Don't use Active Support where it is not needed.yuuji.yaginuma2017-09-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This code has been changed with https://github.com/rails/rails/pull/30735/files#diff-8e5f6b33c191ad6dec07f3288345a13fL47. However, `active_support/time` is not load automatically, so if use Action Pack alone, `days` method can not use and an error occurs. In this case, I think that there is no problem by specifying a value with Integer.
* | | | Merge pull request #30735 from tjschuck/fix_doc_code_formattingEileen M. Uchitelle2017-09-291-33/+38
|\ \ \ \ | | | | | | | | | | Fix formatting in ActionDispatch::SSL middleware docs
| * | | | Fix formatting in ActionDispatch::SSL middleware docsT.J. Schuck2017-09-271-33/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before: https://monosnap.com/file/J6xewF0tYpm6dC9nSTe82ddsHAOcM5.png After: https://monosnap.com/file/0tCYicLXNqRHAEMDb81u0aLb3gH9Wf.png [ci skip]
* | | | | Merge pull request #30709 from ↵Kasper Timm Hansen2017-09-281-3/+10
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | mikeycgto/actiondispatch-use-aead-encrypted-cookies-patch Fixes for use_authenticated_cookie_encryption