aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Deprecate :controller and :action path parametersAndrew White2016-03-011-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | | | Don't reference Rails.application from inside a componentMatthew Draper2016-03-022-10/+8
| | | |
* | | | Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-026-81/+59
|/ / / | | | | | | | | | | | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* | | Merge pull request #23963 from gsamokovarov/exception-wrapper-no-ac-requireKasper Timm Hansen2016-02-291-1/+0
|\ \ \ | | | | | | | | Drop Action Controller require in ActionDispatch::ExceptionWrapper
| * | | Drop Action Controller require in ActionDispatch::ExceptionWrapperGenadi Samokovarov2016-02-291-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We only reference the Action Controller error classes by name in ActionDispatch::ExceptionWrapper, so there is no need to explicitly require them. It drops a tiny coupling between Action Dispatch and Action Controller, so it makes me feel warm inside. We still have a lot of others AC requires in the AD code base, but here, we can save it. [ci skip]
* | | | Add documentation for #13897 [skip ci]Bart de Water2016-02-291-3/+9
|/ / /
* | | add `constraint_to` option to SSL middlewareGreg Molnar2016-02-281-2/+6
| | |
* | | :nail_care:Rafael Mendonça França2016-02-251-2/+2
| | |
* | | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-251-1/+12
|\ \ \ | | | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | | Update documentation and deprecation messagePrathamesh Sonpatki2016-02-251-3/+3
| | | |
| * | | Added deprecation for older appsPrathamesh Sonpatki2016-02-251-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - For old apps which are not setting any value for hsts[:subdomains], a deprecation warning will be shown saying that hsts[:subdomains] will be turned on by default in Rails 5.1. Currently it will be set to false for backward compatibility. - Adjusted tests to reflect this change.
| * | | HSTS without IncludeSubdomains is often uselessEgor Homakov2016-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Because if you forget to add Secure; to the session cookie, it will leak to http:// subdomain in some cases 2) Because http:// subdomain can Cookie Bomb/cookie force main domain or be used for phishing. That's why *by default* it must include subdomains as it's much more common scenario. Very few websites *intend* to leave their blog.app.com working over http:// while having everything else encrypted. Yes, many developers forget to add subdomains=true by default, believe me :)
* | | | Revert "Merge pull request #20851 from tomprats/indifferent-sessions"Matthew Draper2016-02-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39. This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
* | | | Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-262-9/+15
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* | | Additional review of 6b31761.Kasper Timm Hansen2016-02-251-1/+1
| | | | | | | | | | | | | | | * Fixes typos in error message and release notes. * Removes unused template test file.
* | | Lock down new `ImplicitRender` behavior for 5.0 RCGodfrey Chan2016-02-252-18/+75
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Conceptually revert #20276 The feature was implemented for the `responders` gem. In the end, they did not need that feature, and have found a better fix (see plataformatec/responders#131). `ImplicitRender` is the place where Rails specifies our default policies for the case where the user did not explicitly tell us what to render, essentially describing a set of heuristics. If the gem (or the user) knows exactly what they want, they could just perform the correct `render` to avoid falling through to here, as `responders` did (the user called `respond_with`). Reverting the patch allows us to avoid exploding the complexity and defining “the fallback for a fallback” policies. 2. `respond_to` and templates are considered exhaustive enumerations If the user specified a list of formats/variants in a `respond_to` block, anything that is not explicitly included should result in an `UnknownFormat` error (which is then caught upstream to mean “406 Not Acceptable” by default). This is already how it works before this commit. Same goes for templates – if the user defined a set of templates (usually in the file system), that set is now considered exhaustive, which means that “missing” templates are considered `UnknownFormat` errors (406). 3. To keep API endpoints simple, the implicit render behavior for actions with no templates defined at all (regardless of formats, locales, variants, etc) are defaulted to “204 No Content”. This is a strictly narrower version of the feature landed in #19036 and #19377. 4. To avoid confusion when interacting in the browser, these actions will raise an `UnknownFormat` error for “interactive” requests instead. (The precise definition of “interactive” requests might change – the spirit here is to give helpful messages and avoid confusions.) Closes #20666, #23062, #23077, #23564 [Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
* | [ci skip] Replace usage of rake routes with rails routesAbhishek Jain2016-02-252-2/+2
| |
* | Prep release for Rails 5 beta3eileencodes2016-02-241-1/+1
| |
* | Show permitted flag in the output of AC::Parameters#inspectPrathamesh Sonpatki2016-02-241-1/+1
| | | | | | | | - Fixes #23822.
* | Merge pull request #20851 from tomprats/indifferent-sessionsRafael Mendonça França2016-02-242-17/+11
|\ \ | | | | | | | | | Give Sessions Indifferent Access
| * | Update Session to utilize indiffernt accessTom Prats2016-01-302-15/+9
| | |
| * | Update session to have indifferent accessTom Prats2016-01-291-2/+2
| | |
* | | Merge branch 'actionmailer-cache'Rafael Mendonça França2016-02-245-69/+87
|\ \ \ | | | | | | | | | | | | | | | | | | | | This is a rebased version of #22825. Closes #22825.
| * | | Move private methods to the private visibilityRafael Mendonça França2016-02-241-10/+12
| | | |
| * | | Move Caching module to Abstract ControllerRafael Mendonça França2016-02-235-14/+18
| | | | | | | | | | | | | | | | | | | | | | | | Abstract Controller is the common component between Action Mailer and Action Controller so if we need to share the caching component it need to be there.
| * | | Remove unnecessarily included modules in ActionController::CachingStan Lo2016-02-231-1/+0
| | | |
| * | | Move ActionMailer::Caching's content into ActionMailer::Base instead of ↵Stan Lo2016-02-231-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | including it Remove useless helper in ActionDispatch::Caching and fix indentation
| * | | Make caching configuration more flexibleStan Lo2016-02-232-7/+14
| | | |
| * | | Move most caching methods to ActionDispatch::Caching, and let ActionMailer ↵Stan Lo2016-02-232-54/+64
| | | | | | | | | | | | | | | | and ActionController to include it
| * | | Move caching/fragments in ActionMailer and ActionController to ↵Stan Lo2016-02-232-6/+3
| | | | | | | | | | | | | | | | action_dispatch/caching/fragments
* | | | Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+4
|/ / / | | | | | | | | | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* | | Add `internal` attribute to routesJon Moss2016-02-223-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to provide a way for Action Cable, Sprockets, and possibly other Rack applications to mark themselves as internal, and to exclude themselves from the routing inspector, and thus `rails routes` / `rake routes`. I think this is the only way to have mounted Rack apps be marked as internal, within AD/Journey. Another option would be to create an array of regexes for internal apps, and then to iterate over that everytime a request comes through. Also, I only had the first `add_route` method set `internal`'s default to false, to avoid littering it all over the codebase.
* | | Transform the mime object to symbol when registering the parsersRafael Mendonça França2016-02-222-4/+14
| | | | | | | | | | | | | | | This will keep our current API working without having the users to change their codebases.
* | | Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-222-4/+4
| | | | | | | | | | | | | | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* | | Fix typographical errorGustavo Villa2016-02-221-1/+1
| | |
* | | Merge pull request #23682 from ShikChen/fast_strxorSantiago Pastorino2016-02-211-1/+2
|\ \ \ | | | | | | | | Improve the performance of string xor operation
| * | | Improve the performance of string xor operationshik2016-02-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use `each_byte` instead of `bytes` to speed up string xor operation and reduce object allocations. Inspired by commit 02c3867882d6d23b10df262a6db5f937ca69fb53. ``` ruby require 'benchmark/ips' require 'allocation_tracer' a = 32.times.map { rand(256) }.pack('C*') b = 32.times.map { rand(256) }.pack('C*') def xor_byte_strings1(s1, s2) s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*') end def xor_byte_strings2(s1, s2) s2_bytes = s2.bytes s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*') end def xor_byte_strings3(s1, s2) s2_bytes = s2.bytes s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 } s2_bytes.pack('C*') end fail if xor_byte_strings1(a, b) != xor_byte_strings2(a, b) fail if xor_byte_strings1(a, b) != xor_byte_strings3(a, b) Benchmark.ips do |x| x.report('xor_byte_strings1') { xor_byte_strings1(a, b) } x.report('xor_byte_strings2') { xor_byte_strings2(a, b) } x.report('xor_byte_strings3') { xor_byte_strings3(a, b) } x.compare! end Tracer = ObjectSpace::AllocationTracer Tracer.setup(%i{type}) p xor_byte_strings1: Tracer.trace { xor_byte_strings1(a, b) } p xor_byte_strings2: Tracer.trace { xor_byte_strings2(a, b) } p xor_byte_strings3: Tracer.trace { xor_byte_strings3(a, b) } ``` ``` Warming up -------------------------------------- xor_byte_strings1 10.668k i/100ms xor_byte_strings2 11.814k i/100ms xor_byte_strings3 13.139k i/100ms Calculating ------------------------------------- xor_byte_strings1 116.667k (± 3.1%) i/s - 586.740k xor_byte_strings2 129.932k (± 4.3%) i/s - 649.770k xor_byte_strings3 142.506k (± 4.2%) i/s - 722.645k Comparison: xor_byte_strings3: 142506.3 i/s xor_byte_strings2: 129932.4 i/s - 1.10x slower xor_byte_strings1: 116666.8 i/s - 1.22x slower {:xor_byte_strings1=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} {:xor_byte_strings3=>{[:T_ARRAY]=>[1, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}} ```
* | | | Deprecate AC::Parameters#== with a HashBenjamin Quorning2016-02-191-9/+14
| | | |
* | | | Fix AC::Parameters#== with other AC::ParametersBenjamin Quorning2016-02-191-3/+4
| | | | | | | | | | | | | | | | Creating a protected getter method for `@parameters`.
* | | | fields_for_style needs to test for AC::ParametersAaron Patterson2016-02-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While iterating an AC::Parameters object, the object will mutate itself and stick AC::Parameters objects where there used to be hashes: https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632 If you use `permit` after this iteration, the `fields_for_style` method wouldn't return true because the child objects are now AC::Parameters objects rather than Hashes. fixes #23701
* | | | partially revert 69009f4473637a44ade26d954ef5ddea6ff903f2Aaron Patterson2016-02-171-4/+1
| | | | | | | | | | | | | | | | | | | | we need to continue setting the body on the request object because of Fiber based streaming templates. Fixes #23659
* | | | Implement ActionController::Parameters#inspectBenjamin Quorning2016-02-171-1/+5
| | | | | | | | | | | | | | | | Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
* | | | Merge pull request #23729 from maclover7/rm-unused-journeyRafael França2016-02-172-8/+0
|\ \ \ \ | | | | | | | | | | Remove unused Journey code
| * | | | Remove unused Journey codeJon Moss2016-02-172-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - `VERSION` shouldn't be there anymore since Journey is technically part of Action Dispatch now (and thus Action Pack, and follows the normal Rails versioning scheme) - `backwards.rb` was only in the file tree because early in the history or Journey (back in 2011!), it was moved from under the Rack namespace, to its own namespace, Journey! This file is no longer required, and is assigning constants that are no longer needed.
* | | | | Merge pull request #23712 from ↵Rafael França2016-02-171-1/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | bf4/incorrect_to_accept_json_api_and_not_render_spec The JSON API media type should only work wih a JSON API handler
| * | | | | The JSON API media type should only work wih a JSON API handlerBenjamin Fleischer2016-02-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the media type 'application/vnd.api+json' is a spec, it is inappropriate to handle it with the JSON renderer. This PR removes support for a JSON API media type. I would recommend the media type be registered on its own as `jsonapi` when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added. Is related to work in https://github.com/rails/rails/pull/21496
* | | | | | Fix code styleRafael Mendonça França2016-02-171-3/+4
| |/ / / / |/| | | | | | | | | | | | | | This change was added in #23203 and it was not conforming our code style.
* | | | | Merge pull request #23661 from meinac/add_gzip_mime_typeRichard Schneeman2016-02-161-0/+1
|\ \ \ \ \ | | | | | | | | | | | | application/gzip added as default mime type into mime type list
| * | | | | application/gzip added as default mime type into mime type listMehmet Emin İNAÇ2016-02-131-0/+1
| | | | | |
* | | | | | Merge pull request #23203 from vipulnsward/22979-show-tags-on-exceptionRichard Schneeman2016-02-161-7/+11
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | WIP: Errors in logs should show log tags as well.