aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | stop eagerly parsing parametersAaron Patterson2015-09-181-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Parameters will not be parsed until they are specifically requested via the `request_parameters` method.
* | | | | only wrap the strategy with exception handlingAaron Patterson2015-09-181-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we need to be more specific about exception handling when dealing with the parse strategies. The calls to `return yield` can also raise an exception, but we don't want to handle that in *this* code.
* | | | | pull `normalize_encode_params` upAaron Patterson2015-09-182-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | `normalize_encode_params` is common to all parser code paths, so we can pull that up and always apply it before assigning the request parameters
* | | | | remove the `default` parameter from the parser methodAaron Patterson2015-09-181-8/+5
| | | | | | | | | | | | | | | | | | | | | | | | | since there is only one "default" strategy now, we can just use the block parameter for that.
* | | | | move parameter parsing to the request objectAaron Patterson2015-09-182-22/+37
|/ / / / | | | | | | | | | | | | | | | | All parameter parsing should be on the request object because the request object is the object that we ask for parameters.
* | | | File encoding is defaulted to utf-8 in Ruby >= 2.1Akira Matsuda2015-09-183-6/+0
| | | |
* | | | Use rack.session_options instead of directly change envJuanito Fatas2015-09-161-1/+1
| | | |
* | | | fewer direct env manipulationsAaron Patterson2015-09-152-2/+2
| | | | | | | | | | | | | | | | this commit removes some direct access to `env`.
* | | | allocate request objects with the env hash, set routes on the requestAaron Patterson2015-09-152-9/+6
| | | | | | | | | | | | | | | | | | | | This commit is to abstract the code away from the env hash. It no longer needs to have the routes key hard coded.
* | | | only "normalize" onceAaron Patterson2015-09-141-1/+1
| | | |
* | | | create a new renderer instance on calls to `for`Aaron Patterson2015-09-141-39/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the renderer class to store the controller and defaults as an instance variable rather than allocating a new class. You can create a new renderer with an new env by calling `Renderer#new` or use new defaults by calling `Renderer#with_defaults` and saving the return value somewhere. Also I want to keep the `env` private since I would like to change the keys in the future. This commit only translates particular keys that the user requested.
* | | | eagerly allocate the renderer objectAaron Patterson2015-09-142-9/+6
| | | | | | | | | | | | | | | | | | | | this means the reader doesn't need to lock, but does have the added cost of a new object created for every controller
* | | | initialize `@renderer` to avoid ivar warningsAaron Patterson2015-09-141-1/+8
| | | |
* | | | add a lock when allocating the rendererAaron Patterson2015-09-141-1/+5
| | | | | | | | | | | | | | | | | | | | The controller class is shared among threads, so we need to lock when allocating the Renderer.
* | | | `rack_response` should use the status it's givenAaron Patterson2015-09-141-1/+1
| | | |
* | | | Fix HSTS default expire in ActionDispatch::SSL docs.Pedro Nascimento2015-09-141-1/+2
| | | |
* | | | Merge pull request #21584 from claudiob/remove-hawd-docClaudio B.2015-09-101-3/+2
|\ \ \ \ | | | | | | | | | | Remove wrong doc line about AC::Parameters
| * | | | Remove wrong doc line about AC::Parametersclaudiob2015-09-101-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | AC::Parameters does not inherit from HashWithIndifferentAccess since #20868 by @sikachu
* | | | | Update documentation to reflect Rack::Session::Abstract changeseileencodes2015-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | `Rack::Session::Abstract::ID` is now deprecated and `Rack::Session::Abstract::Persisted` should be used instead.
* | | | | Handle Content-Types that are not :json, :xml, or :url_encoded_formeileencodes2015-09-091-2/+5
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In c546a2b this was changed to mimic how the browser behaves in a real situation but left out types that were registered. When this was changed it didn't take `text/plain` or `text/html` content types into account. This is a problem if you're manipulating the `Content-Type` headers in your controller tests, and expect a certain result. The reason I changed this to use `to_sym` is because if the `Content-Type` is not registered then the symbol will not exist. If it's one of the special types we handle that specifically (:json, :xml, or :url_encoded_form). If it's any registered type we handle it by setting the `path_parameters` and then the `request_parameters`. If the `to_sym` returns nil an error will be thrown. If the controller test sets a `Content-Type` on the request that `Content-Type` should remain in the header and pass along the filename. For example: If a test sets a content type on a post ``` @request.headers['CONTENT_TYPE'] = 'text/plain' post :create, params: { name: 'foo.txt' } ``` Then `foo.txt` should be in the `request_parameters` and params related to the path should be in the `path_parameters` and the `Content-Type` header should match the one set in the `@request`. When c546a2b was committed `text/plain` and `text/html` types were throwing a "Unknown Content-Type" error which is misleading and incorrect. Note: this does not affect how this is handled in the browser, just how the controller tests handle setting `Content-Type`.
* | | | mime_type will always return a stringAaron Patterson2015-09-081-2/+1
| | | |
* | | | remove `parse_content_type` parameterAaron Patterson2015-09-081-6/+7
| | | | | | | | | | | | | | | | | | | | This method is specifically about the content type so lets remove the parameter.
* | | | avoid allocations when there is no content type setAaron Patterson2015-09-081-1/+2
| | | | | | | | | | | | | | | | | | | | create a singleton content type that just has nils, so that we don't have to allocate a content type object all the time.
* | | | handle implicit rendering correctlyAaron Patterson2015-09-081-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If someone sets just a charset, but depends on the implicit type from rendering, this will store a strange content type header that looks like this: `; charset=blah`. This is so that when the content type header is parsed again, it will return nil for the actual type.
* | | | remove mime type lookups when parsing the content typeAaron Patterson2015-09-081-5/+5
| | | | | | | | | | | | | | | | | | | | It turns out that the response object never really cares what the mime type object is, so just use the string.
* | | | refactor content type settingAaron Patterson2015-09-081-44/+39
| | | | | | | | | | | | | | | | pull content-type setting to a private method to dry it up.
* | | | make Content-Type header the canonical location for content-type infoAaron Patterson2015-09-081-34/+50
| | | | | | | | | | | | | | | | | | | | Instead of storing content type information in an ivar and a header, lets move to just store the content type info in just the header.
* | | | pull content type parsing in to a methodAaron Patterson2015-09-081-7/+15
| | | | | | | | | | | | | | | | we'll use this method later to lazily parse content type headers.
* | | | push content_type assigment in to metalAaron Patterson2015-09-083-9/+11
| | | | | | | | | | | | | | | | | | | | everything above metal really doesn't care about setting the content type, so lets rearrange these methods to be in metal.
* | | | avoid useless string allocationsAaron Patterson2015-09-082-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | _set_content_type only does something when there is a request object, otherwise the return value of _get_content_type is always ignored. This commit moves everything to the module that has access to the request object so we'll never to_s unless there is a reason
* | | | use accessors instead of manipulating the hashAaron Patterson2015-09-081-2/+2
| | | | | | | | | | | | | | | | | | | | in the future I would like to make the header hash read only (or at least remove guarantees that mutations will do anything).
* | | | Push key_generator into SerializedCookieJarsKasper Timm Hansen2015-09-081-4/+4
| | | | | | | | | | | | | | | | It's only used there.
* | | | Move the request method in to the AbstractCookieJarKasper Timm Hansen2015-09-081-4/+3
| | | | | | | | | | | | | | | | | | | | `CookieJar` is only at the start of the chain and has its own request method, so we don't need it in the module.
* | | | Pull up parse to the legacy upgrading moduleKasper Timm Hansen2015-09-081-10/+5
| | | | | | | | | | | | | | | | It was the same in both legacy versions of the signed and encrypted cookie jars.
* | | | Call super to remove the decrypt_and_verify methodKasper Timm Hansen2015-09-081-8/+4
| | | | | | | | | | | | | | | | The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
* | | | Call super to remove the verify methodKasper Timm Hansen2015-09-081-8/+2
| | | | | | | | | | | | | | | | | | | | `SignedCookieJar`'s parse method already attempts to verify the message, so we can just call super and try the old verifier if it fails.
* | | | Add parse method to share deserialization logic.Kasper Timm Hansen2015-09-081-19/+12
| | | | | | | | | | | | | | | | Cuts down on the duplicated reading parts.
* | | | Add commit in the EncryptedCookieJarKasper Timm Hansen2015-09-081-17/+7
| | | | | | | | | | | | | | | | Gets rid of the option parsing and makes what the encryptor does stand out.
* | | | Use commit in the SignedCookieJarKasper Timm Hansen2015-09-081-15/+6
| | | | | | | | | | | | | | | | Lets us avoid worrying about parsing the options and doing just what we need.
* | | | Add commit method to share option normalizationKasper Timm Hansen2015-09-081-4/+12
| | | | | | | | | | | | | | | | Remove the clutter to make PermanentCookieJar's one change stand out.
* | | | Add AbstractCookieJar class.Kasper Timm Hansen2015-09-081-1/+3
| | | | | | | | | | | | | | | | Eventually this will be the superclass of all the chained jars.
* | | | Merge pull request #21502 from ↵Rafael Mendonça França2015-09-081-1/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | bernerdschaefer/bs-polymorphic-url_for-dups-arguments `url_for` does not modify polymorphic options
| * | | | `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* | | | | Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-071-36/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* | | | | implement abstract store methodsAaron Patterson2015-09-042-5/+5
| | | | | | | | | | | | | | | | | | | | converts old ID methods to the new abstract store methods in Rack
* | | | | stop using deprecated Abstract::ID classAaron Patterson2015-09-044-4/+4
| | | | |
* | | | | stop inheriting from Rack::RequestAaron Patterson2015-09-0411-21/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* | | | | use `Rack::Utils.unescape_path` to unescape pathsAaron Patterson2015-09-041-3/+3
|/ / / / | | | | | | | | | | | | | | | | | | | | Escaping and unescaping paths is different than query parameters, and we need to respect that. This commit uses the new method in Rack to escape and unescape paths. Fixes #11816
* | | | Merge pull request #21483 from justanshulsharma/add-ip6-addressEileen M. Uchitelle2015-09-031-1/+1
|\ \ \ \ | | | | | | | | | | [ci skip] Added localhost IPv6
| * | | | [ci skip] Added localhost IPv6Anshul Sharma2015-09-031-1/+1
| | | | |