aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Change the `protect_from_forgery` prepend default to `false`eileencodes2015-12-071-7/+7
| | | | | | | | | | | | | | | | | | | | | Per this comment https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want `protect_from_forgery` to default to `prepend: false`. `protect_from_forgery` will now be insterted into the callback chain at the point it is called in your application. This is useful for cases where you want to `protect_from_forgery` after you perform required authentication callbacks or other callbacks that are required to run after forgery protection. If you want `protect_from_forgery` callbacks to always run first, regardless of position they are called in your application, then you can add `prepend: true` to your `protect_from_forgery` call. Example: ```ruby protect_from_forgery prepend: true ```
* Merge pull request #22475 from claudiob/missing-requireMatthew Draper2015-12-081-0/+1
|\ | | | | Add missing require to strong_parameters.rb
| * Add missing require to strong_parameters.rbclaudiob2015-12-041-0/+1
| | | | | | | | | | The file [references Rack::Test here](https://github.com/rails/rails/blame/master/actionpack/lib/action_controller/metal/strong_parameters.rb#L671) so it's better off requiring 'rack/test' in the first place.
* | Only commit the cookie jar if it hasn't been committedeileencodes2015-12-061-1/+1
| | | | | | | | | | | | | | We don't want to commit the cookie jar more than once because then we will be attempting to modify a frozen hash. Fixes Railties test failure caused by 492b134.
* | Stop violating law of demeter in response cookie_jareileencodes2015-12-063-1/+10
| | | | | | | | | | | | | | | | | | | | | | This adds a new method to request and response so we don't need to violate the law of demeter. We are changing `Request` and `Response` so that they always have a `cookie_jar` This is a continuation on work to combine integration and controller test code bases in Rails.
* | Push `before_sending` to super classeileencodes2015-12-064-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* | Merge pull request #19977 from ↵Arthur Nogueira Neves2015-12-051-0/+15
|\ \ | | | | | | | | | | | | prathamesh-sonpatki/mention-redirect-path-in-assert-response Add redirection path in the error message of assert_response if response is :redirect
| * | Add redirection path in the error message of assert_response if response is ↵Prathamesh Sonpatki2015-12-041-0/+15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | :redirect - If the assert_response is checking for any non-redirect response like :success and actual response is :redirect then, the error message displayed was - Expected response to be a <success>, but was <302> - This commit adds the redirect path to the error message of assert_response if the response is :redirect. So above message is changed to - Expected response to be a <success>, but was a redirect to <http://test.host/posts/lol>
* / Shrink a couple of deprecation warnings to one-linersMatthew Draper2015-12-061-18/+8
|/ | | | | The previous spelling seemed a bit too generous with the whitespace, and looked out of place when amongst others.
* Merge pull request #22373 from yui-knk/ad_constraintsYves Senn2015-11-301-1/+1
|\ | | | | Add `Routing` namespace to point appropriate constant
| * Add `Routing` namespace to point appropriate constantyui-knk2015-11-221-1/+1
| | | | | | | | Make it clear we use `ActionDispatch::Routing::Endpoint`
* | Merge pull request #22371 from yui-knk/better_mount_errorArthur Nogueira Neves2015-11-281-6/+9
|\ \ | | | | | | Brush up errors of `ActionDispatch::Routing::Mapper#mount`
| * | Brush up errors of `ActionDispatch::Routing::Mapper#mount`yui-knk2015-11-281-6/+9
| |/ | | | | | | | | | | * Integrate to raise `ArgumentError` * Detailed error message when `path` is not defined * Add a test case, invalid rack app is passed
* | Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-1/+2
|\ \ | | | | | | In url_for, never append ? when the query string is empty anyway.
| * | In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | | Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-262-4/+30
|\ \ \ | | | | | | | | | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * | | Add option to verify Origin header in CSRF checksBen Toews2015-11-252-4/+30
| | | |
* | | | Merge pull request #22172 from tijmenb/fix-source-in-show-exceptionRafael França2015-11-242-0/+8
|\ \ \ \ | | | | | | | | | | Add text template for source code
| * | | | Add text template for source codeTijmen Brommet2015-11-032-0/+8
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a request is made with AJAX and an error occurs, Rails will render a text-template for the exception instead of the HTML error page (#11960). The `.text.erb` variant of the `_source` template is currently missing, causing HTML to be rendered in the response. This commit adds the text template. To keep the page scannable we only only show the first three source extracts. Related to #14745. Before: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index <div class="source " id="frame-source-0"> <div class="info"> Extracted source (around line <strong>#3</strong>): </div> <div class="data"> <table cellpadding="0" cellspacing="0" class="lines"> <tr> ``` After: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index Extracted source (around line #3): *3 raise ```
* | | | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ \ \
| * | | | write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | | | | Clearer comment and variable name on IP spoofingGrey Baker2015-11-221-7/+15
| |_|_|/ |/| | |
* | | | Merge pull request #22353 from Bounga/doc_for_cookies_encryptedClaudio B2015-11-201-0/+7
|\ \ \ \ | | | | | | | | | | Add missing example for cookies.encrypted [ci skip]
| * | | | Add missing example for cookies.encrypted [ci skip]Nicolas Cavigneaux2015-11-201-0/+7
| | | | |
* | | | | Remove arity check for `RouteSet#draw`yui-knk2015-11-211-4/+0
|/ / / / | | | | | | | | | | | | | | | | This code was added for migration from Rails 3.1 to upper, now we are developing Rails 5.
* | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-11-151-5/+5
|\ \ \ \
| * | | | adding missing `.` Gaurav Sharma2015-11-151-5/+5
| | | | |
* | | | | [ci skip] Fix <tt> in docclaudiob2015-11-151-1/+1
| | | | |
* | | | | Merge pull request #22259 from daisuko/remove_compiled_root_from_static_rbYves Senn2015-11-121-1/+0
|\ \ \ \ \ | | | | | | | | | | | | remove unnecessary @compiled_root from static.rb
| * | | | | remove unnecessary @compiled_root from static.rbdaisuko2015-11-111-1/+0
| | |_|/ / | |/| | |
* / | | | Show middleware classes on /rails/info/propertiesclaudiob2015-11-111-1/+5
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Closes #21230 by following the indication of @rafaelfranca: > I think the output change would be simpler. > What is really important to show is the class of the middleware, so we should change the output to show that.
* | | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-039-31/+54
| | | |
* | | | remove present? call; we do not need itAaron Patterson2015-11-021-1/+1
| | | |
* | | | Fix double word 'string' [ci skip]Jake Worth2015-11-011-1/+1
|/ / /
* | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-10-313-13/+13
|\ \ \ | |_|/ |/| |
| * | Improved readability of Assertion docs, replaced ‘Assert’ -> ↵amitkumarsuroliya2015-10-093-12/+12
| | | | | | | | | | | | | | | ‘Asserts’ at all places [ci skip] Following commit https://github.com/rails/docrails/commit/495722a95687e25114ae75608dd3107ac5d6611b
| * | Fixed wording in Assertion docs, changed ‘Assert’ -> ‘Asserts’Ronak Jangir2015-10-071-1/+1
| | |
* | | Revert "ActionController::Base#process() now only takes an action name"Aaron Patterson2015-10-291-2/+2
| | | | | | | | | | | | This reverts commit 9f93a5efbba3e1cbf0bfa700a17ec8d1ef60d7c6.
* | | ActionController::Base#process() now only takes an action nameAaron Patterson2015-10-291-2/+2
| | | | | | | | | | | | | | | | | | rather than an action name and *args. The *args were not being used in regular applications outside tests. This causes a backwards compatibility issue, but reduces array allocations for most users.
* | | use `dispatch` instead of `process` to run requests thougheileencodes2015-10-292-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | `dispatch` sets the request and response on the controller for us automatically, so the test harness doesn't need to know the internals of how request / response is set. Conflicts: actionpack/lib/action_controller/test_case.rb
* | | Remove unnecessary methodeileencodes2015-10-291-3/+0
| | |
* | | specify deprecated waring, follow the standard conventionsGaurav Sharma2015-10-282-6/+6
| | | | | | | | | | | | `skip_filter`, `skip_action_callback` may both are deprecated in Rails 5.1 so waring msg should be specific.
* | | Write the cookie jar it was not committed in TestCaseRafael Mendonça França2015-10-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For ActionController::Base we write the cookies in a middleware if it was not yet committed no matter if the response was committed or not. [1] For ActionController::Live we write the cookies before the response is committed. [2] We already mimic ActionController::Live in ActionController::TestCase but we don't mimic the ActionController::Base behavior because we were checking if the response was committed before writing the cookies. Now we are matching the behavior of the middleware and writing the cookies if it was not written before. [1]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_dispatch/middleware/cookies.rb#L599-L604 [2]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_controller/metal/live.rb#L218-L223
* | | Remove dead codeRafael Mendonça França2015-10-281-5/+0
| | | | | | | | | | | | This is leftover from when `render nothing: true` rendered blank string.
* | | fix rdoc markup [ci skip]yuuji.yaginuma2015-10-251-4/+4
| | |
* | | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-232-1/+19
| | |
* | | Use sufficient a regexp anchor to check `@response.content_type.to_s`yui-knk2015-10-221-1/+1
| | | | | | | | | | | | | | | | | | This commit follows up of ea9bc06c9a47b839d5e2db94ba6bf7e29c8f0ae9. To check `@response.content_type.to_s` is ended with `"xml"`, to use `\z` is sufficient.
* | | remove unnecessary forwardable requireTimo Schilling2015-10-211-1/+0
| | | | | | | | | `Forwardable` has been used in the past
* | | Merge pull request #20715 from simsalabim/feature/parse-rss-atom-as-xmlSean Griffin2015-10-201-1/+1
| | | | | | | | | | | | parse RSS/ATOM responses as XML, not HTML
* | | Merge pull request #22003 from yui-knk/remove_needless_require_asYves Senn2015-10-205-6/+0
|\ \ \ | | | | | | | | Delete needless `require 'active_support/deprecation'`