| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per this comment
https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
`protect_from_forgery` to default to `prepend: false`.
`protect_from_forgery` will now be insterted into the callback chain at the
point it is called in your application. This is useful for cases where you
want to `protect_from_forgery` after you perform required authentication
callbacks or other callbacks that are required to run after forgery protection.
If you want `protect_from_forgery` callbacks to always run first, regardless of
position they are called in your application, then you can add `prepend: true`
to your `protect_from_forgery` call.
Example:
```ruby
protect_from_forgery prepend: true
```
|
|\
| |
| | |
Add missing require to strong_parameters.rb
|
| |
| |
| |
| |
| | |
The file [references Rack::Test here](https://github.com/rails/rails/blame/master/actionpack/lib/action_controller/metal/strong_parameters.rb#L671)
so it's better off requiring 'rack/test' in the first place.
|
| |
| |
| |
| |
| |
| |
| | |
We don't want to commit the cookie jar more than once because then we
will be attempting to modify a frozen hash.
Fixes Railties test failure caused by 492b134.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a new method to request and response so we don't need to
violate the law of demeter.
We are changing `Request` and `Response` so that they always have a
`cookie_jar`
This is a continuation on work to combine integration and controller
test code bases in Rails.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We want to get rid of the `Live::Response` so we are consolidating methods
from `Live::Response` and `Response` by merging them together.
This adds an `#empty` method to the request so we don't need to
hard-code the empty array each time we call an empty
`ActionDispatch::Request`.
The work here is a continuation on combining controller and integration
test code bases into one.
|
|\ \
| | |
| | |
| | |
| | | |
prathamesh-sonpatki/mention-redirect-path-in-assert-response
Add redirection path in the error message of assert_response if response is :redirect
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
:redirect
- If the assert_response is checking for any non-redirect response like
:success and actual response is :redirect then, the error message displayed
was -
Expected response to be a <success>, but was <302>
- This commit adds the redirect path to the error message of
assert_response if the response is :redirect.
So above message is changed to -
Expected response to be a <success>, but was a redirect to <http://test.host/posts/lol>
|
|/
|
|
|
| |
The previous spelling seemed a bit too generous with the whitespace, and
looked out of place when amongst others.
|
|\
| |
| | |
Add `Routing` namespace to point appropriate constant
|
| |
| |
| |
| | |
Make it clear we use `ActionDispatch::Routing::Endpoint`
|
|\ \
| | |
| | | |
Brush up errors of `ActionDispatch::Routing::Mapper#mount`
|
| |/
| |
| |
| |
| |
| | |
* Integrate to raise `ArgumentError`
* Detailed error message when `path` is not defined
* Add a test case, invalid rack app is passed
|
|\ \
| | |
| | | |
In url_for, never append ? when the query string is empty anyway.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It used to behave like this:
url_for(controller: 'x', action: 'y', q: {})
# -> "/x/y?"
We previously avoided empty query strings in most cases by removing
nil values, then checking whether params was empty. But as you can
see above, even non-empty params can yield an empty query string. So
I changed the code to just directly check whether the query string
ended up empty.
(To make everything more consistent, the "removing nil values"
functionality should probably move to ActionPack's Hash#to_query, the
place where empty hashes and arrays get removed. However, this would
change a lot more behavior.)
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Add option to verify Origin header in CSRF checks
[Jeremy Daer + Rafael Mendonça França]
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add text template for source code
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a request is made with AJAX and an error occurs, Rails will render
a text-template for the exception instead of the HTML error page
(#11960).
The `.text.erb` variant of the `_source` template is currently missing,
causing HTML to be rendered in the response. This commit adds the text
template.
To keep the page scannable we only only show the first three source
extracts.
Related to #14745.
Before:
```
~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H
'X-Requested-With: XMLHttpRequest'
RuntimeError in PostsController#index
<div class="source " id="frame-source-0">
<div class="info">
Extracted source (around line <strong>#3</strong>):
</div>
<div class="data">
<table cellpadding="0" cellspacing="0" class="lines">
<tr>
```
After:
```
~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H
'X-Requested-With: XMLHttpRequest'
RuntimeError in PostsController#index
Extracted source (around line #3):
*3 raise
```
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The initial attempt was to remove the method at all in
https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c.
The method overrides Rack's `#form_data?`
https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184.
Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
|
| |_|_|/
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add missing example for cookies.encrypted [ci skip]
|
| | | | | |
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
This code was added for migration from Rails 3.1 to upper,
now we are developing Rails 5.
|
|\ \ \ \ |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
remove unnecessary @compiled_root from static.rb
|
| | |_|/ /
| |/| | | |
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes #21230 by following the indication of @rafaelfranca:
> I think the output change would be simpler.
> What is really important to show is the class of the middleware, so we should change the output to show that.
|
| | | | |
|
| | | | |
|
|/ / / |
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | | |
‘Asserts’ at all places [ci skip]
Following commit https://github.com/rails/docrails/commit/495722a95687e25114ae75608dd3107ac5d6611b
|
| | | |
|
| | |
| | |
| | |
| | | |
This reverts commit 9f93a5efbba3e1cbf0bfa700a17ec8d1ef60d7c6.
|
| | |
| | |
| | |
| | |
| | |
| | | |
rather than an action name and *args. The *args were not being used in regular
applications outside tests. This causes a backwards compatibility
issue, but reduces array allocations for most users.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`dispatch` sets the request and response on the controller for us
automatically, so the test harness doesn't need to know the internals of
how request / response is set.
Conflicts:
actionpack/lib/action_controller/test_case.rb
|
| | | |
|
| | |
| | |
| | |
| | | |
`skip_filter`, `skip_action_callback` may both are deprecated in Rails 5.1 so waring msg should be specific.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For ActionController::Base we write the cookies in a middleware if it
was not yet committed no matter if the response was committed or not. [1]
For ActionController::Live we write the cookies before the response is
committed. [2]
We already mimic ActionController::Live in
ActionController::TestCase but we don't mimic the ActionController::Base
behavior because we were checking if the response was committed before
writing the cookies.
Now we are matching the behavior of the middleware and writing the
cookies if it was not written before.
[1]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_dispatch/middleware/cookies.rb#L599-L604
[2]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_controller/metal/live.rb#L218-L223
|
| | |
| | |
| | |
| | | |
This is leftover from when `render nothing: true` rendered blank string.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
This commit follows up of ea9bc06c9a47b839d5e2db94ba6bf7e29c8f0ae9.
To check `@response.content_type.to_s` is ended with `"xml"`,
to use `\z` is sufficient.
|
| | |
| | |
| | | |
`Forwardable` has been used in the past
|
| | |
| | |
| | |
| | | |
parse RSS/ATOM responses as XML, not HTML
|
|\ \ \
| | | |
| | | | |
Delete needless `require 'active_support/deprecation'`
|