aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-1/+2
|\ | | | | In url_for, never append ? when the query string is empty anyway.
| * In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | Merge pull request #22263 from mastahyeti/csrf-origin-checkRafael França2015-11-262-4/+30
|\ \ | | | | | | | | | | | | Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
| * | Add option to verify Origin header in CSRF checksBen Toews2015-11-252-4/+30
| | |
* | | Merge pull request #22172 from tijmenb/fix-source-in-show-exceptionRafael França2015-11-242-0/+8
|\ \ \ | | | | | | | | Add text template for source code
| * | | Add text template for source codeTijmen Brommet2015-11-032-0/+8
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a request is made with AJAX and an error occurs, Rails will render a text-template for the exception instead of the HTML error page (#11960). The `.text.erb` variant of the `_source` template is currently missing, causing HTML to be rendered in the response. This commit adds the text template. To keep the page scannable we only only show the first three source extracts. Related to #14745. Before: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index <div class="source " id="frame-source-0"> <div class="info"> Extracted source (around line <strong>#3</strong>): </div> <div class="data"> <table cellpadding="0" cellspacing="0" class="lines"> <tr> ``` After: ``` ~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H 'X-Requested-With: XMLHttpRequest' RuntimeError in PostsController#index Extracted source (around line #3): *3 raise ```
* | | Merge pull request #17928 from sergey-alekseev/remove-unused-form-data-methodSean Griffin2015-11-231-3/+9
|\ \ \
| * | | write a test for `#form_data?`Sergey Alekseev2015-03-311-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial attempt was to remove the method at all in https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c. The method overrides Rack's `#form_data?` https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184. Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
* | | | Clearer comment and variable name on IP spoofingGrey Baker2015-11-221-7/+15
| | | |
* | | | Merge pull request #22353 from Bounga/doc_for_cookies_encryptedClaudio B2015-11-201-0/+7
|\ \ \ \ | | | | | | | | | | Add missing example for cookies.encrypted [ci skip]
| * | | | Add missing example for cookies.encrypted [ci skip]Nicolas Cavigneaux2015-11-201-0/+7
| | | | |
* | | | | Remove arity check for `RouteSet#draw`yui-knk2015-11-211-4/+0
|/ / / / | | | | | | | | | | | | | | | | This code was added for migration from Rails 3.1 to upper, now we are developing Rails 5.
* | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-11-151-5/+5
|\ \ \ \
| * | | | adding missing `.` Gaurav Sharma2015-11-151-5/+5
| | | | |
* | | | | [ci skip] Fix <tt> in docclaudiob2015-11-151-1/+1
| | | | |
* | | | | Merge pull request #22259 from daisuko/remove_compiled_root_from_static_rbYves Senn2015-11-121-1/+0
|\ \ \ \ \ | | | | | | | | | | | | remove unnecessary @compiled_root from static.rb
| * | | | | remove unnecessary @compiled_root from static.rbdaisuko2015-11-111-1/+0
| | |_|/ / | |/| | |
* / | | | Show middleware classes on /rails/info/propertiesclaudiob2015-11-111-1/+5
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Closes #21230 by following the indication of @rafaelfranca: > I think the output change would be simpler. > What is really important to show is the class of the middleware, so we should change the output to show that.
* | | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-039-31/+54
| | | |
* | | | remove present? call; we do not need itAaron Patterson2015-11-021-1/+1
| | | |
* | | | Fix double word 'string' [ci skip]Jake Worth2015-11-011-1/+1
|/ / /
* | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-10-313-13/+13
|\ \ \ | |_|/ |/| |
| * | Improved readability of Assertion docs, replaced ‘Assert’ -> ↵amitkumarsuroliya2015-10-093-12/+12
| | | | | | | | | | | | | | | ‘Asserts’ at all places [ci skip] Following commit https://github.com/rails/docrails/commit/495722a95687e25114ae75608dd3107ac5d6611b
| * | Fixed wording in Assertion docs, changed ‘Assert’ -> ‘Asserts’Ronak Jangir2015-10-071-1/+1
| | |
* | | Revert "ActionController::Base#process() now only takes an action name"Aaron Patterson2015-10-291-2/+2
| | | | | | | | | | | | This reverts commit 9f93a5efbba3e1cbf0bfa700a17ec8d1ef60d7c6.
* | | ActionController::Base#process() now only takes an action nameAaron Patterson2015-10-291-2/+2
| | | | | | | | | | | | | | | | | | rather than an action name and *args. The *args were not being used in regular applications outside tests. This causes a backwards compatibility issue, but reduces array allocations for most users.
* | | use `dispatch` instead of `process` to run requests thougheileencodes2015-10-292-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | `dispatch` sets the request and response on the controller for us automatically, so the test harness doesn't need to know the internals of how request / response is set. Conflicts: actionpack/lib/action_controller/test_case.rb
* | | Remove unnecessary methodeileencodes2015-10-291-3/+0
| | |
* | | specify deprecated waring, follow the standard conventionsGaurav Sharma2015-10-282-6/+6
| | | | | | | | | | | | `skip_filter`, `skip_action_callback` may both are deprecated in Rails 5.1 so waring msg should be specific.
* | | Write the cookie jar it was not committed in TestCaseRafael Mendonça França2015-10-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For ActionController::Base we write the cookies in a middleware if it was not yet committed no matter if the response was committed or not. [1] For ActionController::Live we write the cookies before the response is committed. [2] We already mimic ActionController::Live in ActionController::TestCase but we don't mimic the ActionController::Base behavior because we were checking if the response was committed before writing the cookies. Now we are matching the behavior of the middleware and writing the cookies if it was not written before. [1]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_dispatch/middleware/cookies.rb#L599-L604 [2]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_controller/metal/live.rb#L218-L223
* | | Remove dead codeRafael Mendonça França2015-10-281-5/+0
| | | | | | | | | | | | This is leftover from when `render nothing: true` rendered blank string.
* | | fix rdoc markup [ci skip]yuuji.yaginuma2015-10-251-4/+4
| | |
* | | Catch invalid UTF-8 querystring values and respond with BadRequestGrey Baker2015-10-232-1/+19
| | |
* | | Use sufficient a regexp anchor to check `@response.content_type.to_s`yui-knk2015-10-221-1/+1
| | | | | | | | | | | | | | | | | | This commit follows up of ea9bc06c9a47b839d5e2db94ba6bf7e29c8f0ae9. To check `@response.content_type.to_s` is ended with `"xml"`, to use `\z` is sufficient.
* | | remove unnecessary forwardable requireTimo Schilling2015-10-211-1/+0
| | | | | | | | | `Forwardable` has been used in the past
* | | Merge pull request #20715 from simsalabim/feature/parse-rss-atom-as-xmlSean Griffin2015-10-201-1/+1
| | | | | | | | | | | | parse RSS/ATOM responses as XML, not HTML
* | | Merge pull request #22003 from yui-knk/remove_needless_require_asYves Senn2015-10-205-6/+0
|\ \ \ | | | | | | | | Delete needless `require 'active_support/deprecation'`
| * | | Delete needless `require 'active_support/deprecation'`yui-knk2015-10-205-6/+0
| | | | | | | | | | | | | | | | | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* | | | Show helpful messages on invalid param. encodingsAgis Anastasopoulos2015-10-192-8/+6
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change, given a route: # config/routes.rb get ':a' => "foo#bar" If one pointed to http://example.com/%BE (param `a` has invalid encoding), a `BadRequest` would be raised with the following non-informative message: ActionController::BadRequest From now on the message displayed is: Invalid parameter encoding: hi => "\xBE" Fixes #21923.
* | | Merge pull request #19135 from yuki24/access-control-supportJeremy Daer2015-10-131-8/+14
|\ \ \ | | | | | | | | | | | | Add basic support for access control headers to ActionDispatch::Static
| * | | Add the ability of returning arbitrary headers to ActionDispatch::StaticYuki Nishijima2015-06-131-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now ActionDispatch::Static can accept HTTP headers so that developers will have control of returning arbitrary headers like 'Access-Control-Allow-Origin' when a response is delivered. They can be configured through `#config.public_file_server.headers`: config.public_file_server.headers = { "Cache-Control" => "public, max-age=60", "Access-Control-Allow-Origin" => "http://rubyonrails.org" } Also deprecate `config.static_cache_control` in favor of `config.public_file_server.headers`.
* | | | Merge pull request #21849 from yui-knk/refactor_regexp_to_stringAndrew White2015-10-122-5/+1
|\ \ \ \ | | | | | | | | | | Change `Journey::Route#verb` to return string instead of regexp.
| * | | | Change `Journey::Route#verb` to return string instead of regexp.yui-knk2015-10-032-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By [this commit](https://github.com/rails/rails/commit/0b476de445faf330c58255e2ec3eea0f3a7c1bfc) `Journey::Route#verb` need not to return verb as regexp. The returned value is used by inspector, so change it to be a string. Add inspect_with_multiple_verbs test case to keep the behavior of inspector correctly.
* | | | | Allow multiple `root` routes in same scope levelRafael Sales2015-10-101-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an application has multiple root entries with different constraints, the current solution is to use `get '/'`. Example: **Currently I have to do:** ```ruby get '/', to: 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) } get '/', to: 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) } root 'landing#show' ``` **But I would like to do:** ```ruby root 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) } root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) } root 'landing#show' ``` Other URL matchers such as `get`, `post`, etc, already allows this, so I think it's fair that `root` also allow it since it's just a shortcut for a `get` internally.
* | | | | used predicate methods to avoid is_a? checksRonak Jangir2015-10-102-3/+5
| | | | |
* | | | | Fix mounted engine named routes regressionMatthew Erhard2015-10-072-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating the url for a mounted engine through its proxy, the path should be the sum of three parts: 1. Any `SCRIPT_NAME` request header or the value of `ActionDispatch::Routing::RouteSet#relative_url_root`. 2. A prefix (the engine's mounted path). 3. The path of the named route inside the engine. Since commit https://github.com/rails/rails/commit/44ff0313c121f528a68b3bd21d6c7a96f313e3d3, this has been broken. Step 2 has been changed to: 2. A prefix (the value of `ActionDispatch::Routing::RouteSet#relative_url_root` + the engine's mounted path). The value of `ActionDispatch::Routing::RouteSet#relative_url_root` is taken into account in step 1 of the route generation and should be ignored when generating the mounted engine's prefix in step 2. This commit fixes the regression by having `ActionDispatch::Routing::RouteSet#url_for` check `options[:relative_url_root]` before falling back to `ActionDispatch::Routing::RouteSet#relative_url_root`. The prefix generating code then sets `options[:relative_url_root]` to an empty string. This empty string is used instead of `ActionDispatch::Routing::RouteSet#relative_url_root` and avoids the duplicate `relative_url_root` value in the final result. This resolves #20920 and resolves #21459
* | | | | use methods for accessing the cache control headersAaron Patterson2015-10-062-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | Use the methods rack provides so we don't have to worry about the exact header key.
* | | | | etag header is in Rack, so use it's response methodsAaron Patterson2015-10-061-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Rack implements the Etag header manipulation methods, so we can use those instead of ours.
* | | | | Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-0614-79/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* | | | | Merge pull request #21887 from abhishekjain16/doc_fixKasper Timm Hansen2015-10-061-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Fix usage of word alternatively in docs [ci skip]