| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| |/
|/| |
Stop changes to a dupped `ActionController::Parameters` mutating the original
|
| |
| |
| |
| |
| |
| | |
`#initialize_copy` to manually duplicate the underlying parameters hash
It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following:
```
params = ActionController::Parameters.new(foo: "bar")
duplicated_params = params.dup
duplicated_params.delete(:foo)
params == duplicated_params
```
This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
|
| |
| |
| |
| | |
it false
|
|/
|
|
| |
`config.ssl_options` permits configuring various options for the middleware. Default options for HSTS (specified with the `:hsts` key in the options hash) are specified in `.default_hsts_options`. The documentation did not make clear these defaults, and in one case was wrong.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Rails 4 these kind of routes used to work:
```ruby
scope '/*id', controller: :builds, as: :build do
get action: :show
end
```
But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for
paths specified as strings or symbols. Implicit `nil` paths are just ignored,
with no deprecation warnings or errors. Routes are simply not created. This come
as a surprise for people migrating to Rails 5, since the lack of logs or errors
makes hard to understand where the problem is.
This commit introduces a deprecation warning in case of path as `nil`, while
still allowing the route definition.
|
| |
|
|\
| |
| | |
ActionDispatch::DebugLocks
|
| |
| |
| |
| |
| | |
Only intended to be enabled when in use; by necessity, it sits above any
reasonable access control.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an exception is raised, those Action View rendering logs are just
noise for the end developer. I recently silenced those from Web Console,
as we do use Action View rendering in it as well. It used created a half
a screen of rendering logs. I think we can save those in this recent
push for cleaner development logs.
Now, the silencing is a bit hacky and we have a bunch of it now, so we
can also invest in turning off the logs directly from Action View
objects instead of silencing off the logging stream.
|
| |
| |
| |
| |
| |
| | |
Felt that += overwriting the path variable was a little too hidden.
Make the outcomes easier to spot with an if-else branch.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running tests with `--enable-frozen-string-literal` or
`# frozen_string_literal: true`, it's currently attempted to mutate the path
string in order to append the format, causing a `RuntimeError`.
```ruby
get '/posts', as: :json
```
```
RuntimeError:
can't modify frozen String
```
This commit fixes the problem by replacing the mutation with a concatenation,
returning a new string.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Fix setting route's to in a scope
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #25488
97d7dc4 introduced a regression that resulted in ArgumentError when to
was in options of the scope and not of particular route.
|
|/ /
| |
| |
| | |
Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
|
| |
| |
| |
| | |
Then just yield the location for the place where we need some extra processing.
|
| |
| |
| |
| | |
`if !var.nil?` is the same as just `if var`
|
|\ \
| | |
| | | |
make `as` option work with get parameters
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, if path is a relative path, add format without the discrimination of the query.
Therefore, if there is a query, format at end of the query would been added,
format was not be specified correctly.
This fix add format to end of path rather than query.
|
| | |
| | |
| | |
| | |
| | | |
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The changes in this commit are twofold:
1. The examples showing `#require` accepting two arguments were wrong - you
have to wrap the arguments (two, or more) in an array.
2. `ActionController::Parameters` has an `#inspect` method now (since
https://github.com/rails/rails/pull/23732), and the documentation should
reflect that.
|
|/ |
|
|
|
|
|
|
| |
* Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional
* Add a test when render_to_string called on ActionController::Base.new()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forgotten followup to #23669 :grimacing:
If you went to an internal route (e.g. `/rails/info/routes`), you would
previously see the following in your logger:
```bash
Processing by Rails::InfoController#routes as HTML
Parameters: {"internal"=>true}
Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application
Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (10.5ms)
Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (2.5ms)
Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (23.5ms)
Completed 200 OK in 50ms (Views: 35.1ms | ActiveRecord: 0.0ms)
```
Now, with this change, you would see:
```bash
Processing by Rails::InfoController#routes as HTML
Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application
Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (1.6ms)
Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (10.2ms)
Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (17.4ms)
Completed 200 OK in 44ms (Views: 28.0ms | ActiveRecord: 0.0ms)
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since 69009f, `ActionController::Metal::DataStreaming#send_file` doesn't
set `@_response_body` anymore.
`AbstractController::Callbacks` used `@_response_body` in its callback
terminator, so it failed to halt the callback cycle when using `#send_file`
from a `before_action`.
Instead, it now uses `#performed?` on `AbstractController::Base` and
`ActionController::Metal`, which checks `response.committed?`, besides
checking if `@_response_body` is set, if possible.
Example application: https://gist.github.com/jeffkreeftmeijer/78ae4572f36b198e729724b0cf79ef8e
|
|\
| |
| |
| |
| | |
Conflicts:
guides/source/action_cable_overview.md
|
| |
| |
| |
| |
| |
| | |
For consistency.
[ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| | |
Add a missing capital letter and avoid using absolute links to the
API because they may refer to out-dated documentation on the Edge
site.
|
| |
| |
| | |
This example code wasn't getting wrapped in a `<code>` tag due to incorrect indentation.
|
| | |
|
| |
| |
| |
| | |
Follow up to #21671
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CSRF verification for non-XHR GET requests (cross-origin `<script>`
tags) didn't check this flag before logging failures.
Setting `config.action_controller.log_warning_on_csrf_failure = false`
now disables logging for these CSRF failures as well.
Closes #25086.
Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
|
| |
| |
| |
| |
| |
| | |
This reverts commit 0ce7eae7418f1b9bb06b351c1f26d50c3674c0d0.
Tests were broken https://travis-ci.org/rails/rails/jobs/131850726#L520
|
| |
| |
| |
| | |
This way we don't have to make multiple calls on anonymous controllers
|
| |
| |
| |
| |
| |
| | |
per [API documentation guidelines](http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#oxford-comma)
[ci skip]
|
|\ \
| | |
| | | |
fix named route example [ci skip]
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005
* Forward compat with new unified Integer class in Ruby 2.4+.
* Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3.
* Drops needless Fixnum distinction in docs, preferring Integer.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follows the same pattern as controllers and jobs. Exceptions raised in
delivery jobs (enqueued by `#deliver_later`) are also delegated to the
mailer's rescue_from handlers, so you can handle the DeserializationError
raised by delivery jobs:
```ruby
class MyMailer < ApplicationMailer
rescue_from ActiveJob::DeserializationError do
…
end
```
ActiveSupport::Rescuable polish:
* Add the `rescue_with_handler` class method so exceptions may be
handled at the class level without requiring an instance.
* Rationalize `exception.cause` handling. If no handler matches the
exception, fall back to the handler that matches its cause.
* Handle exceptions raised elsewhere. Pass `object: …` to execute
the `rescue_from` handler (e.g. a method call or a block to
instance_exec) against a different object. Defaults to `self`.
|
|/ |
|
|\
| |
| | |
Improve documentation and tests for raw_host_with_port and host_with_…
|
| | |
|
|\ \
| | |
| | | |
API only apps: Preserve request format for HTML requests too
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Earlier we were responding with JSON format for HTML requests in a API
app.
- Now we will respond with HTML format for such requests in API apps.
- Also earlier we were not testing the API app's JSON requests
properly. We were actually sending HTML requests. Now we send correct
JSON requests. Also added more test coverage.
- Based on the discussion from this commit -
https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614.
[Prathamesh Sonpatki, Jorge Bejar]
|
| | | |
|
| | |
| | |
| | |
| | | |
This commit uses the new method in Rack to check if a path is valid.
|
| | | |
|