aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge pull request #25735 from timrogers/actioncontroller-parameters-dupMatthew Draper2016-07-121-14/+5
|\ \ | |/ |/| Stop changes to a dupped `ActionController::Parameters` mutating the original
| * Trust `Object#dup` in `ActionController::Parameters`, using ↵Tim Rogers2016-07-081-15/+1
| | | | | | | | | | | | `#initialize_copy` to manually duplicate the underlying parameters hash It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
| * Changes to a dupped `ActionController::Parameters` mutate the originalTim Rogers2016-07-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following: ``` params = ActionController::Parameters.new(foo: "bar") duplicated_params = params.dup duplicated_params.delete(:foo) params == duplicated_params ``` This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
* | Add a test case for verifying `cookie_only` is set even if user tries to set ↵Prathamesh Sonpatki2016-07-071-1/+1
| | | | | | | | it false
* | [ci skip] Correct defaults in documentation for ActionDispatch::SSLTim Rogers2016-07-061-4/+5
|/ | | | `config.ssl_options` permits configuring various options for the middleware. Default options for HSTS (specified with the `:hsts` key in the options hash) are specified in `.default_hsts_options`. The documentation did not make clear these defaults, and in one case was wrong.
* Deprecate usage of nil as route pathVolmer2016-07-051-0/+6
| | | | | | | | | | | | | | | | | | | In Rails 4 these kind of routes used to work: ```ruby scope '/*id', controller: :builds, as: :build do get action: :show end ``` But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for paths specified as strings or symbols. Implicit `nil` paths are just ignored, with no deprecation warnings or errors. Routes are simply not created. This come as a surprise for people migrating to Rails 5, since the lack of logs or errors makes hard to understand where the problem is. This commit introduces a deprecation warning in case of path as `nil`, while still allowing the route definition.
* Fix conditional order broken in ea40ec56.Kasper Timm Hansen2016-07-021-2/+2
|
* Merge pull request #25344 from matthewd/debug-locksMatthew Draper2016-07-022-0/+123
|\ | | | | ActionDispatch::DebugLocks
| * Provide a middleware to debug misbehaving locksMatthew Draper2016-06-102-0/+123
| | | | | | | | | | Only intended to be enabled when in use; by necessity, it sits above any reasonable access control.
* | Silence DebugExceptions template render logs during exceptionsGenadi Samokovarov2016-07-021-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | When an exception is raised, those Action View rendering logs are just noise for the end developer. I recently silenced those from Web Console, as we do use Action View rendering in it as well. It used created a half a screen of rendering logs. I think we can save those in this recent push for cleaner development logs. Now, the silencing is a bit hacky and we have a bunch of it now, so we can also invest in turning off the logs directly from Action View objects instead of silencing off the logging stream.
* | Make mutation stand out some more.Kasper Timm Hansen2016-07-011-2/+5
| | | | | | | | | | | | Felt that += overwriting the path variable was a little too hidden. Make the outcomes easier to spot with an if-else branch.
* | Fix request encoding in tests when string literals are frozenVolmer2016-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running tests with `--enable-frozen-string-literal` or `# frozen_string_literal: true`, it's currently attempted to mutate the path string in order to append the format, causing a `RuntimeError`. ```ruby get '/posts', as: :json ``` ``` RuntimeError: can't modify frozen String ``` This commit fixes the problem by replacing the mutation with a concatenation, returning a new string.
* | [ci skip] Add 'params' formatting in ActionController::BaseAlex Kitchens2016-06-301-4/+4
| |
* | [ci skip] Fix typo & add link in PolymorphicRoutesAlex Kitchens2016-06-291-2/+2
| |
* | Merge pull request #25544 from piotrj/pj-issue-25488Rafael França2016-06-281-1/+9
|\ \ | | | | | | Fix setting route's to in a scope
| * | Fix setting route's to in a scopePiotr Jakubowski2016-06-281-1/+9
| | | | | | | | | | | | | | | | | | Fixes #25488 97d7dc4 introduced a regression that resulted in ArgumentError when to was in options of the scope and not of particular route.
* | | Fix adding implicitly rendered template digests to ETagsJavan Makhmali2016-06-281-1/+7
|/ / | | | | | | Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
* | Extract method to share path expansion logic.Kasper Timm Hansen2016-06-251-11/+16
| | | | | | | | Then just yield the location for the place where we need some extra processing.
* | Simplify `as` passed check.Kasper Timm Hansen2016-06-251-1/+1
| | | | | | | | `if !var.nil?` is the same as just `if var`
* | Merge pull request #25435 from y-yagi/make_as_option_work_with_get_parametersKasper Timm Hansen2016-06-251-2/+4
|\ \ | | | | | | make `as` option work with get parameters
| * | make `as` option work with get parametersyuuji.yaginuma2016-06-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Currently, if path is a relative path, add format without the discrimination of the query. Therefore, if there is a query, format at end of the query would been added, format was not be specified correctly. This fix add format to end of path rather than query.
* | | `params.permitted?` is false by defaultJon Moss2016-06-231-0/+2
| | | | | | | | | | | | | | | In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+."
* | | Update ActionController::Parameters documentation [ci skip]Benjamin Quorning2016-06-221-19/+18
|/ / | | | | | | | | | | | | | | | | | | The changes in this commit are twofold: 1. The examples showing `#require` accepting two arguments were wrong - you have to wrap the arguments (two, or more) in an array. 2. `ActionController::Parameters` has an `#inspect` method now (since https://github.com/rails/rails/pull/23732), and the documentation should reflect that.
* / Fix typo in ActionController::Renderer [ci skip]Alex Kitchens2016-06-101-1/+1
|/
* render_to_string Regression Outside of Real Requests in Rails 5.0.0.rc1 (#25308)Brandon Medenwald2016-06-091-1/+1
| | | | | | * Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional * Add a test when render_to_string called on ActionController::Base.new()
* Prevent `{ internal: true }` from being stored in the routerJon Moss2016-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Forgotten followup to #23669 :grimacing: If you went to an internal route (e.g. `/rails/info/routes`), you would previously see the following in your logger: ```bash Processing by Rails::InfoController#routes as HTML Parameters: {"internal"=>true} Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (10.5ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (2.5ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (23.5ms) Completed 200 OK in 50ms (Views: 35.1ms | ActiveRecord: 0.0ms) ``` Now, with this change, you would see: ```bash Processing by Rails::InfoController#routes as HTML Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (1.6ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (10.2ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (17.4ms) Completed 200 OK in 44ms (Views: 28.0ms | ActiveRecord: 0.0ms) ```
* Use `#performed?` to terminate controller callbacksJeff Kreeftmeijer2016-06-032-1/+8
| | | | | | | | | | | | | | | Since 69009f, `ActionController::Metal::DataStreaming#send_file` doesn't set `@_response_body` anymore. `AbstractController::Callbacks` used `@_response_body` in its callback terminator, so it failed to halt the callback cycle when using `#send_file` from a `before_action`. Instead, it now uses `#performed?` on `AbstractController::Base` and `ActionController::Metal`, which checks `response.committed?`, besides checking if `@_response_body` is set, if possible. Example application: https://gist.github.com/jeffkreeftmeijer/78ae4572f36b198e729724b0cf79ef8e
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-06-031-4/+4
|\ | | | | | | | | Conflicts: guides/source/action_cable_overview.md
| * `routes.rb` --> `config/routes.rb`Jon Moss2016-05-191-4/+4
| | | | | | | | | | | | For consistency. [ci skip]
* | Clean up the test request/response even after an exceptionMatthew Draper2016-06-011-23/+26
| |
* | Tiny document fixes [ci skip]Robin Dupret2016-05-301-1/+1
| | | | | | | | | | | | Add a missing capital letter and avoid using absolute links to the API because they may refer to out-dated documentation on the Edge site.
* | ActionController::Parameters: Fix #dig doc codeChristian Wesselhoeft2016-05-291-5/+5
| | | | | | This example code wasn't getting wrapped in a `<code>` tag due to incorrect indentation.
* | fix incorrect class name [ci skip]yuuji.yaginuma2016-05-281-1/+1
| |
* | add missing `as` to request kwargs of `ActionDispatch::IntegrationTest`yuuji.yaginuma2016-05-271-2/+3
| | | | | | | | Follow up to #21671
* | Respect `log_warning_on_csrf_failure` setting for all CSRF failuresMatthew Caruana Galizia2016-05-231-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | CSRF verification for non-XHR GET requests (cross-origin `<script>` tags) didn't check this flag before logging failures. Setting `config.action_controller.log_warning_on_csrf_failure = false` now disables logging for these CSRF failures as well. Closes #25086. Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
* | Revert "Make sure the cache is always populated"Rafael Mendonça França2016-05-201-5/+1
| | | | | | | | | | | | This reverts commit 0ce7eae7418f1b9bb06b351c1f26d50c3674c0d0. Tests were broken https://travis-ci.org/rails/rails/jobs/131850726#L520
* | Make sure the cache is always populatedAaron Patterson2016-05-201-1/+5
| | | | | | | | This way we don't have to make multiple calls on anonymous controllers
* | Add back in Oxford CommaJon Moss2016-05-191-1/+1
| | | | | | | | | | | | per [API documentation guidelines](http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#oxford-comma) [ci skip]
* | Merge pull request #25070 from josedonizetti/fix_example_routes_docArthur Nogueira Neves2016-05-191-3/+3
|\ \ | | | | | | fix named route example [ci skip]
| * | fix named route example [ci skip]Jose Donizetti2016-05-191-3/+3
| | |
* | | Support for unified Integer class in Ruby 2.4+Jeremy Daer2016-05-182-12/+8
|/ / | | | | | | | | | | | | | | Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005 * Forward compat with new unified Integer class in Ruby 2.4+. * Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3. * Drops needless Fixnum distinction in docs, preferring Integer.
* | Action Mailer: Declarative exception handling with `rescue_from`.Jeremy Daer2016-05-151-12/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follows the same pattern as controllers and jobs. Exceptions raised in delivery jobs (enqueued by `#deliver_later`) are also delegated to the mailer's rescue_from handlers, so you can handle the DeserializationError raised by delivery jobs: ```ruby class MyMailer < ApplicationMailer rescue_from ActiveJob::DeserializationError do … end ``` ActiveSupport::Rescuable polish: * Add the `rescue_with_handler` class method so exceptions may be handled at the class level without requiring an instance. * Rationalize `exception.cause` handling. If no handler matches the exception, fall back to the handler that matches its cause. * Handle exceptions raised elsewhere. Pass `object: …` to execute the `rescue_from` handler (e.g. a method call or a block to instance_exec) against a different object. Defaults to `self`.
* | Document and test ActionDispatch server_portTom Kadwill2016-05-121-0/+11
|/
* Merge pull request #24982 from tomkadwill/improve_clarity_of_raw_host_with_portKasper Timm Hansen2016-05-111-3/+10
|\ | | | | Improve documentation and tests for raw_host_with_port and host_with_…
| * Improve documentation and tests for raw_host_with_port and host_with_portTom Kadwill2016-05-111-3/+10
| |
* | Merge pull request #24912 from prathamesh-sonpatki/api-fix-response-formatSantiago Pastorino2016-05-111-8/+12
|\ \ | | | | | | API only apps: Preserve request format for HTML requests too
| * | API only apps: Preserve request format for HTML requests tooPrathamesh Sonpatki2016-05-111-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Earlier we were responding with JSON format for HTML requests in a API app. - Now we will respond with HTML format for such requests in API apps. - Also earlier we were not testing the API app's JSON requests properly. We were actually sending HTML requests. Now we send correct JSON requests. Also added more test coverage. - Based on the discussion from this commit - https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614. [Prathamesh Sonpatki, Jorge Bejar]
* | | Start Rails 5.1 development :tada:Rafael Mendonça França2016-05-101-2/+2
| | |
* | | use Rack::Utils.valid_path? to check pathJordan Owens2016-05-091-6/+2
| | | | | | | | | | | | This commit uses the new method in Rack to check if a path is valid.
* | | Replace `loop` to `until`Molchanov Andrey2016-05-071-2/+1
| | |