aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/redirect_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate :controller and :action path parametersAndrew White2016-03-011-2/+7
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Use a URL instead of an URL everywhereAbhishek Jain2016-02-151-1/+1
|
* Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-181-2/+2
|\ | | | | Prevent ActionController::Parameters in url_for
| * Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-2/+2
| |
* | Deprecate `redirect_to :back`Derek Prior2015-12-161-2/+15
| | | | | | | | | | | | | | Applications that use `redirect_to :back` can be forced to 500 by clients that do not send the HTTP `Referer` (sic) header. `redirect_back` requires the user to consider this possibility up front and avoids this trivially-caused application error.
* | Add `redirect_back` for safer referrer redirectsDerek Prior2015-12-161-0/+21
|/ | | | | | | | | | | | | | | | | `redirect_to :back` is a somewhat common pattern in Rails apps, but it is not completely safe. There are a number of circumstances where HTTP referrer information is not available on the request. This happens often with bot traffic and occasionally to user traffic depending on browser security settings. When there is no referrer available on the request, `redirect_to :back` will raise `ActionController::RedirectBackError`, usually resulting in an application error. `redirect_back` takes a required `fallback_location` keyword argument that specifies the redirect when the referrer information is not available. This prevents 500 errors caused by `ActionController::RedirectBackError`.
* Added assertion for error messages for redirection to nil and params Ronak Jangir2015-09-211-2/+4
| | | As both `redirect_to_nil` and `redirect_to_params` are raising same `ActionController::ActionControllerError` so it’s good to assert error messages as well
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-171-2/+2
| | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* Remove `assigns` and `assert_template`.Guo Xiang Tan2015-05-301-11/+0
|
* Remove unused WorkshopsController class in redirect_test.Bryce Boe2015-04-231-3/+0
|
* remove old unavailable link with relevant fixGaurav Sharma2015-03-231-2/+2
|
* Don't accept parameters as argument for redirect to [via @homakov]Santiago Pastorino2014-07-161-0/+10
| | | | Closes #16170
* Remove default match without specified methodJose and Yehuda2012-04-241-2/+2
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* fix typo in redirect testBrian Lopez2012-03-151-1/+1
|
* strip null bytes from Location header as wellBrian Lopez2012-03-151-0/+20
| | | | add tests for stripping \r\n chars since that's already happening
* Remove rescue_action from compatibility module and testsCarlos Antonio da Silva2012-01-171-2/+0
|
* Fix for redirect_to to respect urls with a network path reference like ↵Overbryd2011-12-051-0/+10
| | | | "//asset.host.com/resources/1235" see issue #3856
* Methods like status and location are interfering with redirect_to [Closes #2511]Franck Verrot2011-08-141-0/+5
|
* delete repeated codeAaron Patterson2010-10-011-18/+0
|
* Make redirect_to accept blocks [#5643 state:resolved]Nando Vieira2010-09-241-0/+38
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-051-1/+1
|
* Revert "Setup explicit requires for files with exceptions. Removed them from ↵José Valim2010-09-021-1/+0
| | | | | | | | autoloading." Booting a new Rails application does not work after this commit [#5359 state:open] This reverts commit 38a421b34d0b414564e919f67d339fac067a56e6.
* Setup explicit requires for files with exceptions. Removed them from ↵Łukasz Strzałkowski2010-09-021-0/+1
| | | | | | autoloading. Signed-off-by: José Valim <jose.valim@gmail.com>
* Require persisted? in ActiveModel::Lint and remove new_record? and ↵José Valim2010-02-211-9/+9
| | | | destroyed? methods. ActionPack does not care if the resource is new or if it was destroyed, it cares only if it's persisted somewhere or not.
* Use new routing dsl in testsJoshua Peek2009-12-081-2/+2
|
* Cleanup route reloading in tests. Prefer with_routing over using ↵Joshua Peek2009-08-161-11/+13
| | | | ActionController::Routing::Routes directly
* Add test ensuring redirect_to uses the given protocol [#2886]Dan Croak2009-08-081-0/+10
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* AMo conversion helperJoshua Peek2009-07-211-1/+2
|
* Define ActiveModel API ComplianceYehuda Katz2009-07-201-1/+1
| | | | | | - Define to_model on AR - Define to_model on ActiveModel::APICompliant - Update test fixtures to be API Compliant - Start using to_model in AP
* Move model naming into ActiveModelJoshua Peek2009-06-171-0/+1
|
* assert_redirect_to's partial hash matching was deprecated in 2-3 stable ↵Joshua Peek2009-05-041-7/+0
| | | | 7f1f16c01
* Deprecate assert_redirect_to's partial hash matchingJoshua Peek2009-05-021-2/+4
|
* Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.Jeremy Kemper2009-03-081-2/+2
| | | | [#1617 state:resolved]
* Move controller assertions from base TestCase to AC:: and AV::TestCaseJeremy Kemper2008-11-071-12/+4
|
* Fixed regex in redirect_to to fully support URI schemes [#1247 state:committed]Seth Fitzsimmons2008-10-301-0/+10
| | | | Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
* Fix file permissionsTarmo Tänav2008-07-311-0/+0
| | | | Signed-off-by: Joshua Peek <josh@joshpeek.com>
* AbstractRequest.relative_url_root is no longer automatically configured by a ↵Joshua Peek2008-07-241-55/+54
| | | | HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root
* Restore support for partial matches in assert_redirected_toMichael Koziarski2008-07-121-0/+5
| | | | If both the actual redirection and the asserted redirection are hashes, succeed if the asserted redirection is a strict subset of the actual redirection.
* Simplify the implementation of assert_redirected_to to normalise the urls ↵Michael Koziarski2008-07-041-16/+3
| | | | | | before comparing. Also allows for a simpler implementation of redirect_to without most of the recursion. Also allows for assert_redirected_to @some_record
* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546Pratik Naik2008-04-021-0/+20
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9212 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* don't misbehave when redirecting to nil. Closes #10272 [farleyknight]Michael Koziarski2008-01-121-0/+11
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8633 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* require abstract_unit directly since test is in load pathJeremy Kemper2008-01-051-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve the error message for assert_redirected_to. Closes #7337 [mikong, ↵Jeremy Kemper2007-10-161-2/+2
| | | | | | sandofsky] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7934 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add :status to redirect_to allowing users to choose their own response code ↵Michael Koziarski2007-10-091-0/+78
| | | | | | without manually setting headers. Closes #8297 [codahale, chasgrundy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7820 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Removed deprecated parameters_for_method_reference concept (legacy from ↵David Heinemeier Hansson2007-05-121-0/+40
| | | | | | before named routes) [DHH] Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6729 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Revert [6430] since the test is faulty. References #7837, closes #7842.Jeremy Kemper2007-03-161-10/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6435 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Undeprecate redirect_to with Hash argument and additional url_for ↵Jeremy Kemper2007-03-161-0/+10
| | | | | | parameters. Closes #7837. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6430 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Deprecation: remove deprecated url_for(:symbol, *args) and ↵Jeremy Kemper2007-03-131-19/+3
| | | | | | redirect_to(:symbol, *args) controller methods. Use named routes instead. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6412 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* redirect deprecation testsJeremy Kemper2006-09-041-9/+22
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4971 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Diff compared options with #assert_redirected_to [Rick]Rick Olson2006-04-221-5/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4248 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 12:55:07 +0000