Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add allow_other_host option to redirect_back method | Tim Masliuchenko | 2017-10-10 | 1 | -0/+21 |
| | |||||
* | Fix RuboCop offenses | Koichi ITO | 2017-08-16 | 1 | -1/+1 |
| | | | | And enable `context_dependent` of Style/BracesAroundHashParameters cop. | ||||
* | Use frozen string literal in actionpack/ | Kir Shatrov | 2017-07-29 | 1 | -0/+2 |
| | |||||
* | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" | Matthew Draper | 2017-07-02 | 1 | -1/+0 |
| | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa. | ||||
* | Enforce frozen string in Rubocop | Kir Shatrov | 2017-07-01 | 1 | -0/+1 |
| | |||||
* | Reuse the Parameters#to_h check in the routing helpers | Rafael Mendonça França | 2017-04-18 | 1 | -2/+2 |
| | | | | | Since this protection is now in Parameters we can use it instead of reimplementing again. | ||||
* | Use `response#location` instead of `#location` in redirect. | Mehmet Emin INAC | 2017-02-20 | 1 | -2/+2 |
| | | | | Closes #28033 | ||||
* | Privatize unneededly protected methods in Action Pack tests | Akira Matsuda | 2016-12-23 | 1 | -1/+1 |
| | |||||
* | Remove deprecated support to `:back` in `redirect_to` | Rafael Mendonça França | 2016-10-09 | 1 | -42/+0 |
| | |||||
* | Add three new rubocop rules | Rafael Mendonça França | 2016-08-16 | 1 | -2/+2 |
| | | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository. | ||||
* | remove redundant curlies from hash arguments | Xavier Noria | 2016-08-06 | 1 | -4/+4 |
| | |||||
* | modernizes hash syntax in actionpack | Xavier Noria | 2016-08-06 | 1 | -18/+18 |
| | |||||
* | applies new string literal convention in actionpack/test | Xavier Noria | 2016-08-06 | 1 | -13/+13 |
| | | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. | ||||
* | Move `Workshop` class definition | Jon Moss | 2016-05-30 | 1 | -0/+18 |
| | | | | | We should define it only where we need it, not in the global abstract unit :grimacing: | ||||
* | Add more info to insecure URL generation error | Derek Prior | 2016-04-26 | 1 | -2/+1 |
| | | | | | | | | I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com> | ||||
* | Deprecate :controller and :action path parameters | Andrew White | 2016-03-01 | 1 | -2/+7 |
| | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values. | ||||
* | Use a URL instead of an URL everywhere | Abhishek Jain | 2016-02-15 | 1 | -1/+1 |
| | |||||
* | Merge pull request #20797 from byroot/prevent-url-for-ac-parameters | Rafael França | 2015-12-18 | 1 | -2/+2 |
|\ | | | | | Prevent ActionController::Parameters in url_for | ||||
| * | Prevent ActionController::Parameters from being passed to url_for directly | Jean Boussier | 2015-12-15 | 1 | -2/+2 |
| | | |||||
* | | Deprecate `redirect_to :back` | Derek Prior | 2015-12-16 | 1 | -2/+15 |
| | | | | | | | | | | | | | | Applications that use `redirect_to :back` can be forced to 500 by clients that do not send the HTTP `Referer` (sic) header. `redirect_back` requires the user to consider this possibility up front and avoids this trivially-caused application error. | ||||
* | | Add `redirect_back` for safer referrer redirects | Derek Prior | 2015-12-16 | 1 | -0/+21 |
|/ | | | | | | | | | | | | | | | | | `redirect_to :back` is a somewhat common pattern in Rails apps, but it is not completely safe. There are a number of circumstances where HTTP referrer information is not available on the request. This happens often with bot traffic and occasionally to user traffic depending on browser security settings. When there is no referrer available on the request, `redirect_to :back` will raise `ActionController::RedirectBackError`, usually resulting in an application error. `redirect_back` takes a required `fallback_location` keyword argument that specifies the redirect when the referrer information is not available. This prevents 500 errors caused by `ActionController::RedirectBackError`. | ||||
* | Added assertion for error messages for redirection to nil and params | Ronak Jangir | 2015-09-21 | 1 | -2/+4 |
| | | | As both `redirect_to_nil` and `redirect_to_params` are raising same `ActionController::ActionControllerError` so it’s good to assert error messages as well | ||||
* | Stop using deprecated `render :text` in test | Prem Sichanugrist | 2015-07-17 | 1 | -2/+2 |
| | | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`. | ||||
* | Remove `assigns` and `assert_template`. | Guo Xiang Tan | 2015-05-30 | 1 | -11/+0 |
| | |||||
* | Remove unused WorkshopsController class in redirect_test. | Bryce Boe | 2015-04-23 | 1 | -3/+0 |
| | |||||
* | remove old unavailable link with relevant fix | Gaurav Sharma | 2015-03-23 | 1 | -2/+2 |
| | |||||
* | Don't accept parameters as argument for redirect to [via @homakov] | Santiago Pastorino | 2014-07-16 | 1 | -0/+10 |
| | | | | Closes #16170 | ||||
* | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
* | fix typo in redirect test | Brian Lopez | 2012-03-15 | 1 | -1/+1 |
| | |||||
* | strip null bytes from Location header as well | Brian Lopez | 2012-03-15 | 1 | -0/+20 |
| | | | | add tests for stripping \r\n chars since that's already happening | ||||
* | Remove rescue_action from compatibility module and tests | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+0 |
| | |||||
* | Fix for redirect_to to respect urls with a network path reference like ↵ | Overbryd | 2011-12-05 | 1 | -0/+10 |
| | | | | "//asset.host.com/resources/1235" see issue #3856 | ||||
* | Methods like status and location are interfering with redirect_to [Closes #2511] | Franck Verrot | 2011-08-14 | 1 | -0/+5 |
| | |||||
* | delete repeated code | Aaron Patterson | 2010-10-01 | 1 | -18/+0 |
| | |||||
* | Make redirect_to accept blocks [#5643 state:resolved] | Nando Vieira | 2010-09-24 | 1 | -0/+38 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Removed deprecated RouteSet API, still many tests fail | Piotr Sarnacki | 2010-09-05 | 1 | -1/+1 |
| | |||||
* | Revert "Setup explicit requires for files with exceptions. Removed them from ↵ | José Valim | 2010-09-02 | 1 | -1/+0 |
| | | | | | | | | autoloading." Booting a new Rails application does not work after this commit [#5359 state:open] This reverts commit 38a421b34d0b414564e919f67d339fac067a56e6. | ||||
* | Setup explicit requires for files with exceptions. Removed them from ↵ | Łukasz Strzałkowski | 2010-09-02 | 1 | -0/+1 |
| | | | | | | autoloading. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Require persisted? in ActiveModel::Lint and remove new_record? and ↵ | José Valim | 2010-02-21 | 1 | -9/+9 |
| | | | | destroyed? methods. ActionPack does not care if the resource is new or if it was destroyed, it cares only if it's persisted somewhere or not. | ||||
* | Use new routing dsl in tests | Joshua Peek | 2009-12-08 | 1 | -2/+2 |
| | |||||
* | Cleanup route reloading in tests. Prefer with_routing over using ↵ | Joshua Peek | 2009-08-16 | 1 | -11/+13 |
| | | | | ActionController::Routing::Routes directly | ||||
* | Add test ensuring redirect_to uses the given protocol [#2886] | Dan Croak | 2009-08-08 | 1 | -0/+10 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | AMo conversion helper | Joshua Peek | 2009-07-21 | 1 | -1/+2 |
| | |||||
* | Define ActiveModel API Compliance | Yehuda Katz | 2009-07-20 | 1 | -1/+1 |
| | | | | | | - Define to_model on AR - Define to_model on ActiveModel::APICompliant - Update test fixtures to be API Compliant - Start using to_model in AP | ||||
* | Move model naming into ActiveModel | Joshua Peek | 2009-06-17 | 1 | -0/+1 |
| | |||||
* | assert_redirect_to's partial hash matching was deprecated in 2-3 stable ↵ | Joshua Peek | 2009-05-04 | 1 | -7/+0 |
| | | | | 7f1f16c01 | ||||
* | Deprecate assert_redirect_to's partial hash matching | Joshua Peek | 2009-05-02 | 1 | -2/+4 |
| | |||||
* | Ruby 1.9 compat: rename deprecated assert_raises to assert_raise. | Jeremy Kemper | 2009-03-08 | 1 | -2/+2 |
| | | | | [#1617 state:resolved] | ||||
* | Move controller assertions from base TestCase to AC:: and AV::TestCase | Jeremy Kemper | 2008-11-07 | 1 | -12/+4 |
| | |||||
* | Fixed regex in redirect_to to fully support URI schemes [#1247 state:committed] | Seth Fitzsimmons | 2008-10-30 | 1 | -0/+10 |
| | | | | Signed-off-by: David Heinemeier Hansson <david@loudthinking.com> |