aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/render_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* render_to_string Regression Outside of Real Requests in Rails 5.0.0.rc1 (#25308)Brandon Medenwald2016-06-091-0/+7
| | | | | | * Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional * Add a test when render_to_string called on ActionController::Base.new()
* Strong ETag validatorsJeremy Daer2016-03-311-15/+43
| | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* Remove http_cache_forever's version parameterJean Boussier2016-03-051-9/+1
|
* Deprecate :controller and :action path parametersAndrew White2016-03-011-1/+4
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Lock down new `ImplicitRender` behavior for 5.0 RCGodfrey Chan2016-02-251-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Conceptually revert #20276 The feature was implemented for the `responders` gem. In the end, they did not need that feature, and have found a better fix (see plataformatec/responders#131). `ImplicitRender` is the place where Rails specifies our default policies for the case where the user did not explicitly tell us what to render, essentially describing a set of heuristics. If the gem (or the user) knows exactly what they want, they could just perform the correct `render` to avoid falling through to here, as `responders` did (the user called `respond_with`). Reverting the patch allows us to avoid exploding the complexity and defining “the fallback for a fallback” policies. 2. `respond_to` and templates are considered exhaustive enumerations If the user specified a list of formats/variants in a `respond_to` block, anything that is not explicitly included should result in an `UnknownFormat` error (which is then caught upstream to mean “406 Not Acceptable” by default). This is already how it works before this commit. Same goes for templates – if the user defined a set of templates (usually in the file system), that set is now considered exhaustive, which means that “missing” templates are considered `UnknownFormat` errors (406). 3. To keep API endpoints simple, the implicit render behavior for actions with no templates defined at all (regardless of formats, locales, variants, etc) are defaulted to “204 No Content”. This is a strictly narrower version of the feature landed in #19036 and #19377. 4. To avoid confusion when interacting in the browser, these actions will raise an `UnknownFormat` error for “interactive” requests instead. (The precise definition of “interactive” requests might change – the spirit here is to give helpful messages and avoid confusions.) Closes #20666, #23062, #23077, #23564 [Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
* Fix master buildJon Moss2016-02-181-1/+1
|
* remove unused variable from render testyuuji.yaginuma2016-01-301-1/+1
| | | | | | | | This removes the following warning. ``` rails/actionpack/test/controller/render_test.rb:278: warning: assigned but unused variable - response ```
* Run `file.close` before unlinking for traviseileencodes2016-01-281-1/+2
| | | | | | | | | | | This works on OSX but for some reason travis is throwing a ``` 1) Error: ExpiresInRenderTest#test_dynamic_render_with_absolute_path: NoMethodError: undefined method `unlink' for nil:NilClass ``` Looking at other tests in Railties the file has a name and we close it before unlinking, so I'm going to try that.
* Regression test for rendering file from absolute patheileencodes2016-01-281-0/+11
| | | | | | Test that we are not allowing you to grab a file with an absolute path outside of your application directory. This is dangerous because it could be used to retrieve files from the server like `/etc/passwd`.
* doc typoAkira Matsuda2016-01-271-2/+2
| | | | [ci skip]
* add a skip for failing testAaron Patterson2016-01-261-1/+2
|
* fix permitted? conditional for `render` callsAaron Patterson2016-01-261-0/+11
|
* clear view path cache between testsAaron Patterson2016-01-261-0/+5
| | | | | | | | The cache for `render file:` seems to also be used in the case of `render(string)`. If one is supposed to be a hit and the other is supposed to be a miss, and they both reference the same file, then the cache could return incorrect values. This commit clears the cache between runs so that we get non-cached behavior.
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-0/+31
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-221-0/+31
| | | | | | | | | | | | rails view directory CVE-2016-0752
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-1/+1
|/ | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* Change Integer#year to return a Fixnum instead of a Float to improve consistencyKonstantinos Rousis2015-10-221-2/+2
|
* remove RackDelegation moduleAaron Patterson2015-08-261-2/+0
| | | | | | Since all controller instances are required to have a request and response object, RackDelegation is no longer needed (we always have to delegate to the response)
* Get rid of mocha tests - part 1Marcin Olichwirowicz2015-08-241-4/+4
|
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-171-4/+4
| | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* Deprecate passing hash as first parameter into ActionController::HeadMehmet Emin İNAÇ2015-06-151-7/+28
|
* Add test coverage for implicit render in empty actionsJorge Bejar2015-06-111-0/+14
|
* Deprecate `:nothing` option for render methodMehmet Emin İNAÇ2015-05-281-0/+10
| | | | `head` method works similar to `render` method with `:nothing` option
* Return true from head methodJoel Hayhurst2015-03-121-0/+11
| | | | | | It was returning false in normal circumstances. This broke the `head :ok and return if` construct. Add appropriate test.
* Implement http_cache_forever to ActionControllerArthur Neves2015-02-151-0/+53
| | | | | | | | | Add http_cache_forever to ActionController, so we can cache results forever. Things like static pages are a good candidate for this type of caching. This cache only controls caching headers, so it is up to the browser to cache those requests.
* Accept a collection in fresh_when and stale?claudiob2015-02-101-1/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The methods `fresh_when` and `stale?` from ActionController::ConditionalGet accept a single record as a short form for a hash. For instance ```ruby def show @article = Article.find(params[:id]) fresh_when(@article) end ``` is just a short form for: ```ruby def show @article = Article.find(params[:id]) fresh_when(etag: @article, last_modified: @article.created_at) end ``` This commit extends `fresh_when` and `stale?` to also accept a collection of records, so that a short form similar to the one above can be used in an `index` action. After this commit, the following code: ```ruby def index @article = Article.all fresh_when(etag: @articles, last_modified: @articles.maximum(:created_at)) end ``` can be simply written as: ```ruby def index @article = Article.all fresh_when(@articles) end ```
* Fix wrong kwarg "record" from #18872claudiob2015-02-101-0/+1
| | | | | | | | | | | | PR #18772 changed the parameters of `stale?` to use `kwargs`. [As for this comment](https://github.com/rails/rails/pull/18872/files#r24456288) the default value for the `etag` parameter should be `record`, not `nil`. This commit fixes the code and introduces a test that: - passed before #18872 - fails on the current master (after #18772) - passes again after setting the default value of `etag` to `record`.
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-6/+6
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Remove unused AV fixtures from AP testsclaudiob2015-01-111-65/+0
| | | | | | | | | When `render` was moved from ActionPack to ActionView in acc8e259, some fixtures required by the tests were duplicated, but they are actually only required by ActionView tests. To give one example, `double_render` is already defined [in the AV tests](https://github.com/rails/rails/blob/72139d8d310d896db78eaec98582c7a638135102/actionview/test/actionpack/controller/render_test.rb#L407) and is never used in the ActionPack tests.
* Correctly use the response's status code calling headRobin Dupret2014-12-311-0/+17
| | | | | | | | | | | | | | | | Commit 20fece1 introduced the `_status_code` method to fix calls to `head :ok`. This method has been added on both ActionController::Metal and ActionDispatch::Response. As for the latter, this method is just equivalent to the `response_code` one so commit aefec3c removed it from the `Reponse` object so call to the `_status_code` method on an ActionController::Base instance would be handled by the `Metal` class (which `Base` inherits from) but the status code is not updated according to the response at this level. The fix is to actually rely on `response_code` for ActionController::Base instances but this method doesn't exist for bare Metal controllers so we need to define it.
* When your templates change, browser caches bust automatically.Jeremy Kemper2014-08-171-2/+34
| | | | | | | | | | | | | | | | New default: the template digest is automatically included in your ETags. When you call `fresh_when @post`, the digest for `posts/show.html.erb` is mixed in so future changes to the HTML will blow HTTP caches for you. This makes it easy to HTTP-cache many more of your actions. If you render a different template, you can now pass the `:template` option to include its digest instead: fresh_when @post, template: 'widgets/show' Pass `template: false` to skip the lookup. To turn this off entirely, set: config.action_controller.etag_with_template_digest = false
* Remove redundant code.Guo Xiang Tan2014-06-051-4/+0
|
* Prevent state leak.Guo Xiang Tan2014-06-051-0/+2
|
* Remove missing integration points of AV extractionCarlos Antonio da Silva2013-12-051-1/+1
|
* Move render_test to AVŁukasz Strzałkowski2013-08-251-1298/+106
|
* Create AbstractController::Rendering interfaceŁukasz Strzałkowski2013-08-251-0/+2
| | | | This interface should be use when implementing renderers.
* Revert "Merge branch 'master' of github.com:rails/docrails"Vijay Dev2013-08-171-4/+0
| | | | | | | This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9. Seems to be a code merge done by mistake.
* Fix order dependent testsAkira Matsuda2013-07-261-0/+4
| | | | Reset ActionView::Base.logger after tests
* Fix undefined method `ref' for nil:NilClass for bad accept headersStephen Becker IV2013-06-191-0/+6
|
* Test that #fresh_when accepts an arrayBrandon Keepers2013-05-071-2/+19
| | | | https://github.com/rails/etagger/pull/3
* Remove unnecessary begin..rescue..end, use only rescueAkira Matsuda2013-01-061-9/+7
|
* deprecate `assert_blank` and `assert_present`.Yves Senn2013-01-051-11/+11
| | | | | They don't add any benefits over `assert object.blank?` and `assert object.present?`
* Merge pull request #8662 from ↵Santiago Pastorino2012-12-311-1/+12
|\ | | | | | | | | senny/8661_should_not_append_charset_if_already_present Charset should not be appended to image/* type
| * charset should not be appended for `head` responsesYves Senn2012-12-311-1/+12
| | | | | | | | | | | | | | 1) Failure: test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]: Expected: "image/png" Actual: "image/png; charset=utf-8"
* | change spy of after invoked controller action. because ruby-2.0.0 waned ↵SHIBATA Hiroshi2012-12-201-1/+2
|/ | | | unused variables
* update documentation and code to use _action callbacksFrancesco Rodriguez2012-12-071-3/+3
|
* render every partial with a new `PartialRenderer`.Yves Senn2012-11-191-0/+10
| | | | | | | | This resolves issues when rendering nested partials. Previously the `PartialRenderer` was reused which led to situations where the state of the renderer was reset. Closes #8197
* can't pass :locals to #assert_template without a view test case. Closes #3415Yves Senn2012-10-061-0/+11
| | | | | | | | | | | the documentation on #assert_template states that the :locals option is only available in view test cases: # In a view test case, you can also assert that specific locals are passed # to partials: I added a warning when it's passed in an inapropriate context to prevent a NoMethodError.
* Added controller-level etag additions that will be part of the action etag ↵David Heinemeier Hansson2012-08-291-0/+32
| | | | computation *Jeremy Kemper/DHH*
* html_escape should escape single quotesSantiago Pastorino2012-07-311-2/+2
| | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215