aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
Commit message (Collapse)AuthorAgeFilesLines
...
* | Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-092-2/+2
| | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | Merge pull request #16013 from tgxworld/remove_symbolized_path_parametersRafael Mendonça França2014-07-041-3/+3
|\ \ | | | | | | Remove symbolized_path_parameters.
| * | Remove symbolized_path_parameters.Guo Xiang Tan2014-07-021-3/+3
| | | | | | | | | | | | This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
* | | Merge pull request #16011 from xjlu/token_and_optionsRafael Mendonça França2014-07-041-2/+22
|\ \ \ | | | | | | | | Improve token_and_options regex and test
| * | | Improve token_and_options regex and testXinjiang Lu2014-07-011-2/+22
| |/ / | | | | | | | | | add a test case to test the regex for the helper method raw_params
* / / Change the JSON renderer to enforce the 'JS' Content TypeLucas Mazza2014-07-021-0/+13
|/ / | | | | | | | | | | | | The controller can set the response format as 'JSON' before the renderer code be evaluated, so we must replace it when necessary. Fixes #15081
* | Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-271-0/+29
|\ \ | | | | | | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
| * | Improvements per code review.Rafael Chacón2014-06-271-0/+29
| | | | | | | | | | | | | | | | | | * General style fixes. * Add changes to configuration guide. * Add missing tests.
* | | Merge pull request #15537 from tgxworld/fix_state_leakMatthew Draper2014-06-203-4/+5
|\ \ \ | | | | | | | | Fix state leak.
| * | | Remove redundant code.Guo Xiang Tan2014-06-051-4/+0
| | | |
| * | | Prevent state leak.Guo Xiang Tan2014-06-053-0/+5
| | | |
* | | | Merge pull request #15692 from sromano/falseClassMatthew Draper2014-06-141-1/+17
|\ \ \ \ | | | | | | | | | | | | | | | ActionController::Parameters#require now accepts FalseClass values
| * | | | ActionController::Parameters#require now accepts FalseClass valuesSergio Romano2014-06-131-1/+17
|/ / / / | | | | | | | | | | | | Fixes #15685.
* | | | Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-6/+23
| | | |
* | | | use Ruby for mockingAaron Patterson2014-06-121-1/+1
| | | |
* | | | remove warningsKuldeep Aggarwal2014-06-121-1/+0
| |_|/ |/| | | | | | | | warning: assigned but unused variable - scope_called, path and strexp
* | | Merge pull request #15545 from zuhao/refactor_actionpack_assert_select_testYves Senn2014-06-081-1/+4
|\ \ \ | | | | | | | | Restore test deliveries for ActionMailer.
| * | | Restore test deliveries for ActionMailer.Zuhao Wan2014-06-071-1/+4
| |/ /
* | | Handle client disconnect during live streamingMatthew Draper2014-06-081-0/+89
| | | | | | | | | | | | .. even when the producer is blocked for a write.
* | | adds some details to the rationale of converted_arrays [ci skip]Xavier Noria2014-06-071-1/+1
| | |
* | | adds a regression test for the strong params converted arrays cacheXavier Noria2014-06-071-1/+18
| | | | | | | | | | | | This is a regression test for 29844dd.
* | | Revert "Convert StrongParameters cache to a hash. This fixes an unbounded"Xavier Noria2014-06-071-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot cache keys because arrays are mutable. We rather want to cache the arrays. This behaviour is tailor-made for the usage pattern strongs params is designed for. In a forthcoming commit I am going to add a test that covers why we need to cache by value. Every strong params instance has a live span of a request, the cache goes away with the object. Since strong params have such a concrete intention, it would be interesting to see if there are actually any real-world use cases that are an actual leak, one that practically may matter. I am not convinced that the theoretical leak has any practical consequences, but if it can be shown there are, then I believe we should either get rid of the cache (which is an optimization), or else wipe it in the mutating API. This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
* | Mime::PNG is already defined.Zuhao Wan2014-06-051-6/+0
| |
* | Merge pull request #15498 from zenspider/fix_memory_leakGuillermo Iguaran2014-06-031-1/+1
|\ \ | | | | | | Convert StrongParameters cache to a hash. This fixes an unbounded memory leak
| * | Convert StrongParameters cache to a hash. This fixes an unboundedRyan Davis2014-06-031-1/+1
| | | | | | | | | | | | | | | | | | memory leak demonstrated on @tenderlove's latest blog post: http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html
* | | add tests for nested lambda constraintsAaron Patterson2014-06-031-0/+27
|/ /
* | Merge pull request #15384 from zuhao/refactor_actionpack_params_wrapper_testYves Senn2014-05-291-7/+19
|\ \ | | | | | | Clear inflections after test.
| * | Clear inflections after test.Zuhao Wan2014-05-281-7/+19
| | |
* | | Merge pull request #15386 from ↵Santiago Pastorino2014-05-281-3/+6
|\ \ \ | | | | | | | | | | | | | | | | zuhao/refactor_actionpack_request_forgery_protection_test Avoid hardcoded `request_forgery_protection_token` value in teardown.
| * | | Avoid hardcoded value in teardown.Zuhao Wan2014-05-281-3/+6
| | | |
* | | | Merge pull request #15388 from zuhao/refactor_actionpack_send_file_testSantiago Pastorino2014-05-281-2/+6
|\ \ \ \ | | | | | | | | | | Unregister Mime::Type in teardown.
| * | | | Unregister Mime::Type in teardown.Zuhao Wan2014-05-281-2/+6
| |/ / /
* | | | Merge pull request #15385 from zuhao/refactor_actionpack_render_other_testSantiago Pastorino2014-05-281-4/+7
|\ \ \ \ | |/ / / |/| | | Add and remove renderer inside the test to prevent leak.
| * | | Add and remove renderer inside the test to prevent leak.Zuhao Wan2014-05-281-4/+7
| |/ /
* | | Merge pull request #15383 from ↵Yves Senn2014-05-281-10/+8
|\ \ \ | |/ / |/| | | | | | | | zuhao/refactor_actionpack_localized_templates_test Move I18n.locale setting into setup and teardown.
| * | Move I18n.locale setting into setup and teardown.Zuhao Wan2014-05-281-10/+8
| | |
* | | Add with_default_charset helper.Zuhao Wan2014-05-281-12/+20
|/ /
* | Deprecate all *_filter callbacks in favor of *_action callbacksRafael Mendonça França2014-05-272-191/+191
| | | | | | | | | | This is the continuation of the work started at 9d62e04838f01f5589fa50b0baa480d60c815e2c
* | PARAMETERS_KEY is only used in the request, so move the constant thereAaron Patterson2014-05-271-5/+5
| |
* | The correct status to test should be :switching_protocols.Zuhao Wan2014-05-251-2/+2
| |
* | use symbol keys for path_parametersAaron Patterson2014-05-221-5/+5
| |
* | Merge pull request #11346 from tomykaira/fix_10257Rafael Mendonça França2014-05-201-0/+7
|\ \ | | | | | | Check authentication scheme in Basic auth
| * | Check authentication scheme in Basic authtomykaira2013-07-071-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `authenticate_with_http_basic` and its families should check the authentication schema is "Basic". Different schema, such as OAuth2 Bearer should be rejected by basic auth, but it was passing as the test shows. This fixes #10257.
* | | Merge pull request #15182 from zuhao/refactor_actionpack_respond_with_test_2Yves Senn2014-05-201-4/+10
|\ \ \ | | | | | | | | Un-define :to_json for Customer class after stubbing.
| * | | Add using_resouce_with_json to controller.Zuhao Wan2014-05-201-4/+10
| | | |
* | | | Merge pull request #15178 from zuhao/refactor_actionpack_respond_with_testYves Senn2014-05-201-0/+19
|\ \ \ \ | | | | | | | | | | Deregister csv renderer after test to prevent leak.
| * | | | Add ActionController::Renderers.remove.Zuhao Wan2014-05-201-0/+19
| |/ / /
* / / / Revert "Rewrite journey routes formatter for performance"Aaron Patterson2014-05-191-0/+20
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 5c224de9e110763ec7a0f01f5b604bcf81f40bfb. Conflicts: actionpack/lib/action_dispatch/journey/visitors.rb 5c224de9e110763ec7a0f01f5b604bcf81f40bfb introduced a bug in the formatter. This commit includes a regression test.
* | | fixes stack level too deep exception on action named 'status' returning ↵Christiaan Van den Poel2014-05-151-0/+31
| | | | | | | | | | | | 'head :ok'
* | | Merge pull request #14137 from dasch/better-fragment-cache-instrumentationRafael Mendonça França2014-05-141-0/+16
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add controller and action name to the fragment caching instrumentation payload Conflicts: actionpack/CHANGELOG.md