| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
Check authentication scheme in Basic auth
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`authenticate_with_http_basic` and its families should check the authentication
schema is "Basic".
Different schema, such as OAuth2 Bearer should be rejected by basic auth, but
it was passing as the test shows.
This fixes #10257.
|
|\ \
| | |
| | | |
Un-define :to_json for Customer class after stubbing.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Deregister csv renderer after test to prevent leak.
|
| |/ / |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 5c224de9e110763ec7a0f01f5b604bcf81f40bfb.
Conflicts:
actionpack/lib/action_dispatch/journey/visitors.rb
5c224de9e110763ec7a0f01f5b604bcf81f40bfb introduced a bug in the
formatter. This commit includes a regression test.
|
| |
| |
| |
| | |
'head :ok'
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add controller and action name to the fragment caching instrumentation payload
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add multiple lines message support for SSE module
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`assert_redirected_to` would fail if there is no controller set on
a `ActionDispatch::IntegrationTest`, as _compute_redirect_to_location
would be called on the controller to build the url.
This regression was introduced after 1dacfbabf3bb1e0a9057dd2a016b1804e7fa38c0.
[fixes #14691]
|
| | | |
|
| | |
| | |
| | |
| | | |
relative URL.
|
| | |
| | |
| | |
| | | |
do not test internals
|
|\ \ \
| | | |
| | | | |
Moved 'params[request_forgery_protection_token]' into its own method and...
|
| | | |
| | | |
| | | |
| | | | |
improved tests.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will avoid directory traversal in implicit render.
Fixes: CVE-2014-0130
Conflicts:
actionpack/lib/abstract_controller/base.rb
|
|/ / |
|
| |
| |
| |
| | |
Related with cbb917455f306cf5818644b162f22be09f77d4b2
|
| |
| |
| |
| | |
This was changed at cbb917455f306cf5818644b162f22be09f77d4b2
|
|\ \
| | |
| | | |
Remove surplus period from assertion messages
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When requesting a controller with the following code with a unknown format:
def my_action
respond_to do |format|
format.json { head :ok }
format.any { render text: 'Default response' }
end
end
we should render the default response instead of raising ActionController::UnknownFormat
Fixes #14462
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/controller/mime/respond_with_test.rb
Conflicts:
actionpack/CHANGELOG.md
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Adding flash types to a controller within any of the tests will result
in a global state change of the controller under test.
This patch will prevent state leaks and allow us to run the test in random order.
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Fortisque/kevin/stream_error_in_main_thread_if_not_committed
re-raise error if error occurs before committing in streaming
|
| | |
| | |
| | |
| | | |
update the tests, using an if-else
|
|\ \ \
| |/ /
|/| |
| | | |
Ensure LookupContext in Digestor selects correct variant
|
| | |
| | |
| | |
| | | |
We're setting variant above, in request object directly
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Related to: #14242 #14243 14293
Variants passed to LookupContext#find() seem to be ignored, so
I've used the setter instead: `finder.variants = [ variant ]`.
I've also added some more test cases for variants. Hopefully this
time passing tests will mean it actually works.
|
| | |
| | |
| | |
| | |
| | |
| | | |
avoid freezing the headers until the web server has actually read data
from the body proxy. Once the webserver has read data, then we should
throw an error if someone tries to set a header
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when streaming responses, we need to make sure the cookie jar is written
to the headers before returning up the stack. This commit introduces a
new method on the response object that writes the cookie jar to the
headers as the response is committed. The middleware and test framework
will not write the cookie headers if the response has already been
committed.
fixes #14352
|
|\ \
| | |
| | | |
Make CSRF failure logging optional/configurable.
|
| | |
| | |
| | |
| | |
| | | |
Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection
which is on by default.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`render :body` should just not set the `Content-Type` header. By
removing the header, it breaks the compatibility with other parts.
After this commit, `render :body` will returns `text/html` content type,
sets by default from `ActionDispatch::Response`, and it will preserve
the overridden content type if you override it.
Fixes #14197, #14238
This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Take variants into account when calculating template digests in
ActionView::Digest.
Digestor#digest now takes a hash as an argument to support variants and
allow more flexibility in the future. Old-style arguments have been
deprecated.
Fixes #14242
|
| | |
|
| |
| |
| |
| |
| |
| | |
when an exception happens in an action before the response has been
committed, then we should re-raise the exception in the main thread.
This lets us reuse the existing exception handling.
|
| |
| |
| |
| |
| |
| | |
detect the type of controller we're testing and return the right type of
response based on that controller. This allows us to stop doing the
weird sleep thing.
|
| |
| |
| |
| | |
callback and an error happens
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 4f2cd3e9 introduced a bug by reordering the call to
`@controller.recycle!` above the call to `build_request_uri`. The
impact of this was that the `@_url_options` cache ends up not being
reset between building a request URI (occurring within the test
controller) and the firing of the actual request.
We encountered this bug because we had the following setup:
class MinimumReproducibleController < ActionController::Base
before_filter { @param = 'param' }
def index
render text: url_for(params)
end
def default_url_options
{ custom_opt: @param }
end
end
def test_index
get :index # builds url, then fires actual request
end
The first step in `get :index` in the test suite would populate the
@_url_options cache. The subsequent call to `url_for` inside of the
controller action would then utilize the uncleared cache, thus never
calling the now-updated default_url_options.
This commit fixes this bug calling recycle! twice, and removes a call
to set response_body, which should no longer be needed since we're
recycling the request object explicitly.
|
| |
| |
| |
| | |
when only 1 parameter is unpermitted.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|