| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
respond_with (and consequently the class-level respond_to)
are being removed from Rails. Instead of moving it to a 3rd
library, the functionality will be moved to responders gem
(at github.com/plataformatec/responders) which already provides
some responders extensions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New default: the template digest is automatically included in your ETags.
When you call `fresh_when @post`, the digest for `posts/show.html.erb`
is mixed in so future changes to the HTML will blow HTTP caches for you.
This makes it easy to HTTP-cache many more of your actions.
If you render a different template, you can now pass the `:template`
option to include its digest instead:
fresh_when @post, template: 'widgets/show'
Pass `template: false` to skip the lookup. To turn this off entirely, set:
config.action_controller.etag_with_template_digest = false
|
| |
|
|
|
| |
The test was not failing for `assert_template file: nil` when a file
has been rendered.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.
The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.
Credit goes to @sriedel for discovering the issue and adding the
patch.
|
| | |
|
| |
|
|
|
| |
also if you want a path from a named helper, you should call
helper_path, not helper_url(:only_path => true).
|
| |
|
|
|
| |
Use an is_a check to ensure it's a Railsish app so we can avoid
respond_to calls everywhere.
|
| |
|
|
| |
Closes #16170
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This actually runs a request through the system, using the actual
routing methods as we would use in production, then tests the
path_parameters set on the request object. The `recognize_path` method
isn't actually used in production, so testing what it returns isn't
useful.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.
Use `render body: ' '` if the old behavior is desired.
|
| |
|
|
|
|
| |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
| |\
| |
| | |
Remove symbolized_path_parameters.
|
| | |
| |
| |
| | |
This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
|
| |\ \
| | |
| | | |
Improve token_and_options regex and test
|
| | |/
| |
| |
| | |
add a test case to test the regex for the helper method raw_params
|
| |/
|
|
|
|
|
| |
The controller can set the response format as 'JSON' before the renderer code be
evaluated, so we must replace it when necessary.
Fixes #15081
|
| |\
| |
| |
| |
| |
| | |
Add always permitted parameters as a configurable option.
[Rafael Mendonça França + Gary S. Weaver]
|
| | |
| |
| |
| |
| |
| | |
* General style fixes.
* Add changes to configuration guide.
* Add missing tests.
|
| |\ \
| | |
| | | |
Fix state leak.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | | |
ActionController::Parameters#require now accepts FalseClass values
|
| |/ / /
| | |
| | |
| | | |
Fixes #15685.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
warning: assigned but unused variable - scope_called, path and strexp
|
| |\ \ \
| | | |
| | | | |
Restore test deliveries for ActionMailer.
|
| | |/ / |
|
| | | |
| | |
| | |
| | | |
.. even when the producer is blocked for a write.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
This is a regression test for 29844dd.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.
In a forthcoming commit I am going to add a test that covers why we need
to cache by value.
Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.
I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.
This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
|
| | | |
|
| |\ \
| | |
| | | |
Convert StrongParameters cache to a hash. This fixes an unbounded memory leak
|
| | | |
| | |
| | |
| | |
| | |
| | | |
memory leak demonstrated on @tenderlove's latest blog post:
http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html
|
| |/ / |
|
| |\ \
| | |
| | | |
Clear inflections after test.
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
zuhao/refactor_actionpack_request_forgery_protection_test
Avoid hardcoded `request_forgery_protection_token` value in teardown.
|
| | | | | |
|
