aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
Commit message (Collapse)AuthorAgeFilesLines
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-0/+10
|
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-173-12/+72
| | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* Inline variants syntaxŁukasz Strzałkowski2013-12-101-1/+38
| | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-13/+1
| | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
* Inline variants syntaxŁukasz Strzałkowski2013-12-081-1/+13
| | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* Variants can be declared without a block to signify their presence in the ↵David Heinemeier Hansson2013-12-071-1/+1
| | | | controller
* Allow code execution in case no variant has been set with variant.noneDavid Heinemeier Hansson2013-12-071-0/+16
|
* Remove missing integration points of AV extractionCarlos Antonio da Silva2013-12-051-1/+1
|
* Action Pack VariantsŁukasz Strzałkowski2013-12-041-0/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* Merge branch 'format_localized_template' of https://github.com/acapilleri/railsGuillermo Iguaran2013-12-031-0/+11
|\ | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-031-0/+11
| | | | | | | | | | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
* | Typo fixes [ci skip]Akshay Vishnoi2013-11-301-2/+2
| |
* | fixed-case when invalid action name has passedKuldeep Aggarwal2013-11-281-0/+3
| |
* | fixed typo `destory` => `destroy` [ci skip]Kuldeep Aggarwal2013-11-281-1/+1
|/
* Raise RuntimeErrors with inspectable and MRI-independent messages.Federico Ravasio2013-11-242-4/+4
| | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation.
* Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+18
|
* Eliminate `JSON.{parse,load,generate,dump}` and `def to_json`Godfrey Chan2013-11-053-17/+20
| | | | | | | | | | | | | | | JSON.{dump,generate} offered by the JSON gem is not compatiable with Rails at the moment and can cause a lot of subtle bugs when passed certain data structures. This changed all direct usage of the JSON gem in internal Rails code to always go through AS::JSON.{decode,encode}. We also shouldn't be implementing `to_json` most of the time, and these occurances are replaced with an equivilent `as_json` implementation to avoid problems down the road. See [1] for all the juicy details. [1]: intridea/multi_json#138 (comment)
* Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-022-26/+1
| | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* Merge pull request #9660 from ↵Guillermo Iguaran2013-11-012-1/+26
|\ | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-112-1/+26
| | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | don't mutate hash with fetchDoug Cole2013-10-261-0/+6
| |
* | pass app config to controller helper proxyTima Maslyuchenko2013-10-241-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this fix application config become available when calling helper outisde of view config/application.rb #... config.asset_host = 'http://mycdn.com' #... Somewhere else ActionController::Base.helpers.asset_path('fallback.png') # => http://mycdn.com/assets/fallback.png
* | Fixing repond_with working directly on the options hashBlueHotDog2013-10-091-0/+15
| | | | | | | | | | | | | | | | This fixes an issue where the respond_with worked directly with the given options hash, so that if a user relied on it after calling respond_with, the hash wouldn't be the same. Fixes #12029
* | Strong parameters should permit nested number as key. Closes #12293kennyj2013-09-271-0/+15
| |
* | Fix incorrect assert_redirected_to failure messageDerek Prior2013-09-191-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some instances, `assert_redirected_to` assertion was returning an incorrect and misleading failure message when the assertion failed. This was due to a disconnect in how the assertion computes the redirect string for the failure message and how `redirect_to` computes the string that is actually used for redirection. I made the `_compute_redirect_to_loaction` method used by `redirect_to` public and call that from the method `assert_redirect_to` uses to calculate the URL. The reveals a new test failure due to the regex used by `_compute_redirect_to_location` allow `_` in the URL scheme.
* | NullSessionHash#destroy should be a no-opJonathan Baudanza2013-09-181-0/+10
| | | | | | | | Previously it was raising a NilException
* | Fix an issue where router can't recognize downcased url encoding path.kennyj2013-09-191-0/+4
| |
* | Custom flash should be defined only for the class that defines it and it's ↵Ricardo de Cillo2013-09-131-0/+12
| | | | | | | | subclasses.
* | Merge pull request #12159 from nashby/issue-12149Rafael Mendonça França2013-09-121-0/+9
|\ \ | | | | | | do not break params filtering on nil values
| * | do not break params filtering on nil valuesVasiliy Ermolovich2013-09-071-0/+9
| | | | | | | | | | | | closes #12149
* | | Removed semicolon and added spaceAnupam Choudhury2013-09-131-2/+2
| | |
* | | Reset ActionView::Base.logger instead of AC::Base.loggerAkira Matsuda2013-09-101-1/+1
| | | | | | | | | | | | see: 9b0ac0bc74569db460f87ea6888b3847be0ff5be
* | | Make AC standalone rendering workSantiago Pastorino2013-09-101-0/+15
|/ /
* | Revert "Port all remaining self.protected_instance_variables to class methods"Łukasz Strzałkowski2013-09-021-1/+1
| | | | | | | | This reverts commit 7de994fa215e9f4c2856d85034bc4dd7b65d0c01.
* | Port all remaining self.protected_instance_variables to class methodsŁukasz Strzałkowski2013-08-291-1/+1
| |
* | Extend basic rendering, test it in railtiesŁukasz Strzałkowski2013-08-251-19/+0
| |
* | Basic rendering testŁukasz Strzałkowski2013-08-251-0/+19
| |
* | Move AP's capture tests to AVŁukasz Strzałkowski2013-08-251-79/+0
| |
* | Move remaining layouts tests to AVŁukasz Strzałkowski2013-08-251-262/+0
| |
* | Move render_test to AVŁukasz Strzałkowski2013-08-251-1298/+106
| |
* | Load AV::Layout to AM::Base in railtiesŁukasz Strzałkowski2013-08-251-0/+3
| |
* | Create AbstractController::Rendering interfaceŁukasz Strzałkowski2013-08-252-0/+3
| | | | | | | | This interface should be use when implementing renderers.
* | Move view_paths from AP to AVŁukasz Strzałkowski2013-08-251-174/+0
| |
* | Merge pull request #11443 from wangjohn/sse_reloader_classSantiago Pastorino2013-08-191-0/+88
|\ \ | | | | | | SSE class for ActionController::Live
| * | Creating an SSE class to be used with ActionController::Live.wangjohn2013-07-301-0/+88
| | |
* | | Fail informatively in #respond_with when no appropriate #api_behavior ↵Ben Woosley2013-08-171-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | renderer is available. Currently if a user calls #respond_with(csvable), but has not csv renderer available, Responder will just run through the default render behavior twice, raising ActionView::MissingTemplate both times. This changes ActionController::Metal::Responder#api_behavior to check in advance whether there is a renderer available, and raise ActionController::MissingRenderer if not.
* | | Split the 1200+ line mime_responds_test into 3 more focused and manageable ↵Ben Woosley2013-08-173-587/+587
| | | | | | | | | | | | test files.
* | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2013-08-173-6/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionview/README.rdoc activerecord/lib/active_record/migration.rb guides/source/development_dependencies_install.md guides/source/getting_started.md
| * | | Revert "Merge branch 'master' of github.com:rails/docrails"Vijay Dev2013-08-173-6/+1
| |/ / | | | | | | | | | | | | | | | | | | This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9. Seems to be a code merge done by mistake.
* | | Execute conditional procs on controller filters only for current action.Nicholas Jakobsen2013-08-101-0/+9
| | | | | | | | | | | | | | | | | | :only and :except options for controller filters are now added before :if and :unless. This prevents running :if and :unless procs when not on the specified. Closes #11786.