| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- The single space response was added due to a bug in safari
in https://github.com/rails/rails/commit/cb0f8fda9652c4d24d04693bdb82cecd3b067e5c
and
https://github.com/rails/rails/commit/807df4fcf021fc4d15972aa1c17ba7398d43ab0d.
- This was removed from the `render nothing: true` in
https://github.com/rails/rails/pull/14883.
- Removing it from response of :head also. As :head is more obvious
alternative to call `render nothing:
true`(http://guides.rubyonrails.org/layouts_and_rendering.html#using-head-to-build-header-only-responses),
removing it from head method also.
- Closes #18253.
|
|\ \
| | |
| | |
| | |
| | | |
jethroo/fix/assert_template_with_unsupported_layout_type
assert template should raise ArgumentError for unsupported layout types
|
| |/
| |
| |
| | |
unknown layout type
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an `around_action` does not `yield`, then the corresponding action is
*never* executed and the `after_` actions are *never* invoked.
The value returned by the `around_action` does not have any impact on this:
an `around_action` can "return" `true`, `false`, or `"pizza"`, but as long
as `yield` is not invoked, the corresponding action and after callbacks are
not executed.
The test suite for `ActionController::Callbacks` currently includes separate
tests to distinguish the cases in which a non-yielding `around_actions` returns
`true` or `false`.
In my opinion, having such tests is misleading, giving the impression that the
returned value might have some sort of impact, while it does not. At least
that's the impression I got when I read those tests.
For completeness, the tests were introduced 7 years ago by @NZKoz in e80fabb.
|
|/
|
|
|
|
|
|
|
| |
As suggested in #16299([1]), this method should be a new public API for
retrieving unfiltered parameters from `ActionController::Parameters`
object, given that `Parameters#to_hash` will no longer work in Rails
5.0+ as we stop inheriting `Parameters` from `Hash`.
[1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919
|
| |
|
| |
|
|\
| |
| |
| | |
Allow authentication header to not have to specify 'token=' key.
|
| |
| |
| |
| | |
Fixes: https://github.com/rails/rails/issues/17108.
|
|\ \
| | |
| | | |
Do not rescue Exception in ActionDispatch::ParamsParser
|
| | |
| | |
| | |
| | |
| | | |
Unlike ShowExceptions or PublicExceptions, ParamsParser shouldn't
transform exceptions like Interrupt and NoMemoryError into ParserError.
|
|\ \ \ |
|
|/ / /
| | |
| | |
| | | |
url_for
|
| | |
| | |
| | |
| | | |
Reference #17453
|
|/ /
| |
| |
| |
| | |
These are currently working "by accident" because `match_route` does not check
that the name is valid.
|
| |
| |
| |
| |
| |
| | |
Reference #17453
[Godfrey Chan, Washington Luiz]
|
| |
| |
| |
| | |
Fixes https://github.com/rails/rails/issues/17714.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit f93df52845766216f0fe36a4586f8abad505cac4, reversing
changes made to a455e3f4e9dbfb9630d47878e1239bc424fb7d13.
Conflicts:
actionpack/lib/action_controller/test_case.rb
actionview/lib/action_view/test_case.rb
|
| |
| |
| |
| | |
Closes #17586
|
| |
| |
| |
| |
| |
| | |
We added a deprecation warning for these cases in aa1fadd, so these are now
causing deprecation warnings in the test output. AFAICT, in these two cases, the
option is not integral to the purpose of the test, so they can be safely removed
|
| |
| |
| |
| |
| |
| | |
Follow up to 212057b9. Since that commit, we need to pass the `route_name`
explicitly. This is one of the left-over cases that was not handled in that
commit, which was causing `use_route` to be ignored in functional tests.
|
| |
| |
| |
| | |
Fixes: https://github.com/rails/rails/issues/16814
|
| | |
|
| |
| |
| |
| |
| |
| | |
See comment in this patch for the rationale.
References #16468
|
|/
|
|
| |
[related #17233]
|
|
|
|
| |
This is to match the changes in Rails Dom Testing rails/rails-dom-testing#20.
|
|
|
|
|
|
| |
Hash#keys.each allocates an array of keys; Hash#each_key iterates through the
keys without allocating a new array. This is the reason why Hash#each_key
exists.
|
| |
|
|\
| |
| | |
CSRF token mask from breach-mitigation-rails gem
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This merges in the code from the breach-mitigation-rails gem that masks
authenticity tokens on each request by XORing them with a random set of
bytes. The masking is used to make it impossible for an attacker to
steal a CSRF token from an SSL session by using techniques like the
BREACH attack.
The patch is pretty simple - I've copied over the [relevant
code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb)
and updated the tests to pass, mostly by adjusting stubs and mocks.
|
| |
| |
| |
| |
| |
| |
| | |
* `each`
* `each_pair`
* `delete`
* `select!`
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is to make sure that `permitted` status is maintained on the
resulting object.
I found these methods that needs to be redefined by looking for
`self.class.new` in the code.
* extract!
* transform_keys
* transform_values
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`ActionController::Parameters#to_h` now returns a `Hash` with
unpermitted keys removed. This change is to reflect on a security
concern where some method performed on an `ActionController::Parameters`
may yield a `Hash` object which does not maintain `permitted?` status.
If you would like to get a `Hash` with all the keys intact, duplicate
and mark it as permitted before calling `#to_h`.
params = ActionController::Parameters.new(name: 'Senjougahara Hitagi')
params.to_h # => {}
unsafe_params = params.dup.permit!
unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
safe_params = params.permit(:name)
safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
This change is consider a stopgap as we cannot chage the code to stop
`ActionController::Parameters` to inherit from
`HashWithIndifferentAccess` in the next minor release.
Also, adding a CHANGELOG entry to mention that
`ActionController::Parameters` will not inheriting from
`HashWithIndifferentAccess` in the next major version.
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
respond_with (and consequently the class-level respond_to)
are being removed from Rails. Instead of moving it to a 3rd
library, the functionality will be moved to responders gem
(at github.com/plataformatec/responders) which already provides
some responders extensions.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
New default: the template digest is automatically included in your ETags.
When you call `fresh_when @post`, the digest for `posts/show.html.erb`
is mixed in so future changes to the HTML will blow HTTP caches for you.
This makes it easy to HTTP-cache many more of your actions.
If you render a different template, you can now pass the `:template`
option to include its digest instead:
fresh_when @post, template: 'widgets/show'
Pass `template: false` to skip the lookup. To turn this off entirely, set:
config.action_controller.etag_with_template_digest = false
|
| |
| |
| |
| |
| | |
The test was not failing for `assert_template file: nil` when a file
has been rendered.
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/controller/integration_test.rb
actionview/CHANGELOG.md
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.
The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.
Credit goes to @sriedel for discovering the issue and adding the
patch.
|
| | |
|
| |
| |
| |
| |
| | |
also if you want a path from a named helper, you should call
helper_path, not helper_url(:only_path => true).
|
| |
| |
| |
| |
| | |
Use an is_a check to ensure it's a Railsish app so we can avoid
respond_to calls everywhere.
|
| |
| |
| |
| | |
Closes #16170
|