| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
- skip calling helper_method if it's not there: if we don't have helpers, we needn't define one.
- tests that an api controller can include and use ActionController::Cookies
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options
for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag.
Strong ETags are desirable when you're serving byte-for-byte identical
responses that support Range requests, like PDFs or videos (typically
done by reproxying the response from a backend storage service).
Also desirable when fronted by some CDNs that support strong ETags
only, like Akamai.
* No longer strips quotes (`"`) from ETag values before comparing them.
Quotes are significant, part of the ETag. A quoted ETag and an unquoted
one are not the same entity.
* Support `If-None-Match: *`. Rarely useful for GET requests; meant
to provide some optimistic concurrency control for PUT requests.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There was some subtle breakage caused by #18774, when we removed
`#original_exception` in favor of `#cause`. However, `#cause` is
automatically set by Ruby when raising an exception from a rescue block.
With this change, we will use whichever handler has the highest priority
(whichever call to `rescue_from` came last). In cases where the outer
has lower precidence than the cause, but the outer is what should be
handled, cause will need to be explicitly unset.
Fixes #23925
|
| |\
| |
| |
| | |
Default rendering behavior if respond_to collector doesn't have a block.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When a `respond_to` collector doesn't have a response, then a
`:no_content` response should be rendered. This brings the default
rendering behavior introduced by
https://github.com/rails/rails/issues/19036 to controller methods
employing `respond_to`
|
| | |
| |
| |
| |
| |
| | |
This method will only be added when used with Ruby 2.3.0 or greater.
This method has the same behavior as `Hash#dig`, except it will convert
hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
|
| | |
| |
| |
| | |
Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
|
| | | |
|
| |/
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Conceptually revert #20276
The feature was implemented for the `responders` gem. In the end,
they did not need that feature, and have found a better fix (see
plataformatec/responders#131).
`ImplicitRender` is the place where Rails specifies our default
policies for the case where the user did not explicitly tell us
what to render, essentially describing a set of heuristics. If
the gem (or the user) knows exactly what they want, they could
just perform the correct `render` to avoid falling through to
here, as `responders` did (the user called `respond_with`).
Reverting the patch allows us to avoid exploding the complexity
and defining “the fallback for a fallback” policies.
2. `respond_to` and templates are considered exhaustive enumerations
If the user specified a list of formats/variants in a `respond_to`
block, anything that is not explicitly included should result
in an `UnknownFormat` error (which is then caught upstream to
mean “406 Not Acceptable” by default). This is already how it
works before this commit.
Same goes for templates – if the user defined a set of templates
(usually in the file system), that set is now considered exhaustive,
which means that “missing” templates are considered `UnknownFormat`
errors (406).
3. To keep API endpoints simple, the implicit render behavior for
actions with no templates defined at all (regardless of formats,
locales, variants, etc) are defaulted to “204 No Content”. This
is a strictly narrower version of the feature landed in #19036 and
#19377.
4. To avoid confusion when interacting in the browser, these actions
will raise an `UnknownFormat` error for “interactive” requests
instead. (The precise definition of “interactive” requests might
change – the spirit here is to give helpful messages and avoid
confusions.)
Closes #20666, #23062, #23077, #23564
[Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
|
| |
|
|
| |
- Fixes #23822.
|
| |
|
|
|
| |
This bug affects `wss://` requests when running Action Cable in-app.
Fixes #23620.
|
| | |
|
| |
|
|
|
| |
This will keep our current API working without having the users to
change their codebases.
|
| |
|
|
|
|
| |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
| |
|
|
|
|
| |
When `button_to 'Botton', url` form was being used the per form token
was not correct because the method that is was being used to generate it
was an empty string.
|
| |\
| |
| |
| | |
Fixed passing of delete method on button_to tag, creating wrong form csrf token
|
| | |
| |
| |
| | |
them up.
|
| | |
| |
| |
| | |
Fixes #23524
|
| |\ \
| |/
|/| |
Make collection caching explicit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having collection caching that wraps templates and automatically tries
to infer if they are cachable proved to be too much of a hassle.
We'd rather have it be something you explicitly turn on.
This removes much of the code and docs to explain the previous automatic
behavior.
This change also removes scoped cache keys and passing cache_options.
|
| | | |
|
| | |
| |
| |
| | |
Creating a protected getter method for `@parameters`.
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While iterating an AC::Parameters object, the object will mutate itself
and stick AC::Parameters objects where there used to be hashes:
https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632
If you use `permit` after this iteration, the `fields_for_style` method
wouldn't return true because the child objects are now AC::Parameters
objects rather than Hashes.
fixes #23701
|
| |
|
|
| |
Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
|
| |\
| |
| | |
Use a URL instead of an URL everywhere
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The `cookies` hash isn't updated with the value generated by the output
from `to_header` so it wasn't testing anything. Rendering the cookie
value in the controller makes sure that the escaping is actually working.
|
| |\ \
| | |
| | |
| | | |
into ma2gedev-should-escape-cookie
|
| | | |
| | |
| | |
| | |
| | | |
Get an incorrect cookie value in controller action method
if cookie value contains an escapable string.
|
| | | |
| | |
| | |
| | | |
`NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A callable cache key writes to the collection cache under a certain namespace.
Which means if we don't have scoped cache key we can just rely on the
`cache model_name do` in the templates to cache them.
Less writes, more sharing.
Add `assert_customer_cached` to better illustrate this in tests, and remove
tests which then don't communicate as much.
|
| | | |
| | |
| | |
| | |
| | | |
It was difficult to see when the partials were rendered, and how many times
we expected it to be rendered before. Because we weren't explaining it.
|
| | |/
|/|
| |
| |
| |
| |
| | |
When people pass `cache: -> item { item.upcase }` they scope the collection
cache keys so the individual partial cache isn't reused.
Test that behavior.
|
| | |
| |
| |
| |
| |
| |
| | |
We're not guaranteed to have a `RequestEncoder` to assign on `get` requests
because we aren't extracting the parser from the response content type.
Until now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When testing:
```ruby
post articles_path, params: { article: { title: 'Ahoy!' } }, as: :json
```
It's common to want to make assertions on the response body. Perhaps the
server responded with JSON, so you write `JSON.parse(response.body)`.
But that gets tedious real quick.
Instead add `parsed_body` which will automatically parse the reponse
body as what the last request was encoded `as`.
|
| |\ \
| | |
| | | |
Add `as` to encode a request as a specific mime type.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Turns
```
post articles_path(format: :json), params: { article: { name: 'Ahoy!' } }.to_json,
headers: { 'Content-Type' => 'application/json' }
```
into
```
post articles_path, params: { article: { name: 'Ahoy!' } }, as: :json
```
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Tests can (and do) access the database from the main thread. In this
case they were starting a transaction, then making a request. The
request would create a new thread, which would allocate a new database
connection. Since the main thread started a transaction that contains
data that the new thread wants to see, the new thread would not see it
due to data visibility from transactions. Spawning the new thread in
production is fine because middleware should not be doing database
manipulation similar to the test harness. Before 603fe20c it was
possible to set the database connection id based on a thread local, but
603fe20c changes the connection lookup code to never look at the
"connection id" but only at the thread object itself. Without that
indirection, we can't force threads to use the same connection pool as
another thread.
Fixes #23483
|
| |\ \ \
| | | |
| | | | |
remove unused variable from render test
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This removes the following warning.
```
rails/actionpack/test/controller/render_test.rb:278: warning: assigned but unused variable - response
```
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are some cases when the `body` in `response_body=` can be set to
nil. One of those cases is in `actionpack-action_caching` which I found
while upgrading it for Rails 5.
It's not possible to run `body.each` on a `nil` body so we have to
return after we run `response.reset_body!`.
|
| |\ \ \
| | | |
| | | |
| | | | |
Restore ability to pass extra options to cache stores
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `cache` helper methods should pass any extra options
to the cache store. For example :expires_in would be a
valid option if memcache was the cache store. The change
in commit da16745 broke the ability to pass any options
other than :skip_digest and :virtual_path. This PR
restores that functionality and adds a test for it.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This works on OSX but for some reason travis is throwing a
```
1) Error:
ExpiresInRenderTest#test_dynamic_render_with_absolute_path:
NoMethodError: undefined method `unlink' for nil:NilClass
```
Looking at other tests in Railties the file has a name and we close
it before unlinking, so I'm going to try that.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Test that we are not allowing you to grab a file with an absolute path
outside of your application directory. This is dangerous because it
could be used to retrieve files from the server like `/etc/passwd`.
|
| | | |
| | |
| | |
| | | |
[ci skip]
|
