| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Closes #5632
|
|
|
|
|
| |
If embedding auth_token in remote forms is off and we
pass a value for auth_token it should respect it.
|
|
|
|
|
|
|
| |
Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
to `false`. This change breaks remote forms that need to work also without javascript,
so if you need such behavior, you can either set it to `true` or explicitly pass
`:authenticity_token => true` in form options
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a regression introduced in 16ee611fa, which breaks
remote forms that should also work without javascript. This commit
introduces config option that allows to configure this behavior
defaulting to the old behavior (ie. include authenticity token
in remote forms by default)
Conflicts:
actionpack/CHANGELOG.md
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously `rendered_format` was set only based on mime types
passed in Accept header, which was wrong if first type from
Accept was different than rendered partial. The fix is to simply
move setting rendered_format to the place where template
is available and grab format from the template. If it fails
we can fallback to formats passed by Accept header.
|
|
|
|
| |
Fix for #5440
|
| |
|
| |
|
| |
|
|
|
|
| |
add tests for stripping \r\n chars since that's already happening
|
|
|
|
|
|
| |
This method has no effect since exception handling was
moved to middlewares and ActionController tests do not
use any middlewares.
|
|
|
|
| |
forms if you pass true
|
|
|
|
| |
forms use the meta-tag value
|
| |
|
|\
| |
| | |
Don't ignore call to undefined method in Sweeper
|
| | |
|
| |
| |
| |
| |
| |
| | |
More info http://edgeguides.rubyonrails.org/api_app.html
[Carlos Antonio da Silva & Santiago Pastorino]
|
| | |
|
|\ \
| | |
| | | |
configure how unverified request will be handled
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
can be configured using `:with` option in `protect_from_forgery` method
or `request_forgery_protection_method` config option
possible values:
- :reset_session (default)
- :exception
new applications are generated with:
protect_from_forgery :with => :exception
|
|/ / |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
Allow the root route helper to accept just a string
|
|\
| |
| |
| |
| |
| |
| |
| | |
Optimize routes generation in simple cases.
If you pass to the route helper the same amount of arguments
as the required segments, route generation will be optimized
as a string interpolation. After this commit, `post_path(post)`
is about 6.5 times faster, `post_url(post)` is about 5 times.
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PATCH is the correct HTML verb to map to the #update action. The
semantics for PATCH allows for partial updates, whereas PUT requires a
complete replacement.
Changes:
* adds config.default_method_for_update you can set to :patch
* optionally use PATCH instead of PUT in resource routes and forms
* adds the #patch verb to routes to detect PATCH requests
* adds #patch? to Request
* changes documentation and comments to indicate support for PATCH
This change maintains complete backwards compatibility by keeping :put
as the default for config.default_method_for_update.
|
|\
| |
| |
| |
| | |
willbryant/assigns_should_not_stringify_values_master
assigns(:foo) should not convert @foo's keys to strings if it happens to be a hash
|
| |
| |
| |
| | |
a hash
|
|/ |
|
|\
| |
| | |
Ensure Date header on expires_in
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This fixes undef `to_str' for Rack::Chunked::Body when using
caches_action + streaming on an action
Closes #5027
|
|\ \
| | |
| | | |
Exclude rack.request.form_vars from request.filtered_env
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ActionDispatch::Routing::RouteSet.url_for now handles passing params through to
ActionDispatch::Http::Url.url_for
Conflicts:
actionpack/test/controller/base_test.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`ActionController.force_ssl` redirects http URLs to their https equivalent;
however, when a URL contains a query string, the resulting redirect lacked the
original query string.
Conflicts:
actionpack/lib/action_controller/metal/force_ssl.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Default responder was only using the given respond block when user
requested for HTML format, or JSON/XML format with valid resource. This
fix the responder so that it will use the given block regardless of the
validity of the resource. Note that in this case you'll have to check
for object's validity by yourself in the controller.
Fixes #4796
|