| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
This commit improves performance of cookie tests:
Ruby | After | Before
----- | --------:| --------:
MRI | 5.03s | 9.28s
JRuby | 25.45s | 1648.23s
Please note the improvement for JRuby.
|
| |
|
|
|
|
|
|
|
|
| |
Use the Active Support JSON encoder for cookie jars using the `:json` or
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
cookies by defining the `#as_json` hook on such objects.
Fixes #16520.
|
| |
|
|
|
|
|
|
| |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
|
| |
|
|
|
|
| |
(currently failing)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Rename allowed options to :marshal and :json, for custom serializers
only allow the use of custom classes.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
|
| |
|
|\
| |
| | |
Rename DummyKeyGenerator -> LegacyKeyGenerator
|
| | |
|
|/ |
|
|
|
|
| |
Automatically configure cookie-based sessions to use the best cookie jar given the app's config
|
| |
|
|
|
|
| |
signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4
|
|
|
|
| |
Closes #9302
|
| |
|
|
|
|
|
|
| |
All ActionPack and Railties tests are passing. Closes #8891.
[Carlos Antonio da Silva + Santiago Pastorino]
|
| |
|
|
|
|
|
|
|
|
|
| |
How to use it?
cookies.encrypted[:discount] = 45
=> Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
cookies.encrypted[:discount]
=> 45
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Necessary in controller tests to determine if the CookieJar will delete
the given cookie.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit restores the ability to assign cookies for testing via
@request.env['HTTP_COOKIE'] and @request.cookies, e.g:
@request.env['HTTP_COOKIE'] = 'user_name=david'
get :index
assert_equal 'david', cookies[:user_name]
and
@request.cookies[:user_name] = 'david'
get :index
assert_equal 'david', cookies[:user_name]
Assigning via cookies[] is the preferred method and will take precedence
over the other two methods. This is so that cookies set in controller
actions have precedence and are carried over between calls to get, post, etc.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assigning cookies for test cases should now use cookies[], e.g:
cookies[:email] = 'user@example.com'
get :index
assert_equal 'user@example.com', cookies[:email]
To clear the cookies, use clear, e.g:
cookies.clear
get :index
assert_nil cookies[:email]
We now no longer write out HTTP_COOKIE and the cookie jar is
persistent between requests so if you need to manipulate the environment
for your test you need to do it before the cookie jar is created.
|
| |
|
|
|
|
| |
This reverts commit 29592a7f09dda2e7e1e0a915d9230fe6a9b5c0af.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
to modify the cookies when it was already streamed back to the client
or converted to HTTP headers
|
|
|
|
| |
back to the client or converted to HTTP headers
|
|
|
|
|
|
|
|
|
| |
- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear
[#6272 state:resolved]
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
Dont set explicit domain for cookies if host is not a domain name
[#6002 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|