| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests introduced in
https://github.com/rails/rails/pull/23816/files#diff-384a5a15d8d53de799fb6541688ea5f9R153
register the JSON API media type `application/vnd.api+json` with
`Mime[:json]`. The JSON API media type should not be registered
with `Mime[:json]`, as discussed in #23712. Moreover,
since the actual mime type used in the test is
incidental, I've changed this to a valid, but fictional
`applcation/vnd.rails+json`.
These tests were causing failures in
https://github.com/rails/rails/pull/25050#issuecomment-221092934 where
`Mime[:jsonapi]` is being added, so that JSON API request params are parsed
with the JSONAPI gem.
|
|
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
|
|
|
| |
Also make sure we don't change the global state of our test suite.
|
|
|
|
|
|
| |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the media type 'application/vnd.api+json' is a spec,
it is inappropriate to handle it with the JSON renderer.
This PR removes support for a JSON API media type.
I would recommend the media type be registered on its own as `jsonapi`
when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added.
Is related to work in https://github.com/rails/rails/pull/21496
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This is another take at #14384 as we decided to wait until `master` is
targeting Rails 5.0. This commit is implementation-complete, as it
guarantees that all the public methods on the hash-inherited Parameters
are still working (based on test case). We can decide to follow-up later
if we want to remove some methods out from Parameters.
|
| |
|
|
|
|
|
|
|
|
| |
Non-kwargs requests are deprecated now.
Guides are updated as well.
`post url, nil, nil, { a: 'b' }` doesn't make sense.
`post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
In order to get raw_post to be not empty after
ParamsParser#parse_formatted_parameters,
added rewinding of body stream input on parsing json params.
Closes #11345
|
| |
|
| |
|
|
|
|
| |
Fixes #8845.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
|
|
|
|
| |
This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing
changes made to f049016cd348627bf8db0d72382d7580bf802a79.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
|
|
|
| |
original exception.
|
| |
|
|
|
|
| |
parsing request params.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
|
|
|
| |
minor
|
| |
|
| |
|
|
|
| |
This will allow us to do a rootless JSON/XML request to server.
|
|
|
|
|
|
| |
This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
with_routing. This only affects our internal AP tests.
|
|
|
|
| |
middleware stack
|
|
|
|
|
|
|
|
| |
information when invalid xml or json is posted
[#2481 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|