| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fix ActionDispatch::Request#formats on xhr requests when HTTP_ACCEPT
header is empty string. About issue #7774, same fix as in commit bebb02f
but for xhr requests.
|
|\
| |
| | |
replace regexp global in #url_for
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
|
|
|
|
|
|
|
|
|
| |
If a request has an unknown format, the methods html?, xml?, json? ...etc
not raise an Exception.
This patch add a class Mime::NullType, that is returned when request.format is unknown
and it responds false to the methods that ends with '?' and true to 'nil?'.
It refers to #7837, this issue is considered a improvement not a bug.
|
|
|
|
|
|
|
|
|
| |
If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to
the result of #body (which will return env['rack.input'] if
env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind
the result of another call to #body. Since env['RAW_POST_DATA'] has
already been set, the result of #body is not env['rack.input'] anymore.
This causes env['rack.input'] to never be rewound.
|
|
|
|
| |
Merge url for tests and add changelog entry for #8233.
|
|
|
|
|
|
| |
With a "params" argument, the following error is raised:
undefined method `reject!` for "":String
|
| |
|
|
|
|
| |
This reverts commit a8560fa361958b33d76e4468eb5c07d82a20196e.
|
|
|
|
|
|
|
|
|
|
| |
If a unknown format is passed in a request, the methods html?, xml?, json? ...etc
Nil Exception.
This patch add a class NullMimeTypeObject, that is returned when request.format is unknown
and it responds false to the methods that ends with '?'.
It refers to #7837, not fixes because it's not considered a improvement not a bug.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This is a rebased version of #2520.
Conflicts:
actionpack/test/dispatch/request_test.rb
|
|
|
|
| |
Closes #7110 there's more work to do on rack-cache issue 69
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.
The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.
Closes #3051
|
|
|
|
| |
tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PATCH is the correct HTML verb to map to the #update action. The
semantics for PATCH allows for partial updates, whereas PUT requires a
complete replacement.
Changes:
* adds config.default_method_for_update you can set to :patch
* optionally use PATCH instead of PUT in resource routes and forms
* adds the #patch verb to routes to detect PATCH requests
* adds #patch? to Request
* changes documentation and comments to indicate support for PATCH
This change maintains complete backwards compatibility by keeping :put
as the default for config.default_method_for_update.
|
|
|
|
|
|
|
|
| |
Latest changes in remote ip handling conflicted with each other in
tests. Related:
dd09811fa6214a130fdc2de1d4c00b4337cb15f9
6a720226aad2adffcbd2422d40db772719579e2f
|
|\
| |
| | |
The first IP address in the X-Forwarded-For header is the originating IP
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
for subdomain(s) removal from the host during link generation. Closes #2025
|
|
|
|
|
|
| |
requests. Closes #2119
An xhr request must have an "Accept" or "Content-type" header in order to be considered a request with valid_accept_header.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
Signed-off-by: Xavier Noria <fxn@hashref.com>
|
| |
|
|
|
|
| |
changes the relevant parts of the url, or an object which responds to call can be supplied so common redirect rules can be easily reused. This commit includes a change where url generation from parts has been moved to AD::Http::URL as a class method.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
allowing for easy manipulation of the host during link generation.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
@@tld_length is used by default. Also set the default value of @@tld_length to 1.
|
|
|
|
|
|
| |
parsing the query string [#3030 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
autoloading."
Booting a new Rails application does not work after this commit [#5359 state:open]
This reverts commit 38a421b34d0b414564e919f67d339fac067a56e6.
|
|
|
|
|
|
| |
autoloading.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
ensure that request.scheme returns https when using a reverse proxy.
[#5408 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
's/[ \t]*$//' -i {} \;)
|
|
|
|
| |
Signed-off-by: wycats <wycats@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Request rather than Rack::Request.
* Changed ActionDispatch::Request#method to return a String, to be
compatible with the Rack::Request superclass.
* Changed ActionDispatch::Request#method to return the original
method in the case of methodoverride and #request_method not to,
to be compatible with Rack::Request
|
|
|
|
|
|
| |
Rack::Request expect
it to return a String. Split the Rails API so that Request#content_type returns
a String, and Request#content_mime_type returns a Mime::Type object.
|