Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
* | Remove rescue_action from compatibility module and tests | Carlos Antonio da Silva | 2012-01-17 | 1 | -2/+0 |
| | |||||
* | fix deprecation warning in cookie_store_test | Vijay Dev | 2011-09-25 | 1 | -1/+1 |
| | | | | The options argument to MessageVerifier#initialize should be a hash. | ||||
* | Replace references to ActiveSupport::SecureRandom with just SecureRandom, ↵ | Jon Leighton | 2011-05-23 | 1 | -1/+1 |
| | | | | and require 'securerandom' from the stdlib when active support is required. | ||||
* | Fix renew feature on cookies. | José Valim | 2011-05-04 | 1 | -0/+16 |
| | |||||
* | cleaning up some warnings on 1.9.3 | Aaron Patterson | 2011-02-07 | 1 | -1/+0 |
| | |||||
* | Rely on Rack::Session stores API for more compatibility across the Ruby world. | José Valim | 2010-10-03 | 1 | -12/+0 |
| | |||||
* | Use parentheses when using assert_match followed by a regexp to avoid warnings. | Emilio Tagua | 2010-09-27 | 1 | -1/+1 |
| | |||||
* | Remove deprecated stuff in ActionController | Carlos Antonio da Silva | 2010-09-26 | 1 | -3/+3 |
| | | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController. | ||||
* | Only send secure cookies over SSL. | W. Andrew Loe III | 2010-09-13 | 1 | -0/+17 |
| | |||||
* | Removed deprecated RouteSet API, still many tests fail | Piotr Sarnacki | 2010-09-05 | 1 | -1/+1 |
| | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -4/+4 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | Set session options id to nil is respected and cancels lazy loading. | José Valim | 2010-07-18 | 1 | -1/+19 |
| | |||||
* | porting session.clear fix to master branch. [#5030 state:resolved] | Aaron Patterson | 2010-07-01 | 1 | -0/+22 |
| | | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Fixed that an ArgumentError is thrown when request.session_options[:id] is ↵ | Michael Lovitt | 2010-06-27 | 1 | -0/+26 |
| | | | | | | | | read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Avoid deserializing cookies too early, which causes session objects to not ↵ | José Valim | 2010-06-24 | 1 | -3/+3 |
| | | | | be available yet. Unfortunately, could not reproduce this in a test case. | ||||
* | Sessions should not be created until written to and session data should be ↵ | Michael Lovitt | 2010-06-23 | 1 | -1/+10 |
| | | | | | | | | destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | The previous commit didn't work with complex domains, which is now fixed. | Rizwan Reza | 2010-06-11 | 1 | -5/+5 |
| | |||||
* | Add support for multi-subdomain session by setting cookie host in session ↵ | Rizwan Reza | 2010-06-11 | 1 | -0/+29 |
| | | | | | | cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved] This reverts commit 330a89072a493aafef1e07c3558964477f85adf0. | ||||
* | Cut the fat and make session stores rely on request.cookie_jar and change ↵ | José Valim | 2010-05-18 | 1 | -1/+1 |
| | | | | set_session semantics to return the cookie value instead of a boolean. | ||||
* | Simplify cookie_store by simply relying on cookies.signed. | José Valim | 2010-05-18 | 1 | -46/+20 |
| | |||||
* | Cookies middleware | Joshua Peek | 2010-01-16 | 1 | -2/+2 |
| | |||||
* | Ruby 1.9: resolve constant lookup issues | Jeremy Kemper | 2009-11-04 | 1 | -1/+1 |
| | |||||
* | Start rewriting some internal tests to use the new routing dsl | Joshua Peek | 2009-10-20 | 1 | -1/+1 |
| | |||||
* | Add custom "with_routing" to internal tests to fix reseting session after using | Joshua Peek | 2009-10-03 | 1 | -1/+0 |
| | | | | with_routing. This only affects our internal AP tests. | ||||
* | Allow integration test rack app to be set with "@app" ivar instead of using ↵ | Joshua Peek | 2009-09-26 | 1 | -2/+2 |
| | | | | open_session | ||||
* | Move default middleware stack into initializer | Joshua Peek | 2009-09-26 | 1 | -3/+0 |
| | |||||
* | Clean up session integration tests so they don't reference AC::Dispatcher | Joshua Peek | 2009-09-26 | 1 | -19/+6 |
| | |||||
* | If session_options[:id] is requested when using CookieStore, unmarshal the ↵ | Jay Pignata | 2009-09-03 | 1 | -2/+2 |
| | | | | | | session to access it [#2268 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | Reset session in integration tests after changing routes to reload the ↵ | Joshua Peek | 2009-08-27 | 1 | -8/+11 |
| | | | | middleware stack | ||||
* | Make cookie store tests pass with the new base | Pratik Naik | 2009-05-25 | 1 | -0/+3 |
| | |||||
* | Inherit TestSession from Session::AbstractStore and add indifferent access ↵ | Joshua Peek | 2009-04-26 | 1 | -2/+1 |
| | | | | to Session::AbstractStore. | ||||
* | Session tests belong under dispatch folder | Joshua Peek | 2009-04-21 | 1 | -0/+250 |