aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge pull request #24031 from ↵Jeremy Daer2016-04-191-0/+13
|\ \ \ | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-031-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | Strong ETag validatorsJeremy Daer2016-03-312-20/+50
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | Rename constrain_to to exclude.Kasper Timm Hansen2016-03-031-4/+4
|/ / | | | | | | | | | | | | | | | | `ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some. The `constrain_to` option inverts this, so it sounds like the middleware only handles a few requests, rather than the majority with a few routes to opt out of the redirect. Renaming to `exclude` matches this intent more closely.
* | [ci skip] Use rails routes instead of rake routes in inspector test descriptionAbhishek Jain2016-03-021-9/+9
| |
* | Merge pull request #23980 from rails/deprecate-controller-action-segmentsAndrew White2016-03-019-35/+101
|\ \ | | | | | | Deprecate :controller and :action path parameters
| * | Deprecate :controller and :action path parametersAndrew White2016-03-019-35/+101
| | | | | | | | | | | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | | Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-023-24/+191
|/ / | | | | | | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* | add `constraint_to` option to SSL middlewareGreg Molnar2016-02-281-0/+7
| |
* | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-251-7/+16
|\ \ | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | Added deprecation for older appsPrathamesh Sonpatki2016-02-251-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | - For old apps which are not setting any value for hsts[:subdomains], a deprecation warning will be shown saying that hsts[:subdomains] will be turned on by default in Rails 5.1. Currently it will be set to false for backward compatibility. - Adjusted tests to reflect this change.
* | | Revert "Merge pull request #20851 from tomprats/indifferent-sessions"Matthew Draper2016-02-261-10/+0
| | | | | | | | | | | | | | | | | | | | | This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39. This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
* | | Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-266-118/+1
|/ / | | | | | | | | | | | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* | Added a test for generating Strong ETagPrathamesh Sonpatki2016-02-241-0/+8
| |
* | Merge pull request #20851 from tomprats/indifferent-sessionsRafael Mendonça França2016-02-246-0/+127
|\ \ | | | | | | | | | Give Sessions Indifferent Access
| * | Update Session to utilize indiffernt accessTom Prats2016-01-306-1/+118
| | |
| * | Update session to have indifferent accessTom Prats2016-01-291-0/+10
| | |
* | | Add `internal` attribute to routesJon Moss2016-02-221-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to provide a way for Action Cable, Sprockets, and possibly other Rack applications to mark themselves as internal, and to exclude themselves from the routing inspector, and thus `rails routes` / `rake routes`. I think this is the only way to have mounted Rack apps be marked as internal, within AD/Journey. Another option would be to create an array of regexes for internal apps, and then to iterate over that everytime a request comes through. Also, I only had the first `add_route` method set `internal`'s default to false, to avoid littering it all over the codebase.
* | | Make sure we unregister the mime type before registeringRafael Mendonça França2016-02-221-10/+22
| | | | | | | | | | | | Also make sure we don't change the global state of our test suite.
* | | Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-221-0/+16
| | | | | | | | | | | | | | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* | | Fix typoRafael Mendonça França2016-02-171-1/+1
| | |
* | | Merge pull request #23712 from ↵Rafael França2016-02-171-9/+2
|\ \ \ | | | | | | | | | | | | | | | | bf4/incorrect_to_accept_json_api_and_not_render_spec The JSON API media type should only work wih a JSON API handler
| * | | The JSON API media type should only work wih a JSON API handlerBenjamin Fleischer2016-02-161-9/+2
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the media type 'application/vnd.api+json' is a spec, it is inappropriate to handle it with the JSON renderer. This PR removes support for a JSON API media type. I would recommend the media type be registered on its own as `jsonapi` when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added. Is related to work in https://github.com/rails/rails/pull/21496
* / | application/gzip added as default mime type into mime type listMehmet Emin İNAÇ2016-02-131-1/+1
|/ /
* / Add options for rake routes taskVipul A M2016-02-021-7/+27
|/ | | | | | | | | | Add two options: `-c` and `-g`. `-g` option returns the urls name, verb and path fields that match the pattern. `-c` option returns the urls for specific controller. Fixes #18902, and Fixes #20420 [Anton Davydov & Vipul A M]
* Merge pull request #23140 from rails/fix-search-for-custom-routesAaron Patterson2016-01-201-0/+63
|\ | | | | Fix marking of custom routes for Journey
| * Fix marking of custom routes for JourneyAndrew White2016-01-201-0/+63
| | | | | | | | | | | | | | | | | | | | | | | | The Mapper build_path method marks routes where path parameters are part of a path segment as custom routes by altering the regular expression, e.g: get '/foo-:bar', to: 'foo#bar' There were some edge cases where certain constructs weren't being picked up and this commit fixes those. Fixes #23069.
* | Response etags to always be weak: Prefixed W/ to value returned by ↵abhishek2016-01-201-7/+7
|/ | | | ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
* Revert "Its ideal to set Vary: Accept-Encoding, irrespective of whether ↵schneems2016-01-191-1/+1
| | | | | | | | gzipped version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any." This reverts commit 067c52f608568e35181830a5c1016e382650e655. Conversation: https://github.com/rails/rails/pull/23120#issuecomment-173007011
* Its ideal to set Vary: Accept-Encoding, irrespective of whether gzipped ↵Vipul A M2016-01-191-1/+1
| | | | | | | | version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any. For ref: https://www.fastly.com/blog/best-practices-for-using-the-vary-header This change sets `Vary` header always, to be on safer side
* Merge pull request #23035 from jkowens/fix-null-byteRafael França2016-01-121-0/+4
|\ | | | | Prevent static middleware from attempting to serve a request with a null byte
| * Prevent attempt to serve a request with a null byteJordan Owens2016-01-121-0/+4
| | | | | | | | | | | | File paths cannot contain null byte characters and methods that do path operations such as Rack::Utils#clean_path_info will raise unwanted errors.
* | Commit before freezing the headersMatthew Draper2016-01-121-0/+21
| | | | | | | | | | This shouldn't generally come up: under a standard flow, we don't start sending until after the commit. But application code always finds a way.
* | Better error message when running `rake routes` with CONTROLLER arg:Edouard CHIN2016-01-071-0/+38
| | | | | | | | | | | | | | - `CONTROLLER` argument can now be supplied in different ways (Rails::WelcomeController, Rails::Welcome, rails/welcome) - If `CONTROLLER` argument was supplied but it does not exist, will warn the user that this controller does not exist - If `CONTROLLER` argument was supplied and no routes could be found matching this filter, will warn the user that no routes were found matching the supplied filter - If no routes were defined in the config/routes.rb file, will warn the user with the original message
* | Remove splat operator warning from ssl_testPrathamesh Sonpatki2016-01-071-1/+1
| | | | | | | | | | | | - Removes following warning - `rails/actionpack/test/dispatch/ssl_test.rb:203: warning: `*' interpreted as argument prefix`.
* | Allow AC::Parameters as an argument to url_helpersPrathamesh Sonpatki2016-01-071-0/+21
|/ | | | | | | | - Earlier only Hash was allowed as params argument to url_helpers. - Now ActionController::Parameters instances will also be allowed. - If the params are not secured then it will raise an ArgumentError to indicate that constructing URLs with non-secure params is not recommended. - Fixes #22832.
* Merge pull request #22826 from timrogers/actiondispatch-ssl-configRafael França2015-12-311-15/+30
|\ | | | | Configurable redirect and secure cookies for ActionDispatch::SSL
| * Flexible configuration for ActionDispatch::SSLTim Rogers2015-12-291-15/+30
| |
* | Format from Accept headers have higher precedence than path extension formatJorge Bejar2015-12-291-0/+9
| |
* | Rely on default Mime format when MimeNegotiation#format_from_path_extension ↵Jorge Bejar2015-12-291-0/+12
|/ | | | | | is not a valid type Closes #22747
* Currectly test the Middleware#==Rafael Mendonça França2015-12-221-4/+8
|
* Add #== back to ActionDispatch::MiddlewareStack::MiddlewareJon Moss2015-12-211-0/+12
| | | | | This was causing bug #22738 to occur. Also added extra tests to make sure everything is A-OK.
* Don't catch all NameError to reraise as ActionController::RoutingError #22368Maxime Garcia2015-12-121-0/+41
|
* Do not add format key to request_paramsJorge Bejar2015-12-091-1/+0
| | | | | | | | | I did this change but it is affecting how the request params end up after being processed by the router. To be in the safe side, I just take the format from the extension in the URL when is not present in those params and it's being used only for the `Request#formats` method
* DebugException initialize with a response_format valueJorge Bejar2015-12-091-2/+2
|
* Fix some edge cases in AD::DebugExceptions in rails api appsJorge Bejar2015-12-091-11/+62
|
* Response when error should be formatted properly in Rails API if local requestJorge Bejar2015-12-092-0/+19
|
* Use URL path extension as format in bad params exception handlingJorge Bejar2015-12-081-1/+15
|
* Push `before_sending` to super classeileencodes2015-12-064-3/+8
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Test against the real value of tld_length unless explicitly setWill Jessop2015-12-041-26/+30
| | | | | | | | | | | There were two places where the tld_length default was hard-coded to 1, both overriding the real default value of ActionDispatch::Http::URL.tld_length in this set of tests. This commit removes both of those, relying on the actual value of ActionDispatch::Http::URL.tld_length, unless it's specifically overridden.