aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Fix improperly configured host in generated urlsschneems2013-03-191-0/+8
| | | | | | | | | | | | | | | | | | | If the host in `default_url_options` is accidentally set with a protocol such as ``` host: "http://example.com" ``` then the generated url will have the protocol twice `http://http://example.com` which is not what the user intended. Likely they wanted to define a host `host: "example.com"` and a `protocol: "http://"` but did not know the convention. This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added `http://` out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host. I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted. This is based off of work in #7415 cc/ @pixeltrix ATP Action Mailer and Action Pack
* Merge pull request #5606 from teohm/multipart_unicode_param_nameSteve Klabnik2013-03-151-1/+20
|\ | | | | multipart POST - utf8 param name not encoded
| * UTF-8 encode all keys and values in nested params hash.Teo Hui Ming2013-03-151-1/+20
| |
* | `Http::Headers` directly modifies the passed environment.Yves Senn2013-03-151-6/+16
|/ | | | | | | | | The env hash passed to `Http::Headers#new` must be in env format. Also be aware that the passed hash is modified directly. docs and test-cases for setting headers/env in functional tests. Follow up to #9700.
* `Http::Headers` respects dotted env vars, symbols, headers with numbers.Yves Senn2013-03-131-0/+27
|
* allow headers and env to be passed in `IntegrationTest`.Yves Senn2013-03-131-1/+44
| | | | Closes #6513.
* refactor, `Http::Headers` stores headers in env notationYves Senn2013-03-131-12/+21
| | | | | Also: cleanup, use consistent syntax for `Http::Header` and test.
* Http::Headers respects headers that are not prefixed with HTTP_Yves Senn2013-03-131-6/+13
|
* Change from each to each_value on hash to avoid unused variable warningVipul A M2013-03-111-1/+1
|
* Fix formats on xhr requests when HTTP_ACCEPT is empty stringmaximerety2013-03-041-0/+5
| | | | | | Fix ActionDispatch::Request#formats on xhr requests when HTTP_ACCEPT header is empty string. About issue #7774, same fix as in commit bebb02f but for xhr requests.
* Use custom visitor class for optimized url helpersAndrew White2013-03-031-0/+6
| | | | | | | | Rather than trying to use gsub to remove the optional route segments, which will fail with nested optional segments, use a custom visitor class that returns a empty string for group nodes. Closes #9524
* `format: true` does not override existing format constraints.Yves Senn2013-02-271-0/+24
| | | | | | | Closes #9466. Passing `format: true` used to override the constraints: { format: /json/ } with `/.+/`. This patch only sets the format if there is no constraint present.
* allow non-String default params in the router.Yves Senn2013-02-261-1/+21
| | | | | | | Closes #9435. Skip valid encoding checks for non-String parameters that come from the matched route's defaults.
* the router allows String contraints.Yves Senn2013-02-261-0/+36
| | | | Closes #9432.
* determine the match shorthand target early.Yves Senn2013-02-211-0/+27
| | | | | | | | Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Remove XML Parser from ActionDispatchPrem Sichanugrist2013-02-201-182/+0
| | | | | If you want an ability to parse XML parameters, please install `actionpack-xml_parser` gem.
* InvalidMessage is in ActiveSupport::MessageEncryptor namespaceSantiago Pastorino2013-02-191-3/+18
| | | | Closes #9302
* Fix AP tests related to routes inspector output and the new column titlesCarlos Antonio da Silva2013-02-191-20/+65
|
* Merge pull request #8704 from senny/remove_regexp_global_from_url_forAaron Patterson2013-02-141-0/+3
|\ | | | | replace regexp global in #url_for
| * replace regexp global in #url_forYves Senn2013-01-161-0/+3
| |
* | the `:controller` option for routes can contain numbers. closes #9231.Yves Senn2013-02-091-0/+12
| |
* | ruby constant syntax is not supported as routing `:controller` option.Yves Senn2013-02-061-9/+40
| | | | | | | | | | | | | | | | | | | | The current implementation only works correctly if you supply the `:controller` with directory notation (eg. `:controller => 'admin/posts'`). The ruby constant notation (eg. `:controller => 'Admin::Posts`) leads to unexpected problems with `url_for`. This patch prints a warning for every non supported `:controller` option. I also added documentation how to work with namespaced controllers. The warning links to that documentation in the rails guide.
* | Add 'X-UA-Compatible' => 'chrome=1' to default headersGuillermo Iguaran2013-01-291-1/+3
| |
* | Remove BestStandardsSupport middlewareGuillermo Iguaran2013-01-291-35/+0
| |
* | Use Encoding::UTF_8 constant :do_not_litter:Akira Matsuda2013-01-281-1/+1
| |
* | add fetch to CookieJarAaron Patterson2013-01-271-0/+30
| |
* | Add keys/values methods to TestSessionCarlos Antonio da Silva2013-01-251-5/+11
| | | | | | | | Bring back the same API we have with Request::Session.
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-254-14/+14
| | | | | | | | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* | Remove tabs, use spaces :scissors:Carlos Antonio da Silva2013-01-221-2/+2
| | | | | | | | [ci skip]
* | Duplicate possible frozen string from routeAndrew White2013-01-211-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Ruby 1.9 freezes Hash string keys by default so where a route is defined like this: get 'search' => 'search' then the Mapper will derive the action from the key. This blows up later when the action is added to the parameters hash and the encoding is forced. Closes #3429
* | In Browser Path Matching with Javascriptschneems2013-01-201-0/+8
| | | | | | | | | | | | | | | | | | | | | | When debugging routes ,it can sometimes be difficult to understand exactly how the paths are matched. This PR adds a JS based path matching widget to the `/rails/info/routes` output. You can enter in a path, and it will tell you which of the routes that path matches, while preserving order (top match wins). The matching widget in action: ![](http://f.cl.ly/items/3A2F0v2m3m1Z1p3P3O3k/path-match.gif) Prior to this PR the only way to check matching paths is via mental math, or typing in a path in the url bar and seeing where it goes. This feature will be an invaluable debugging tool by dramatically decreasing the time needed to check a path match. ATP actionpack
* | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is empty stringKonstantin Papkovskiy2013-01-171-0/+4
|/
* adding regression test in master for #8631Aditya Sanghi2013-01-161-0/+21
|
* Merge pull request #8958 from balexand/strong_parameters_exception_handlingRafael Mendonça França2013-01-151-0/+6
|\ | | | | Strong parameters exception handling
| * strong parameters exception handlingBrian Alexander2013-01-151-0/+6
| |
* | Remove header bloat introduced by BestStandardsSupport middlewareEdward Anderson2013-01-151-1/+2
|/ | | | The same headers were being duplicated on every request.
* Change the behavior of route defaultsAndrew White2013-01-151-0/+28
| | | | | | | | | | | | | | | | | | | This commit changes route defaults so that explicit defaults are no longer required where the key is not part of the path. For example: resources :posts, bucket_type: 'posts' will be required whenever constructing the url from a hash such as a functional test or using url_for directly. However using the explicit form alters the behavior so it's not required: resources :projects, defaults: { bucket_type: 'projects' } This changes existing behavior slightly in that any routes which only differ in their defaults will match the first route rather than the closest match. Closes #8814
* Add support for other types of routing constraintsAndrew White2013-01-151-0/+48
| | | | | | | | | | | | | | This now allows the use of arrays like this: get '/foo/:action', to: 'foo', constraints: { subdomain: %w[www admin] } or constraints where the request method returns an Fixnum like this: get '/foo', to: 'foo#index', constraints: { port: 8080 } Note that this only applies to constraints on the request - path constraints still need to be specified as Regexps as the various constraints are compiled into a single Regexp.
* Fix json params parsing regression for non-object JSON content.Dylan Smith2013-01-111-0/+7
| | | | Fixes #8845.
* Remove :yaml related tests and fix other related to parsing empty arraysCarlos Antonio da Silva2013-01-081-2/+2
| | | | All Action Pack tests are green.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-0/+32
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-082-32/+0
| | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-072-0/+32
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Needless requiresAkira Matsuda2013-01-061-2/+0
|
* Missing requiresAkira Matsuda2013-01-061-0/+1
|
* display mountable engine routes on RoutingError.Yves Senn2013-01-051-2/+20
|
* split formatting concerns from RoutesInspectorYves Senn2013-01-051-4/+21
|
* Allow use of durations for ActionDispatch::SSL configurationAndrew White2013-01-041-0/+7
|
* Restore original remote_ip algorithm.Andre Arko2013-01-021-58/+44
| | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* Fix test for DebugExceptions due to template changeGuillermo Iguaran2012-12-311-1/+1
|