| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| | |
Strong parameters exception handling
|
| | |
|
|/
|
|
| |
The same headers were being duplicated on every request.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes route defaults so that explicit defaults are no
longer required where the key is not part of the path. For example:
resources :posts, bucket_type: 'posts'
will be required whenever constructing the url from a hash such as a
functional test or using url_for directly. However using the explicit
form alters the behavior so it's not required:
resources :projects, defaults: { bucket_type: 'projects' }
This changes existing behavior slightly in that any routes which
only differ in their defaults will match the first route rather
than the closest match.
Closes #8814
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This now allows the use of arrays like this:
get '/foo/:action', to: 'foo', constraints: { subdomain: %w[www admin] }
or constraints where the request method returns an Fixnum like this:
get '/foo', to: 'foo#index', constraints: { port: 8080 }
Note that this only applies to constraints on the request - path
constraints still need to be specified as Regexps as the various
constraints are compiled into a single Regexp.
|
|
|
|
| |
Fixes #8845.
|
|
|
|
| |
All Action Pack tests are green.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
|
|
|
|
| |
This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing
changes made to f049016cd348627bf8db0d72382d7580bf802a79.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
| |
|
| |
|
|
|
|
| |
These tests are needed only if we are using MiniTest::Spec
|
|
|
|
|
| |
minitest/autorun load minitest/spec polluting the global namespace with
the DSL that we don't want on Rails
|
|
|
|
|
|
|
|
|
|
| |
If a request has an unknown format, the methods html?, xml?, json? ...etc
not raise an Exception.
This patch add a class Mime::NullType, that is returned when request.format is unknown
and it responds false to the methods that ends with '?' and true to 'nil?'.
It refers to #7837, this issue is considered a improvement not a bug.
|
|
|
|
|
| |
Remove all the old url helper methods when clear! is called on the
route set because it's possible that some routes have been removed.
|
|
|
|
|
|
|
|
|
| |
If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to
the result of #body (which will return env['rack.input'] if
env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind
the result of another call to #body. Since env['RAW_POST_DATA'] has
already been set, the result of #body is not env['rack.input'] anymore.
This causes env['rack.input'] to never be rewound.
|
|
|
|
|
|
|
|
|
|
| |
Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.
It's similar fix to Rack's one:
https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224
|
|
|
|
| |
This reverts commit c59734f756b79c39486c45273d2cc5d42cd0c864.
|
|
|
|
|
|
|
|
|
|
| |
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes #6421
|
|
|
|
|
|
| |
be ignored. A regular expression constraint gets overwritten when the
routes.rb file is processed. Changed the overwriting to an ||= instead
of an = assignment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the routes for each test inside the test method so that
it's easier to see which routes are applicable to which test.
To ensure that each test wasn't invalidated the changes were
done by first removing all of the routes, ensuring that all
of the tests failed and then adding the routes back to each
test one by one. One test for `assert_recognizes` was
removed as it wasn't actually testing the defined routes and
is now tested more thoroughly in routing_assertions_test.rb.
One downside is that the test suite takes about 1s longer
due to having to using `method_missing` for handling the url
helpers as using `include url_helpers` isn't isolated
for each test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Was surprising found that this example doesn't work:
scope :api do
resources :users
end
and the right form to use it is:
scope 'api' do
resources :users
end
I think this should work similary as `namespace` where both are allowed.
These two are equivalent:
namespace :api do
resources :users
end
namespace 'api' do
resources :user
end
|
|
|
|
| |
Merge url for tests and add changelog entry for #8233.
|
|
|
|
|
|
| |
With a "params" argument, the following error is raised:
undefined method `reject!` for "":String
|
| |
|
|\
| |
| | |
Encrypted cookies
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
How to use it?
cookies.encrypted[:discount] = 45
=> Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
cookies.encrypted[:discount]
=> 45
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f4ad0ebe7a6b17658bddfeb996e3c34835b75623, reversing
changes made to 8b2cbb3a832101f0e672ee309beca0f8c555b292.
Conflicts:
actionpack/CHANGELOG.md
REASON: This added introduced a bug when you have a shorthand route
inside a nested namespace.
See
https://github.com/rafaelfranca/rails/commit/281367eb770faf8077c1fd6194188e92ed1637a1
|
|
|
|
|
|
|
| |
appends).
Now `BestStandardsSupport` middleware appends it's `X-UA-Compatible` value to app's value.
Also test for `BestStandardsSupport` middleware added.
|
|
|
|
| |
This reverts commit a8560fa361958b33d76e4468eb5c07d82a20196e.
|
|
|
|
|
|
|
|
|
|
| |
If a unknown format is passed in a request, the methods html?, xml?, json? ...etc
Nil Exception.
This patch add a class NullMimeTypeObject, that is returned when request.format is unknown
and it responds false to the methods that ends with '?'.
It refers to #7837, not fixes because it's not considered a improvement not a bug.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
this is a patch for #7777.
|
|
|
|
| |
Pull #7800 broke the build, this should fix it.
|