| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Callable route constraint verification
Conflicts:
actionpack/CHANGELOG.md
|
| | | | |
| | | | |
| | | | |
| | | | | |
silently failing to enforce the constraint
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make remote_ip detection properly handle private IPv6 addresses
Conflicts:
actionpack/CHANGELOG.md
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes #12638.
|
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
1. Escape '%' characters in URLs - only unescaped data
should be passed to URL helpers
2. Add an `escape_segment` helper to `Router::Utils`
that escapes '/' characters
3. Use `escape_segment` rather than `escape_fragment`
in optimized URL generation
4. Use `escape_segment` rather than `escape_path`
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard
segments (e.g. *foo) then we use `escape_path` as the value may contain '/'
characters. This means that wildcard routes can't be optimized. Secondly,
if a `:controller` segment is used in the path then this uses `escape_path`
as the controller may be namespaced.
Fixes #14629, #14636 and #14070.
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Use common to_io so users can access the underlying IO object
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In some cases users may need to work with/manipulate more of the
Tempfile api than provided by Upload. Allow users to get at the
underlying io via the common to_io method of IO/IO-like objects
|
|/ / / / / |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This parsing is unecessary once the Request object already has the
needed information.
|
| | | | | |
|
| | | | |
| | | | |
| | | | | |
Adding tests for Session `destroy`, `update` and `delete` methods. No changes for code under test.
|
| | | | |
| | | | |
| | | | |
| | | | | |
than assume SecureRandom is available
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The method `shallow?` returns false if the parent resource is a singleton so
we need to check if we're not inside a nested scope before copying the :path
and :as options to their shallow equivalents.
Fixes #14388.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
avoid freezing the headers until the web server has actually read data
from the body proxy. Once the webserver has read data, then we should
throw an error if someone tries to set a header
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when streaming responses, we need to make sure the cookie jar is written
to the headers before returning up the stack. This commit introduces a
new method on the response object that writes the cookie jar to the
headers as the response is committed. The middleware and test framework
will not write the cookie headers if the response has already been
committed.
fixes #14352
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If the options :shallow_prefix and :shallow_path are not set in the
scope options then copy them from the normal :as and :path options
if they are set.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a developer has specified either :path or :as in the options hash then
these should be used as the defaults for :shallow_path and :shallow_prefix.
Fixes #14241.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
By tracking the depth of resource nesting we can push the need for nested
shallow scoping to only those routes that are nested more than one deep.
This allows us to keep the fix for #12498 and fix the regression in #14224.
Fixes #14224.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`render :body` should just not set the `Content-Type` header. By
removing the header, it breaks the compatibility with other parts.
After this commit, `render :body` will returns `text/html` content type,
sets by default from `ActionDispatch::Response`, and it will preserve
the overridden content type if you override it.
Fixes #14197, #14238
This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allow setting `request.variant` as an array - an order in which they will be
rendered.
For example:
request.variant = [:tablet, :phone]
respond_to do |format|
format.html.none
format.html.phone # this gets rendered
end
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
(currently failing)
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
This was a reaction to: https://github.com/rails/rails/pull/9700#issuecomment-34550210
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If we set :shallow_path when shallow is called it can result in incorrect
paths if the resource is inside a namespace because namespace itself sets
the :shallow_path option to the namespace path.
We fix this by removing the :shallow_path option from shallow as that should
only be turning shallow routes on and not otherwise affecting the scope.
To do this we need to treat the :shallow option to resources differently to
other scope options and move it to before the nested block is called.
This change also has the positive side effect of making the behavior of the
:shallow option consistent with the shallow method.
Fixes #12498.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix response flatten infinite recursion
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Returning `self` from within the array returned by `to_ary`
caused this. Instead, we can just substitute another object.
It provides the `each` behavior required by the rack spec.
|
| | | | | | |
|
| | | | | | |
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rename allowed options to :marshal and :json, for custom serializers
only allow the use of custom classes.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #13824
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fixes #13810 `rake routes` error when mount `Rails::Engine` with empty routes
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
fixes rails/rails#13810
Squash
|
|/ / / / / |
|
| | | | | |
|