| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Improve documentation and tests for raw_host_with_port and host_with_…
|
| | |
|
|\ \
| | |
| | | |
API only apps: Preserve request format for HTML requests too
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Earlier we were responding with JSON format for HTML requests in a API
app.
- Now we will respond with HTML format for such requests in API apps.
- Also earlier we were not testing the API app's JSON requests
properly. We were actually sending HTML requests. Now we send correct
JSON requests. Also added more test coverage.
- Based on the discussion from this commit -
https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614.
[Prathamesh Sonpatki, Jorge Bejar]
|
|\ \ \
| | | |
| | | | |
BoomerAPI is not used anywhere, so removed it!
|
| |/ /
| | |
| | |
| | |
| | | |
- It was originally added in 83b4e9073f0852afc065 and partially
removed in 05d89410bf97d0778e7.
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
rthbound/dont-call-each-when-calling-body-on-response
Dont call each when calling body on response to fix #23964
Fixes #23964
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Adds #each_chunk to ActionDispatch::Response. it's a method which
will be called by ActionDispatch::Response#each.
- Make Response#each a proper method instead of delegating to @stream
- In Live, instead of overriding #each, override #each_chunk.
- `#each` should just spit out @str_body if it's already set
- Adds #test_set_header_after_read_body_during_action
to prove this fixes #23964
- Adds #test_each_isnt_called_if_str_body_is_written to
ensure #each_chunk is not called when @str_body is available
- Call `@response.sent!` in AC::TestCase's #perform so a test response
acts a bit more like a real response. Makes test that call `#assert_stream_closed`
pass again.
- Additionally assert `#committed?` in `#assert_stream_closed`
- Make test that was calling @response.stream.each pass again by
calling @response.each instead.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adding the `each` method is required for ensuring compatibility between
Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted
within Rails, and wish to use its session tooling. Prior to this, there
was an inconsistency between ActionDispatch::Request::Session and
Rack::Session::Cookie, due to the absence of the `each` method. This
should hopefully fix that error. :)
For a full integration test with Sinatra and a standalone Rack
application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470.
Solves #15843.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in
favor of using `set_header`, `get_header`, etc. (Here's an [example
commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)).
This PR should remove the last uses of these methods, and fully convert
them to the newly standardized API.
|
|\ \ \
| |_|/
|/| |
| | | |
Refactor handling of :action default in routing
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The longstanding convention in Rails is that if the :action parameter
is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1
this was handled slightly differently than other routing defaults by
deleting it from the route options and adding it to the recall parameters.
With the recent focus of removing unnecessary duplications this has
exposed a problem in this strategy - we are now mutating the request's
path parameters and causing problems for later url generation. This will
typically affect url_for rather a named url helper since the latter
explicitly pass :controller, :action, etc.
The fix is to add a default for :action in the route class if the path
contains an :action segment and no default is passed. This change also
revealed an issue with the parameterized part expiry in that it doesn't
follow a right to left order - as soon as a dynamic segment is required
then all other segments become required.
Fixes #23019.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
samphilipd/sam/do_not_clobber_options_in_route_definitions
Do not destructively mutate passed options hash in route definitions
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Fixes #24030
An example scope might be specified as such:
```ruby
HTML = { constraints: { format: :html } }.freeze
scope HTML do
get 'x'
end
```
This currently raises an error because the mapper attempts to
destructively modify the passed options hash. This is dangerous because
this options hash might even be shared with other scopes.
We should instead always instantiate a new object instead of modifying
the passed options.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options
for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag.
Strong ETags are desirable when you're serving byte-for-byte identical
responses that support Range requests, like PDFs or videos (typically
done by reproxying the response from a backend storage service).
Also desirable when fronted by some CDNs that support strong ETags
only, like Akamai.
* No longer strips quotes (`"`) from ETag values before comparing them.
Quotes are significant, part of the ETag. A quoted ETag and an unquoted
one are not the same entity.
* Support `If-None-Match: *`. Rarely useful for GET requests; meant
to provide some optimistic concurrency control for PUT requests.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
`ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some.
The `constrain_to` option inverts this, so it sounds like the middleware
only handles a few requests, rather than the majority with a few routes to
opt out of the redirect.
Renaming to `exclude` matches this intent more closely.
|
| | |
|
|\ \
| | |
| | | |
Deprecate :controller and :action path parameters
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
|/ /
| |
| |
| |
| |
| | |
These should allow external code to run blocks of user code to do
"work", at a similar unit size to a web request, without needing to get
intimate with ActionDipatch.
|
| | |
|
|\ \
| | |
| | | |
Enable HSTS with IncludeSubdomains header by default for new apps
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- For old apps which are not setting any value for hsts[:subdomains],
a deprecation warning will be shown saying that hsts[:subdomains] will
be turned on by default in Rails 5.1. Currently it will be set to
false for backward compatibility.
- Adjusted tests to reflect this change.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing
changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39.
This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| | |
|
|\ \
| | |
| | |
| | | |
Give Sessions Indifferent Access
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is meant to provide a way for Action Cable, Sprockets, and possibly
other Rack applications to mark themselves as internal, and to exclude
themselves from the routing inspector, and thus `rails routes` / `rake
routes`.
I think this is the only way to have mounted Rack apps be marked as
internal, within AD/Journey. Another option would be to create an array
of regexes for internal apps, and then to iterate over that everytime a
request comes through. Also, I only had the first `add_route` method set
`internal`'s default to false, to avoid littering it all over the
codebase.
|
| | |
| | |
| | |
| | | |
Also make sure we don't change the global state of our test suite.
|
| | |
| | |
| | |
| | |
| | |
| | | |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
bf4/incorrect_to_accept_json_api_and_not_render_spec
The JSON API media type should only work wih a JSON API handler
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the media type 'application/vnd.api+json' is a spec,
it is inappropriate to handle it with the JSON renderer.
This PR removes support for a JSON API media type.
I would recommend the media type be registered on its own as `jsonapi`
when a jsonapi Renderer and deserializer (Http::Parameters::DEFAULT_PARSERS) are added.
Is related to work in https://github.com/rails/rails/pull/21496
|
|/ / |
|
|/
|
|
|
|
|
|
|
|
| |
Add two options: `-c` and `-g`.
`-g` option returns the urls name, verb and path fields that match the pattern.
`-c` option returns the urls for specific controller.
Fixes #18902, and Fixes #20420
[Anton Davydov & Vipul A M]
|
|\
| |
| | |
Fix marking of custom routes for Journey
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Mapper build_path method marks routes where path parameters are part
of a path segment as custom routes by altering the regular expression, e.g:
get '/foo-:bar', to: 'foo#bar'
There were some edge cases where certain constructs weren't being picked
up and this commit fixes those.
Fixes #23069.
|
|/
|
|
| |
ActionDispatch::Http::Cache::Response#etag= such that etags set in fresh_when and stale? are weak. For #17556.
|
|
|
|
|
|
|
|
| |
gzipped version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any."
This reverts commit 067c52f608568e35181830a5c1016e382650e655.
Conversation: https://github.com/rails/rails/pull/23120#issuecomment-173007011
|
|
|
|
|
|
|
|
| |
version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any.
For ref: https://www.fastly.com/blog/best-practices-for-using-the-vary-header
This change sets `Vary` header always, to be on safer side
|
|\
| |
| | |
Prevent static middleware from attempting to serve a request with a null byte
|
| |
| |
| |
| |
| |
| | |
File paths cannot contain null byte characters and methods that do path
operations such as Rack::Utils#clean_path_info will raise unwanted
errors.
|
| |
| |
| |
| |
| | |
This shouldn't generally come up: under a standard flow, we don't start
sending until after the commit. But application code always finds a way.
|
| |
| |
| |
| |
| |
| |
| | |
- `CONTROLLER` argument can now be supplied in different ways (Rails::WelcomeController, Rails::Welcome, rails/welcome)
- If `CONTROLLER` argument was supplied but it does not exist, will warn the user that this controller does not exist
- If `CONTROLLER` argument was supplied and no routes could be found matching this filter, will warn the user that no routes were found matching the supplied filter
- If no routes were defined in the config/routes.rb file, will warn the user with the original message
|
| |
| |
| |
| |
| |
| | |
- Removes following warning -
`rails/actionpack/test/dispatch/ssl_test.rb:203: warning: `*' interpreted as argument prefix`.
|
|/
|
|
|
|
|
|
| |
- Earlier only Hash was allowed as params argument to url_helpers.
- Now ActionController::Parameters instances will also be allowed.
- If the params are not secured then it will raise an ArgumentError to
indicate that constructing URLs with non-secure params is not recommended.
- Fixes #22832.
|
|\
| |
| | |
Configurable redirect and secure cookies for ActionDispatch::SSL
|
| | |
|