| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | | |
|
| | |/ /
| | | |
| | | |
| | | |
| | | | |
The current test is asserting against an outdated version of
Request#method where HEAD requests are treated as GET requests.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also cleanup test a bit
[related #14886]
[related #14743]
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.
The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.
Credit goes to @sriedel for discovering the issue and adding the
patch.
|
| | | |
| | | |
| | | |
| | | | |
(I think)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
this prevents the array from being dumped as a DRbObject so we can
reduce communication with the server. the reporter should always exist
on the server side, so we don't have to worry about GC
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
only on forking systems though. Feel free to revert this if it causes
problems.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
this allows us to avoid 2 hash allocations per named helper definition,
also we can avoid a `merge` and `delete`.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
also if you want a path from a named helper, you should call
helper_path, not helper_url(:only_path => true).
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Use an is_a check to ensure it's a Railsish app so we can avoid
respond_to calls everywhere.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
people may be passing filenames to the constructor that are not utf-8,
but they will assome that calling `original_filename` returns utf-8
(because that's what it used to do).
|
| | | |
| | | |
| | | |
| | | | |
These fixtures are not used in actionpack tests.
|
| | | |
| | | |
| | | |
| | | | |
Closes #16170
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This actually runs a request through the system, using the actual
routing methods as we would use in production, then tests the
path_parameters set on the request object. The `recognize_path` method
isn't actually used in production, so testing what it returns isn't
useful.
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Now we can override how requests are dispatched in the routeset object
|
| |\ \ \
| | | | |
| | | | | |
Stash original path in `ShowExceptions` middleware
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
for the exception defined in `ExceptionWrapper`, so the path the user was
visiting when an exception occurred was not previously available to any custom
exceptions_app.
The original `PATH_INFO` is now stashed in
`env["action_dispatch.original_path"]`.
|
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.
Use `render body: ' '` if the old behavior is desired.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
We can just use nokogiri
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Loofah-integration
Conflicts:
actionpack/CHANGELOG.md
actionview/CHANGELOG.md
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
abstract_unit.rb.
|
| | | |
| | | |
| | | |
| | | | |
never work. Switched to assert_matching the reponse body.
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
<encoded> wrapper. Updated tests to reflect this.
|
| | | |
| | | |
| | | |
| | | | |
elements[0] and elements[1].
|
| | | |
| | | |
| | | |
| | | | |
recognize the namespace.
|
| | | |
| | | |
| | | |
| | | | |
selectors.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Fixed a Nokogiri::CSS::SyntaxError by using its expected format for unicode characters.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|