| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Escape '%' characters in URLs - only unescaped data
should be passed to URL helpers
2. Add an `escape_segment` helper to `Router::Utils`
that escapes '/' characters
3. Use `escape_segment` rather than `escape_fragment`
in optimized URL generation
4. Use `escape_segment` rather than `escape_path`
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard
segments (e.g. *foo) then we use `escape_path` as the value may contain '/'
characters. This means that wildcard routes can't be optimized. Secondly,
if a `:controller` segment is used in the path then this uses `escape_path`
as the controller may be namespaced.
Fixes #14629, #14636 and #14070.
|
|
|
|
|
|
|
|
|
|
| |
Makes it clear that anything passed with the helper must not be percent encoded.
Fixes previous behavior which tricks people into believing passing
non-percent-encoded will generate a proper percent-encoded path while in
reality it doesn't ('%' isn't escaped).
The intention is nice but the heuristic is broken.
|
|
|
|
| |
Related with cbb917455f306cf5818644b162f22be09f77d4b2
|
|
|
|
| |
This was changed at cbb917455f306cf5818644b162f22be09f77d4b2
|
| |
|
|\
| |
| |
| | |
Use common to_io so users can access the underlying IO object
|
| |
| |
| |
| |
| |
| | |
In some cases users may need to work with/manipulate more of the
Tempfile api than provided by Upload. Allow users to get at the
underlying io via the common to_io method of IO/IO-like objects
|
|\ \
| | |
| | | |
Display diagnostics in text format for xhr request
|
| | | |
|
|\ \ \
| |_|/
|/| | |
Remove surplus period from assertion messages
|
| |/ |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When requesting a controller with the following code with a unknown format:
def my_action
respond_to do |format|
format.json { head :ok }
format.any { render text: 'Default response' }
end
end
we should render the default response instead of raising ActionController::UnknownFormat
Fixes #14462
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/controller/mime/respond_with_test.rb
Conflicts:
actionpack/CHANGELOG.md
|
| |
|
|
|
|
|
| |
This parsing is unecessary once the Request object already has the
needed information.
|
| |
|
|
|
|
|
|
|
| |
Adding flash types to a controller within any of the tests will result
in a global state change of the controller under test.
This patch will prevent state leaks and allow us to run the test in random order.
|
| |
|
| |
|
|
|
| |
Adding tests for Session `destroy`, `update` and `delete` methods. No changes for code under test.
|
|\
| |
| |
| |
| | |
Fortisque/kevin/stream_error_in_main_thread_if_not_committed
re-raise error if error occurs before committing in streaming
|
| |
| |
| |
| | |
update the tests, using an if-else
|
| |
| |
| |
| | |
than assume SecureRandom is available
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The method `shallow?` returns false if the parent resource is a singleton so
we need to check if we're not inside a nested scope before copying the :path
and :as options to their shallow equivalents.
Fixes #14388.
|
|\ \
| |/
|/|
| | |
Ensure LookupContext in Digestor selects correct variant
|
| |
| |
| |
| | |
We're setting variant above, in request object directly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Related to: #14242 #14243 14293
Variants passed to LookupContext#find() seem to be ignored, so
I've used the setter instead: `finder.variants = [ variant ]`.
I've also added some more test cases for variants. Hopefully this
time passing tests will mean it actually works.
|
| |
| |
| |
| |
| |
| | |
avoid freezing the headers until the web server has actually read data
from the body proxy. Once the webserver has read data, then we should
throw an error if someone tries to set a header
|
|/
|
|
|
|
|
|
|
|
|
| |
when streaming responses, we need to make sure the cookie jar is written
to the headers before returning up the stack. This commit introduces a
new method on the response object that writes the cookie jar to the
headers as the response is committed. The middleware and test framework
will not write the cookie headers if the response has already been
committed.
fixes #14352
|
|
|
|
|
|
| |
If the options :shallow_prefix and :shallow_path are not set in the
scope options then copy them from the normal :as and :path options
if they are set.
|
|
|
|
|
|
|
| |
If a developer has specified either :path or :as in the options hash then
these should be used as the defaults for :shallow_path and :shallow_prefix.
Fixes #14241.
|
|
|
|
|
|
|
|
| |
By tracking the depth of resource nesting we can push the need for nested
shallow scoping to only those routes that are nested more than one deep.
This allows us to keep the fix for #12498 and fix the regression in #14224.
Fixes #14224.
|
|\
| |
| | |
Make CSRF failure logging optional/configurable.
|
| |
| |
| |
| |
| | |
Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection
which is on by default.
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
`render :body` should just not set the `Content-Type` header. By
removing the header, it breaks the compatibility with other parts.
After this commit, `render :body` will returns `text/html` content type,
sets by default from `ActionDispatch::Response`, and it will preserve
the overridden content type if you override it.
Fixes #14197, #14238
This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
|
|
|
|
|
|
|
|
|
|
|
| |
Take variants into account when calculating template digests in
ActionView::Digest.
Digestor#digest now takes a hash as an argument to support variants and
allow more flexibility in the future. Old-style arguments have been
deprecated.
Fixes #14242
|
| |
|
| |
|
|
|
|
|
|
| |
when an exception happens in an action before the response has been
committed, then we should re-raise the exception in the main thread.
This lets us reuse the existing exception handling.
|
|
|
|
|
|
| |
detect the type of controller we're testing and return the right type of
response based on that controller. This allows us to stop doing the
weird sleep thing.
|
|
|
|
| |
callback and an error happens
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4f2cd3e9 introduced a bug by reordering the call to
`@controller.recycle!` above the call to `build_request_uri`. The
impact of this was that the `@_url_options` cache ends up not being
reset between building a request URI (occurring within the test
controller) and the firing of the actual request.
We encountered this bug because we had the following setup:
class MinimumReproducibleController < ActionController::Base
before_filter { @param = 'param' }
def index
render text: url_for(params)
end
def default_url_options
{ custom_opt: @param }
end
end
def test_index
get :index # builds url, then fires actual request
end
The first step in `get :index` in the test suite would populate the
@_url_options cache. The subsequent call to `url_for` inside of the
controller action would then utilize the uncleared cache, thus never
calling the now-updated default_url_options.
This commit fixes this bug calling recycle! twice, and removes a call
to set response_body, which should no longer be needed since we're
recycling the request object explicitly.
|
|
|
|
| |
when only 1 parameter is unpermitted.
|
|
|
|
|
| |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
|
|
|
|
|
|
|
|
| |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
|
|
|
|
|
|
|
| |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
|
|
|
|
|
| |
if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)
|
|
|
|
| |
defined (just like any other variant)
|