| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | |
| | |
| | | |
If they're not set we'll still fall back to localhost, but this makes it
possible to run the tests against a remote Postgres / Redis / whatever.
|
|\ \ \
| | | |
| | | | |
Cookie doesn't expire anymore unless a flag is set:
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- There is a regression in 6.0 introduced by #32937 where cookie
doesn't expire anymore unless the new `use_cookies_with_metadata`
configuration is set to `true`.
This causes issue for app migration from 5.2 to 6.0 because the
`use_cookies_with_metadata` flag can't be set to true until all
servers are running on 6.0.
Here is a small reproduction script that you can run in the console
```ruby
ActionDispatch::Cookies
request = ActionDispatch::Request.empty
request.env["action_dispatch.key_generator"] = ActiveSupport::KeyGenerator.new('1234567890')
request.env["action_dispatch.signed_cookie_salt"] = 'signed cookie'
request.env["action_dispatch.cookies_rotations"] = ActiveSupport::Messages::RotationConfiguration.new
request.env["action_dispatch.use_authenticated_cookie_encryption"] = true
signed_cookie = request.cookie_jar.signed
signed_cookie[:foobar] = { value: '123', expires: 1.day.ago }
p signed_cookie[:foobar]
```
|
|\ \ \
| |/ /
|/| | |
Cleanup the whitelisting references after #33145
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
During the development of #33145, I have named a few concepts in the
code as `whitelisted`. We decided to stay away from the term and I
adjusted most of the code afterwards, but here are the cases I forgot to
change.
I also found a case in the API guide that we could have cleaned up as
well.
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://travis-ci.org/rails/rails/jobs/486285170#L1349-L1366
```
% git grep -n DrivenBySeleniumWith
test/abstract_unit.rb:374:class DrivenBySeleniumWithChrome < ActionDispatch::SystemTestCase
test/abstract_unit.rb:378:class DrivenBySeleniumWithHeadlessChrome < ActionDispatch::SystemTestCase
test/abstract_unit.rb:382:class DrivenBySeleniumWithHeadlessFirefox < ActionDispatch::SystemTestCase
test/dispatch/system_testing/screenshot_helper_test.rb:10: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:18: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:28: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:40: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:48: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:62: new_test = DrivenBySeleniumWithChrome.new("x")
test/dispatch/system_testing/screenshot_helper_test.rb:76:class SeleniumScreenshotsTest < DrivenBySeleniumWithChrome
test/dispatch/system_testing/system_test_case_test.rb:11:class OverrideSeleniumSubclassToRackTestTest < DrivenBySeleniumWithChrome
test/dispatch/system_testing/system_test_case_test.rb:19:class SetDriverToSeleniumTest < DrivenBySeleniumWithChrome
test/dispatch/system_testing/system_test_case_test.rb:25:class SetDriverToSeleniumHeadlessChromeTest < DrivenBySeleniumWithHeadlessChrome
test/dispatch/system_testing/system_test_case_test.rb:31:class SetDriverToSeleniumHeadlessFirefoxTest < DrivenBySeleniumWithHeadlessFirefox
test/dispatch/system_testing/system_test_case_test.rb:49:class UndefMethodsTest < DrivenBySeleniumWithChrome
```
|
| | |
| | |
| | |
| | |
| | |
| | | |
But `NameError: uninitialized constant ActionDispatch::SystemTesting::Browser::Selenium`
is pretty confused. I've little improved missing constant error to
`NameError: uninitialized constant Selenium`.
|
| | |
| | |
| | |
| | | |
https://travis-ci.org/rails/rails/jobs/486155626#L1317-L1335
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* There is currently no way to define specific browser capabilities since our SystemTest driver override the `option` key [Ref](https://github.com/rails/rails/blob/a07d0680787ced3c04b362fa7a238c918211ac70/actionpack/lib/action_dispatch/system_testing/driver.rb#L35)
This option key is used internally by selenium to add custom capabilities on the browser.
Depending on the Browser, some option are allowed to be passed inside a hash, the driver takes care of setting whatever you passed on the driver option. An example [here](https://github.com/rails/rails/blob/a07d0680787ced3c04b362fa7a238c918211ac70/actionpack/lib/action_dispatch/system_testing/driver.rb#L35) where you are allowed to pass args such as `--no-sandbox` etc
However this behavior was only meant for backward compatibility and as you can see it's deprecated.
The non-deprecated behavior is to create a `<Driver>::Option` object containing all the capabilities we want. This is what we [currently do](https://github.com/rails/rails/blob/a07d0680787ced3c04b362fa7a238c918211ac70/actionpack/lib/action_dispatch/system_testing/browser.rb#L34-L36) when chrome or firefox are in headless mode.
This PR allows to pass a block when calling `driven_by`, the block will be pased a `<Driver>::Option` instance. You can modify this object the way you want by adding any capabilities. The option object will be then passed to selenium.
```ruby
driven_by :selenium, using: :chrome do |driver_option|
driver_option.add_argument('--no-sandbox')
driver_option.add_emulation(device: 'iphone 4')
end
```
|
|\ \
| | |
| | | |
Ensure that `redirect_back` with `fallback_location` to another host is allowed
|
| | |
| | |
| | |
| | | |
I would like to add those tests to prevent regression.
|
| | |
| | |
| | |
| | |
| | | |
Since "actionpack" is not included in isolation test.
Ref: https://travis-ci.org/rails/rails/jobs/484514392#L2715
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are two cases where the debug view does not show the error details
properly:
* When the cause is mapped to an HTTP status code the last exception is
unexpectedly uwrapped
* When the last error is thrown from a view template the debug view is
not using the `rescues/template_error.html.erb` to generate the view
Both the cases could be fixed by not unwrapping the exception. The only
case where the exception should be unwrapped is when the last error is
an `ActionView::Template::Error` object. In this case the HTTP status
code is determined based on the cause.
There are actually more wrapper exceptions that are intentionally
thrown. However, there is a consistent pattern of setting the original
message and original backtrace to the wrapper exception implemented, so
the debug view will not lose the information about what went wrong
eariler.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In this case statement, there are two patterns that start with the same
line:
when %r{/not_found}
...
when %r{/not_found_original_exception}
...
Because the string "/not_found_original_exception" does match the first
one, it is never routed to what it is supposed to be routed, causing one
of the tests for DebugExceptions to happen to be passing.
After changing the regex expressions back to strings, I noticed that the
test setup is not complete (the template object needs to be a proper
template object). Once I fixed it all the tests started padding.
|
|\ \
| | |
| | | |
Revert ensure external redirects are explicitly allowed
|
| | | |
|
|\ \ \
| | | |
| | | | |
Actionpack typo fixes.
|
| |/ /
| | |
| | |
| | | |
2. Typo fixes.
|
|\ \ \
| |/ /
|/| | |
Template Handler Refactoring
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Now that secret_token was removed all this code is now dead.
|
| | | |
|
| | |
| | |
| | |
| | | |
`combined_fragment_cache_key`
|
| | |
| | |
| | |
| | |
| | | |
`#success?`, `missing?` and `error?` were deprecated in Rails 5.2 in favor of
`#successful?`, `not_found?` and `server_error?`.
|
| | |
| | |
| | |
| | | |
Add `fallback_location` and `allow_other_host` options to `redirect_to`.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e385e4678fc64be6e176c3bdac6641db9fe48d85.
While this option was undocumented it exists to make possible to pass
parameters to the route helpers that are reserved like `:domain`.
While `url_for(domain: 'foo.com')` would generate a URL in the `foo.com`
domain `url_for(params: { domain: 'foo.com' })` would generate a URL
with `?domain=foo.com`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Enable `Lint/UselessAssignment` cop to avoid unused variable warnings
Since we've addressed the warning "assigned but unused variable"
frequently.
370537de05092aeea552146b42042833212a1acc
3040446cece8e7a6d9e29219e636e13f180a1e03
5ed618e192e9788094bd92c51255dda1c4fd0eae
76ebafe594fc23abc3764acc7a3758ca473799e5
And also, I've found the unused args in c1b14ad which raises no warnings
by the cop, it shows the value of the cop.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since #30367, if `no-cache` includes Cache-Control headers, special keys
like `public`, `must-revalidate` are ignored.
But in my understanding, `public` still need in case of want to cache
authenticated pages.
The authenticated pages to be cacheable, but still authenticated for
every user, need to specify the `Cache-Control: public, no-cache`.
For keys other than `public`, I did not know the case where it was
necessary to use it in combination with `no-cache`, so I fixed that can
be used only for `public`.
Ref: https://www.mnot.net/cache_docs/#CACHE-CONTROL
Fixes #34780.
|
| |
| |
| | |
If Basecamp is a Facebook-free business, then Rails should be Facebook-free framework.
|
| |
| |
| |
| | |
Ref: https://travis-ci.org/rails/rails/jobs/469956825#L1694
|
| |
| |
| |
| | |
These were unused since 11af089cee0a0e744e267d32becfe2c66a586d31 and e35b98e6f5c54330245645f2ed40d56c74538902.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we sometimes find a redundant begin block in code review
(e.g. https://github.com/rails/rails/pull/33604#discussion_r209784205).
I'd like to enable `Style/RedundantBegin` cop to avoid that, since
rescue/else/ensure are allowed inside do/end blocks in Ruby 2.5
(https://bugs.ruby-lang.org/issues/12906), so we'd probably meets with
that situation than before.
|
| |
| |
| |
| |
| |
| | |
since Ruby 2.5
https://bugs.ruby-lang.org/issues/14133
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This takes away the following log.
```
Error occurred while parsing request parameters.
Contents:
{:foo=>"heyo"}
```
Pass the correct value as JSON
|
|\ \
| | |
| | | |
Allow nil params on controller HTTP test methods
|
| | | |
|
|/ /
| |
| |
| |
| | |
Just testing that `after_action` is invoked before
`prepend_after_action`.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
… by switching the initialzation of an appropriate response parser
in `ActionDispatch::TestResponse` from eagerly to lazily.
By doing so, the response parser can be correctly set for
`ActionController::TestCase`, which doesn't include
the content type header in the constructor but only sets it at
a later time.
Fixes #34676.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ActionDispatch::HostAuthorization is a new middleware that prevent
against DNS rebinding and other Host header attacks. By default it is
included only in the development environment with the following
configuration:
Rails.application.config.hosts = [
IPAddr.new("0.0.0.0/0"), # All IPv4 addresses.
IPAddr.new("::/0"), # All IPv6 addresses.
"localhost" # The localhost reserved domain.
]
In other environments, `Rails.application.config.hosts` is empty and no
Host header checks will be done. If you want to guard against header
attacks on production, you have to manually permit the allowed hosts
with:
Rails.application.config.hosts << "product.com"
The host of a request is checked against the hosts entries with the case
operator (#===), which lets hosts support entries of type RegExp,
Proc and IPAddr to name a few. Here is an example with a regexp.
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << /.*\.product\.com/
A special case is supported that allows you to permit all sub-domains:
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << ".product.com"
|
| |
| |
| |
| |
| |
| | |
Parallel execution of `ForkingExecutor` is the same approach as
`Testing::Parallelization`. So do not need to have own code inside
Action Pack. Let's use an already existing feature.
|
| |
| |
| |
| |
| | |
We are dealing with the rack env so it is better to specify it in the
tests.
|
| |
| |
| |
| |
| | |
Raises an ArgumentError when multiple root routes are defined in the
same context instead of assigning nil names to subsequent roots.
|
|\ \
| | |
| | |
| | | |
:only and :except are now chained for routing resource(s)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow chaining the :only and :except options for routing resource(s).
Previously, the following yielded routes for both show and destroy:
resource :account, :only => [:show, :destroy], :except => :destroy
This now yields only the show action. This chaining can be useful for
passing optional :except options to code that makes use of the :only
option (e.g. for a gem with its own routing methods).
|
| | |
| | |
| | |
| | | |
[Gannon McGibbon + Josh Cheek]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is no controller instance when using a redirect route or a
mounted rack application so pass the request object as the context
when resolving dynamic CSP sources in this scenario.
Fixes #34200.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously if a dynamic source returned a symbol such as :self it
would be converted to a string implicity, e.g:
policy.default_src -> { :self }
would generate the header:
Content-Security-Policy: default-src self
and now it generates:
Content-Security-Policy: default-src 'self'
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
this method (#34210)
* Fix `ActionController::Parameters#each_value`
`each_value` should yield with "value" of the params instead of "value" as an array.
Related to #33979
* Add changelog entry about `ActionController::Parameters#each_value`.
Follow up #33979
|