| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per this comment
https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
`protect_from_forgery` to default to `prepend: false`.
`protect_from_forgery` will now be insterted into the callback chain at the
point it is called in your application. This is useful for cases where you
want to `protect_from_forgery` after you perform required authentication
callbacks or other callbacks that are required to run after forgery protection.
If you want `protect_from_forgery` callbacks to always run first, regardless of
position they are called in your application, then you can add `prepend: true`
to your `protect_from_forgery` call.
Example:
```ruby
protect_from_forgery prepend: true
```
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the `Live::Response` so we are consolidating methods
from `Live::Response` and `Response` by merging them together.
This adds an `#empty` method to the request so we don't need to
hard-code the empty array each time we call an empty
`ActionDispatch::Request`.
The work here is a continuation on combining controller and integration
test code bases into one.
|
|\
| |
| | |
Test against the real value of tld_length unless explicitly set
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There were two places where the tld_length default
was hard-coded to 1, both overriding the real default
value of ActionDispatch::Http::URL.tld_length in this
set of tests.
This commit removes both of those, relying on the
actual value of ActionDispatch::Http::URL.tld_length,
unless it's specifically overridden.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
:redirect
- If the assert_response is checking for any non-redirect response like
:success and actual response is :redirect then, the error message displayed
was -
Expected response to be a <success>, but was <302>
- This commit adds the redirect path to the error message of
assert_response if the response is :redirect.
So above message is changed to -
Expected response to be a <success>, but was a redirect to <http://test.host/posts/lol>
|
|\
| |
| | |
Brush up errors of `ActionDispatch::Routing::Mapper#mount`
|
| |
| |
| |
| |
| |
| | |
* Integrate to raise `ArgumentError`
* Detailed error message when `path` is not defined
* Add a test case, invalid rack app is passed
|
|\ \
| | |
| | | |
In url_for, never append ? when the query string is empty anyway.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It used to behave like this:
url_for(controller: 'x', action: 'y', q: {})
# -> "/x/y?"
We previously avoided empty query strings in most cases by removing
nil values, then checking whether params was empty. But as you can
see above, even non-empty params can yield an empty query string. So
I changed the code to just directly check whether the query string
ended up empty.
(To make everything more consistent, the "removing nil values"
functionality should probably move to ActionPack's Hash#to_query, the
place where empty hashes and arrays get removed. However, this would
change a lot more behavior.)
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Add option to verify Origin header in CSRF checks
[Jeremy Daer + Rafael Mendonça França]
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add text template for source code
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When a request is made with AJAX and an error occurs, Rails will render
a text-template for the exception instead of the HTML error page
(#11960).
The `.text.erb` variant of the `_source` template is currently missing,
causing HTML to be rendered in the response. This commit adds the text
template.
To keep the page scannable we only only show the first three source
extracts.
Related to #14745.
Before:
```
~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H
'X-Requested-With: XMLHttpRequest'
RuntimeError in PostsController#index
<div class="source " id="frame-source-0">
<div class="info">
Extracted source (around line <strong>#3</strong>):
</div>
<div class="data">
<table cellpadding="0" cellspacing="0" class="lines">
<tr>
```
After:
```
~/testing-exceptions ᐅ curl 'http://localhost:3000/' -H
'X-Requested-With: XMLHttpRequest'
RuntimeError in PostsController#index
Extracted source (around line #3):
*3 raise
```
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The initial attempt was to remove the method at all in
https://github.com/sergey-alekseev/rails/commit/4926aa68c98673e7be88a2d2b57d72dc490bc71c.
The method overrides Rack's `#form_data?`
https://github.com/rack/rack/blob/6f8808d4201e68e4bd780441b3b7bb3ee6d1f43e/lib/rack/request.rb#L172-L184.
Which may have some incorrect implementation actually. `type.nil?` isn't possible I suppose. I'll check.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This code was added for migration from Rails 3.1 to upper,
now we are developing Rails 5.
|
| |_|/ /
|/| | | |
|
| | | | |
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
This solves:
```
Expected /Completed 200 OK in [\d]ms/ to match "Completed 200 OK in 943ms".
```
|
| | | |
|
|\ \ \
| |_|/
|/| | |
Add test for parsing application/vnd.api+json
|
| | | |
|
| | |
| | |
| | |
| | | |
This reverts commit 9f93a5efbba3e1cbf0bfa700a17ec8d1ef60d7c6.
|
| | |
| | |
| | |
| | |
| | |
| | | |
rather than an action name and *args. The *args were not being used in regular
applications outside tests. This causes a backwards compatibility
issue, but reduces array allocations for most users.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For ActionController::Base we write the cookies in a middleware if it
was not yet committed no matter if the response was committed or not. [1]
For ActionController::Live we write the cookies before the response is
committed. [2]
We already mimic ActionController::Live in
ActionController::TestCase but we don't mimic the ActionController::Base
behavior because we were checking if the response was committed before
writing the cookies.
Now we are matching the behavior of the middleware and writing the
cookies if it was not written before.
[1]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_dispatch/middleware/cookies.rb#L599-L604
[2]: https://github.com/rails/rails/blob/80c6b901d4d87cee610ab0a438ff6e3c6bf118d1/actionpack/lib/action_controller/metal/live.rb#L218-L223
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Change Integer#year to return a Fixnum instead of a Float to improve consistency
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | | |
These warings have been appeared from
ea9bc06c9a47b839d5e2db94ba6bf7e29c8f0ae9.
|
| | |
| | |
| | |
| | | |
parse RSS/ATOM responses as XML, not HTML
|
|\ \ \
| | | |
| | | | |
Delete needless `require 'active_support/deprecation'`
|
| | | |
| | | |
| | | |
| | | |
| | | | |
When `require 'active_support/rails'`, 'active_support/deprecation'
is automatically loaded.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this change, given a route:
# config/routes.rb
get ':a' => "foo#bar"
If one pointed to http://example.com/%BE (param `a` has invalid encoding),
a `BadRequest` would be raised with the following non-informative message:
ActionController::BadRequest
From now on the message displayed is:
Invalid parameter encoding: hi => "\xBE"
Fixes #21923.
|
|\ \ \
| | | |
| | | |
| | | | |
Add basic support for access control headers to ActionDispatch::Static
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now ActionDispatch::Static can accept HTTP headers so that developers
will have control of returning arbitrary headers like
'Access-Control-Allow-Origin' when a response is delivered. They can
be configured through `#config.public_file_server.headers`:
config.public_file_server.headers = {
"Cache-Control" => "public, max-age=60",
"Access-Control-Allow-Origin" => "http://rubyonrails.org"
}
Also deprecate `config.static_cache_control` in favor of
`config.public_file_server.headers`.
|
|\ \ \ \
| | | | |
| | | | | |
Change `Journey::Route#verb` to return string instead of regexp.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
By [this commit](https://github.com/rails/rails/commit/0b476de445faf330c58255e2ec3eea0f3a7c1bfc)
`Journey::Route#verb` need not to return verb as regexp.
The returned value is used by inspector, so change it to be a string.
Add inspect_with_multiple_verbs test case to keep the behavior of
inspector correctly.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Just a slight refactor that delegates file sending to the response
object. This gives us the advantage that if a webserver (in the future)
provides a response object that knows how to do accelerated file
serving, it can implement this method.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Suppress warnings of `assigned but unused variable`
|
| |/ / / / |
|