aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Make flash messages cookie compatible with Rails 4Rafael Mendonça França2016-05-062-3/+3
| | | | | | | | In #18721 we removed the discard key from the session hash used to flash messages and that broke compatibility with Rails 4 applications because they try to map in the discarded flash messages and it returns nil. Fixes #24726.
* Merge pull request #24896 from prathamesh-sonpatki/api-cleanupGuillermo Iguaran2016-05-061-7/+0
|\ | | | | BoomerAPI is not used anywhere, so removed it!
| * BoomerAPI is not used anywhere, so removed it!Prathamesh Sonpatki2016-05-061-7/+0
| | | | | | | | | | - It was originally added in 83b4e9073f0852afc065 and partially removed in 05d89410bf97d0778e7.
* | Merge pull request #24029 from ↵Sean Griffin2016-05-066-19/+70
|\ \ | |/ |/| | | | | | | | | rthbound/dont-call-each-when-calling-body-on-response Dont call each when calling body on response to fix #23964 Fixes #23964
| * Fixes #23964Ryan T. Hosford2016-03-136-19/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adds #each_chunk to ActionDispatch::Response. it's a method which will be called by ActionDispatch::Response#each. - Make Response#each a proper method instead of delegating to @stream - In Live, instead of overriding #each, override #each_chunk. - `#each` should just spit out @str_body if it's already set - Adds #test_set_header_after_read_body_during_action to prove this fixes #23964 - Adds #test_each_isnt_called_if_str_body_is_written to ensure #each_chunk is not called when @str_body is available - Call `@response.sent!` in AC::TestCase's #perform so a test response acts a bit more like a real response. Makes test that call `#assert_stream_closed` pass again. - Additionally assert `#committed?` in `#assert_stream_closed` - Make test that was calling @response.stream.each pass again by calling @response.each instead.
* | Release notes: Add PR #24866 to release notesPrathamesh Sonpatki2016-05-051-1/+1
| |
* | Implement helpers proxy in controller instance levelRafael Mendonça França2016-05-054-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a common pattern in the Rails community that when people want to :xa use any kind of helper that is defined inside app/helpers they includes the helper module inside the controller like: module UserHelper def my_user_helper # ... end end class UsersController < ApplicationController include UserHelper def index render inline: my_user_helper end end This has problem because the helper can't access anything that is defined in the view level context class. Also all public methods of the helper become available in the controller what can lead to undesirable methods being routed and behaving as actions. Also if you helper depends on other helpers or even Action View helpers you need to include each one of these dependencies in your controller otherwise your helper is not going to work. We already have a helpers proxy at controller class level but that proxy doesn't have access to the instance variables defined in the controller. With this new instance level helper proxy users can reuse helpers in the controller without having to include the modules and with access to instance variables defined in the controller. class UsersController < ApplicationController def index render inline: helpers.my_user_helper end end
* | Move protected instance variable to the right placeRafael Mendonça França2016-05-052-6/+5
| | | | | | | | | | | | | | | | | | There were a lot of protected instance variables in AbsctractController::Rendering that were related to Action Controller and Action View. Moving to ActionController::Base's protected instance list we make it closer to where they are really defined.
* | Merge pull request #24820 from maclover7/fix-15843Kasper Timm Hansen2016-05-042-1/+31
|\ \ | | | | | | Ensure compatibility between ActionDispatch::Request::Session and Rack
| * | Ensure compatibility between ActionDispatch::Request::Session and RackJon Moss2016-05-042-1/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding the `each` method is required for ensuring compatibility between Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted within Rails, and wish to use its session tooling. Prior to this, there was an inconsistency between ActionDispatch::Request::Session and Rack::Session::Cookie, due to the absence of the `each` method. This should hopefully fix that error. :) For a full integration test with Sinatra and a standalone Rack application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470. Solves #15843.
* | | Fix some typos in comments.Joe Rafaniello2016-05-041-1/+1
| | | | | | | | | | | | [ci skip]
* | | Merge pull request #24845 from tomkadwill/action_controller_typosRafael França2016-05-042-3/+3
|\ \ \ | |/ / |/| | Fix actionpack typos [ci skip]
| * | Fix actionpack typos [ci skip]Tom Kadwill2016-05-042-3/+3
| | |
* | | Merge pull request #24777 from tomkadwill/action_pack_typos_3Vipul A M2016-04-302-5/+5
|\ \ \ | | | | | | | | Fix actionpack typos [ci skip]
| * | | Fix actionpack typos [ci skip]Tom Kadwill2016-04-302-5/+5
| |/ /
* | | Remove last uses of `@env[]` and `@env[]=`Jon Moss2016-04-283-12/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in favor of using `set_header`, `get_header`, etc. (Here's an [example commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)). This PR should remove the last uses of these methods, and fully convert them to the newly standardized API.
* | | Prep Rails 5 beta 4eileencodes2016-04-272-1/+3
| | |
* | | Add more info to insecure URL generation errorDerek Prior2016-04-264-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
* | | Merge pull request #24641 from rafaelfranca/fix-per-form-token-with-full-urlJeremy Daer2016-04-252-1/+15
|\ \ \ | | | | | | | | | | | | Discart the schema and host information when building the per-form token
| * | | Discart the schema and host information when building the per-form tokenRafael Mendonça França2016-04-202-1/+15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the token is generated by the form we were using the schema and host information while only using the path to compare if the action was the same. This was causing the token to be invalid. To fix this we use the same information to generate the token and check it. Fix #24257
* | | Merge pull request #23103 from rails/refactor-handling-of-action-defaultJeremy Daer2016-04-248-33/+73
|\ \ \ | | | | | | | | | | | | Refactor handling of :action default in routing
| * | | Refactor handling of :action default in routingAndrew White2016-02-168-32/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The longstanding convention in Rails is that if the :action parameter is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1 this was handled slightly differently than other routing defaults by deleting it from the route options and adding it to the recall parameters. With the recent focus of removing unnecessary duplications this has exposed a problem in this strategy - we are now mutating the request's path parameters and causing problems for later url generation. This will typically affect url_for rather a named url helper since the latter explicitly pass :controller, :action, etc. The fix is to add a default for :action in the route class if the path contains an :action segment and no default is passed. This change also revealed an issue with the parameterized part expiry in that it doesn't follow a right to left order - as soon as a dynamic segment is required then all other segments become required. Fixes #23019.
* | | | Merge pull request #24701 from ↵Guillermo Iguaran2016-04-242-8/+11
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | prathamesh-sonpatki/deprecate-request_via_redirect Deprecate `request_via_redirect` method.
| * | | | Deprecate `request_via_redirect` method.Prathamesh Sonpatki2016-04-242-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Followup of https://github.com/rails/rails/issues/18693. - I think we missed deprecating `request_via_redirect` in that pull request. - Originally requested by DHH here https://github.com/rails/rails/issues/18333.
* | | | | Merge pull request #24697 from tomkadwill/action_pack_typos_2Vipul A M2016-04-234-10/+10
|\ \ \ \ \ | |/ / / / |/| | | | Actionpack documentation typos [ci skip]
| * | | | Actionpack documentation typos [ci skip]Tom Kadwill2016-04-234-10/+10
| | |/ / | |/| |
* | | | Merge pull request #24669 from tomkadwill/action_pack_typosVipul A M2016-04-222-11/+10
|\ \ \ \ | | | | | | | | | | Actioncable and Actionpack documentation typos [ci skip]
| * | | | Actioncable and Actionpack documentation typos [ci skip]Tom Kadwill2016-04-212-11/+10
| |/ / /
* / / / Fix ApplicationController.renderer.defaults.merge!Jon Moss2016-04-202-1/+9
|/ / / | | | | | | | | | | | | | | | | | | Previously, users were trying to modify a frozen Hash. Includes a regression test :) Fixes #22975
* | | Merge pull request #24031 from ↵Jeremy Daer2016-04-192-2/+14
|\ \ \ | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-032-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | Update send_data documentation [ci skip]Anton Rieder2016-04-191-1/+1
| | | | | | | | | | | | Add missing period after sentence.
* | | | Properly verify that cache accepts and user `expires` value.Vipul A M2016-04-172-2/+5
| | | |
* | | | Filter scalar values when params permit hashes or arraysSean Griffin2016-04-152-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`
* | | | [ci skip] Remove extra `so` from the Action Pack CHANGELOGPrathamesh Sonpatki2016-04-141-2/+2
| | | |
* | | | Merge pull request #24318 from bogdanvlviv/patch-1Rafael Mendonça França2016-04-122-1/+5
|\ \ \ \ | | | | | | | | | | | | | | | extension synonyms yml and yaml
| * | | | extension synonyms yml and yamlBogdan2016-03-272-1/+5
| | | | |
* | | | | Merge pull request #24504 from nickmalcolm/masterVipul A M2016-04-121-1/+6
|\ \ \ \ \ | | | | | | | | | | | | Encourage best practice in the HTTP Token authentication example code
| * | | | | [ci skip] This modifies the HTTP Token authentication example's ↵Nick Malcolm2016-04-121-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | `authenticate` method, to use the `secure_compare` method with two constant-length strings. This defends against timing attacks, and is best practice. Using `==` for sensitive actions is not recommended, and this was the source of a CVE fixed in October 2015: https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbda
* | | | | | Pass over all Rails 5 warnings, to make sure:Vipul A M2016-04-125-6/+6
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - we are ending sentences properly - fixing of space issues - fixed continuity issues in some sentences. Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 . This change reverts making sure we add '.' at end of deprecation sentences. This is to keep sentences within Rails itself consistent and with a '.' at the end.
* | | | | quick edits on the AC::API RDoc [ci skip]Xavier Noria2016-04-051-19/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular, the fact that ApplicationController is the only one inheriting from AC::API is not a default. You could say at most that generators generate them that way, but the creation of controllers is something which is out of our control because programmers write controllers by hand. Instead, we can say that normally, conventionally, as in the majority of Rails apps, that is the actually the case.
* | | | | it's => its typoRyan McCuaig2016-04-041-1/+1
| | | | |
* | | | | Fixes #24239Ryan T. Hosford2016-04-043-1/+31
| | | | | | | | | | | | | | | | | | | | | | | | | - skip calling helper_method if it's not there: if we don't have helpers, we needn't define one. - tests that an api controller can include and use ActionController::Cookies
* | | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-04-031-0/+7
|\ \ \ \ \
| * | | | | [ci skip] Fix example of ActionController::Parameters#to_unsafe_hPrathamesh Sonpatki2016-03-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | - Added missing `"`.
| * | | | | Add example for ActionController::Parameters#to_unsafe_hGaurish Sharma2016-03-121-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | [ci-skip]
* | | | | | Grammar fixes based on pass over ETag doc changesVipul A M2016-04-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | Grammer fix in comment: capitalize first word in sentence [ci skip].utilum2016-04-021-1/+1
| | | | | |
* | | | | | Strong ETag validatorsJeremy Daer2016-03-316-63/+210
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | | | | Fix deprecation warning for ParamsParser instance :smile:Prathamesh Sonpatki2016-03-301-1/+1
| | | | | |