aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | | make Content-Type header the canonical location for content-type infoAaron Patterson2015-09-081-34/+50
| | | | | | | | | | | | | | | Instead of storing content type information in an ivar and a header, lets move to just store the content type info in just the header.
* | | pull content type parsing in to a methodAaron Patterson2015-09-081-7/+15
| | | | | | | | | | | | we'll use this method later to lazily parse content type headers.
* | | ensure that content type defaults to text / html when setting charsetAaron Patterson2015-09-081-0/+7
| | |
* | | push content_type assigment in to metalAaron Patterson2015-09-083-9/+11
| | | | | | | | | | | | | | | everything above metal really doesn't care about setting the content type, so lets rearrange these methods to be in metal.
* | | avoid useless string allocationsAaron Patterson2015-09-082-2/+1
| | | | | | | | | | | | | | | | | | | | | _set_content_type only does something when there is a request object, otherwise the return value of _get_content_type is always ignored. This commit moves everything to the module that has access to the request object so we'll never to_s unless there is a reason
* | | use accessors instead of manipulating the hashAaron Patterson2015-09-081-2/+2
| | | | | | | | | | | | | | | in the future I would like to make the header hash read only (or at least remove guarantees that mutations will do anything).
* | | Push key_generator into SerializedCookieJarsKasper Timm Hansen2015-09-081-4/+4
| | | | | | | | | | | | It's only used there.
* | | Move the request method in to the AbstractCookieJarKasper Timm Hansen2015-09-081-4/+3
| | | | | | | | | | | | | | | `CookieJar` is only at the start of the chain and has its own request method, so we don't need it in the module.
* | | Pull up parse to the legacy upgrading moduleKasper Timm Hansen2015-09-081-10/+5
| | | | | | | | | | | | It was the same in both legacy versions of the signed and encrypted cookie jars.
* | | Call super to remove the decrypt_and_verify methodKasper Timm Hansen2015-09-081-8/+4
| | | | | | | | | | | | The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
* | | Call super to remove the verify methodKasper Timm Hansen2015-09-081-8/+2
| | | | | | | | | | | | | | | `SignedCookieJar`'s parse method already attempts to verify the message, so we can just call super and try the old verifier if it fails.
* | | Add parse method to share deserialization logic.Kasper Timm Hansen2015-09-081-19/+12
| | | | | | | | | | | | Cuts down on the duplicated reading parts.
* | | Add commit in the EncryptedCookieJarKasper Timm Hansen2015-09-081-17/+7
| | | | | | | | | | | | Gets rid of the option parsing and makes what the encryptor does stand out.
* | | Use commit in the SignedCookieJarKasper Timm Hansen2015-09-081-15/+6
| | | | | | | | | | | | Lets us avoid worrying about parsing the options and doing just what we need.
* | | Add commit method to share option normalizationKasper Timm Hansen2015-09-081-4/+12
| | | | | | | | | | | | Remove the clutter to make PermanentCookieJar's one change stand out.
* | | Add AbstractCookieJar class.Kasper Timm Hansen2015-09-081-1/+3
| | | | | | | | | | | | Eventually this will be the superclass of all the chained jars.
* | | Merge pull request #21502 from ↵Rafael Mendonça França2015-09-083-1/+26
|\ \ \ | | | | | | | | | | | | | | | | | | | | bernerdschaefer/bs-polymorphic-url_for-dups-arguments `url_for` does not modify polymorphic options
| * | | `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-043-1/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* | | | Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-073-200/+252
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* | | | Remove mocha from ActionPack testsMarcin Olichwirowicz2015-09-058-90/+132
| | | |
* | | | implement abstract store methodsAaron Patterson2015-09-044-8/+8
| | | | | | | | | | | | | | | | converts old ID methods to the new abstract store methods in Rack
* | | | stop using deprecated Abstract::ID classAaron Patterson2015-09-044-4/+4
| | | |
* | | | stop inheriting from Rack::RequestAaron Patterson2015-09-0411-21/+23
| | | | | | | | | | | | | | | | | | | | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* | | | use `Rack::Utils.unescape_path` to unescape pathsAaron Patterson2015-09-041-3/+3
|/ / / | | | | | | | | | | | | | | | Escaping and unescaping paths is different than query parameters, and we need to respect that. This commit uses the new method in Rack to escape and unescape paths. Fixes #11816
* | | Merge pull request #21483 from justanshulsharma/add-ip6-addressEileen M. Uchitelle2015-09-031-1/+1
|\ \ \ | | | | | | | | [ci skip] Added localhost IPv6
| * | | [ci skip] Added localhost IPv6Anshul Sharma2015-09-031-1/+1
| | | |
* | | | Fix route creation when format is a blank stringeileencodes2015-09-022-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit bff61ba, while reducing allocations, caused a regression when an empty format is passed to a route. This can happen in cases where you're using an anchor tag, for example: `https://example.com/parent/575256966.#child_1032289285`. Because of this change `format` was getting sent in `parameterized_parts` when previously it was not included. This resulted in blank `format`'s being returned as `.` when if there was an extension included it would be `.extension`. Since there was no extension this caused incorrect URL's. The test shows this would result in `/posts/show/1.` instead of `/posts/show/1` which causes bad urls since the format is not present.
* | | | typo "description not clear corrected with proper description and ↵kishore-mohan2015-09-021-2/+2
| | | | | | | | | | | | | | | | action_controller_overview file Rails' -> Rails" [ci skip]
* | | | Remove not used requiresMarcin Olichwirowicz2015-09-017-13/+2
| | | |
* | | | Fix bug where cookies mutated by request were not persistedeileencodes2015-09-013-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
* | | | Merge pull request #19788 from cmdrclueless/actionpack_http_url_ipv6Rafael Mendonça França2015-09-012-1/+46
|\ \ \ \ | | | | | | | | | | Fix broken IPv6 addresses handling
| * | | | Fix broken IPv6 addresses handlingBrian Weaver2015-04-162-1/+46
| | | | |
* | | | | Merge pull request #21298 from rodzyn/remove_dead_codeRafael Mendonça França2015-09-011-4/+0
|\ \ \ \ \ | | | | | | | | | | | | Remove dead code
| * | | | | Remove dead codeMarcin Olichwirowicz2015-08-191-4/+0
| | | | | |
* | | | | | add a method for getting the http auth saltAaron Patterson2015-08-292-2/+6
| | | | | |
* | | | | | env to get_header conversionAaron Patterson2015-08-291-1/+1
| | | | | |
* | | | | | fixes example for consistency [ci skip]Xavier Noria2015-08-291-3/+3
| | | | | |
* | | | | | swaps words [ci skip]Xavier Noria2015-08-291-1/+1
| | | | | |
* | | | | | revamps the docs of strong params require [ci skip]Xavier Noria2015-08-291-9/+40
| | | | | | | | | | | | | | | | | | | | | | | | References #19565.
* | | | | | Set the content-type to `text/html` if the options[:html] is trueakihiro172015-08-292-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this commit, we set the content-type to `text/html` in AbstractController if the `options[:html]` is true so that we don't include ActionView::Rendering into ActionController::Metal to set it properly. I removed the if `options[:plain]` statement because `AbstractController#rendered_format` returns `Mime::TEXT` by default.
* | | | | | revises 877e42eXavier Noria2015-08-282-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * A string in the example lacked quotes. * The tests asserted stuff about :last_name, whereas test params do not have that key. * But, the first one passed, why? After hitting my head against the wall and doing some obscure rituals realized the new #require had an important typo, wanted to iterate over the array argument (key), but it ran over its own hash keys (method #keys). * Modified the test to prevent the same typo to happen again. * The second test assigned to an unused variable safe_params that has been therefore removed. * Grammar of the second test description. * Since I was on it, reworded both test descriptions.
* | | | | | [Feature] params.require requires array of paramsGaurish Sharma2015-08-282-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this: ```ruby params.require(:person).require(:first_name) params.require(:person).require(:last_name) ``` Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line: ```ruby params.require(:person).require([:first_name, :last_name]) ``` Comments welcome
* | | | | | Merge pull request #21396 from rodzyn/code-cleanupGuillermo Iguaran2015-08-282-13/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | Code cleanup
| * | | | | | Code cleanupMarcin Olichwirowicz2015-08-272-13/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries and remove not used private method. Apparently this method was used in `ActionDispatch::Http::Request` - fixed by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
* | | | | | | Revert "this always sets :public to false, so just do that"Aaron Patterson2015-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit cae2b5bb59212961c4a35c939381ebece48d1177. I am an idiot.
* | | | | | | this always sets :public to false, so just do thatAaron Patterson2015-08-271-1/+1
| | | | | | |
* | | | | | | remove dependency on `@cache_control` ivarAaron Patterson2015-08-271-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | eventually we'll remove this instance variable, but this is the first step
* | | | | | | remove `@etag` ivarAaron Patterson2015-08-271-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we're storing the value in the headers hash, so lets just store the value in one place.
* | | | | | | use the abstract API in modulesAaron Patterson2015-08-272-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modules should be using the API that the abstract modules use so that we can move these modules between implementations
* | | | | | | remove useless conditionalAaron Patterson2015-08-271-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cookies are always stored as a string in the header hash, so it will not need to be joined.