aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #32932 from y-yagi/fixes_32920Yuji Yaginuma2018-09-202-1/+16
|\ | | | | Add CSP nonce to `style-src` directive
| * Add CSP nonce to `style-src` directiveyuuji.yaginuma2018-05-192-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | For nonce, only `script-src` and` style-src` are meaningful in the definition of Content Security Policy Level 2. https://www.w3.org/TR/CSP2/#script-src-nonce-usage https://www.w3.org/TR/CSP2/#style-src-nonce-usage Therefore, I think that customization function not needs and it is enough to enable both directives inside the framework. Fixes #32920
* | [ci skip] Fix documentation for Response#content_typeprintercu2018-09-141-10/+10
| |
* | Make sure the flash method is defined even if helpers are not presentRafael Mendonça França2018-09-132-6/+11
| |
* | Merge pull request #33569 from eric-hemasystems/conditional-flash-helperRafael França2018-09-132-3/+13
|\ \ | | | | | | Conditionally use `helper_method` in Flash concern
| * | Conditionally use `helper_method` in Flash concernEric Anderson2018-08-092-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I was attempting to use the `flash` functionality in a `Metal` controller. When including the `flash` concern I received the following error: NoMethodError: undefined method `helper_method'.... Either: - `AbstractController::Helpers` should be a dependency of `ActionController::Flash` - `ActionController::Flash` should not require the existence of `AbstractController::Helpers`. Since my use case (set a flash and redirect) has no need for the helper method and that is a common use case, making the dependency conditional seemed the better option. NOTE: This is similar to issue #21067 only the error is within Rails itself while that issue had the error within Devise.
* | | Formatting CHANGELOGs [ci skip]Ryuta Kamizono2018-09-071-1/+1
| | | | | | | | | | | | Fixing code block rendering, indentation, backticks, etc.
* | | Update documentation to ActionController::ConditionalGetAnatoly Mikhaylov2018-09-031-0/+6
| | | | | | | | | | | | Two implemented but undocumented features are to help indicate that cache is fresh for 3 hours, and it may continue to be served stale for up to an additional 60 seconds to parallel requests for the same resource or up to 5 minutes while errors are being returned back while the initial synchronous revalidation is attempted.
* | | Faster permitted_scalar_filterschneems2018-08-312-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running with code triage and derailed benchmarks and focusing on this file: Before 16199 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.r After 2280 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.rb
* | | [ci skip] Document permitted_scalar_filterschneems2018-08-301-0/+10
| | |
* | | Fix `actionpack/CHANGELOG.md` [ci skip]bogdanvlviv2018-08-301-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the reference to the PR. Usually, we write reference to solved issues in the changelog files. Related to #33605. Add missing dots. Improve formatting.
* | | Fewer allocations in caching/fragments.rbschneems2018-08-291-1/+5
| | | | | | | | | | | | Instead of using a splat on the head and tail we can mutate the array by flattening 1 level. We get further savings by not allocating another via `compact` but instead by using `compact!`
* | | Merge pull request #33718 from kddeisz/permit-listMatthew Draper2018-08-298-19/+16
|\ \ \ | | | | | | | | Finish converting whitelist and blacklist references
| * | | Permit list usage cleanup and clearer documentationKevin Deisz2018-08-274-9/+6
| | | |
| * | | Convert remaining usage of whitelist and blacklistKevin Deisz2018-08-242-4/+4
| | | |
| * | | Convert over the rest of the whitelist referencesKevin Deisz2018-08-246-10/+10
| | | |
* | | | Focus search input after page load on /rails/info/routes (#33683)James Brooks2018-08-281-0/+3
| | | |
* | | | Call block to #redirect_to in controller context (#33735)speckins2018-08-272-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Call block to #redirect_to in controller context The documentation for ActionController::Redirecting states that a Proc argument "will be executed in the controller's context." However, unless #instance_eval is used (removed in 6b3ad0ca), that statement is false for procs defined outside of the controller instance. This commit restores the documented behavior. Fixes #33731. * Move test proc into a constant in another class Per @rafaelfranca's suggestion. [Steven Peckins + Rafael Mendonça França]
* | | | Clarify example of the test [ci skip] 黄松2018-08-251-2/+2
| | | | | | | | | | | | ActionDispatch::TestProcess::FixtureFile
* | | | Format respond_to method as code in doc [ci skip]Rob Zolkos2018-08-251-1/+1
|/ / / | | | | | | | | | | | | This updates the `respond_to` method to be code formatted rather than plain text (as it refers to the method)
* | | Merge pull request #33704 from matthewd/helper-path-with-sizeMatthew Draper2018-08-231-2/+1
|\ \ \ | | | | | | | | Use string lengths instead of regexp to extract path
| * | | Use string lengths instead of regexp to extract pathMatthew Draper2018-08-231-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The regexp was introduced in 186ac4cdaa911a9af659a29f2179a19b99dea13b, and looks cosmetic. While they should be functionally identical in theory, in practice, case insensitive (but preserving) filesystems can give results that are differently-cased from the pattern we supplied. I don't know how to force the filesystem to do the surprising thing, even when running in an environment that _could_, so no new test.
* | | | Merge pull request #33698 from bogdanvlviv/follow-up-33693Rafael França2018-08-221-1/+0
|\ \ \ \ | | | | | | | | | | Remove extra execution of `uniq!` on action_methods
| * | | | Remove extra execution of `uniq!` on action_methodsbogdanvlviv2018-08-221-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Execution of `to_set` below should remove duplicated elements. Follow up #33693
* | | | | Merge pull request #33695 from peterzhu2118/masterRafael França2018-08-222-8/+11
|\ \ \ \ \ | |/ / / / |/| | | | Update ParameterFilter to yield original parameters
| * | | | Update ParameterFilter to yield original parametersPeter Zhu2018-08-222-8/+11
| |/ / /
* / / / Two fewer array allocations on action_methodsschneems2018-08-221-1/+4
|/ / / | | | | | | | | | Instead of creating new arrays for `uniq` and `map` we can instead modify the array in place.
* | | Show the `ENV` value correctly in the doc of `combined_fragment_cache_key` ↵yuuji.yaginuma2018-08-221-1/+1
| | | | | | | | | | | | | | | | | | | | | [ci skip] It seems to need an escape for the showing `ENV`. https://api.rubyonrails.org/classes/AbstractController/Caching/Fragments.html#method-i-combined_fragment_cache_key
* | | Fix `rails routes -c` for controller name consists of multiple word.Yoshiyuki Kinjo2018-08-201-1/+1
| | |
* | | Fix unclosed tags [ci skip]yuuji.yaginuma2018-08-181-1/+1
| | |
* | | add missing indifferent_access require for #normalize_encode_paramsWill Jordan2018-08-161-0/+2
| | | | | | | | | | | | Fixes #33634.
* | | Merge pull request #33499 from lsylvester/caller-ignore-pathsKasper Timm Hansen2018-08-151-0/+1
|\ \ \ | | | | | | | | use BacktraceCleaner for ActiveRecord verbose logging
| * | | Use backtrace cleaner to clean up backtrace for verbose query logsLachlan Sylvester2018-08-141-0/+1
| | | |
* | | | Merge pull request #33605 from assain/purpose-metadata-changelog-and-testsKasper Timm Hansen2018-08-152-8/+20
|\ \ \ \ | | | | | | | | | | Changelog and improved tests for purpose metadata added to cookies
| * | | | Changelog for the new purpose metadata and improved testsAssain2018-08-132-8/+20
| |/ / /
* | | | Fix rubocop offensesbogdanvlviv2018-08-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Layout/TrailingWhitespace ``` actionpack/lib/action_controller/metal/request_forgery_protection.rb:49:4: C: Layout/TrailingWhitespace: Trailing whitespace detected. # ^ ``` Related to c3787494eda - Performance/StartWith ``` tasks/release.rb:108:44: C: Performance/StartWith: Use String#start_with? instead of a regex match anchored to the beginning of the string. header += "* No changes.\n\n\n" if current_contents =~ /\A##/ ```
* | | | Use `Array#extract!` where possiblebogdanvlviv2018-08-141-2/+3
|/ / /
* | | Purpose Metadata For Signed And Encrypted CookiesAssain2018-08-123-13/+196
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose metadata prevents cookie values from being copy-pasted and ensures that the cookie is used only for its originally intended purpose. The Purpose and Expiry metadata are embedded inside signed/encrypted cookies and will not be readable on previous versions of Rails. We can switch off purpose and expiry metadata embedded in signed and encrypted cookies using config.action_dispatch.use_cookies_with_metadata = false if you want your cookies to be readable on older versions of Rails.
* | | Merge pull request #31640 from gingerlime/patch-1Richard Schneeman2018-08-101-4/+11
|\ \ \ | |/ / |/| | fixes #27157 CSRF protection documentation
| * | fixes #27157 CSRF protection documentationgingerlime2018-01-051-4/+11
| | | | | | | | | | | | | | | * removed reference to GET requests where it applies also to other HTTP verbs * updated documentation to try and better explain how CSRF protection works with XHR, and the potential exposure with CORS
* | | Merge pull request #28937 from maclover7/jm-fix-28927Rafael França2018-07-312-1/+15
|\ \ \ | | | | | | | | Default content type for `head` is `text/html`
| * | | Default content type for `head` is `text/html`Jon Moss2017-04-302-1/+15
| | | | | | | | | | | | | | | | Otherwise Mime::NullType will be returned as the `Content-Type` header.
* | | | :scissors: .Ryuta Kamizono2018-07-311-1/+1
| | | | | | | | | | | | | | | | [ci skip]
* | | | Merge pull request #33446 from ptoomey3/nested-respond-toRichard Schneeman2018-07-314-0/+70
|\ \ \ \ | | | | | | | | | | Raises exception when respond_to called multiple times in incompatible way
| * | | | Raises exception when respond_to called multiple times in incompatible wayPatrick Toomey2018-07-304-0/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nesting respond_to calls can lead to unexpected behavior, so it should be avoided. Currently, the first respond_to format match sets the content-type for the resulting response. But, if a nested respond_to occurs, it is possible to match on a different format. For example: respond_to do |outer_type| outer_type.js do respond_to do |inner_type| inner_type.html { render body: "HTML" } end end end Browsers will often include */* in their Accept headers. In the above example, such a request would result in the outer_type.js match setting the content- type of the response to text/javascript, while the inner_type.html match will cause the actual response to return "HTML". This change tries to minimize potential breakage by only raising an exception if the nested respond_to calls are in conflict with each other. So, something like the following example would not raise an exception: respond_to do |outer_type| outer_type.js do respond_to do |inner_type| inner_type.js { render body: "JS" } end end end While the above is nested, it doesn't affect the content-type of the response.
* | | | | Enable Start/EndWith and RegexpMatch copsBart de Water2018-07-286-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | In cases where the MatchData object is not used, this provides a speed-up: https://github.com/JuanitoFatas/fast-ruby/#stringmatch-vs-stringmatch-vs-stringstart_withstringend_with-code-start-code-end
* | | | | Remove Rubocop's comments from Rails code basebogdanvlviv2018-07-261-4/+0
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR#32381 added Rubocop's comments to some tests files in order to exclude `Performance/RedundantMerge`. Turn off `Performance` cops for tests files via `Exclude` in `.rubocop.yml`. Context https://github.com/rails/rails/pull/32381#discussion_r205212331
* | | | Merge pull request #32381 from q-centrix/update-codeclimate-configsRichard Schneeman2018-07-255-10/+10
|\ \ \ \ | | | | | | | | | | Turn on performance based cops
| * | | | Turn on performance based copsDillon Welch2018-07-235-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use attr_reader/attr_writer instead of methods method is 12% slower Use flat_map over map.flatten(1) flatten is 66% slower Use hash[]= instead of hash.merge! with single arguments merge! is 166% slower See https://github.com/rails/rails/pull/32337 for more conversation
* | | | | Merge pull request #33229 from ↵Matthew Draper2018-07-252-2/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | albertoalmagro/albertoalmagro/prefer-rails-command-over-bin-rails Prefer rails command over bin/rails