aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Fix typo for redirect_backArkadiusz Fal2016-03-221-1/+1
| | | | | indetical -> identical [skip ci]
* guides, sync railties and AP changelogs with 5.0 release notes.Yves Senn2016-03-221-12/+8
| | | | | | | | | | [ci skip] This updates the 5.0 release notes guide to reflect changes that happened after beta1 has been released. I'll sync the other changelogs later today but I'll push this batch to prevent against cumbersome merge conflicts.
* Fix request.reset_session for API controllersJon Moss2016-03-192-1/+5
| | | | | | | | | | | | Due to that `ActionDispatch::Flash` (the flash API's middleware) is not included for API controllers, the `request.reset_session` method, which relies on there being a `flash=` method which is in fact defined by the middleware, was previously breaking. Similarly to how add46482a540b33184f3011c5c307f4b8e90c9cc created a method to be overridden by the flash middleware in order to ensure non-breakage, this is how flashes are now reset. Fixes #24222
* Add explanation about accepts_nested_attributes_for keys in the strong ↵Bart de Water2016-03-121-2/+3
| | | | parameters documentation [skip ci]
* Break up a circular require between AP/AVSean Griffin2016-03-113-3/+6
| | | | | | | | | | | | | | | | | | Right now referencing the constant `AbstractController::Rendering` causes `ActionView::Base` to be loaded, and thus the load hooks for action_view are run. If that load hook references any part of action view that then references action controller (such as `ActionView::TestCase`), the constant `AbstractController::Rendering` will attempt to be autoloaded and blow up. With this change, `ActionView::LoadPaths` no longer requires `ActionView::Base` (which it had no reason to require). There was a needed class from `AbstractController::Base` in the Rendering module, which I've moved into its own file so we don't need to load all of `AbstractController::Base` there. This commit fixes https://github.com/rails/rails-controller-testing/issues/21
* Use the most highest priority exception handler when cause is setSean Griffin2016-03-112-2/+39
| | | | | | | | | | | | There was some subtle breakage caused by #18774, when we removed `#original_exception` in favor of `#cause`. However, `#cause` is automatically set by Ruby when raising an exception from a rescue block. With this change, we will use whichever handler has the highest priority (whichever call to `rescue_from` came last). In cases where the outer has lower precidence than the cause, but the outer is what should be handled, cause will need to be explicitly unset. Fixes #23925
* Merge pull request #22854 from jcoyne/missing_templateSean Griffin2016-03-113-1/+23
|\ | | | | | | Default rendering behavior if respond_to collector doesn't have a block.
| * Render default template if block doesn't renderJustin Coyne2016-02-253-1/+23
| | | | | | | | | | | | | | | | When a `respond_to` collector doesn't have a response, then a `:no_content` response should be rendered. This brings the default rendering behavior introduced by https://github.com/rails/rails/issues/19036 to controller methods employing `respond_to`
* | [skip ci] Reorder paragraphsDamir2016-03-101-3/+3
| | | | | | The previous order made sense [when `match` was used twice to point to two different actions](https://github.com/rails/rails/commit/7305ef842b675bf965f063de681a96294577fb84). In this case the note was misleading as posting to `/posts/:id` would still route to `show` action.
* | revises the homepage URL in the gemspecs [ci skip]Xavier Noria2016-03-101-1/+1
| | | | | | | | References https://github.com/rails/homepage/issues/46.
* | add return values to example [ci skip]yuuji.yaginuma2016-03-101-1/+1
| |
* | Add `ActionController::Parameters#dig`Sean Griffin2016-03-093-0/+40
| | | | | | | | | | | | This method will only be added when used with Ruby 2.3.0 or greater. This method has the same behavior as `Hash#dig`, except it will convert hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
* | Add changelog entry for #24115 [ci skip]Rafael Mendonça França2016-03-091-0/+5
| |
* | Pass headers through to payload for logging.Gareth du Plooy2016-03-082-0/+7
| | | | | | | | Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
* | extract ActionDispatch::IntegrationTest::BehaviorScott Bronson2016-03-071-22/+35
| | | | | | | | | | Similar to 176fbfd6, this makes it possible for other test frameworks to hook into Rails integration test facilities.
* | Merge pull request #24086 from yui-knk/do_not_ad_integration_test_classYves Senn2016-03-072-0/+7
|\ \ | | | | | | | | | Prevent not-intended loading of `ActionDispatch::IntegrationTest`
| * | Prevent not-intended loading of `ActionDispatch::IntegrationTest`yui-knk2016-03-072-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After 9d378747326d26cf1afdac4433ead22967af0984 `ActionDispatch::IntegrationTest` class is loaded and defined in all Rails environments, not only test but also production. This is not-intended loading of a class which is only used in test environment. To prevent not-intended loading, add `ActiveSupport.run_load_hooks` to `ActionDispatch::IntegrationTest` with `action_dispatch_integration_test` name and use it in `ActionMailer`.
* | | Merge pull request #24091 from mcfiredrill/fix-helper-method-docsRafael França2016-03-071-1/+2
|\ \ \ | |/ / |/| | clarify that helper_method makes both methods available in the view [ci skip]
| * | clarify that helper_method makes both methods available in the viewTony Miller2016-03-071-1/+2
| | | | | | | | | | | | | | | It's probably obvious to most, but clarify that `:helper_method` will make both of these methods available to the view.
* | | Remove http_cache_forever's version parameterJean Boussier2016-03-052-13/+3
| | |
* | | [ci skip] Fix constrain_to documentation.Kasper Timm Hansen2016-03-031-1/+1
| | | | | | | | | | | | | | | Forgot to update the documentation on the line just above the one I was changing in 4933132. Well done, Kasper :+1:
* | | Rename constrain_to to exclude.Kasper Timm Hansen2016-03-032-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some. The `constrain_to` option inverts this, so it sounds like the middleware only handles a few requests, rather than the majority with a few routes to opt out of the redirect. Renaming to `exclude` matches this intent more closely.
* | | Merge pull request #24027 from mechanicles/a-to-anXavier Noria2016-03-034-7/+7
|\ \ \ | | | | | | | | Change 'a HTTP' to 'an HTTP' [ci skip]
| * | | Change 'a HTTP' to 'an HTTP' [ci skip]Santosh Wadghule2016-03-034-7/+7
| | | |
* | | | Niceify the dynamic routes deprecation messagesJon Atack2016-03-031-2/+8
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up to #23980. - Fix grammar: "be remove" -> "be removed". - Wrap lines at 80 chars. Lurvely ;-)
* | | Do not run app.executor callbacks in integration testsJorge Bejar and Santiago Pastorino2016-03-021-11/+2
| | | | | | | | | | | | | | | | | | | | | | | | This reverts changes made to integration tests in PR #23807. The issue happens when using capybara with a driver that needs to start a server in a separate thread like (poltergeist, selenium, etc). Both threads the capybara server one and the test thread end running syncronize over the interlock.
* | | Merge pull request #23999 from maxehmookau/patch-1Rafael França2016-03-021-1/+1
|\ \ \ | | | | | | | | Fix typo in implicit_render
| * | | Fix typo in implicit_renderMax Woolf2016-03-021-1/+1
| | | | | | | | | | | | When trying to make a request and the request doesn't have a suitable template, the new error messages are really helpful but there's a small (and I mean, VERY small) typo that has been bugging me for the last few days. This adds the space and restores order to the universe. :heart:
* | | | [ci skip] Use rails routes instead of rake routes in inspector test descriptionAbhishek Jain2016-03-021-9/+9
|/ / /
* | | Merge pull request #23932 from arthurnn/arthurnn/remove_load_pathsArthur Nogueira Neves2016-03-011-2/+0
|\ \ \ | | | | | | | | Remove load_paths file
| * | | Remove load_paths fileArthur Neves2016-02-271-2/+0
| | | |
* | | | Merge pull request #23980 from rails/deprecate-controller-action-segmentsAndrew White2016-03-0131-212/+477
|\ \ \ \ | | | | | | | | | | Deprecate :controller and :action path parameters
| * | | | Deprecate :controller and :action path parametersAndrew White2016-03-0131-212/+477
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | | | | Don't reference Rails.application from inside a componentMatthew Draper2016-03-022-10/+8
| | | | |
* | | | | Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-029-105/+250
|/ / / / | | | | | | | | | | | | | | | | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* | | | Merge pull request #23963 from gsamokovarov/exception-wrapper-no-ac-requireKasper Timm Hansen2016-02-291-1/+0
|\ \ \ \ | | | | | | | | | | Drop Action Controller require in ActionDispatch::ExceptionWrapper
| * | | | Drop Action Controller require in ActionDispatch::ExceptionWrapperGenadi Samokovarov2016-02-291-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We only reference the Action Controller error classes by name in ActionDispatch::ExceptionWrapper, so there is no need to explicitly require them. It drops a tiny coupling between Action Dispatch and Action Controller, so it makes me feel warm inside. We still have a lot of others AC requires in the AD code base, but here, we can save it. [ci skip]
* | | | | Add documentation for #13897 [skip ci]Bart de Water2016-02-291-3/+9
|/ / / /
* / / / add `constraint_to` option to SSL middlewareGreg Molnar2016-02-282-2/+13
|/ / /
* | | :nail_care:Rafael Mendonça França2016-02-251-2/+2
| | |
* | | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-252-8/+28
|\ \ \ | | | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | | Update documentation and deprecation messagePrathamesh Sonpatki2016-02-251-3/+3
| | | |
| * | | Added deprecation for older appsPrathamesh Sonpatki2016-02-252-8/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - For old apps which are not setting any value for hsts[:subdomains], a deprecation warning will be shown saying that hsts[:subdomains] will be turned on by default in Rails 5.1. Currently it will be set to false for backward compatibility. - Adjusted tests to reflect this change.
| * | | HSTS without IncludeSubdomains is often uselessEgor Homakov2016-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Because if you forget to add Secure; to the session cookie, it will leak to http:// subdomain in some cases 2) Because http:// subdomain can Cookie Bomb/cookie force main domain or be used for phishing. That's why *by default* it must include subdomains as it's much more common scenario. Very few websites *intend* to leave their blog.app.com working over http:// while having everything else encrypted. Yes, many developers forget to add subdomains=true by default, believe me :)
* | | | Revert "Merge pull request #20851 from tomprats/indifferent-sessions"Matthew Draper2016-02-263-21/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39. This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
* | | | Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-268-127/+16
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* | | Additional review of 6b31761.Kasper Timm Hansen2016-02-252-2/+1
| | | | | | | | | | | | | | | * Fixes typos in error message and release notes. * Removes unused template test file.
* | | Lock down new `ImplicitRender` behavior for 5.0 RCGodfrey Chan2016-02-259-53/+190
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Conceptually revert #20276 The feature was implemented for the `responders` gem. In the end, they did not need that feature, and have found a better fix (see plataformatec/responders#131). `ImplicitRender` is the place where Rails specifies our default policies for the case where the user did not explicitly tell us what to render, essentially describing a set of heuristics. If the gem (or the user) knows exactly what they want, they could just perform the correct `render` to avoid falling through to here, as `responders` did (the user called `respond_with`). Reverting the patch allows us to avoid exploding the complexity and defining “the fallback for a fallback” policies. 2. `respond_to` and templates are considered exhaustive enumerations If the user specified a list of formats/variants in a `respond_to` block, anything that is not explicitly included should result in an `UnknownFormat` error (which is then caught upstream to mean “406 Not Acceptable” by default). This is already how it works before this commit. Same goes for templates – if the user defined a set of templates (usually in the file system), that set is now considered exhaustive, which means that “missing” templates are considered `UnknownFormat` errors (406). 3. To keep API endpoints simple, the implicit render behavior for actions with no templates defined at all (regardless of formats, locales, variants, etc) are defaulted to “204 No Content”. This is a strictly narrower version of the feature landed in #19036 and #19377. 4. To avoid confusion when interacting in the browser, these actions will raise an `UnknownFormat` error for “interactive” requests instead. (The precise definition of “interactive” requests might change – the spirit here is to give helpful messages and avoid confusions.) Closes #20666, #23062, #23077, #23564 [Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
* | Merge pull request #23862 from prathamesh-sonpatki/test-for-strong-etagRafael França2016-02-241-0/+8
|\ \ | | | | | | Added a test for generating Strong ETag
| * | Added a test for generating Strong ETagPrathamesh Sonpatki2016-02-241-0/+8
| | |