| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
willbryant/flash_must_not_load_session_on_every_request_master
Fix the Flash middleware loading the session on every request
|
| |
| |
| |
| | |
dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.
Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:
Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/
Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493
WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183
Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d
Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373
HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428
Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html
Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/
Fixes #4144
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Remove some unused variable assignments
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Change check_box to work inverting the checked and unchecked value
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes:
* Boolean with inverted logic
* Integer with inverted logic
* BigDecimal with inverted logic
Fixes #3995
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
carlosantoniodasilva/partial-layout-collection-item
Partial layout collection item
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
is given
Layout is never an available option when rendering with the shortcut
`render @collection`.
|
| | | |
| | | |
| | | |
| | | | |
with partial + collection
|
| | | |
| | | |
| | | |
| | | | |
partial + object
|
| |/ /
| | |
| | |
| | | |
partial + collection
|
|\ \ \
| |/ /
|/| | |
Removed the sanitize_dom_id method
|
| | |
| | |
| | |
| | | |
anything except nothing and whitespace for id's
|
| | |
| | |
| | |
| | | |
Fix failing test: Mime::JS generates "text/javascript"
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
JSONP should use mimetype application/javascript
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | | |
application/javascript
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
closes #3341
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This may break existing tests that are asserting the whole session contents
but should not break existing tests that are asserting individual keys - e.g:
class SomeControllerTest < ActionController::TestCase
setup do
session['user_id'] = 1
end
test "some test" do
get :some_action, nil, { 'another_var' => 2 }
# This assertion will now fail
assert_equal({ 'another_var' => 2 }, session)
# This assertion will still pass
assert_equal 2, session['another_var]
end
end
Fixes #1529.
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The latter doesn't render as code in HTML output.
Regex used in Rubymine to locate the latter form:
(\+)(:*\w+:(?::|\w)+)(\+)
|
|\ \ \ \
| | | | |
| | | | | |
Shadowing variable warning removed
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- do not use merge! just for 2 values
- there is no need to check block arity
|
| | | | | |
|
| | | | | |
|
|/ / / / |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This feature enables the ability to load an
external routes file from the router via:
draw :filename
External routes files go in +config/routes+. This
feature works in both engines and applications.
|
|\ \ \ |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Remote ip logic and validation. IPv6 support.
|
| |/ / /
| | | |
| | | |
| | | | |
tests.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|