aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Make `config.force_ssl` less dangerous to try and easier to disableJeremy Daer2015-09-073-200/+252
| | | | | | | | | | | | | | | | | | | | | | | | SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
* Remove mocha from ActionPack testsMarcin Olichwirowicz2015-09-058-90/+132
|
* implement abstract store methodsAaron Patterson2015-09-044-8/+8
| | | | converts old ID methods to the new abstract store methods in Rack
* stop using deprecated Abstract::ID classAaron Patterson2015-09-044-4/+4
|
* stop inheriting from Rack::RequestAaron Patterson2015-09-0411-21/+23
| | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* use `Rack::Utils.unescape_path` to unescape pathsAaron Patterson2015-09-041-3/+3
| | | | | | Escaping and unescaping paths is different than query parameters, and we need to respect that. This commit uses the new method in Rack to escape and unescape paths. Fixes #11816
* Merge pull request #21483 from justanshulsharma/add-ip6-addressEileen M. Uchitelle2015-09-031-1/+1
|\ | | | | [ci skip] Added localhost IPv6
| * [ci skip] Added localhost IPv6Anshul Sharma2015-09-031-1/+1
| |
* | Fix route creation when format is a blank stringeileencodes2015-09-022-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit bff61ba, while reducing allocations, caused a regression when an empty format is passed to a route. This can happen in cases where you're using an anchor tag, for example: `https://example.com/parent/575256966.#child_1032289285`. Because of this change `format` was getting sent in `parameterized_parts` when previously it was not included. This resulted in blank `format`'s being returned as `.` when if there was an extension included it would be `.extension`. Since there was no extension this caused incorrect URL's. The test shows this would result in `/posts/show/1.` instead of `/posts/show/1` which causes bad urls since the format is not present.
* | typo "description not clear corrected with proper description and ↵kishore-mohan2015-09-021-2/+2
| | | | | | | | action_controller_overview file Rails' -> Rails" [ci skip]
* | Remove not used requiresMarcin Olichwirowicz2015-09-017-13/+2
| |
* | Fix bug where cookies mutated by request were not persistedeileencodes2015-09-013-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
* | Merge pull request #19788 from cmdrclueless/actionpack_http_url_ipv6Rafael Mendonça França2015-09-012-1/+46
|\ \ | | | | | | Fix broken IPv6 addresses handling
| * | Fix broken IPv6 addresses handlingBrian Weaver2015-04-162-1/+46
| | |
* | | Merge pull request #21298 from rodzyn/remove_dead_codeRafael Mendonça França2015-09-011-4/+0
|\ \ \ | | | | | | | | Remove dead code
| * | | Remove dead codeMarcin Olichwirowicz2015-08-191-4/+0
| | | |
* | | | add a method for getting the http auth saltAaron Patterson2015-08-292-2/+6
| | | |
* | | | env to get_header conversionAaron Patterson2015-08-291-1/+1
| | | |
* | | | fixes example for consistency [ci skip]Xavier Noria2015-08-291-3/+3
| | | |
* | | | swaps words [ci skip]Xavier Noria2015-08-291-1/+1
| | | |
* | | | revamps the docs of strong params require [ci skip]Xavier Noria2015-08-291-9/+40
| | | | | | | | | | | | | | | | References #19565.
* | | | Set the content-type to `text/html` if the options[:html] is trueakihiro172015-08-292-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | In this commit, we set the content-type to `text/html` in AbstractController if the `options[:html]` is true so that we don't include ActionView::Rendering into ActionController::Metal to set it properly. I removed the if `options[:plain]` statement because `AbstractController#rendered_format` returns `Mime::TEXT` by default.
* | | | revises 877e42eXavier Noria2015-08-282-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * A string in the example lacked quotes. * The tests asserted stuff about :last_name, whereas test params do not have that key. * But, the first one passed, why? After hitting my head against the wall and doing some obscure rituals realized the new #require had an important typo, wanted to iterate over the array argument (key), but it ran over its own hash keys (method #keys). * Modified the test to prevent the same typo to happen again. * The second test assigned to an unused variable safe_params that has been therefore removed. * Grammar of the second test description. * Since I was on it, reworded both test descriptions.
* | | | [Feature] params.require requires array of paramsGaurish Sharma2015-08-282-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this: ```ruby params.require(:person).require(:first_name) params.require(:person).require(:last_name) ``` Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line: ```ruby params.require(:person).require([:first_name, :last_name]) ``` Comments welcome
* | | | Merge pull request #21396 from rodzyn/code-cleanupGuillermo Iguaran2015-08-282-13/+2
|\ \ \ \ | | | | | | | | | | Code cleanup
| * | | | Code cleanupMarcin Olichwirowicz2015-08-272-13/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries and remove not used private method. Apparently this method was used in `ActionDispatch::Http::Request` - fixed by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
* | | | | Revert "this always sets :public to false, so just do that"Aaron Patterson2015-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit cae2b5bb59212961c4a35c939381ebece48d1177. I am an idiot.
* | | | | this always sets :public to false, so just do thatAaron Patterson2015-08-271-1/+1
| | | | |
* | | | | remove dependency on `@cache_control` ivarAaron Patterson2015-08-271-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | eventually we'll remove this instance variable, but this is the first step
* | | | | remove `@etag` ivarAaron Patterson2015-08-271-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | we're storing the value in the headers hash, so lets just store the value in one place.
* | | | | use the abstract API in modulesAaron Patterson2015-08-272-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | | Modules should be using the API that the abstract modules use so that we can move these modules between implementations
* | | | | remove useless conditionalAaron Patterson2015-08-271-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | cookies are always stored as a string in the header hash, so it will not need to be joined.
* | | | | implement the API required by the abstract Rack request.Aaron Patterson2015-08-271-16/+8
| | | | |
* | | | | use the non-hash dependent Rack utils APIAaron Patterson2015-08-271-2/+2
| |_|_|/ |/| | | | | | | | | | | eventually we will refactor this to not know about header hashes
* | | | minor copy edit. [ci skip]Yves Senn2015-08-271-2/+2
| | | | | | | | | | | | | | | | Follow up to #21384.
* | | | Merge pull request #21384 from ↵Yves Senn2015-08-273-2/+17
|\ \ \ \ | |/ / / |/| | | | | | | | | | | jeremyf/updating-ActionController-TestSession-to-behave-as-a-hash-with-indifferent Updating TestSession to access with indifference
| * | | Updating TestSession to access with indifferenceJeremy Friesen2015-08-263-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following Rails code failed (with a `KeyError` exception) under test: ```ruby class ApplicationController < ActionController::Base def user_strategy # At this point: # ```ruby # session == { # "user_strategy"=>"email", # "user_identifying_value"=>"hello@world.com" # } # ``` if session.key?(:user_strategy) session.fetch(:user_strategy) end end end ``` When I checked the session's keys (`session.keys`), I got an array of strings. If I accessed `session[:user_strategy]` I got the expected `'email'` value. However if I used `session.fetch(:user_strategy)` I got a `KeyError` exception. This appears to be a Rails 4.2.4 regression (as the code works under Rails 4.2.3). Closes #21383
* | | | remove redefined methodAaron Patterson2015-08-261-3/+0
| | | | | | | | | | | | | | | | | | | | Rack::Response::Helpers implements this method, so we can safely remove it
* | | | Remove useless conditionalAaron Patterson2015-08-261-1/+1
| | | | | | | | | | | | | | | | | | | | If the response method is defined, then calling `response` will return a response.
* | | | remove useless codeAaron Patterson2015-08-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If AV::Rendering is mixed in, then `rendered_format` will be calculated based on the current `lookup_context`, but calling `_process_format` will set the `rendered_format` back on to the same lookup context where we got the information in the first place! Instead of getting information from an object, then setting the same information back on to that object, lets just do nothing instead!
* | | | only call self.content_type= when there is a responseAaron Patterson2015-08-263-4/+18
| | | | | | | | | | | | | | | | | | | | Apparently the AbstractController (whatever "abstract" means) is expected to work without a request and response.
* | | | Pull `plain` content type handling up to `render`Aaron Patterson2015-08-262-8/+5
| | | | | | | | | | | | | | | | | | | | `render` is the only possible source for the `plain` option. Pulling the conditional up to the `render` method removes far away conditionals
* | | | stop passing the options hash to `_process_format`Aaron Patterson2015-08-262-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | We don't need to pass the full hash just to pull one value out. It's better to just pass the value that the method needs to know about so that we can abstract it away from "options"
* | | | remove RackDelegation moduleAaron Patterson2015-08-2613-71/+16
| | | | | | | | | | | | | | | | | | | | | | | | Since all controller instances are required to have a request and response object, RackDelegation is no longer needed (we always have to delegate to the response)
* | | | remove useless methodAaron Patterson2015-08-261-5/+0
| | | | | | | | | | | | | | | | | | | | the subclass sets the body on the response object, so we don't need the superclass doing it too
* | | | include ActionView::Rendering in the minimal controllerAaron Patterson2015-08-262-1/+2
| | | | | | | | | | | | | | | | without this module, the content type is not set correctly
* | | | Merge pull request #21387 from ronakjangir47/remove_dup_minitestKasper Timm Hansen2015-08-261-1/+0
|\ \ \ \ | | | | | | | | | | Removed duplicate require 'minitest/mock'
| * | | | Removed duplicate requiring minitest/mock as it is already required in ↵Ronak Jangir2015-08-261-1/+0
| |/ / / | | | | | | | | | | | | method_call_assertions
* | | | `headers` should delegate to the response objectAaron Patterson2015-08-261-1/+2
| | | |
* | | | remove useless status setAaron Patterson2015-08-261-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | Now that `Controller#status=` just delegates to the response object, we don't need to set the response on the controller and the response. We can just set it in one place.