| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
haven't specified manually another server.
|
|
|
|
| |
default headers set.
|
|\
| |
| |
| |
| | |
JackMc/fix-chrome-referrer-invalidauthenticitytoken
Fix issue #30658 by checking explicitly for 'null' referrer
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Matches Hash#each behaviour as used in Rails 4.
|
| |
| |
| |
| |
| |
| |
| | |
Follow up of 3c442b6df91e291ebbf17f37444414bf5f10fbe6
Without this require, it will fail when run CSP test alone.
Ref: https://travis-ci.org/rails/rails/jobs/311715758#L2976
|
| |
| |
| | |
Use Object#deep_dup to safely duplicate policy values
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
mikeycgto/actiondispatch-cookie-store-test-updates
Update cookie_store_test to use encrypted cookies
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This now modernizes these tests to use encrypted cookies instead of
using secret_token HMACs. This commit also adds a tests to ensure
session cookies with :expires_after set are invalidated and no longer
accepted when the time has elapsed.
|
| | |
| | |
| | |
| | | |
Since this changes a default setting a changelog entry is important.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Not everyone uses iTerm2 and whereas Terminal.app on a mac just ignores
that and outputs the path, other terminals like those on Ubuntu do not.
A friendlier default is one that works by default.
Closes #31159
Closes #30957
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
See discussion in #31251
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| | |
Fixes #31220.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|\ \
| | |
| | |
| | |
| | |
| | | |
vipulnsward/make-variable_size_secure_compare-public
Make variable_size_secure_compare public
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
to make it not leak length information even for variable length string.
Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`,
and started raising `ArgumentError` in case of length mismatch of passed strings.
|
|\ \ \
| | | |
| | | | |
Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
|
| | | |
| | | |
| | | | |
Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead.
[ci skip]
|
|/ / /
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | | |
https://travis-ci.org/rails/rails/jobs/304428814#L1977
|
|\ \ \
| | | |
| | | | |
Cache regexps generated from acronym_regex
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To be removed in Rails 6.0 (default for the deprecate helper). Code
moved around as well for the ActiveSupport::Deprecation modules, since
it was dependent on ActiveSupport::Inflector being loaded for it to
work. By "lazy loading" the Inflector code from within the Deprecation
code, we can require ActiveSupport::Deprecation from
ActiveSupport::Inflector and not get a circular dependency issue.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The Problem
-----------
The following line from `String#camelize`:
string = string.sub(/^(?:#{inflections.acronym_regex}(?=\b|[A-Z_])|\w)/) { |match| match.downcase }
and the following line from `String#camelize`:
word.gsub!(/(?:(?<=([A-Za-z\d]))|\b)(#{inflections.acronym_regex})(?=\b|[^a-z])/) { "#{$1 && '_'.freeze }#{$2.downcase}" }#{$2.downcase}" }
Both generate the same regexep in the first part of the `.sub`/`.gsub`
method calls every time the function is called, creating an extra object
allocation each time. The value of `acronym_regex` only changes if the
user decides add an acronym to the current set of inflections and apends
another string on the the regexp generated here, but beyond that it
remains relatively static.
This has been around since acronym support was introduced back in 2011
in PR#1648.
Proposed Solution
-----------------
To avoid re-generating these strings every time these methods are
called, cache the values of these regular expressions in the
`ActiveSupport::Inflector::Inflections` instance, making it so these
regular expressions are only generated once, or when the acronym's are
added to.
Other notable changes is the attr_readers are nodoc'd, as they shouldn't
really be public APIs for users. Also, the new method,
define_acronym_regex_patterns, is the only method in charge of
manipulating @acronym_regex, and initialize_dup also makes use of that
new change.
** Note about fix for non-deterministic actionpack test **
With the introduction of `@acronym_underscore_regex` and
`@acronym_camelize_regex`, tests that manipulated these for a short
time, then reset them could caused test failures to happen. This
happened because the previous way we reset the `@acronyms` and
`@acronym_regex` was the set them using #instance_variable_set, which
wouldn't run the #define_acronym_regex_patterns method.
This has now been introduced into the actionpack tests to avoid this
failure.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
## Summary
RuboCop 0.51.0 was released.
https://github.com/bbatsov/rubocop/releases/tag/v0.51.0
And rubocop-0-51 channel is available in Code Climate.
https://github.com/codeclimate/codeclimate-rubocop/issues/109
This PR will bump RuboCop to 0.51.0 and fixes the following new
offenses.
```console
% bundle exec rubocop
Inspecting 2358 files
(snip)
Offenses:
actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C:
Prefer double-quoted strings unless you need single quotes to avoid
extra backslashes for escaping.
[key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')]
^^^^
activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer
double-quoted strings unless you need single quotes to avoid extra
backslashes for escaping.
assert_raise(LoadError) { require 'no_this_file_don\'t_exist' }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
2358 files inspected, 2 offenses detected
```
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
Use `Tempfile.create`
|
| | | | |
| | | | |
| | | | |
| | | | | |
As `@cache_path` is expected to be a directory name, use `Dir.mktmpdir`.
And omit unnecessary `Dir.tmpdir`.
|
|/ / / /
| | | |
| | | | |
Instead of `Dir::Tmpname.make_tmpname`, an internal method which does not guarantee uniqueness, use `Tempfile.create`.
|
|\ \ \ \
| | | | |
| | | | | |
Fix typoes on ActionDispatch::HTTP::FilterParameters
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Make `assert_recognizes` to traverse mounted engines
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Before this commit paths of mounted engines are not traversed
when `assert_recognizes` is called, causing strange test results.
This commit enable to traverse mounted paths.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Unlike `resize_window`, `resize_window_to` has three arguments.
https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143
Therefore, if pass only width and height just like `resize_window`,
`ArgumentError`will be raised.
To prevent this, explicitly pass window handler.
Follow up of #31046
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
y-yagi/show_request_forgery_protection_methods_in_api_doc
Show `RequestForgeryProtection` methods in api doc [ci skip]
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Several methods of `RequestForgeryProtection` are not showed in the api
doc even though `:doc:` is specified.
(e.g. `form_authenticity_param`)
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
These methods are listed in the doc of v4.1.
http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html
This is due to the influence of `:nodoc:` added in #18102, methods after
`CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc.
Therefore, in order to show the method like originally, added `startdoc`
after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix Capybara::Webkit::Driver#resize_window deprecation warning
|