aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Change the system tests to set Puma as default server only when the user ↵Guillermo Iguaran2017-12-093-2/+24
| | | | haven't specified manually another server.
* Add secure `X-Download-Options` and `X-Permitted-Cross-Domain-Policies` to ↵Guillermo Iguaran2017-12-094-4/+15
| | | | default headers set.
* Merge pull request #30780 from ↵Sean Griffin2017-12-072-0/+23
|\ | | | | | | | | JackMc/fix-chrome-referrer-invalidauthenticitytoken Fix issue #30658 by checking explicitly for 'null' referrer
| * Add a better error message when a "null" Origin header occursJack McCracken2017-11-032-0/+23
| |
* | Add headless firefox driver to System Testsbogdanvlviv2017-12-076-3/+40
| |
* | Correct routing test spelling mistake.Philip Tolton2017-12-061-1/+1
| |
* | Yield array from AC::Parameters#each for block with one argDominic Cleal2017-12-062-1/+17
| | | | | | | | Matches Hash#each behaviour as used in Rails 4.
* | Add missing requireyuuji.yaginuma2017-12-051-0/+2
| | | | | | | | | | | | | | Follow up of 3c442b6df91e291ebbf17f37444414bf5f10fbe6 Without this require, it will fail when run CSP test alone. Ref: https://travis-ci.org/rails/rails/jobs/311715758#L2976
* | Fix CSP copy boolean directives (#31326)Simon Dawson2017-12-052-5/+10
| | | | | | Use Object#deep_dup to safely duplicate policy values
* | Embrace the instantiation in loving parens <3Kasper Timm Hansen2017-12-031-1/+2
| |
* | Merge pull request #31146 from ↵Kasper Timm Hansen2017-12-031-41/+83
|\ \ | | | | | | | | | | | | mikeycgto/actiondispatch-cookie-store-test-updates Update cookie_store_test to use encrypted cookies
| * | Update cookie_store_test to use encrypted cookiesMichael Coyne2017-11-271-41/+83
| | | | | | | | | | | | | | | | | | | | | This now modernizes these tests to use encrypted cookies instead of using secret_token HMACs. This commit also adds a tests to ensure session cookies with :expires_after set are invalidated and no longer accepted when the time has elapsed.
* | | Add changelog entry for 9d6e28eileencodes2017-11-301-0/+12
| | | | | | | | | | | | Since this changes a default setting a changelog entry is important.
* | | Make screenshots default to "simple" formateileencodes2017-11-292-10/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | Not everyone uses iTerm2 and whereas Terminal.app on a mac just ignores that and outputs the path, other terminals like those on Ubuntu do not. A friendlier default is one that works by default. Closes #31159 Closes #30957
* | | Fix tests: Remove ogx mime type from testsGuillermo Iguaran2017-11-291-1/+1
| | |
* | | Fix typo in mime type registeringGuillermo Iguaran2017-11-291-1/+1
| | |
* | | Restore mpeg mime type, delete less common mime typesGuillermo Iguaran2017-11-291-9/+4
| | | | | | | | | | | | See discussion in #31251
* | | Register "audio/mp4" mime type with :m4a symbolGuillermo Iguaran2017-11-291-1/+1
| | |
* | | Update send_file headers test to use mp4 as example instead of mpgGuillermo Iguaran2017-11-281-1/+1
| | |
* | | Register most popular audio/video/font mime types supported by modern browsersGuillermo Iguaran2017-11-283-7/+29
| | |
* | | Preparing for 5.2.0.beta2 releaseRafael Mendonça França2017-11-282-1/+6
| | |
* | | Fix typos and add a few suggestionsFatos Morina2017-11-281-3/+3
| | |
* | | Fix optimized url helpers when using relative url rootAndrew White2017-11-283-0/+54
|/ / | | | | | | Fixes #31220.
* | Preparing for 5.2.0.beta1 releaseRafael Mendonça França2017-11-272-1/+3
| |
* | Fix CHANGELOG for CSP PR #31162 [ci skip]Prathamesh Sonpatki2017-11-271-10/+10
| |
* | Add CHANGELOG.md entry for #31162 [ci skip]Andrew White2017-11-271-0/+60
| |
* | Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-277-0/+622
| | | | | | | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* | Merge pull request #24510 from ↵Rafael Mendonça França2017-11-252-9/+6
|\ \ | | | | | | | | | | | | | | | vipulnsward/make-variable_size_secure_compare-public Make variable_size_secure_compare public
| * | Changed default behaviour of `ActiveSupport::SecurityUtils.secure_compare`,Vipul A M2017-06-072-9/+6
| | | | | | | | | | | | | | | | | | | | | to make it not leak length information even for variable length string. Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`, and started raising `ArgumentError` in case of length mismatch of passed strings.
* | | Merge pull request #31195 from mltsy/patch-2Vipul A M2017-11-241-1/+1
|\ \ \ | | | | | | | | Fix tld_length documentation in ActionDispatch::Cookies [ci skip]
| * | | Fix tld_length documentationJoe Marty2017-11-211-1/+1
| | | | | | | | | | | | Change recommendation for tld_length (for sharing cookies across subdomains of a 2-token TLD), to 2 instead of 1.
* | | | Fix CustomUrls#direct doc formattingT.J. Schuck2017-11-221-6/+6
| | | | | | | | | | | | | | | | | | | | Particularly, the bulleted list was getting formatted as a code block because of the extra level of indentation. Pulling it back to the left makes it render properly as a list instead. [ci skip]
* | | | Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-223-6/+6
|/ / / | | | | | | [ci skip]
* | | Fix `test_session_store_with_expire_after` failure with rack-test 0.7.1Ryuta Kamizono2017-11-201-2/+2
| | | | | | | | | | | | https://travis-ci.org/rails/rails/jobs/304428814#L1977
* | | Merge pull request #30782 from NickLaMuro/improve_performance_of_inflectionsMatthew Draper2017-11-141-2/+2
|\ \ \ | | | | | | | | Cache regexps generated from acronym_regex
| * | | Deprecate ActiveSupport::Inflector#acronym_regexNick LaMuro2017-10-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To be removed in Rails 6.0 (default for the deprecate helper). Code moved around as well for the ActiveSupport::Deprecation modules, since it was dependent on ActiveSupport::Inflector being loaded for it to work. By "lazy loading" the Inflector code from within the Deprecation code, we can require ActiveSupport::Deprecation from ActiveSupport::Inflector and not get a circular dependency issue.
| * | | Cache regexps generated from acronym_regexNick LaMuro2017-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Problem ----------- The following line from `String#camelize`: string = string.sub(/^(?:#{inflections.acronym_regex}(?=\b|[A-Z_])|\w)/) { |match| match.downcase } and the following line from `String#camelize`: word.gsub!(/(?:(?<=([A-Za-z\d]))|\b)(#{inflections.acronym_regex})(?=\b|[^a-z])/) { "#{$1 && '_'.freeze }#{$2.downcase}" }#{$2.downcase}" } Both generate the same regexep in the first part of the `.sub`/`.gsub` method calls every time the function is called, creating an extra object allocation each time. The value of `acronym_regex` only changes if the user decides add an acronym to the current set of inflections and apends another string on the the regexp generated here, but beyond that it remains relatively static. This has been around since acronym support was introduced back in 2011 in PR#1648. Proposed Solution ----------------- To avoid re-generating these strings every time these methods are called, cache the values of these regular expressions in the `ActiveSupport::Inflector::Inflections` instance, making it so these regular expressions are only generated once, or when the acronym's are added to. Other notable changes is the attr_readers are nodoc'd, as they shouldn't really be public APIs for users. Also, the new method, define_acronym_regex_patterns, is the only method in charge of manipulating @acronym_regex, and initialize_dup also makes use of that new change. ** Note about fix for non-deterministic actionpack test ** With the introduction of `@acronym_underscore_regex` and `@acronym_camelize_regex`, tests that manipulated these for a short time, then reset them could caused test failures to happen. This happened because the previous way we reset the `@acronyms` and `@acronym_regex` was the set them using #instance_variable_set, which wouldn't run the #define_acronym_regex_patterns method. This has now been introduced into the actionpack tests to avoid this failure.
* | | | Bump RuboCop to 0.51.0Koichi ITO2017-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Summary RuboCop 0.51.0 was released. https://github.com/bbatsov/rubocop/releases/tag/v0.51.0 And rubocop-0-51 channel is available in Code Climate. https://github.com/codeclimate/codeclimate-rubocop/issues/109 This PR will bump RuboCop to 0.51.0 and fixes the following new offenses. ```console % bundle exec rubocop Inspecting 2358 files (snip) Offenses: actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. [key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')] ^^^^ activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. assert_raise(LoadError) { require 'no_this_file_don\'t_exist' } ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2358 files inspected, 2 offenses detected ```
* | | | Merge pull request #31099 from nobu/patch-1Rafael Mendonça França2017-11-091-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | Use `Tempfile.create`
| * | | | Use `Dir.mktmpdir`Nobuyoshi Nakada2017-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | As `@cache_path` is expected to be a directory name, use `Dir.mktmpdir`. And omit unnecessary `Dir.tmpdir`.
| * | | | Use `Tempfile.create`Nobuyoshi Nakada2017-11-091-1/+1
|/ / / / | | | | | | | | Instead of `Dir::Tmpname.make_tmpname`, an internal method which does not guarantee uniqueness, use `Tempfile.create`.
* | | | Merge pull request #31078 from aeroastro/feature/fix-typoRafael França2017-11-091-2/+2
|\ \ \ \ | | | | | | | | | | Fix typoes on ActionDispatch::HTTP::FilterParameters
| * | | | Fix typo on ActionDispatc::HTTP::FilterParametersTakumasa Ochi2017-11-071-2/+2
| | | | |
* | | | | Fix merge conflict and rubocop offencesRyuta Kamizono2017-11-071-19/+18
| | | | |
* | | | | Merge pull request #22435 from yui-knk/fix_engine_route_testRafael Mendonça França2017-11-065-6/+91
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | Make `assert_recognizes` to traverse mounted engines
| * | | | | Make `assert_recognizes` to traverse mounted enginesyui-knk2016-04-235-6/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit paths of mounted engines are not traversed when `assert_recognizes` is called, causing strange test results. This commit enable to traverse mounted paths.
* | | | | | Explicitly pass window handle to `resize_window_to`yuuji.yaginuma2017-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike `resize_window`, `resize_window_to` has three arguments. https://github.com/thoughtbot/capybara-webkit/blob/d63c3c8e3ae844f0c59359532a6dcb50f4a64d0a/lib/capybara/webkit/driver.rb#L135-L143 Therefore, if pass only width and height just like `resize_window`, `ArgumentError`will be raised. To prevent this, explicitly pass window handler. Follow up of #31046
* | | | | | Merge pull request #31055 from ↵Ryuta Kamizono2017-11-051-0/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | y-yagi/show_request_forgery_protection_methods_in_api_doc Show `RequestForgeryProtection` methods in api doc [ci skip]
| * | | | | | Show `RequestForgeryProtection` methods in api doc [ci skip]yuuji.yaginuma2017-11-051-0/+1
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several methods of `RequestForgeryProtection` are not showed in the api doc even though `:doc:` is specified. (e.g. `form_authenticity_param`) http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html These methods are listed in the doc of v4.1. http://api.rubyonrails.org/v4.1/classes/ActionController/RequestForgeryProtection.html This is due to the influence of `:nodoc:` added in #18102, methods after `CROSS_ORIGIN_JAVASCRIPT_WARNING` not showed from the doc. Therefore, in order to show the method like originally, added `startdoc` after `CROSS_ORIGIN_JAVASCRIPT_WARNING`.
* | | | | | Merge pull request #31046 from NARKOZ/fix-capybara-webkit-deprecationEileen M. Uchitelle2017-11-041-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix Capybara::Webkit::Driver#resize_window deprecation warning