aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #33973 from rails/remove-catch-allAaron Patterson2018-09-252-0/+6
|\ | | | | Remove deprecated catch-all route in the AV tests
| * Add hack to deal with warningsAaron Patterson2018-09-241-1/+1
| | | | | | | | | | We should be able to remove this once the catch-all route is gone from AP
| * Remove deprecated catch-all route in the AV testsAaron Patterson2018-09-242-0/+6
| | | | | | | | | | | | | | | | This commit removes a deprecated catch-all route in the AV tests. It defines and includes the necessary routes for each test such that we don't need the catch-all anymore. This also helps push us toward #33970
* | Merge pull request #33829 from mtsmfm/encode-filenameKasper Timm Hansen2018-09-235-6/+99
|\ \ | | | | | | Encode Content-Disposition filenames on send_data and send_file
| * | Encode Content-Disposition filenames on send_data and send_fileFumiaki MATSUSHIMA2018-09-135-6/+99
| | |
* | | Merge pull request #33949 from sjain1107/no-private-defKasper Timm Hansen2018-09-232-12/+15
|\ \ \ | | | | | | | | Remove private def
| * | | Remove private defSakshi Jain2018-09-232-12/+15
| | | |
* | | | Enable `Performance/UnfreezeString` copyuuji.yaginuma2018-09-2322-31/+30
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`. ```ruby # frozen_string_literal: true require "bundler/inline" gemfile(true) do source "https://rubygems.org" gem "benchmark-ips" end Benchmark.ips do |x| x.report('+@') { +"" } x.report('dup') { "".dup } x.compare! end ``` ``` $ ruby -v benchmark.rb ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux] Warming up -------------------------------------- +@ 282.289k i/100ms dup 187.638k i/100ms Calculating ------------------------------------- +@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s Comparison: +@: 6775299.3 i/s dup: 3320400.7 i/s - 2.04x slower ```
* | | Merge pull request #33934 from tgxworld/add_missing_test_caseRyuta Kamizono2018-09-211-0/+7
|\ \ \ | |_|/ |/| | Add missing test case for `redirect_to` when request includes a port.
| * | Add missing test case for `redirect_to` when request includes a port.Guo Xiang Tan2018-09-211-0/+7
| | |
* | | Merge pull request #32932 from y-yagi/fixes_32920Yuji Yaginuma2018-09-202-1/+16
|\ \ \ | |/ / |/| | Add CSP nonce to `style-src` directive
| * | Add CSP nonce to `style-src` directiveyuuji.yaginuma2018-05-192-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For nonce, only `script-src` and` style-src` are meaningful in the definition of Content Security Policy Level 2. https://www.w3.org/TR/CSP2/#script-src-nonce-usage https://www.w3.org/TR/CSP2/#style-src-nonce-usage Therefore, I think that customization function not needs and it is enough to enable both directives inside the framework. Fixes #32920
* | | [ci skip] Fix documentation for Response#content_typeprintercu2018-09-141-10/+10
| | |
* | | Make sure the flash method is defined even if helpers are not presentRafael Mendonça França2018-09-132-6/+11
| | |
* | | Merge pull request #33569 from eric-hemasystems/conditional-flash-helperRafael França2018-09-132-3/+13
|\ \ \ | |_|/ |/| | Conditionally use `helper_method` in Flash concern
| * | Conditionally use `helper_method` in Flash concernEric Anderson2018-08-092-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I was attempting to use the `flash` functionality in a `Metal` controller. When including the `flash` concern I received the following error: NoMethodError: undefined method `helper_method'.... Either: - `AbstractController::Helpers` should be a dependency of `ActionController::Flash` - `ActionController::Flash` should not require the existence of `AbstractController::Helpers`. Since my use case (set a flash and redirect) has no need for the helper method and that is a common use case, making the dependency conditional seemed the better option. NOTE: This is similar to issue #21067 only the error is within Rails itself while that issue had the error within Devise.
* | | Formatting CHANGELOGs [ci skip]Ryuta Kamizono2018-09-071-1/+1
| | | | | | | | | | | | Fixing code block rendering, indentation, backticks, etc.
* | | Update documentation to ActionController::ConditionalGetAnatoly Mikhaylov2018-09-031-0/+6
| | | | | | | | | | | | Two implemented but undocumented features are to help indicate that cache is fresh for 3 hours, and it may continue to be served stale for up to an additional 60 seconds to parallel requests for the same resource or up to 5 minutes while errors are being returned back while the initial synchronous revalidation is attempted.
* | | Faster permitted_scalar_filterschneems2018-08-312-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running with code triage and derailed benchmarks and focusing on this file: Before 16199 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.r After 2280 /Users/rschneeman/Documents/projects/rails/actionpack/lib/action_controller/metal/strong_parameters.rb
* | | [ci skip] Document permitted_scalar_filterschneems2018-08-301-0/+10
| | |
* | | Fix `actionpack/CHANGELOG.md` [ci skip]bogdanvlviv2018-08-301-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the reference to the PR. Usually, we write reference to solved issues in the changelog files. Related to #33605. Add missing dots. Improve formatting.
* | | Fewer allocations in caching/fragments.rbschneems2018-08-291-1/+5
| | | | | | | | | | | | Instead of using a splat on the head and tail we can mutate the array by flattening 1 level. We get further savings by not allocating another via `compact` but instead by using `compact!`
* | | Merge pull request #33718 from kddeisz/permit-listMatthew Draper2018-08-298-19/+16
|\ \ \ | | | | | | | | Finish converting whitelist and blacklist references
| * | | Permit list usage cleanup and clearer documentationKevin Deisz2018-08-274-9/+6
| | | |
| * | | Convert remaining usage of whitelist and blacklistKevin Deisz2018-08-242-4/+4
| | | |
| * | | Convert over the rest of the whitelist referencesKevin Deisz2018-08-246-10/+10
| | | |
* | | | Focus search input after page load on /rails/info/routes (#33683)James Brooks2018-08-281-0/+3
| | | |
* | | | Call block to #redirect_to in controller context (#33735)speckins2018-08-272-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Call block to #redirect_to in controller context The documentation for ActionController::Redirecting states that a Proc argument "will be executed in the controller's context." However, unless #instance_eval is used (removed in 6b3ad0ca), that statement is false for procs defined outside of the controller instance. This commit restores the documented behavior. Fixes #33731. * Move test proc into a constant in another class Per @rafaelfranca's suggestion. [Steven Peckins + Rafael Mendonça França]
* | | | Clarify example of the test [ci skip] 黄松2018-08-251-2/+2
| | | | | | | | | | | | ActionDispatch::TestProcess::FixtureFile
* | | | Format respond_to method as code in doc [ci skip]Rob Zolkos2018-08-251-1/+1
|/ / / | | | | | | | | | | | | This updates the `respond_to` method to be code formatted rather than plain text (as it refers to the method)
* | | Merge pull request #33704 from matthewd/helper-path-with-sizeMatthew Draper2018-08-231-2/+1
|\ \ \ | | | | | | | | Use string lengths instead of regexp to extract path
| * | | Use string lengths instead of regexp to extract pathMatthew Draper2018-08-231-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The regexp was introduced in 186ac4cdaa911a9af659a29f2179a19b99dea13b, and looks cosmetic. While they should be functionally identical in theory, in practice, case insensitive (but preserving) filesystems can give results that are differently-cased from the pattern we supplied. I don't know how to force the filesystem to do the surprising thing, even when running in an environment that _could_, so no new test.
* | | | Merge pull request #33698 from bogdanvlviv/follow-up-33693Rafael França2018-08-221-1/+0
|\ \ \ \ | | | | | | | | | | Remove extra execution of `uniq!` on action_methods
| * | | | Remove extra execution of `uniq!` on action_methodsbogdanvlviv2018-08-221-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Execution of `to_set` below should remove duplicated elements. Follow up #33693
* | | | | Merge pull request #33695 from peterzhu2118/masterRafael França2018-08-222-8/+11
|\ \ \ \ \ | |/ / / / |/| | | | Update ParameterFilter to yield original parameters
| * | | | Update ParameterFilter to yield original parametersPeter Zhu2018-08-222-8/+11
| |/ / /
* / / / Two fewer array allocations on action_methodsschneems2018-08-221-1/+4
|/ / / | | | | | | | | | Instead of creating new arrays for `uniq` and `map` we can instead modify the array in place.
* | | Show the `ENV` value correctly in the doc of `combined_fragment_cache_key` ↵yuuji.yaginuma2018-08-221-1/+1
| | | | | | | | | | | | | | | | | | | | | [ci skip] It seems to need an escape for the showing `ENV`. https://api.rubyonrails.org/classes/AbstractController/Caching/Fragments.html#method-i-combined_fragment_cache_key
* | | Fix `rails routes -c` for controller name consists of multiple word.Yoshiyuki Kinjo2018-08-201-1/+1
| | |
* | | Fix unclosed tags [ci skip]yuuji.yaginuma2018-08-181-1/+1
| | |
* | | add missing indifferent_access require for #normalize_encode_paramsWill Jordan2018-08-161-0/+2
| | | | | | | | | | | | Fixes #33634.
* | | Merge pull request #33499 from lsylvester/caller-ignore-pathsKasper Timm Hansen2018-08-151-0/+1
|\ \ \ | | | | | | | | use BacktraceCleaner for ActiveRecord verbose logging
| * | | Use backtrace cleaner to clean up backtrace for verbose query logsLachlan Sylvester2018-08-141-0/+1
| | | |
* | | | Merge pull request #33605 from assain/purpose-metadata-changelog-and-testsKasper Timm Hansen2018-08-152-8/+20
|\ \ \ \ | | | | | | | | | | Changelog and improved tests for purpose metadata added to cookies
| * | | | Changelog for the new purpose metadata and improved testsAssain2018-08-132-8/+20
| |/ / /
* | | | Fix rubocop offensesbogdanvlviv2018-08-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Layout/TrailingWhitespace ``` actionpack/lib/action_controller/metal/request_forgery_protection.rb:49:4: C: Layout/TrailingWhitespace: Trailing whitespace detected. # ^ ``` Related to c3787494eda - Performance/StartWith ``` tasks/release.rb:108:44: C: Performance/StartWith: Use String#start_with? instead of a regex match anchored to the beginning of the string. header += "* No changes.\n\n\n" if current_contents =~ /\A##/ ```
* | | | Use `Array#extract!` where possiblebogdanvlviv2018-08-141-2/+3
|/ / /
* | | Purpose Metadata For Signed And Encrypted CookiesAssain2018-08-123-13/+196
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose metadata prevents cookie values from being copy-pasted and ensures that the cookie is used only for its originally intended purpose. The Purpose and Expiry metadata are embedded inside signed/encrypted cookies and will not be readable on previous versions of Rails. We can switch off purpose and expiry metadata embedded in signed and encrypted cookies using config.action_dispatch.use_cookies_with_metadata = false if you want your cookies to be readable on older versions of Rails.
* | | Merge pull request #31640 from gingerlime/patch-1Richard Schneeman2018-08-101-4/+11
|\ \ \ | |/ / |/| | fixes #27157 CSRF protection documentation
| * | fixes #27157 CSRF protection documentationgingerlime2018-01-051-4/+11
| | | | | | | | | | | | | | | * removed reference to GET requests where it applies also to other HTTP verbs * updated documentation to try and better explain how CSRF protection works with XHR, and the potential exposure with CORS