| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
| |
|
| |
|
|\
| |
| | |
Remove redundant `to_s` in interpolation
|
| | |
|
|\ \
| |/
|/|
| |
| | |
* master-sec:
FileHandler should not be called for files outside the root
|
| |
| |
| |
| |
| | |
FileHandler#matches? should return false for files that are outside the
"root" path.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch uniformizes warning messages. I used the most common style
already present in the code base:
* Capitalize the first word.
* End the message with a full stop.
* "Rails 5" instead of "Rails 5.0".
* Backticks for method names and inline code.
Also, converted a few long strings into the new heredoc convention.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current style for warning messages without newlines uses
concatenation of string literals with manual trailing spaces
where needed.
Heredocs have better readability, and with `squish` we can still
produce a single line.
This is a similar use case to the one that motivated defining
`strip_heredoc`, heredocs are super clean.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In cases where this option is set to `true`, the option is redundant and can
be safely removed; otherwise, the corresponding `*_url` helper should be
used instead.
Fixes #17294.
See also #17363.
[Dan Olson, Godfrey Chan]
|
|\ \
| | |
| | | |
UrlGenerationError are not catched as 404 anymore
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Show the user’s application in the source window and select the correct ...
|
| | |
| | |
| | |
| | | |
trace list, closes #17312
|
| | |
| | |
| | |
| | |
| | |
| | | |
See comment in this patch for the rationale.
References #16468
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Fix url generation error message
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| | |
- Also one minor change for documenting url_for method in ActionController::Metal.
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Performance optimization: `yield` with an implicit `block` is faster than `block.call`.
See http://youtu.be/fGFM_UrSp70?t=10m35s and the following benchmark:
```ruby
require 'benchmark/ips'
def fast
yield
end
def slow(&block)
block.call
end
Benchmark.ips do |x|
x.report('fast') { fast{} }
x.report('slow') { slow{} }
end
# => fast 154095 i/100ms
# => slow 71454 i/100ms
# =>
# => fast 7511067.8 (±5.0%) i/s - 37445085 in 4.999660s
# => slow 1227576.9 (±6.8%) i/s - 6145044 in 5.028356s
```
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
ActionController::InvalidCrossOriginRequest fails with 422 instead of 500
|
| | |
| | |
| | |
| | | |
Fixes #15967
|
| | |
| | |
| | |
| | |
| | | |
`#tr` is more efficient than `#gsub` and can be used as a drop in
replacement in this context.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The scanner in Journey fails to recognize routes that use literals
from the sub-delims section of RFC 3986.
This commit enhance the compatibility of Journey with the RFC by
adding support of authorized delimiters to the scanner.
Fix #17212
|
|\ \
| | |
| | | |
Add regression test for router was overwriting PATH_INFO
|
| |/
| |
| |
| | |
[related #17233]
|
|/ |
|
|
|
|
|
|
|
|
| |
Request#check_method would use to_sentence(locale: :en), which breaks when
I18n.available_locales does not include :en and
I18n.enforce_available_locales is true (default).
Inlined to_sentence functionality to solve this.
|
| |
|
|\
| |
| | |
Follow up to #16613
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we want this flag to be enabled anytime we are running the tests
under JRuby, let's enable this at the Rakefile level so people get the
performance boost on their local checkout.
Moreover, we avoid having to update this particular line anytime the
option changes on the JRuby side.
The only drawback is that we have to define it in every Rakefile but
there's no big deal, this is already the case for other options.
|
| |
| |
| |
| |
| |
| |
| |
| | |
[ci skip]
Following discussion with @senny https://github.com/rails/rails/pull/17100#issuecomment-57285273
it only makes sense to keep this file form projects that require
extra instructions.
|
| | |
|
| |
| |
| |
| | |
This is to match the changes in Rails Dom Testing rails/rails-dom-testing#20.
|
| |
| |
| |
| |
| |
| | |
Hash#keys.each allocates an array of keys; Hash#each_key iterates through the
keys without allocating a new array. This is the reason why Hash#each_key
exists.
|
|\ \
| |/
|/| |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 9d05d6de52871e57bfbf54a60de005e8a5f5b0e4, reversing
changes made to 0863c9248fd47a15e88e05ce4fcd80966684c0e3.
The change in the behaviour reported at #16958 doesn't exist since 4.0
and 4.1 works in the same way
|
| | |
|
| |
| |
| |
| | |
[ci skip]
|
| | |
|
|\ \
| | |
| | |
| | | |
Remove internal options from query string of paths
|