| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
|
| | |
| | |
| | |
| | | |
Closes #17586
|
|\ \ \
| | | |
| | | |
| | | | |
Allow fallback to LegacyKeyGenerator when secret_key_base is not set but secrets.secret_token is
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We added a deprecation warning for these cases in aa1fadd, so these are now
causing deprecation warnings in the test output. AFAICT, in these two cases, the
option is not integral to the purpose of the test, so they can be safely removed
|
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Follow up to 212057b9. Since that commit, we need to pass the `route_name`
explicitly. This is one of the left-over cases that was not handled in that
commit, which was causing `use_route` to be ignored in functional tests.
|
|\ \ \
| | | |
| | | | |
Remove session to allow `with_routing` to be called twice.
|
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/rails/rails/issues/16814
|
|/ / /
| | |
| | |
| | |
| | | |
of respond_to. respond_with was moved into the responders gem and deprecated
inside rails, so there is no need to mention it within rails itself.
|
|\ \ \
| |/ /
|/| | |
Move DebugExceptions#traces_from_wrapper to ExceptionWrapper
|
| | |
| | |
| | |
| | |
| | | |
ActionDispatch::ExceptionWrapper seems to be the more natural place for
this method to live in.
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Remove redundant `to_s` in interpolation
|
| | | |
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
* master-sec:
FileHandler should not be called for files outside the root
|
| |/
| |
| |
| |
| | |
FileHandler#matches? should return false for files that are outside the
"root" path.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch uniformizes warning messages. I used the most common style
already present in the code base:
* Capitalize the first word.
* End the message with a full stop.
* "Rails 5" instead of "Rails 5.0".
* Backticks for method names and inline code.
Also, converted a few long strings into the new heredoc convention.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current style for warning messages without newlines uses
concatenation of string literals with manual trailing spaces
where needed.
Heredocs have better readability, and with `squish` we can still
produce a single line.
This is a similar use case to the one that motivated defining
`strip_heredoc`, heredocs are super clean.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In cases where this option is set to `true`, the option is redundant and can
be safely removed; otherwise, the corresponding `*_url` helper should be
used instead.
Fixes #17294.
See also #17363.
[Dan Olson, Godfrey Chan]
|
|\ \
| | |
| | | |
UrlGenerationError are not catched as 404 anymore
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Show the user’s application in the source window and select the correct ...
|
| | |
| | |
| | |
| | | |
trace list, closes #17312
|
| | |
| | |
| | |
| | |
| | |
| | | |
See comment in this patch for the rationale.
References #16468
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Fix url generation error message
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| | |
- Also one minor change for documenting url_for method in ActionController::Metal.
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Performance optimization: `yield` with an implicit `block` is faster than `block.call`.
See http://youtu.be/fGFM_UrSp70?t=10m35s and the following benchmark:
```ruby
require 'benchmark/ips'
def fast
yield
end
def slow(&block)
block.call
end
Benchmark.ips do |x|
x.report('fast') { fast{} }
x.report('slow') { slow{} }
end
# => fast 154095 i/100ms
# => slow 71454 i/100ms
# =>
# => fast 7511067.8 (±5.0%) i/s - 37445085 in 4.999660s
# => slow 1227576.9 (±6.8%) i/s - 6145044 in 5.028356s
```
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
ActionController::InvalidCrossOriginRequest fails with 422 instead of 500
|
| | |
| | |
| | |
| | | |
Fixes #15967
|
| | |
| | |
| | |
| | |
| | | |
`#tr` is more efficient than `#gsub` and can be used as a drop in
replacement in this context.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The scanner in Journey fails to recognize routes that use literals
from the sub-delims section of RFC 3986.
This commit enhance the compatibility of Journey with the RFC by
adding support of authorized delimiters to the scanner.
Fix #17212
|
|\ \
| | |
| | | |
Add regression test for router was overwriting PATH_INFO
|
| |/
| |
| |
| | |
[related #17233]
|
|/ |
|
|
|
|
|
|
|
|
| |
Request#check_method would use to_sentence(locale: :en), which breaks when
I18n.available_locales does not include :en and
I18n.enforce_available_locales is true (default).
Inlined to_sentence functionality to solve this.
|
| |
|
|\
| |
| | |
Follow up to #16613
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we want this flag to be enabled anytime we are running the tests
under JRuby, let's enable this at the Rakefile level so people get the
performance boost on their local checkout.
Moreover, we avoid having to update this particular line anytime the
option changes on the JRuby side.
The only drawback is that we have to define it in every Rakefile but
there's no big deal, this is already the case for other options.
|
| |
| |
| |
| |
| |
| |
| |
| | |
[ci skip]
Following discussion with @senny https://github.com/rails/rails/pull/17100#issuecomment-57285273
it only makes sense to keep this file form projects that require
extra instructions.
|
| | |
|
| |
| |
| |
| | |
This is to match the changes in Rails Dom Testing rails/rails-dom-testing#20.
|