| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This method will only be added when used with Ruby 2.3.0 or greater.
This method has the same behavior as `Hash#dig`, except it will convert
hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Similar to 176fbfd6, this makes it possible for other test
frameworks to hook into Rails integration test facilities.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
Prevent not-intended loading of `ActionDispatch::IntegrationTest`
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
After 9d378747326d26cf1afdac4433ead22967af0984 `ActionDispatch::IntegrationTest`
class is loaded and defined in all Rails environments, not only test but also
production. This is not-intended loading of a class which is only used in
test environment.
To prevent not-intended loading, add `ActiveSupport.run_load_hooks` to
`ActionDispatch::IntegrationTest` with `action_dispatch_integration_test` name
and use it in `ActionMailer`.
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
clarify that helper_method makes both methods available in the view [ci skip]
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It's probably obvious to most, but clarify that `:helper_method` will make both
of these methods available to the view.
|
| | |_|/ / /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Forgot to update the documentation on the line just above the one
I was changing in 4933132. Well done, Kasper :+1:
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some.
The `constrain_to` option inverts this, so it sounds like the middleware
only handles a few requests, rather than the majority with a few routes to
opt out of the redirect.
Renaming to `exclude` matches this intent more closely.
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
Change 'a HTTP' to 'an HTTP' [ci skip]
|
| | | | | | |
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up to #23980.
- Fix grammar: "be remove" -> "be removed".
- Wrap lines at 80 chars.
Lurvely ;-)
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts changes made to integration tests in PR #23807.
The issue happens when using capybara with a driver that needs to start a
server in a separate thread like (poltergeist, selenium, etc).
Both threads the capybara server one and the test thread end running
syncronize over the interlock.
|
| |\ \ \ \
| | | | |
| | | | | |
Fix typo in implicit_render
|
| | | | | |
| | | | |
| | | | | |
When trying to make a request and the request doesn't have a suitable template, the new error messages are really helpful but there's a small (and I mean, VERY small) typo that has been bugging me for the last few days. This adds the space and restores order to the universe. :heart:
|
| |/ / / / |
|
| |\ \ \ \
| | | | |
| | | | | |
Remove load_paths file
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Deprecate :controller and :action path parameters
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
| | | | | | | |
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These should allow external code to run blocks of user code to do
"work", at a similar unit size to a web request, without needing to get
intimate with ActionDipatch.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Drop Action Controller require in ActionDispatch::ExceptionWrapper
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We only reference the Action Controller error classes by name in
ActionDispatch::ExceptionWrapper, so there is no need to explicitly
require them.
It drops a tiny coupling between Action Dispatch and Action Controller,
so it makes me feel warm inside. We still have a lot of others AC
requires in the AD code base, but here, we can save it.
[ci skip]
|
| |/ / / / / |
|
| |/ / / / |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Enable HSTS with IncludeSubdomains header by default for new apps
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- For old apps which are not setting any value for hsts[:subdomains],
a deprecation warning will be shown saying that hsts[:subdomains] will
be turned on by default in Rails 5.1. Currently it will be set to
false for backward compatibility.
- Adjusted tests to reflect this change.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
1) Because if you forget to add Secure; to the session cookie, it will leak to http:// subdomain in some cases
2) Because http:// subdomain can Cookie Bomb/cookie force main domain or be used for phishing.
That's why *by default* it must include subdomains as it's much more common scenario. Very few websites *intend* to leave their blog.app.com working over http:// while having everything else encrypted.
Yes, many developers forget to add subdomains=true by default, believe me :)
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing
changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39.
This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
* Fixes typos in error message and release notes.
* Removes unused template test file.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. Conceptually revert #20276
The feature was implemented for the `responders` gem. In the end,
they did not need that feature, and have found a better fix (see
plataformatec/responders#131).
`ImplicitRender` is the place where Rails specifies our default
policies for the case where the user did not explicitly tell us
what to render, essentially describing a set of heuristics. If
the gem (or the user) knows exactly what they want, they could
just perform the correct `render` to avoid falling through to
here, as `responders` did (the user called `respond_with`).
Reverting the patch allows us to avoid exploding the complexity
and defining “the fallback for a fallback” policies.
2. `respond_to` and templates are considered exhaustive enumerations
If the user specified a list of formats/variants in a `respond_to`
block, anything that is not explicitly included should result
in an `UnknownFormat` error (which is then caught upstream to
mean “406 Not Acceptable” by default). This is already how it
works before this commit.
Same goes for templates – if the user defined a set of templates
(usually in the file system), that set is now considered exhaustive,
which means that “missing” templates are considered `UnknownFormat`
errors (406).
3. To keep API endpoints simple, the implicit render behavior for
actions with no templates defined at all (regardless of formats,
locales, variants, etc) are defaulted to “204 No Content”. This
is a strictly narrower version of the feature landed in #19036 and
#19377.
4. To avoid confusion when interacting in the browser, these actions
will raise an `UnknownFormat` error for “interactive” requests
instead. (The precise definition of “interactive” requests might
change – the spirit here is to give helpful messages and avoid
confusions.)
Closes #20666, #23062, #23077, #23564
[Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
|
| |\ \ \
| | | |
| | | | |
Added a test for generating Strong ETag
|
| | | | | |
|
| |/ / / |
|
| | | |
| | |
| | |
| | | |
Adds changelog headers for beta3 release
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is not a released feature so we don't need to add changelogs to
changes on it.
[ci skip]
|
| | | |
| | |
| | |
| | | |
- Fixes #23822.
|
| |\ \ \
| | | |
| | | |
| | | | |
Give Sessions Indifferent Access
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a rebased version of #22825.
Closes #22825.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Abstract Controller is the common component between Action Mailer and
Action Controller so if we need to share the caching component it need
to be there.
|
