| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
| |
Accommodate case-insensitive filesystems and database collations.
|
|
|
|
|
|
|
| |
If there is not a `csrf-token` meta tag in the document, the blob record
XHR was including an `X-CSRF-Token` header set to the string
"undefined." Instead of setting it to undefined, it should not be
included in the absence of a meta tag.
|
|
|
|
|
|
|
|
|
|
| |
Generally followed the pattern for https://github.com/rails/rails/pull/32034
* Removes needless CI configs for 2.4
* Targets 2.5 in rubocop
* Updates existing CHANGELOG entries for fewer merge conflicts
* Removes Hash#slice extension as that's inlined on Ruby 2.5.
* Removes the need for send on define_method in MethodCallAssertions.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Applications can configure the route prefix prepended to the Active
Storage routes. By default this maintains the previous prefix
`/rails/active_storage` but supports custom prefixes.
Before this change the route for serving blobs is fixed to
`/rails/active_storage/blobs/:signed_id/*filename`. After this change
it's possible to configure the route to something like
`/files/blobs/:signed_id/*filename`.
|
|
|
|
|
|
|
|
|
| |
The Azure gem uses `Azure::Core::Http::HTTPError` for everything:
checksum mismatch, missing object, network unavailable, and many more.
(https://www.rubydoc.info/github/yaxia/azure-storage-ruby/Azure/Core/Http/HTTPError).
Rescuing that class obscures all sorts of configuration errors. We
should check the type of error in those rescue blocks, and reraise when
needed.
|
|
|
|
|
|
|
| |
cbothner/azure-service-swallowing-all-errors"
This reverts commit b204d167c5cfebd59f771d406178e371811ac43a, reversing
changes made to de6a200f82a3de399fa685d583503bc88dbc5e9f.
|
|
|
|
|
|
|
|
|
| |
The Azure gem uses `Azure::Core::Http::HTTPError` for everything:
checksum mismatch, missing object, network unavailable, and many more.
(https://www.rubydoc.info/github/yaxia/azure-storage-ruby/Azure/Core/Http/HTTPError).
Rescuing that class obscures all sorts of configuration errors. We
should check the type of error in those rescue blocks, and reraise when
needed.
|
|
|
|
|
|
| |
`ActiveStorage::DiskController#show` generates a 404 Not Found response when
the requested file is missing from the disk service. It previously raised
`Errno::ENOENT`.
|
|
|
|
|
|
|
|
|
| |
`ActiveStorage::Blob#download` and `ActiveStorage::Blob#open` raise
`ActiveStorage::FileNotFoundError` when the corresponding file is missing
from the storage service. Services translate service-specific missing
object exceptions (e.g. `Google::Cloud::NotFoundError` for the GCS service
and `Errno::ENOENT` for the disk service) into
`ActiveStorage::FileNotFoundError`.
|
|
|
|
| |
Provide a handy concern for custom Active Storage controllers that can't inherit from ActiveStorage::BaseController.
|
|
|
|
|
|
| |
Closes #33292.
[Andrei Makarov & George Claghorn]
|
| |
|
|
|
|
| |
Add the ability to reflect on the attachments that have been defined using ActiveRecord::Reflection.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In response to https://github.com/rails/rails/issues/32917
In the current implementation, ActiveStorage passes all options to the underlying processor,
including when a key has a value of false.
For example, passing:
```
avatar.variant(resize: "100x100", monochrome: false, flip: "-90")
```
will return a monochrome image (or an error, pending on ImageMagick configuration) because
it passes `-monochrome false` to the command (but the command line does not allow disabling
flags this way, as usually a user would omit the flag entirely to disable that feature).
This fix only passes those keys forward to the underlying processor if the value responds to
`present?`. In practice, this means that `false` or `nil` will be filtered out before going
to the processor.
One possible use case would be for a user to be able to apply different filters to an avatar.
The code might look something like:
```
variant_options = {
monochrome: params[:monochrome],
resize: params[:resize]
}
avatar.variant(*variant_options)
```
Obviously some sanitization may be beneficial in a real-world scenario, but this type of
configuration object could be used in many other places as well.
- Add removing falsy values from varaints to changelog
- The entirety of #image_processing_transformation inject block was wrapped in `list.tap`
to guard against the default `nil` being returned if no conditional was called.
- add test for explicitly true variant options
|
|
|
|
|
|
|
|
|
|
|
| |
Generated attachment getter and setter methods are created within
the model's `GeneratedAssociationMethods` module to allow overriding
and composition using `super`.
Includes tests for new functionality.
Co-authored-by: Josh Susser <josh@hasmanythrough.com>
Co-authored-by: Jamon Douglas <terrildouglas@gmail.com>
|
| |
|
|
|
|
| |
[David Robertson & George Claghorn]
|
|
|
|
|
|
|
| |
This adds a boolean argument called identify to ActiveStorage::Blob
methods #create_after_upload, #build_after_upload and #upload. It
allows a user to bypass the automatic content_type inference from
the io.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
If an explicit AWS key pair and/or region is not provided in
config/storage.yml, attempt to use environment variables, shared
credentials, or IAM role credentials. Order of precedence is
determined by the AWS SDK[1].
[1]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html
|
|
|
|
|
|
| |
We only add the header when releasing to avoid some conflicts.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove railties' changelog added by 7340596de45dc4c0f62a287b6acc4e71d8ee6c60
since it was backported to `5-2-stable` via ac99916fcf7bf27bb1519d4f7387c6b4c5f0463d
Remove activesupport's changelog added by 1077ae96b34b5a1dfbf10ee0c40b1ceb1eb6b30b
since it was backported to `5-2-stable` via a2b97e4ffef971607a1be8fc7909f099b6840f36
Remove activesupport's changelog added by 0d41a76d0c693000005d79456dee7f9299f5e8d4
since it was backported to `5-2-stable` via cdce6a709e1cbc98fff009effc3b1b3ce4c7e8db
Remove activestorage's changelog added by d57c52a385eb57c6ce8c6d124ab5e186f931d142
since it was backported to `5-2-stable` via 5292cdf59a2052c453d6016c69b90b790cbf2547
Follow up c113bdc9d0c2cffd535ca97aff85c4bdc46b11f6
|
|
|
|
|
|
| |
Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug.
References #32028
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows activestorage users to ship smaller javascript bundles to
visitors using modern browsers, as demonstrated in this repository:
https://github.com/rmacklin/activestorage-es2015-build-example
In that example, the bundle shrinks by 5K (24%).
In addition to allowing smaller bundles for those who ship untranspiled
code to modern browsers, including the source code in the published
package can be useful in other ways:
1. Users can import individual modules rather than the whole library
2. As a result of (1), users can also monkey patch parts of
activestorage by importing the relevant module, modifying the
exported object, and then importing the rest of activestorage (which
would then use the patched object).
Note:
In order to allow the source code to be depended on rather than the
compiled code, we have to declare the external dependency on spark-md5
as a regular dependency, not a development dependency.
This means that even users who depend on the compiled code will have to
download this package. However, spark-md5 is a small package, so this
tradeoff seems worth it.
|
|
|
|
| |
:tada::tada::tada:
|
| |
|
|
|
|
|
| |
There is concern that only blob are deleted depending on
the `before_destroy` definition order which throws abort.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this way we avoid HTML, XML, SVG and other files that can be rendered
by the browser to be served inline by default. Depending on the origin
from where these files are served, this might lead to XSS
vulnerabilities, and in the best case, to more realistic phishing
attacks and open redirects.
We force it rather than falling back to it when other disposition is not
provided. Otherwise it would be possible for someone to force inline
just by passing `disposition=inline` in the URL.
The list of content types to be served as attachments is configurable.
|
| |
|
| |
|
|
|