| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Prevent older versions of Chrome from appending a Content-Type header containing the Blob type, rendering the request invalid if we intend not to provide a Content-Type. This behavior was observed in Chrome 58.
|
|
|
|
|
|
|
|
|
| |
`to_prepare` callbacks are run during initialization; using one here
meant that `ActiveStorage::Blob` would be loaded when the app boots,
which would in turn load `ActiveRecord::Base`.
By using a lazy load hook to configure `ActiveStorage::Blob` instead,
we can avoid loading `ActiveRecord::Base` unnecessarily.
|
|
|
|
| |
Closes #32096.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Active Storage is an engine which means its models, jobs and controllers
are autoloaded by Rails rather than Ruby. Unfortunately this means it's
subject to the same gotchas as applications, including this one:
http://guides.rubyonrails.org/v5.1.4/autoloading_and_reloading_constants.html#when-constants-aren-t-missed-qualified-references
On Ruby < 2.5, constants nested under classes can't be autoloaded by
Rails if a top level constant already exists with the same name.
To avoid clashing with constants defined in users' applications or gems,
we can use `require_dependency` to ensure that the nested constants are
loaded before they're used.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Document :combine_options
|
| |
| |
| |
| | |
Turns out this is still undocumented functionality.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make sure `blob.service_url` present a `ActiveStorage::Filename` type to `serivce.url`.
- Add `ActiveStorage::Filename.wrap` method.
before:
```rb
blob.service_url(filename: ActiveStorage::Filename.new("new.txt"))
blob.service_url(filename: "new.txt")
=> NoMethodError: undefined method `parameters' for "new.txt":String
params = {}
blob.service_url(filename: params[:filename])
=> NoMethodError: undefined method `parameters' for nil:NilClass
```
after:
```rb
blob.service_url(filename: "new.txt")
blob.service_url(filename: nil)
```
|
|\
| |
| | |
Allow ActiveStorage::Blob#service_url to pass addition options to service.url
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`service.url`.
Because there have some service needs more parameters for file URL:
https://www.alibabacloud.com/help/doc-detail/44687.htm
```rb
class AliyunService < Service
def url(key, options = {})
image_process = options[:oss_process] || "image/resize,w_800"
"http://image-demo.oss-cn-hangzhou.aliyuncs.com/example.jpg?x-oss-process=#{image_process}"
end
end
```
Use case:
```erb
<%= image_tag @user.avatar.service_url(oss_process: "image/resize,m_fill,h_100,w_100" %>
```
|
|/
|
|
|
|
| |
`JSON` constant defined.
For example when using the `representable` gem: https://github.com/trailblazer/representable/issues/224
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
To pick up 21417e02e906f6b64f013aafefdc0cb8ea8b5e74
|
|
|
|
|
|
| |
#31393
Brought to you by a 12 year old Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=329509
|
|
|
|
|
|
|
| |
This is useful when we have several representations for the same
underlying file, each one with a different name, and we need to provide
a custom download URL based on that name and not that of the underlying
file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this way we avoid HTML, XML, SVG and other files that can be rendered
by the browser to be served inline by default. Depending on the origin
from where these files are served, this might lead to XSS
vulnerabilities, and in the best case, to more realistic phishing
attacks and open redirects.
We force it rather than falling back to it when other disposition is not
provided. Otherwise it would be possible for someone to force inline
just by passing `disposition=inline` in the URL.
The list of content types to be served as attachments is configurable.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Fixes #31531
Closes #31540
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
skip]
|
| |
|
|
|
|
| |
This reverts commit a80f81af055f02bf4625c90470aa90441cf6fc24.
|
|
|
|
| |
Execute a single mogrify command with multiple options rather than one command per option. Permit the use of all mogrify options, not just the ones that fall through to MiniMagick::Image#method_missing.
|
| |
|
|
|
|
| |
by default
|
|
|
|
|
|
|
|
| |
Disable CSRF protection for ActiveStorage::DiskController#update. The local disk service is intended to imitate a third-party service like S3 or GCS, so we don't care where direct uploads originate: they’re authorized by signed tokens.
Closes #30290.
[Shinichi Maeshima & George Claghorn]
|
|
|
|
| |
Closes #31138.
|
| |
|
| |
|
| |
|