aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/action_controller_overview.md
Commit message (Collapse)AuthorAgeFilesLines
* Update snippet to rails 5 syntaxAdam Demirel2018-10-151-1/+1
|
* [ci skip] corrects more grammar awkwardness, replacing denylist with ↵Mina Slater2018-08-221-8/+8
| | | | restricted list and consistently use permitted
* [ci skip] fixes awkward grammarMina Slater2018-08-221-5/+5
|
* [ci skip] change all instances of blacklist and whitelist to denylist and ↵Mina Slater2018-08-211-7/+7
| | | | allowlist
* Merge pull request #33229 from ↵Matthew Draper2018-07-251-1/+1
|\ | | | | | | | | albertoalmagro/albertoalmagro/prefer-rails-command-over-bin-rails Prefer rails command over bin/rails
| * Recommend use of rails over bin/railsAlberto Almagro2018-07-061-1/+1
| | | | | | | | | | | | | | | | | | As discussed in #33203 rails command already looks for, and runs, bin/rails if it is present. We were mixing recommendations within guides and USAGE guidelines, in some files we recommended using rails, in others bin/rails and in some cases we even had both options mixed together.
* | Rails guides are now served over httpsPaul McMahon2018-07-241-1/+1
|/ | | | | http links will be redirected to the https version, but still better to just directly link to the https version.
* Update example for whitelisting arbitrary hashesMichael Holroyd2018-06-141-11/+9
| | | Since the ability to whitelist arbitrary hashes was added (https://github.com/rails/rails/issues/9454 was resolved by https://github.com/rails/rails/commit/e86524c0c5a26ceec92895c830d1355ae47a7034), this example is no longer outside of what strong_params can do. Moved this specific example out of the "Outside the Scope" section and into the regular "Examples" section, but left the "Outside the Scope" section as it was since the advice is still relevant for weirder whitelisting situations (maybe someone wants to add a new example that can't be handled natively).
* Added a lot of Oxford commasAnthony Crumley2018-05-101-3/+3
| | | | | | | [ci skip] A regular expression was used to find a lot of missing Oxford commas and add them. The regular expression was as follows. ", ([a-zA-Z0-9.\`:'\"]+ ){1,6}(or|and) "
* Fix title for example of removing data from `session` [ci skip]bogdanvlviv2018-04-231-2/+2
| | | | | | | | | After #31685 the description says different what we expect to see in the example. Change `assign that key to be nil` to `or delete the key/value pair` in order to highlight what is shown in the example. Fix one more example of removing data from the session in favour of using `delete` since assigning to `nil` doesn't delete key from it.
* Remove key from session by using session.delete (#31685)Rafael Barbolo2018-04-231-1/+3
| | | | | | | | | | | * Remove key from session by using session.delete You are not deleting a key from session when you assign nil to that key. * Update guides on how to destroy a user session In this commit, the user id is removed from session and controller's variables related to the user are nullified. [Rafael Mendonça França + Rafael Barbolo]
* Merge pull request #32277 from derekprior/dp-deprecate-force-sslGuillermo Iguaran2018-03-301-19/+3
|\ | | | | Deprecate controller level force_ssl
| * Deprecate controller level force_sslDerek Prior2018-03-301-19/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Today there are two common ways for Rails developers to force their applications to communicate over HTTPS: * `config.force_ssl` is a setting in environment configurations that enables the `ActionDispatch::SSL` middleware. With this middleware enabled, all HTTP communication to your application will be redirected to HTTPS. The middleware also takes care of other best practices by setting HSTS headers, upgrading all cookies to secure only, etc. * The `force_ssl` controller method redirects HTTP requests to certain controllers to HTTPS. As a consultant, I've seen many applications with misconfigured HTTPS setups due to developers adding `force_ssl` to `ApplicationController` and not enabling `config.force_ssl`. With this configuration, many application requests can be served over HTTP such as assets, requests that hit mounted engines, etc. In addition, because cookies are not upgraded to secure only in this configuration and HSTS headers are not set, it's possible for cookies that are meant to be secure to be sent over HTTP. The confusion between these two methods of forcing HTTPS is compounded by the fact that they share an identical name. This makes finding documentation on the "right" method confusing. HTTPS throughout is quickly becomming table stakes for all web sites. Sites are expected to operate over HTTPS for all communication, sensitive or otherwise. Let's encourage use of the broader-reaching `ActionDispatch::SSL` middleware and elminate this source of user confusion. If, for some reason, applications need to expose certain endpoints over HTTP they can do so by properly configuring `config.ssl_options`.
* | Readability fix [ci skip]Isaac Orme2018-03-251-1/+1
|/
* Fix note marks [ci skip]Yauheni Dakuka2018-03-121-1/+1
|
* [ci skip] Update MVC wiki linkDixit Patel2017-11-281-1/+1
|
* [ci skip]Add space before closing curly bracewillnet2017-10-251-2/+2
|
* Use `form_with` instead of `form_for` in engine guide [ci skip]Yoshiyuki Hirano2017-10-091-3/+3
|
* Cosmetic fixes [ci skip]Yauheni Dakuka2017-10-061-1/+1
|
* Use credentials, not secrets, for Active Storage (#30650)Claudio B2017-09-191-1/+1
| | | | | | | | | | According to #30067: > This PR will deprecate secrets.yml* and instead adopt > config/credentials.yml.enc to signify what these secrets are specifically > for: Keeping API keys, database passwords, and any other integration > credentials in one place. [ci skip] since only comments are being edited.
* Update action_controller_overview.md [ci skip]Yauheni Dakuka2017-09-191-2/+2
|
* [ci skip] Prefer credentials to secrets in docs.Kasper Timm Hansen2017-09-131-23/+7
| | | | | | | Removes most mentions of secrets.secret_key_base and explains credentials instead. Also removes some very stale upgrade notices about Rails 3/4.
* Use https instead of http in guide [ci skip]Yoshiyuki Hirano2017-08-231-1/+1
|
* Fix english for the rescue_from warning [ci skip]Yuki Nishijima2017-07-111-1/+1
|
* Improving docs for callbacks execution order [ci skip]dixpac2017-05-211-0/+3
| | | | | When define callbacks latest definition on the same callback/method overwrites previous ones.
* Small grammar fixJon Moss2017-03-291-1/+1
| | | | | | Add comma and change verb. [ci skip]
* add hint on after_action filtersFrederik Wille2017-03-291-1/+1
| | | | | | | | Adds a hint that ``after_action``-callbacks are not executed when an exception was raised in the rest of the request cycle. The ``before_action`` section mentions "If there are additional filters scheduled to run after that filter, they are also cancelled." but this is IMO not sufficient.
* Add link to API documentationKirill Zhuravlov2016-11-231-1/+1
| | | Add a link to http://api.rubyonrails.org/classes/ActionController.html in the beginning of an article.
* adds support for arbitrary hashes in strong parametersXavier Noria2016-11-111-3/+15
|
* Setup default session store internally, no longer through an application ↵Prathamesh Sonpatki2016-07-171-2/+2
| | | | | | | | | | | | | initializer - By default the session store will be set to cookie store with application name as session key. - Older apps are not affected as they will have the session store initializer generated by Rails in older versions, and Rails will not overwrite the session store if it is already set or disabled. - But new apps will not have the initializer, instead the session store will be set to cookie store by default. - Based on comment by DHH here - https://github.com/rails/rails/issues/25181#issuecomment-222312764.
* Add Rack doc link for request and response object [ci skip]Jun Wan Goh2016-06-141-2/+2
|
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-06-031-5/+6
|\ | | | | | | | | Conflicts: guides/source/action_cable_overview.md
| * Small grammar fixes for Action Controller OverviewJon Moss2016-05-211-5/+6
| | | | | | | | [ci skip]
* | fix incorrect class name [ci skip]yuuji.yaginuma2016-05-281-1/+1
|/
* [ci skip] Parameter filter performs regular expression partial matchingAndrew Babichev2016-03-311-0/+2
|
* Update action_controller_overview.mdSandeep Navghane2016-03-151-1/+1
|
* [ci skip] update guide for Puma web server instead of WebrickGaurav Sharma2016-01-201-4/+0
| | | Rails 5.0 default server puma web server. following commit - https://github.com/rails/rails/commit/ae48ea69
* Add a note on ActionController guide about 404Mauro George2016-01-111-2/+6
| | | | [ci skip]
* Refer to rails command instead of rake in a bunch of placesDavid Heinemeier Hansson2015-12-181-1/+1
| | | | Still more to do. Please assist!
* Add `redirect_back` for safer referrer redirectsDerek Prior2015-12-161-1/+1
| | | | | | | | | | | | | | | | | `redirect_to :back` is a somewhat common pattern in Rails apps, but it is not completely safe. There are a number of circumstances where HTTP referrer information is not available on the request. This happens often with bot traffic and occasionally to user traffic depending on browser security settings. When there is no referrer available on the request, `redirect_to :back` will raise `ActionController::RedirectBackError`, usually resulting in an application error. `redirect_back` takes a required `fallback_location` keyword argument that specifies the redirect when the referrer information is not available. This prevents 500 errors caused by `ActionController::RedirectBackError`.
* Change AbstractRequest to ActionDispatch::RequestBradley D2015-09-171-1/+1
| | | | | | AbstractRequest has been deprecated, updating to refer to ActionDispatch::Request instead. [ci skip]
* Remove RHTML reference in Action Controller docs [ci skip]Lachlan Campbell2015-09-101-1/+1
|
* typo "description not clear corrected with proper description and ↵kishore-mohan2015-09-021-1/+1
| | | | action_controller_overview file Rails' -> Rails" [ci skip]
* fix typo in method name [ci skip]yuuji.yaginuma2015-08-301-1/+1
|
* Remove a link to the site that seems to be gone. [ci skip]shunsukeaida2015-08-231-1/+1
| | | | Followup to #20637.
* [ci skip] Fix action_controller_overviewyui-knk2015-06-281-1/+1
|
* document that default_url_options is cached per request [ci skip]Xavier Noria2015-06-151-1/+3
|
* Tiny grammar correction in documentation [ci skip]Ankit gupta2015-05-051-1/+1
|
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-04-141-1/+1
|\
| * [ci skip] Wrap with double quotationyui-knk2015-04-101-1/+1
| |