aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/action_controller_overview.md
Commit message (Collapse)AuthorAgeFilesLines
* Fix title for example of removing data from `session` [ci skip]bogdanvlviv2018-04-231-2/+2
| | | | | | | | | After #31685 the description says different what we expect to see in the example. Change `assign that key to be nil` to `or delete the key/value pair` in order to highlight what is shown in the example. Fix one more example of removing data from the session in favour of using `delete` since assigning to `nil` doesn't delete key from it.
* Remove key from session by using session.delete (#31685)Rafael Barbolo2018-04-231-1/+3
| | | | | | | | | | | * Remove key from session by using session.delete You are not deleting a key from session when you assign nil to that key. * Update guides on how to destroy a user session In this commit, the user id is removed from session and controller's variables related to the user are nullified. [Rafael Mendonça França + Rafael Barbolo]
* Merge pull request #32277 from derekprior/dp-deprecate-force-sslGuillermo Iguaran2018-03-301-19/+3
|\ | | | | Deprecate controller level force_ssl
| * Deprecate controller level force_sslDerek Prior2018-03-301-19/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Today there are two common ways for Rails developers to force their applications to communicate over HTTPS: * `config.force_ssl` is a setting in environment configurations that enables the `ActionDispatch::SSL` middleware. With this middleware enabled, all HTTP communication to your application will be redirected to HTTPS. The middleware also takes care of other best practices by setting HSTS headers, upgrading all cookies to secure only, etc. * The `force_ssl` controller method redirects HTTP requests to certain controllers to HTTPS. As a consultant, I've seen many applications with misconfigured HTTPS setups due to developers adding `force_ssl` to `ApplicationController` and not enabling `config.force_ssl`. With this configuration, many application requests can be served over HTTP such as assets, requests that hit mounted engines, etc. In addition, because cookies are not upgraded to secure only in this configuration and HSTS headers are not set, it's possible for cookies that are meant to be secure to be sent over HTTP. The confusion between these two methods of forcing HTTPS is compounded by the fact that they share an identical name. This makes finding documentation on the "right" method confusing. HTTPS throughout is quickly becomming table stakes for all web sites. Sites are expected to operate over HTTPS for all communication, sensitive or otherwise. Let's encourage use of the broader-reaching `ActionDispatch::SSL` middleware and elminate this source of user confusion. If, for some reason, applications need to expose certain endpoints over HTTP they can do so by properly configuring `config.ssl_options`.
* | Readability fix [ci skip]Isaac Orme2018-03-251-1/+1
|/
* Fix note marks [ci skip]Yauheni Dakuka2018-03-121-1/+1
|
* [ci skip] Update MVC wiki linkDixit Patel2017-11-281-1/+1
|
* [ci skip]Add space before closing curly bracewillnet2017-10-251-2/+2
|
* Use `form_with` instead of `form_for` in engine guide [ci skip]Yoshiyuki Hirano2017-10-091-3/+3
|
* Cosmetic fixes [ci skip]Yauheni Dakuka2017-10-061-1/+1
|
* Use credentials, not secrets, for Active Storage (#30650)Claudio B2017-09-191-1/+1
| | | | | | | | | | According to #30067: > This PR will deprecate secrets.yml* and instead adopt > config/credentials.yml.enc to signify what these secrets are specifically > for: Keeping API keys, database passwords, and any other integration > credentials in one place. [ci skip] since only comments are being edited.
* Update action_controller_overview.md [ci skip]Yauheni Dakuka2017-09-191-2/+2
|
* [ci skip] Prefer credentials to secrets in docs.Kasper Timm Hansen2017-09-131-23/+7
| | | | | | | Removes most mentions of secrets.secret_key_base and explains credentials instead. Also removes some very stale upgrade notices about Rails 3/4.
* Use https instead of http in guide [ci skip]Yoshiyuki Hirano2017-08-231-1/+1
|
* Fix english for the rescue_from warning [ci skip]Yuki Nishijima2017-07-111-1/+1
|
* Improving docs for callbacks execution order [ci skip]dixpac2017-05-211-0/+3
| | | | | When define callbacks latest definition on the same callback/method overwrites previous ones.
* Small grammar fixJon Moss2017-03-291-1/+1
| | | | | | Add comma and change verb. [ci skip]
* add hint on after_action filtersFrederik Wille2017-03-291-1/+1
| | | | | | | | Adds a hint that ``after_action``-callbacks are not executed when an exception was raised in the rest of the request cycle. The ``before_action`` section mentions "If there are additional filters scheduled to run after that filter, they are also cancelled." but this is IMO not sufficient.
* Add link to API documentationKirill Zhuravlov2016-11-231-1/+1
| | | Add a link to http://api.rubyonrails.org/classes/ActionController.html in the beginning of an article.
* adds support for arbitrary hashes in strong parametersXavier Noria2016-11-111-3/+15
|
* Setup default session store internally, no longer through an application ↵Prathamesh Sonpatki2016-07-171-2/+2
| | | | | | | | | | | | | initializer - By default the session store will be set to cookie store with application name as session key. - Older apps are not affected as they will have the session store initializer generated by Rails in older versions, and Rails will not overwrite the session store if it is already set or disabled. - But new apps will not have the initializer, instead the session store will be set to cookie store by default. - Based on comment by DHH here - https://github.com/rails/rails/issues/25181#issuecomment-222312764.
* Add Rack doc link for request and response object [ci skip]Jun Wan Goh2016-06-141-2/+2
|
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-06-031-5/+6
|\ | | | | | | | | Conflicts: guides/source/action_cable_overview.md
| * Small grammar fixes for Action Controller OverviewJon Moss2016-05-211-5/+6
| | | | | | | | [ci skip]
* | fix incorrect class name [ci skip]yuuji.yaginuma2016-05-281-1/+1
|/
* [ci skip] Parameter filter performs regular expression partial matchingAndrew Babichev2016-03-311-0/+2
|
* Update action_controller_overview.mdSandeep Navghane2016-03-151-1/+1
|
* [ci skip] update guide for Puma web server instead of WebrickGaurav Sharma2016-01-201-4/+0
| | | Rails 5.0 default server puma web server. following commit - https://github.com/rails/rails/commit/ae48ea69
* Add a note on ActionController guide about 404Mauro George2016-01-111-2/+6
| | | | [ci skip]
* Refer to rails command instead of rake in a bunch of placesDavid Heinemeier Hansson2015-12-181-1/+1
| | | | Still more to do. Please assist!
* Add `redirect_back` for safer referrer redirectsDerek Prior2015-12-161-1/+1
| | | | | | | | | | | | | | | | | `redirect_to :back` is a somewhat common pattern in Rails apps, but it is not completely safe. There are a number of circumstances where HTTP referrer information is not available on the request. This happens often with bot traffic and occasionally to user traffic depending on browser security settings. When there is no referrer available on the request, `redirect_to :back` will raise `ActionController::RedirectBackError`, usually resulting in an application error. `redirect_back` takes a required `fallback_location` keyword argument that specifies the redirect when the referrer information is not available. This prevents 500 errors caused by `ActionController::RedirectBackError`.
* Change AbstractRequest to ActionDispatch::RequestBradley D2015-09-171-1/+1
| | | | | | AbstractRequest has been deprecated, updating to refer to ActionDispatch::Request instead. [ci skip]
* Remove RHTML reference in Action Controller docs [ci skip]Lachlan Campbell2015-09-101-1/+1
|
* typo "description not clear corrected with proper description and ↵kishore-mohan2015-09-021-1/+1
| | | | action_controller_overview file Rails' -> Rails" [ci skip]
* fix typo in method name [ci skip]yuuji.yaginuma2015-08-301-1/+1
|
* Remove a link to the site that seems to be gone. [ci skip]shunsukeaida2015-08-231-1/+1
| | | | Followup to #20637.
* [ci skip] Fix action_controller_overviewyui-knk2015-06-281-1/+1
|
* document that default_url_options is cached per request [ci skip]Xavier Noria2015-06-151-1/+3
|
* Tiny grammar correction in documentation [ci skip]Ankit gupta2015-05-051-1/+1
|
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-04-141-1/+1
|\
| * [ci skip] Wrap with double quotationyui-knk2015-04-101-1/+1
| |
* | [ci skip] Downcases filter namesyui-knk2015-04-101-3/+3
|/
* Merge pull request #18459 from cantino/action_controller_guide_editsRafael Mendonça França2015-03-111-45/+44
|\ | | | | Action Controller guide edits for grammar and clarity
| * Edits for grammar and clarity, with help from georgeclaghorn and robin850.Andrew Cantino2015-03-111-45/+44
| |
* | [ci skip] escape under scoreyui-knk2015-02-131-1/+1
| |
* | - Changed `IN` to `ON` in markdown renderer conditionVipul A M2015-01-141-1/+1
|/ | | | - Changed `IN` to `ON` in all note sentences in guides.
* Add a note about non-buffering servers for AC::LiveAditya Kapoor2014-12-271-0/+5
| | | | [ci skip]
* warn about reading guides in GitHubXavier Noria2014-12-231-0/+2
| | | | References #18148.
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-2/+2
|
* Remove custom errors page section from the guidesYuki Nishijima2014-11-281-58/+1
| | | | | | | | | | | | | | This pattern is too problematic and introduces a lot of edge cases: * On 4.2, the issue https://github.com/rails/rails/issues/15124 is back again. * needs to define each action for each http status otherwise the router raises ActionController::RoutingError (No route matches). * If the router has `match "/*username",...` and some action is missing, Rails will pick up the "match" and try to do its job. * encourages people to copy & paste programming. Not DRY. [ci skip]