aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/api_app.md
Commit message (Collapse)AuthorAgeFilesLines
* Update links and code examples in the guides to use HTTPS where the host ↵Nathaniel Suchy2019-03-061-2/+2
| | | | supports it.
* Cleanup the whitelisting references after #33145Genadi Samokovarov2019-02-031-1/+1
| | | | | | | | | | | | During the development of #33145, I have named a few concepts in the code as `whitelisted`. We decided to stay away from the term and I adjusted most of the code afterwards, but here are the cases I forgot to change. I also found a case in the API guide that we could have cleaned up as well. [ci skip]
* Merge pull request #33229 from ↵Matthew Draper2018-07-251-1/+1
|\ | | | | | | | | albertoalmagro/albertoalmagro/prefer-rails-command-over-bin-rails Prefer rails command over bin/rails
| * Recommend use of rails over bin/railsAlberto Almagro2018-07-061-1/+1
| | | | | | | | | | | | | | | | | | As discussed in #33203 rails command already looks for, and runs, bin/rails if it is present. We were mixing recommendations within guides and USAGE guidelines, in some files we recommended using rails, in others bin/rails and in some cases we even had both options mixed together.
* | Rails guides are now served over httpsPaul McMahon2018-07-241-1/+1
|/ | | | | http links will be redirected to the https version, but still better to just directly link to the https version.
* Added a lot of Oxford commasAnthony Crumley2018-05-101-4/+4
| | | | | | | [ci skip] A regular expression was used to find a lot of missing Oxford commas and add them. The regular expression was as follows. ", ([a-zA-Z0-9.\`:'\"]+ ){1,6}(or|and) "
* [ci skip] Modify twitter api link in api guideYoshiyuki Hirano2018-03-311-1/+1
| | | | * The twitter developer site's url was changed.
* Deprecate controller level force_sslDerek Prior2018-03-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Today there are two common ways for Rails developers to force their applications to communicate over HTTPS: * `config.force_ssl` is a setting in environment configurations that enables the `ActionDispatch::SSL` middleware. With this middleware enabled, all HTTP communication to your application will be redirected to HTTPS. The middleware also takes care of other best practices by setting HSTS headers, upgrading all cookies to secure only, etc. * The `force_ssl` controller method redirects HTTP requests to certain controllers to HTTPS. As a consultant, I've seen many applications with misconfigured HTTPS setups due to developers adding `force_ssl` to `ApplicationController` and not enabling `config.force_ssl`. With this configuration, many application requests can be served over HTTP such as assets, requests that hit mounted engines, etc. In addition, because cookies are not upgraded to secure only in this configuration and HSTS headers are not set, it's possible for cookies that are meant to be secure to be sent over HTTP. The confusion between these two methods of forcing HTTPS is compounded by the fact that they share an identical name. This makes finding documentation on the "right" method confusing. HTTPS throughout is quickly becomming table stakes for all web sites. Sites are expected to operate over HTTPS for all communication, sensitive or otherwise. Let's encourage use of the broader-reaching `ActionDispatch::SSL` middleware and elminate this source of user confusion. If, for some reason, applications need to expose certain endpoints over HTTP they can do so by properly configuring `config.ssl_options`.
* [ci skip] Add missing **DO NOT READ THIS FILE ON GITHUB, GUIDES ARE ↵Ryuta Kamizono2017-12-151-1/+0
| | | | PUBLISHED ON http://guides.rubyonrails.org.**
* Fix names of http authentication modules in api_app guidesRoman Kovtunenko2017-11-191-2/+4
|
* Fix rails middleware list in api_app guide [ci skip]Yoshiyuki Hirano2017-09-241-1/+0
| | | | * `MyApi::Application::Routes` is not middleware.
* Use https instead of http in guide [ci skip]Yoshiyuki Hirano2017-08-231-2/+2
|
* Use ssl in guide and comment [ci skip]Yoshiyuki Hirano2017-08-191-2/+2
|
* Update Rails API Application guide to match current code [ci skip]Mike Gunderloy2017-05-211-9/+11
| | | | | | | | * Adjust list of middlewares loaded by default * Add routing middleware to list to match the list in the Rack guide * Adjust list of Controller modules loaded by default Plus fix one singular/plural mistake
* Pass over API Apps guide grammar. [ci skip]Vipul A M2016-05-161-7/+5
|
* Add `ActiveRecord::Migration::CheckPending` to default middlewares for API AppsVipul A M2016-05-161-0/+1
| | | | [ci skip]
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-05-141-1/+8
|\ | | | | | | | | Conflicts: guides/source/configuring.md
| * Add output snippet from `ActionController::API.ancestors - ↵Vipul A M2016-05-131-0/+7
| | | | | | | | | | | | ActionController::Metal.ancestors` command for api apps. [ci skip]
| * Remove ambiquity in what we are referring to in the documentation of config ↵Vipul A M2016-05-111-1/+1
| | | | | | | | vs configuring the server itself
* | Replace ActionDispatch::LoadInterlock with ActionDispatch::Executor in ↵willnet2016-04-301-1/+1
| | | | | | | | | | | | | | guides [ci skip] Guides should be updated because ActionDispatch::LoadInterlock was replaced with ActionDispatch::Executor at #23807.
* | fix incorrect module name [ci skip]yuuji.yaginuma2016-05-011-1/+1
|/
* Merge branch 'master' of github.com:rails/docrailsVijay Dev2016-04-291-1/+1
|\ | | | | | | | | Conflicts: guides/source/configuring.md
| * be specific when the debug_exception_response_format to :apiVipul A M2016-04-231-1/+1
| | | | | | | | [ci skip]
| * `debug_exception_format` is set to :api by default for API apps only, not ↵Prathamesh Sonpatki2016-04-221-1/+1
| | | | | | | | | | | | for normal apps. [ci skip]
* | Remove reference to unknown method `dirty?` to docsVipul A M2016-04-191-2/+0
|/ | | | [ci skip]
* [ci skip] Need to mention debug_exception_response_format in the api_app ↵Akshay2016-02-251-0/+17
| | | | | | | | | documentation. - #23771 removed the reference to debug_exception_response_format from the api_app documentation. - We need to let users know, they have ability to configure debug_exception_response_format in their development environment. - Added documentation for the same in api_app.md file - Grammar corrections
* remove needless `debug_exception_response_format` config [ci skip]yuuji.yaginuma2016-02-191-8/+0
| | | | | Since a0343d11f1bf80a79e273c1d0cf9934ef2601e98, `debug_exception_response_format` config depends on `api_only`. Therefore, if set the `api_only`, need to specify `debug_exception_response_format` is not.
* partial pass over the API guide [ci skip]Xavier Noria2016-02-181-15/+14
|
* Separate for new and existing applications clearlyVijay Dev2016-02-071-0/+4
| | | | [ci skip]
* Merge pull request #22857 from bdewater/interlock-docVipul A M2016-02-011-3/+0
|\ | | | | Update middleware docs regarding ActionDispatch::LoadInterlock [ci skip]
| * Update middleware docs regarding ActionDispatch::LoadInterlock [ci skip]Bart de Water2016-01-311-4/+1
| |
* | Docs review of api_app.mdJon Moss2016-01-281-16/+19
| | | | | | | | | | | | | | | | Pass through correcting api_app.md. The list of included modules and middleware was tested through a sample API app, and was listed in the same order an end user would see in their terminal. [ci skip]
* | Remove Rack::Lock from the API guidesRafael Mendonça França2016-01-281-4/+0
| | | | | | | | | | | | It is not always there anymore [ci skip]
* | Middleware have no pluralRafael Mendonça França2016-01-281-14/+14
|/ | | | [ci skip]
* Refer to rails command instead of rake in a bunch of placesDavid Heinemeier Hansson2015-12-181-1/+1
| | | | Still more to do. Please assist!
* Mention the debug_exception_response_format config in guidesJorge Bejar2015-12-091-0/+8
|
* [ci skip] Indentation in cache exampleszacharywelch2015-11-181-2/+2
|
* Revert "removing Rack::Runtime from the default stack."Aaron Patterson2015-10-031-0/+1
| | | | | | | | | | | | | | | | | | This reverts commit 37423e4ff883ad5584bab983aceb4b2b759a1fd8. Jeremy is right that we shouldn't remove this. The fact is that many engines are depending on this middleware to be in the default stack. This ties our hands and forces us to keep the middleware in the stack so that engines will work. To be extremely clear, I think this is another smell of "the rack stack" that we have in place. When manipulating middleware, we should have meaningful names for places in the req / res lifecycle **not** have engines depend on a particular constant be in a particular place in the stack. This is a weakness of the API that we have to figure out a way to address before removing the constant. As far as timing attacks are concerned, we can reduce the granularity such that it isn't useful information for hackers, but is still useful for developers.
* removing Rack::Runtime from the default stack.Aaron Patterson2015-10-021-1/+0
| | | | | | | | | | | | The runtime header is a potential target for timing attacks since it returns the amount of time spent on the server (eliminating network speed). Total time is also not accurate for streaming responses. The middleware can be added back via: ```ruby config.middleware.ues ::Rack::Runtime ```
* mostly remove the ParamsParser middlewareAaron Patterson2015-09-181-4/+3
| | | | | This can still be added to the middleware stack, but is really not necessary. I'll follow up with a commit that deprecates the constant
* fix module name typo in API app guide [ci skip]yuuji.yaginuma2015-09-041-1/+1
|
* remove RackDelegation moduleAaron Patterson2015-08-261-3/+0
| | | | | | Since all controller instances are required to have a request and response object, RackDelegation is no longer needed (we always have to delegate to the response)
* [ci skip] Fix `before_filter` -> `before_action`yui-knk2015-07-241-1/+1
|
* A pass over the API application guide [ci skip]Robin Dupret2015-06-151-375/+348
| | | | | | | | | | | | * Fix a few remaining typos * Wrap lines to 80 chars * Fix the conversion from Textile to Markdown * Update the part about `Rack::Cache` which isn't included anymore and speak about Active Support's provided middleware * Remove references to out-of-date methods and middlewares (e.g. respond_with) and update the list of modules and middlewares to match the actual code-base. * Remove the middleware's description and links to the Rack guide
* It's rails new my_api --apiSantiago Pastorino2015-06-111-1/+1
|
* Change guide heading from - to =Santiago Pastorino2015-06-111-1/+1
|
* Add API only apps guideSantiago Pastorino2015-06-111-0/+435