| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Extend previous changes, include the default line from the application controller that new rails applications are created with:
protect_from_forgery with: :exception
Minor wording changes to align.
|
|
|
|
|
| |
I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned.
I think the best approach now is to catch the exception, although I'm not 100% certain on that.
|
|
|
|
|
|
|
|
|
|
| |
Currently, the section called "How to store your custom translations"
has several subheadings that make no sense, such as "Translations for
ActiveRecord models." These make more sense under the "Overview of the
I18n API Features" section. I moved the "How to store..." section down
to the more appropriate sub-headings "Using Different Backends" and
"Using Different Exception Handlers" and removed the "Customize your
i18n setup" header.
|
|\
| |
| | |
additional note about routes in functional tests for engines [ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Calling `to_sym` on user input opens apps up to Denial of Service attacks, via the symbol table being expanded to consume vast swathes of memory.
It is a fairly common configuration to have DNS configured such that all subdomains route to your Rails app, in which case an attacker visits `www1.foo.com`, `www2.foo.com`, and so on until something gives.
It is far less likely to have this problem with TLDs, so that change was only for consistency.
|
| | |
|
|\ \
| | |
| | | |
[ci skip] Improve doc, fix grammatical issue
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
- Section references `form_tag` instead of the `form_for` used in the example
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| | |
References to ``AppName::Application` removed in favour of ``Rails.application``
as generated with a new rails 4.1 app.
[ci skip]
|
| |
| |
| | |
This is in the note at the end of Section 2: Controller Naming Convention. [ci skip]
|
| |
| |
| |
| | |
This is a follow up to 545afc15.
|
| | |
|
|\ \
| | |
| | | |
Improve debugging support
|
| | |
| | |
| | |
| | | |
Tested on a brand new app to exactly match current byebug's behaviour.
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Move assets precompile (and version) to an initializer
|
| | | |
| | | |
| | | |
| | | |
| | | | |
sprockets-rails 2.1 needs the precompile list to be available in all
environments.
|
|\ \ \ \
| | | | |
| | | | | |
Be explicit about allowed constraint values, fixes #14702
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Add more test case for #demodulize, Improve documentation
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Add after_commit/after_rollback to callback list
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adding after_commit/after_rollback to list of callbacks in order helps
explain the callback order as well as making it consistent with the API
docs at http://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html
|
|/ / / / |
|
|\ \ \ \
| |/ / /
|/| | | |
[ci skip] Update code snippets to latest master (initialization.md).
|
| | | |
| | | |
| | | |
| | | | |
Also update the `server.run` example (Replace Mongrel with Puma).
|
|/ / / |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Expand explanation of how to set secrets.yml.
|
| | | | |
|
| | | | |
|
|/ / / |
|
|/ / |
|
| |
| |
| |
| | |
Recommended using homebrew for installing MySQL and PostgreSQL
|
| |
| |
| | |
The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Revise 'sqlite3:' URL handling for smoother upgrades
Conflicts:
activerecord/CHANGELOG.md
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Restore the 4.0 behaviour for 'sqlite3:///', but deprecate it. We'll
change to the absolute-path interpretation in 4.2.
The current "correct" spellings for in-memory, relative, and absolute
URLs, respectively, are:
sqlite3::memory:
sqlite3:relative/path
sqlite3:/full/path
Substantially reverses/defers fbb79b517f3127ba620fedd01849f9628b78d6ce.
Uncovered by @guilleiguaran while investigating #14495, though that
sounds like a different issue.
|
| | |
| | |
| | |
| | |
| | |
| | | |
a concept of default scope in its example before it is introduced in the following section titled `Applying a default scope`.
It makes more sense to switch the ordering to introduce default scopes (`Applying a default scope`) first and then go into `Merging of scopes` section where it is used.
|
|\ \ \
| | | |
| | | | |
Fix default_url_options example in i18n guide
|
| |/ / |
|
| | |
| | |
| | |
| | | |
The option actually needs to be set on action_dispatch. [ci skip]
|
|/ /
| |
| | |
Using `Rails.application.config.cookies_serializer :hybrid` throws an exception, fixed to `=`.
|
|\ \ |
|