aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/info_controller.rb
Commit message (Collapse)AuthorAgeFilesLines
* Introduce a guard against DNS rebinding attacksGenadi Samokovarov2018-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ActionDispatch::HostAuthorization is a new middleware that prevent against DNS rebinding and other Host header attacks. By default it is included only in the development environment with the following configuration: Rails.application.config.hosts = [ IPAddr.new("0.0.0.0/0"), # All IPv4 addresses. IPAddr.new("::/0"), # All IPv6 addresses. "localhost" # The localhost reserved domain. ] In other environments, `Rails.application.config.hosts` is empty and no Host header checks will be done. If you want to guard against header attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" The host of a request is checked against the hosts entries with the case operator (#===), which lets hosts support entries of type RegExp, Proc and IPAddr to name a few. Here is an example with a regexp. # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << ".product.com"
* Add JSON support to rails properties route (`/rails/info/properties`).Yoshiyuki Hirano2018-11-071-2/+10
| | | | | | | | | | | | | | | | | Added json format, like this: { "Rails version": "6.0.0.alpha", "Ruby version": "2.5.1-p57 (x86_64-darwin17)", "RubyGems version": "2.7.6", "Rack version": "2.0.6", "JavaScript Runtime": "Node.js (V8)", "Middleware": ["Rack::Sendfile", "ActionDispatch::Static", "ActionDispatch::Executor", "ActiveSupport::Cache::Strategy::LocalCache::Middleware", "Rack::Runtime", "Rack::MethodOverride", "ActionDispatch::RequestId", "ActionDispatch::RemoteIp", "Sprockets::Rails::QuietAssets", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "WebConsole::Middleware", "ActionDispatch::DebugExceptions", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::Migration::CheckPending", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ContentSecurityPolicy::Middleware", "Rack::Head", "Rack::ConditionalGet", "Rack::ETag", "Rack::TempfileReaper"], "Application root": "/path/to/app", "Environment": "development", "Database adapter": "sqlite3", "Database schema version": 0 }
* [Railties] require_relative => requireAkira Matsuda2017-10-211-1/+1
| | | | This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
* Adding frozen_string_literal pragma to Railties.Pat Allan2017-08-141-0/+2
|
* [Railties] require => require_relativeAkira Matsuda2017-07-011-1/+1
|
* Add three new rubocop rulesRafael Mendonça França2016-08-161-4/+4
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-8/+8
|
* applies new string literal convention in railties/libXavier Noria2016-08-061-6/+6
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Fix URI.escape is obsolete warningsAndrew White2015-05-051-1/+1
|
* Change filter on /rails/info/routes to use an actual path regexp from railsbrainopia2015-02-231-2/+23
| | | | | | | | Change filter on /rails/info/routes to use an actual path regexp from rails and not approximate javascript version. Oniguruma supports much more extensive list of features than javascript regexp engine. Fixes #18402.
* Deprecate all *_filter callbacks in favor of *_action callbacksRafael Mendonça França2014-05-271-1/+1
| | | | | This is the continuation of the work started at 9d62e04838f01f5589fa50b0baa480d60c815e2c
* Add an application controller for internal controllersAndrew White2013-12-171-15/+3
|
* Fix for titles of info pagesSıtkı Bağdat2013-11-221-0/+2
| | | | | Both `rails/info/properties` and `rails/info/routes` have same html title attribute as *Routes*. This commit includes a fix for the titles.
* Redirect using action hash instead of hardcoding full routeCarlos Antonio da Silva2013-01-051-1/+1
|
* Change Rails Info controller to use the new table routes formatterCarlos Antonio da Silva2013-01-051-1/+1
|
* Don't use layout when requested from xhrRyunosuke SATO2013-01-051-1/+1
|
* Format routes as html on debug pageschneems2012-12-171-0/+1
| | | | | | | | | When someone gets a routing exception, the routes are rendered (starting in Rails 4.0). This PR brings parity between the html routes in the `rails/info/routes` path and when rendered from an exception. This is the continuation of #8521 which brought html formatted routes. In addition to bringing parity to the two views, we're keeping our views DRY by rendering off of the same partials. In this case Railties depends on partials provided by ActionDispatch. I'm open to alternative implementations. Ideally both views will use the same code so any improvements or updates to it will be reproduced on both. <hr /> ![](http://f.cl.ly/items/3O1D0K1v0j0i343O3T3T/Screen%20Shot%202012-12-17%20at%203.07.20%20PM.png)
* HTML formatting to Rails::InfoController#routesschneems2012-12-171-2/+1
| | | | | | | | | | This PR adds formatting and meta-data to the display of the internal routes. Users can now toggle between showing helpers with the `_path` or _`url` suffix. There are multiple ways to achieve this, this method uses partials for formatting and meta-data. The partials can be re-used when rendering `routing_error.erb`, though that will need to be in a separate PR. ![](http://f.cl.ly/items/3A2p3c1T1t2f2X2R2K2S/Screen%20Shot%202012-12-12%20at%202.28.01%20PM.png) ATP Railties
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-12-151-1/+1
|\ | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/form_helper.rb railties/lib/rails/info_controller.rb
| * Update railties/lib/rails/info_controller.rbRichard Schneeman2012-12-101-1/+1
| | | | | | # :nodoc: the rails/info_controller
* | Revert "Merge pull request #8499 from schneems/schneems/html-route-inspector"Steve Klabnik2012-12-141-1/+1
| | | | | | | | | | | | | | This reverts commit ae68fc3864e99ab43c18fd12577744e1583f6b64, reversing changes made to 0262a18c7b0ab6f60fee842b3007388f9ffeb0fa. See here: https://github.com/rails/rails/pull/8499#issuecomment-11356417
* | Output routes in :html formatschneems2012-12-121-1/+1
| | | | | | | | | | | | By formatting routes for different media (txt/html) we can apply optimizations based on the format. We can include meta-data in the HTML to allow a rich experience while rendering and viewing the routes. This PR shows route helpers as they are used with the `_path` extension, it also has a javascript toggle on the top to switch to `_url`. This way the developer can see the exact named route helper they can use instead of having to modify a base. This is one example of an optimization that could be applied. Eventually we can link out to guides for the different columns to better explain what helper, HTTP Verb, Path, and Controller#action indicate. We could even add a route search box that could allow developers to input a given route and see all of the routes that match it. These are stand alone features and should be delivered separately.
* | Use `File.expand_path` instead of `File.join`schneems2012-12-091-1/+1
|/ | | cc/ @carlosantoniodasilva
* Use Ruby 1.9 Hash syntax in railtiesRobin Dupret2012-10-141-1/+1
|
* Rename RouteInspector to RoutesInspectorCarlos Antonio da Silva2012-07-081-1/+1
| | | | Follow the consistency defined in dbc43bc.
* Remove RoutesInspector from railties, since it was moved to APCarlos Antonio da Silva2012-07-081-1/+0
| | | | | Changes introduced in 7404cda9f61e41d52ce244d60abbf598684a96c4. Fix railties build.
* move route_inspector to actionpack@schneems and @mattt2012-07-071-1/+2
| | | | this is so we can show route output in the development when we get a routing error. Railties can use features of ActionDispatch, but ActionDispatch should not depend on Railties.
* Rename RouteInspect to RoutesInspector for consistencyJosé Valim2012-06-291-2/+2
|
* /rails/info/routes path shows routing informationschneems2012-05-241-7/+25
| | | | Will show similar contents to the output of `$ rake routes` in the browser in development. This speeds the time required to generate routes, since the application is already initialized.
* Moves local_request? to require.local?Santiago Pastorino2010-08-131-1/+1
| | | | [#5361 state:committed]
* Autoload Rails::InfoJoshua Peek2010-03-201-2/+0
|
* Require info controller from info routesJoshua Peek2010-03-201-0/+2
|
* Move railties/builtin into libJoshua Peek2010-03-201-0/+15