| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ActionDispatch::HostAuthorization is a new middleware that prevent
against DNS rebinding and other Host header attacks. By default it is
included only in the development environment with the following
configuration:
Rails.application.config.hosts = [
IPAddr.new("0.0.0.0/0"), # All IPv4 addresses.
IPAddr.new("::/0"), # All IPv6 addresses.
"localhost" # The localhost reserved domain.
]
In other environments, `Rails.application.config.hosts` is empty and no
Host header checks will be done. If you want to guard against header
attacks on production, you have to manually permit the allowed hosts
with:
Rails.application.config.hosts << "product.com"
The host of a request is checked against the hosts entries with the case
operator (#===), which lets hosts support entries of type RegExp,
Proc and IPAddr to name a few. Here is an example with a regexp.
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << /.*\.product\.com/
A special case is supported that allows you to permit all sub-domains:
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << ".product.com"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added json format, like this:
{
"Rails version": "6.0.0.alpha",
"Ruby version": "2.5.1-p57 (x86_64-darwin17)",
"RubyGems version": "2.7.6",
"Rack version": "2.0.6",
"JavaScript Runtime": "Node.js (V8)",
"Middleware": ["Rack::Sendfile", "ActionDispatch::Static", "ActionDispatch::Executor", "ActiveSupport::Cache::Strategy::LocalCache::Middleware", "Rack::Runtime", "Rack::MethodOverride", "ActionDispatch::RequestId", "ActionDispatch::RemoteIp", "Sprockets::Rails::QuietAssets", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "WebConsole::Middleware", "ActionDispatch::DebugExceptions", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::Migration::CheckPending", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ContentSecurityPolicy::Middleware", "Rack::Head", "Rack::ConditionalGet", "Rack::ETag", "Rack::TempfileReaper"],
"Application root": "/path/to/app",
"Environment": "development",
"Database adapter": "sqlite3",
"Database schema version": 0
}
|
|
|
|
| |
This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
|
|
|
|
|
| |
Change filter on /rails/info/routes to use an actual path regexp from rails
and not approximate javascript version. Oniguruma supports much more
extensive list of features than javascript regexp engine.
Fixes #18402.
|
|
|
|
|
| |
This is the continuation of the work started at
9d62e04838f01f5589fa50b0baa480d60c815e2c
|
| |
|
|
|
|
|
| |
Both `rails/info/properties` and `rails/info/routes` have same html
title attribute as *Routes*. This commit includes a fix for the titles.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
When someone gets a routing exception, the routes are rendered (starting in Rails 4.0). This PR brings parity between the html routes in the `rails/info/routes` path and when rendered from an exception. This is the continuation of #8521 which brought html formatted routes.
In addition to bringing parity to the two views, we're keeping our views DRY by rendering off of the same partials. In this case Railties depends on partials provided by ActionDispatch. I'm open to alternative implementations. Ideally both views will use the same code so any improvements or updates to it will be reproduced on both.
<hr />
![](http://f.cl.ly/items/3O1D0K1v0j0i343O3T3T/Screen%20Shot%202012-12-17%20at%203.07.20%20PM.png)
|
|
|
|
|
|
|
|
|
|
| |
This PR adds formatting and meta-data to the display of the internal routes. Users can now toggle between showing helpers with the `_path` or _`url` suffix.
There are multiple ways to achieve this, this method uses partials for formatting and meta-data. The partials can be re-used when rendering `routing_error.erb`, though that will need to be in a separate PR.
![](http://f.cl.ly/items/3A2p3c1T1t2f2X2R2K2S/Screen%20Shot%202012-12-12%20at%202.28.01%20PM.png)
ATP Railties
|
|\
| |
| |
| |
| |
| | |
Conflicts:
actionpack/lib/action_view/helpers/form_helper.rb
railties/lib/rails/info_controller.rb
|
| |
| |
| | |
# :nodoc: the rails/info_controller
|
| |
| |
| |
| |
| |
| |
| | |
This reverts commit ae68fc3864e99ab43c18fd12577744e1583f6b64, reversing
changes made to 0262a18c7b0ab6f60fee842b3007388f9ffeb0fa.
See here: https://github.com/rails/rails/pull/8499#issuecomment-11356417
|
| |
| |
| |
| |
| |
| | |
By formatting routes for different media (txt/html) we can apply optimizations based on the format. We can include meta-data in the HTML to allow a rich experience while rendering and viewing the routes. This PR shows route helpers as they are used with the `_path` extension, it also has a javascript toggle on the top to switch to `_url`. This way the developer can see the exact named route helper they can use instead of having to modify a base.
This is one example of an optimization that could be applied. Eventually we can link out to guides for the different columns to better explain what helper, HTTP Verb, Path, and Controller#action indicate. We could even add a route search box that could allow developers to input a given route and see all of the routes that match it. These are stand alone features and should be delivered separately.
|
|/
|
| |
cc/ @carlosantoniodasilva
|
| |
|
|
|
|
| |
Follow the consistency defined in dbc43bc.
|
|
|
|
|
| |
Changes introduced in 7404cda9f61e41d52ce244d60abbf598684a96c4.
Fix railties build.
|
|
|
|
| |
this is so we can show route output in the development when we get a routing error. Railties can use features of ActionDispatch, but ActionDispatch should not depend on Railties.
|
| |
|
|
|
|
| |
Will show similar contents to the output of `$ rake routes` in the browser in development. This speeds the time required to generate routes, since the application is already initialized.
|
|
|
|
| |
[#5361 state:committed]
|
| |
|
| |
|
|
|