aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'fix-ip-spoof-errors' of https://github.com/tamird/rails into ↵Andrew White2013-09-301-0/+10
|\ | | | | | | tamird-fix-ip-spoof-errors
| * make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-0/+10
| |
* | Calls to the application constant have been refactored to usewangjohn2013-06-101-1/+1
|/ | | | | Rails.application when drawing routes and creating other configurations on the application.
* Removing use of subclassed application constant and instead using thewangjohn2013-06-031-6/+6
| | | | | more agnostic Rails.application syntax. This means tests will be more portable, and won't rely on the existence of a particular subclass.
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-2/+2
|
* Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵Trevor Turk2013-03-281-8/+60
| | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config
* Fix some typosVipul A M2013-03-241-1/+1
|
* Remove BestStandardsSupport middlewareGuillermo Iguaran2013-01-291-30/+0
|
* Account for ignored cookie set by turbolinksNick Reed2013-01-141-6/+6
|
* Add regression test to #8907Rafael Mendonça França2013-01-141-0/+31
|
* Restore original remote_ip algorithm.Andre Arko2013-01-021-1/+1
| | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* Add UpgradeSignatureToEncryptionCookieStoreSantiago Pastorino2012-11-161-0/+110
| | | | | | This allows easy upgrading from the old signed Cookie Store <= 3.2 or the deprecated one in 4.0 (the ones that doesn't use key derivation) to the new one that signs using key derivation
* Remove duplicated get /foo/write_sessionSantiago Pastorino2012-11-161-1/+0
|
* Remove unused config optionSantiago Pastorino2012-11-161-1/+0
|
* Use derived keys everywhere, http_authentication was missing itSantiago Pastorino2012-11-031-1/+3
|
* Add encrypted cookie storeSantiago Pastorino2012-11-031-0/+51
|
* Don't use action_controller.perform_caching to enable rack-rack.Rafael Mendonça França2012-10-181-2/+12
| | | | | Setting the action_dispatch.rack_cache options to true or a hash should be the way to enable it.
* Use Ruby 1.9 Hash syntax in railtiesRobin Dupret2012-10-142-13/+13
|
* Fix middleware cache tests enabling rack_cacheGuillermo Iguaran2012-10-051-0/+2
|
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-0/+82
| | | | | | | | It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does).
* Fixes wrong test class names.kennyj2012-08-291-1/+1
|
* Fix failure on middleware/exceptions_testJosé Valim2012-08-231-10/+4
| | | | | | | The reason the test was failing was because when the test invokes `app.config`, the app is loaded and, as `eager_load` is set to true, it disables the dependency loading mechanism, so controllers that are later defined are not loaded.
* Remove app building setup/teardown for remote ip railtie testsCarlos Antonio da Silva2012-08-211-14/+0
| | | | | These tests rely on "make_basic_app", which is a faster version that does not need to create the whole app directory structure.
* Failing test for #6034Piotr Sarnacki2012-04-301-0/+20
|
* Remove default match without specified methodJose and Yehuda2012-04-242-2/+2
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Freeze the middleware stack after it's builtJeremy Kemper2012-04-201-17/+18
| | | | | | So apps that accidentally add middlewares later aren't unwittingly dumping them in a black hole. Closes #5911
* Handle files from ActionDispatch::Static with Rack::Sendfile (fixes #5225)Piotr Sarnacki2012-03-031-0/+13
| | | | | | | | This makes rails behave properly when you serve static assets and you have X-Sendfile headers enabled. Nevertheless in most cases you should not rely on that and serve static assets with a webserver like Apache or Nginx (as you already have it in place anyway if you use X-Sendfile)
* config.force_ssl should mark the session as secure.José Valim2012-01-131-0/+30
|
* convert railties to use AS::TestCaseAaron Patterson2012-01-056-6/+6
|
* don't encode an UTF-8 encoded templateXu Pan2011-12-201-1/+2
|
* Show detailed exceptions no longer returns true if the request is local in ↵José Valim2011-12-161-0/+1
| | | | production.
* Improve the specs on exceptions app.José Valim2011-12-161-1/+1
|
* Allow a custom exceptions app to set.José Valim2011-12-161-0/+14
|
* Fix diagnostics page for routing errors.José Valim2011-12-151-2/+13
|
* Add ActiveSupport::Cache::NullStore to expose caching interface without ↵Brian Durand2011-12-121-2/+2
| | | | actually caching for development and test environments.
* Split ShowExceptions responsibilities in two middlewares.José Valim2011-12-011-1/+1
|
* Allow rescue responses to be configured through a railtie.José Valim2011-12-011-0/+29
|
* fix exception page when template contains utf-8 and parameters contain utf-8lest2011-11-301-11/+30
|
* configuration option to always write cookielest2011-11-231-0/+47
|
* Test demonstrating #3053: If-Modified-Since gets swallowed up by rack-cache.Brendan Ribera2011-10-031-0/+14
|
* x_sendfile_header now defaults to nil and production.rb env file doesn'tSantiago Pastorino2011-08-071-1/+2
| | | | | | | set a particular value for it. This allows servers to set it through X-Sendfile-Type, read https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more info. Anyways you can force this value in your production.rb
* Solve the RAILS_ENV problem in the railties tests in a more generic wayJon Leighton2011-06-065-0/+20
|
* Replace references to ActiveSupport::SecureRandom with just SecureRandom, ↵Jon Leighton2011-05-231-2/+2
| | | | and require 'securerandom' from the stdlib when active support is required.
* Always use ActionDispatch::ShowExceptions middleware [#6462 state:resolved]Prem Sichanugrist2011-02-251-0/+37
| | | | This will make sure the application will raise `ActionController::RoutingError` in case "X-Cascade: pass" header was set, usually when there's no route match.
* Fix a routing test. Reorganize middleware tests.José Valim2010-10-024-12/+145
|
* Only add Rack::Cache to the middleware stack if ↵Sparky2010-09-151-1/+15
| | | | config.action_controller.perform_caching is set.
* Add tests for Rack::CacheCarlhuda2010-09-131-0/+148