From b4038ab37ac4e869632238071a3d6714a152a0a5 Mon Sep 17 00:00:00 2001 From: Kevin Reintjes Date: Mon, 27 Feb 2017 17:45:24 +0100 Subject: Correct Autoloading and STI guide (issue #26994) --- guides/source/autoloading_and_reloading_constants.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'guides/source') diff --git a/guides/source/autoloading_and_reloading_constants.md b/guides/source/autoloading_and_reloading_constants.md index 61657023e7..05743ee4ce 100644 --- a/guides/source/autoloading_and_reloading_constants.md +++ b/guides/source/autoloading_and_reloading_constants.md @@ -983,20 +983,19 @@ WHERE "polygons"."type" IN ("Rectangle") That is not a bug, the query includes all *known* descendants of `Rectangle`. A way to ensure this works correctly regardless of the order of execution is to -load the leaves of the tree by hand at the bottom of the file that defines the -root class: +manually load the direct subclasses at the bottom of the file that defines each +intermediate class: ```ruby -# app/models/polygon.rb -class Polygon < ApplicationRecord +# app/models/rectangle.rb +class Rectangle < Polygon end -require_dependency ‘square’ +require_dependency 'square' ``` -Only the leaves that are **at least grandchildren** need to be loaded this -way. Direct subclasses do not need to be preloaded. If the hierarchy is -deeper, intermediate classes will be autoloaded recursively from the bottom -because their constant will appear in the class definitions as superclass. +This needs to happen for every intermediate (non-root and non-leaf) class. The +root class does not scope the query by type, and therefore does not necessarily +have to know all its descendants. ### Autoloading and `require` -- cgit v1.2.3 From ef291d997d8751e9289cfc148b24d0b9aea81dc8 Mon Sep 17 00:00:00 2001 From: Robin Dupret Date: Thu, 27 Apr 2017 14:50:27 +0200 Subject: Update the JavaScript guide to use `form_with` `form_with` is the new preferred method to deal with generation of HTML forms and it enables Ajax support by default. [ci skip] --- guides/source/working_with_javascript_in_rails.md | 36 +++++------------------ 1 file changed, 7 insertions(+), 29 deletions(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 2a6a87c232..2ef7e8d15d 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -153,14 +153,15 @@ Unless you have disabled the Asset Pipeline, provides the JavaScript half, and the regular Ruby view helpers add appropriate tags to your DOM. -### form_for +### form_with -[`form_for`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_for) -is a helper that assists with writing forms. `form_for` takes a `:remote` -option. It works like this: +[`form_with`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with) +is a helper that assists with writing forms. By default, `form_with` considers +that your form will be using Ajax ; you can opt-out by specifying the `:local` +option. ```erb -<%= form_for(@article, remote: true) do |f| %> +<%= form_with(model: @article) do |f| %> ... <% end %> ``` @@ -168,7 +169,7 @@ option. It works like this: This will generate the following HTML: ```html -
+ ...
``` @@ -191,29 +192,6 @@ $(document).ready -> Obviously, you'll want to be a bit more sophisticated than that, but it's a start. You can see more about the events [in the jquery-ujs wiki](https://github.com/rails/jquery-ujs/wiki/ajax). -### form_tag - -[`form_tag`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html#method-i-form_tag) -is very similar to `form_for`. It has a `:remote` option that you can use like -this: - -```erb -<%= form_tag('/articles', remote: true) do %> - ... -<% end %> -``` - -This will generate the following HTML: - -```html -
- ... -
-``` - -Everything else is the same as `form_for`. See its documentation for full -details. - ### link_to [`link_to`](http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-link_to) -- cgit v1.2.3 From 6ceb7ce162296c1813e95b6a2a68735519028c90 Mon Sep 17 00:00:00 2001 From: Robin Dupret Date: Thu, 27 Apr 2017 15:11:36 +0200 Subject: Add a section with the different Ajax events [ci skip] --- guides/source/working_with_javascript_in_rails.md | 36 +++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 2ef7e8d15d..45dfeee19e 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -153,6 +153,9 @@ Unless you have disabled the Asset Pipeline, provides the JavaScript half, and the regular Ruby view helpers add appropriate tags to your DOM. +You can read below about the different events that are fired dealing with +remote elements inside your application. + ### form_with [`form_with`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with) @@ -242,6 +245,39 @@ this generates Since it's just a `
`, all of the information on `form_for` also applies. +Dealing with Ajax events +------------------------ + +Here are the different events that are fired when you deal with elements +that have a `data-remote` attribute: + +NOTE: All handlers bound to these events are always passed the event object as the +first argument. The table below describes the extra parameters passed after the +event argument. For exemple, if the extra parameters are listed as `xhr, settings`, +then to access them, you would define your handler with `function(event, xhr, settings)`. + +| Event name | Extra parameters | Fired | +|---------------------|------------------|-------------------------------------------------------------| +| `ajax:before` | | Before the whole ajax business, aborts if stopped. | +| `ajax:beforeSend` | xhr, options | Before the request is sent, aborts if stopped. | +| `ajax:send` | xhr | When the request is sent. | +| `ajax:success` | xhr, status, err | After completion, if the response was a success. | +| `ajax:error` | xhr, status, err | After completion, if the response was an error. | +| `ajax:complete` | xhr, status | After the request has been completed, no matter the outcome.| +| `ajax:aborted:file` | elements | If there are non-blank file inputs, aborts if stopped. | + +### Stoppable events + +If you stop `ajax:before` or `ajax:beforeSend` by returning false from the +handler method, the Ajax request will never take place. The `ajax:before` event +is also useful for manipulating form data before serialization. The +`ajax:beforeSend` event is also useful for adding custom request headers. + +If you stop the `ajax:aborted:file` event, the default behavior of allowing the +browser to submit the form via normal means (i.e. non-AJAX submission) will be +canceled and the form will not be submitted at all. This is useful for +implementing your own AJAX file upload workaround. + Server-Side Concerns -------------------- -- cgit v1.2.3 From 1cbf4b17198ede59f7e188ca79ad1bb8dad7dfe1 Mon Sep 17 00:00:00 2001 From: Robin Dupret Date: Thu, 27 Apr 2017 15:13:24 +0200 Subject: Nest Action View remote helpers one level deeper [ci skip] --- guides/source/working_with_javascript_in_rails.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 45dfeee19e..544c04f768 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -141,6 +141,8 @@ follow this pattern. Built-in Helpers ---------------------- +### Remote elements + Rails provides a bunch of view helper methods written in Ruby to assist you in generating HTML. Sometimes, you want to add a little Ajax to those elements, and Rails has got your back in those cases. @@ -156,7 +158,7 @@ tags to your DOM. You can read below about the different events that are fired dealing with remote elements inside your application. -### form_with +#### form_with [`form_with`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with) is a helper that assists with writing forms. By default, `form_with` considers @@ -195,7 +197,7 @@ $(document).ready -> Obviously, you'll want to be a bit more sophisticated than that, but it's a start. You can see more about the events [in the jquery-ujs wiki](https://github.com/rails/jquery-ujs/wiki/ajax). -### link_to +#### link_to [`link_to`](http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-link_to) is a helper that assists with generating links. It has a `:remote` option you @@ -227,7 +229,7 @@ $ -> alert "The article was deleted." ``` -### button_to +#### button_to [`button_to`](http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-button_to) is a helper that helps you create buttons. It has a `:remote` option that you can call like this: -- cgit v1.2.3 From 7bf580c89e1aa9342073a7e498d3c993a078b6a2 Mon Sep 17 00:00:00 2001 From: Robin Dupret Date: Thu, 27 Apr 2017 17:40:15 +0200 Subject: Add documentation of data attributes for UJS [ci skip] --- guides/source/working_with_javascript_in_rails.md | 98 ++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 544c04f768..527b244b0d 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -195,7 +195,7 @@ $(document).ready -> ``` Obviously, you'll want to be a bit more sophisticated than that, but it's a -start. You can see more about the events [in the jquery-ujs wiki](https://github.com/rails/jquery-ujs/wiki/ajax). +start. #### link_to @@ -247,6 +247,102 @@ this generates Since it's just a ``, all of the information on `form_for` also applies. +### Customize remote elements + +It is possible to customize the behavior of elements with a `data-remote` +attribute without writing a line of JavaScript. Your can specify extra `data-` +attributes to accomplish this. + +#### `data-method` + +Activating hyperlinks always results in an HTTP GET request. However, if your +application is [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer), +some links are in fact actions that change data on the server and must be +performed with non-GET requests. This attribute allows marking up such links +with an explicit method such as "post", "put" or "delete". + +The way it works is that, when the link is activated, it constructs a hidden form +in the document with the "action" attribute corresponding to "href" value of the +link and the method corresponding to `data-method` value, and submits that form. + +NOTE: Because submitting forms with HTTP methods other than GET and POST isn't +widely supported across browsers, all other HTTP methods are actually sent over +POST with the intended method indicated in the `_method` parameter. Rails +automatically detects and compensates for this. + +#### `data-url` and `data-params` + +Certain elements of your page aren't actually referring to any URL but you would +like them to trigger Ajax calls. Specifying the `data-url` attribute along with +the `data-remote` one will trigger an Ajax call to the given URL. You can also +specify extra parameters through the `data-params` attribute. + +This can be useful to trigger an action on check-boxes for instance: + +```html + +``` + +#### `data-type` + +It is also possible to defines the Ajax `dataType` explicitly when performing +requests for `data-remote` elements through the `data-type` attribute. + +### Confirmations + +You can ask for an extra confirmation of the user by adding a `data-confirm` +attribute on links and forms. The user will be presented a JavaScript `confirm()` +dialog containing the attribute's text. If the user chooses to cancel, the action +doesn't take place. + +Adding this attribute on links will trigger the dialog on click and adding it +on forms will trigger it on submit. For example: + +```erb +<%= link_to "Dangerous zone", dangerous_zone_path, + data: { confirm: 'Are you sure?'} %> +``` + +This generates: + +```html +Dangerous zone +``` + +The attribute is also allowed on form submit buttons. This allows you to customize +the warning message depending on the button which was activated. In this case, +you should **not** have `data-confirm` on the form itself. + +The default confirmation uses a JavaScript confirm dialog, but you can customize +it by listening to the `confirm` event, that is fired just before the confirmation +window appears to the user. To cancel this default confirmation, make the confirm +handler to return `false`. + +### Automatic disabling + +It is also possible to automatically disable an input while the form is submitting +by using the `data-disable-with` attribute. This is to prevent accidental +double-clicks from the user, which could result in duplicate HTTP requests that +the backend may not detect as such. The value of the attribute is text that will +become the new value of the button in its disabled state. + +This also works for links with `data-method` attribute. + +For example: + +```erb +<%= form_with(model: @article.new) do |f| %> + <%= f.submit data: { "disable-with": "Saving..."} %> +<%= end %> +``` + +This generates a form with: + +```html + +``` + Dealing with Ajax events ------------------------ -- cgit v1.2.3 From 2c691f55adbad7a0600f3dc80c371bbbc3fd6b9d Mon Sep 17 00:00:00 2001 From: Prathamesh Sonpatki Date: Thu, 27 Apr 2017 14:09:56 -0700 Subject: Added some more release notes for Active Record [ci skip] --- guides/source/5_1_release_notes.md | 76 +++++++++++++++++++++++++++++++++++++- 1 file changed, 74 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index 0f6167f1ee..759a445fd8 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -442,8 +442,73 @@ Please refer to the [Changelog][active-record] for detailed changes. ### Removals +* Removed support for passing arguments and block at the same time to + `ActiveRecord::QueryMethods#select`. + ([Commit](https://github.com/rails/rails/commit/4fc3366d9d99a0eb19e45ad2bf38534efbf8c8ce)) + +* Removed deprecated `activerecord.errors.messages.restrict_dependent_destroy.one` and + `activerecord.errors.messages.restrict_dependent_destroy.many` i18n scopes. + ([Commit](https://github.com/rails/rails/commit/00e3973a311)) + +* Removed deprecated force reload argument in singular and collection association readers. + ([Commit](https://github.com/rails/rails/commit/09cac8c67af)) + +* Removed deprecated support to passing a column to `#quote`. + ([Commit](https://github.com/rails/rails/commit/e646bad5b7c)) + +* Removed deprecated `name` arguments from `#tables`. + ([Commit](https://github.com/rails/rails/commit/d5be101dd02214468a27b6839ffe338cfe8ef5f3)) + +* Removed deprecated behavior of `#tables` and `#table_exists?` to return tables and views + to return only tables and not views. + ([Commit](https://github.com/rails/rails/commit/5973a984c369a63720c2ac18b71012b8347479a8)) + +* Removed deprecated `original_exception` argument in `ActiveRecord::StatementInvalid#initialize` + and `ActiveRecord::StatementInvalid#original_exception`. + ([Commit](https://github.com/rails/rails/commit/bc6c5df4699d3f6b4a61dd12328f9e0f1bd6cf46)) + +* Removed deprecated support of passing a class as a value in a query. + ([Commit](https://github.com/rails/rails/commit/b4664864c972463c7437ad983832d2582186e886)) + +* Removed deprecated support to query using commas on LIMIT. + ([Commit](https://github.com/rails/rails/commit/fc3e67964753fb5166ccbd2030d7382e1976f393)) + +* Removed deprecated `conditions` parameter from `#destroy_all`. + ([Commit](https://github.com/rails/rails/commit/d31a6d1384cd740c8518d0bf695b550d2a3a4e9b)) + +* Removed deprecated `conditions` parameter from `#delete_all`. + ([Commit](https://github.com/rails/rails/pull/27503/commits/e7381d289e4f8751dcec9553dcb4d32153bd922b)) + +* Removed deprecated method `#load_schema_for` in favor of `#load_schema`. + ([Commit](https://github.com/rails/rails/commit/419e06b56c3b0229f0c72d3e4cdf59d34d8e5545)) + +* Removed deprecated `#raise_in_transactional_callbacks` configuration. + ([Commit](https://github.com/rails/rails/commit/8029f779b8a1dd9848fee0b7967c2e0849bf6e07)) + +* Removed deprecated `#use_transactional_fixtures` configuration. + ([Commit](https://github.com/rails/rails/commit/3955218dc163f61c932ee80af525e7cd440514b3)) + ### Deprecations +* Deprecated `error_on_ignored_order_or_limit` flag in favor of + `error_on_ignored_order`. + ([Commit](https://github.com/rails/rails/commit/451437c6f57e66cc7586ec966e530493927098c7)) + +* Deprecated `sanitize_conditions` in favor of `sanitize_sql`. + ([Pull Request](https://github.com/rails/rails/pull/25999)) + +* Deprecated `supports_migrations?` on connection adapters. + ([Pull Request](https://github.com/rails/rails/pull/28172)) + +* Deprecated `Migrator.schema_migrations_table_name`, use `SchemaMigration.table_name` instead. + ([Pull Request](https://github.com/rails/rails/pull/28351)) + +* Deprecated using `#quoted_id` in quoting and type casting. + ([Pull Request](https://github.com/rails/rails/pull/27962)) + +* Deprecated passing `default` argument to `#index_name_exists?`. + ([Pull Request](https://github.com/rails/rails/pull/26930)) + ### Notable changes * Change Default Primary Keys to BIGINT. @@ -473,6 +538,13 @@ Please refer to the [Changelog][active-record] for detailed changes. * Add `ActiveRecord::Base.connection_pool.stat`. ([Pull Request](https://github.com/rails/rails/pull/26988)) +* Inheriting directly from `ActiveRecord::Migration` raises an error. + Specify the Rails version for which the migration was written for. + ([Commit](https://github.com/rails/rails/commit/249f71a22ab21c03915da5606a063d321f04d4d3)) + +* An error is raised when `through` association has ambiguous reflection name. + ([Commit](https://github.com/rails/rails/commit/0944182ad7ed70d99b078b22426cbf844edd3f61)) + Active Model ------------ @@ -537,9 +609,9 @@ Please refer to the [Changelog][active-support] for detailed changes. * The top level `HashWithIndifferentAccess` class has been softly deprecated in favor of the `ActiveSupport::HashWithIndifferentAccess` one. - ([Pull request](https://github.com/rails/rails/pull/28157)) + ([Pull Request](https://github.com/rails/rails/pull/28157)) -* Deprecate passing string to `:if` and `:unless` conditional options on `set_callback` and `skip_callback`. +* Deprecated passing string to `:if` and `:unless` conditional options on `set_callback` and `skip_callback`. ([Commit](https://github.com/rails/rails/commit/0952552) ### Notable changes -- cgit v1.2.3 From 4c18f050b69c4795097255003fe9bb5a650ba7c9 Mon Sep 17 00:00:00 2001 From: Prathamesh Sonpatki Date: Thu, 27 Apr 2017 14:09:56 -0700 Subject: Fix indentation [ci skip] --- guides/source/5_1_release_notes.md | 44 +++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index 759a445fd8..73067d29f2 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -442,30 +442,30 @@ Please refer to the [Changelog][active-record] for detailed changes. ### Removals -* Removed support for passing arguments and block at the same time to - `ActiveRecord::QueryMethods#select`. - ([Commit](https://github.com/rails/rails/commit/4fc3366d9d99a0eb19e45ad2bf38534efbf8c8ce)) +* Removed support for passing arguments and block at the same time to + `ActiveRecord::QueryMethods#select`. + ([Commit](https://github.com/rails/rails/commit/4fc3366d9d99a0eb19e45ad2bf38534efbf8c8ce)) -* Removed deprecated `activerecord.errors.messages.restrict_dependent_destroy.one` and +* Removed deprecated `activerecord.errors.messages.restrict_dependent_destroy.one` and `activerecord.errors.messages.restrict_dependent_destroy.many` i18n scopes. - ([Commit](https://github.com/rails/rails/commit/00e3973a311)) + ([Commit](https://github.com/rails/rails/commit/00e3973a311)) -* Removed deprecated force reload argument in singular and collection association readers. - ([Commit](https://github.com/rails/rails/commit/09cac8c67af)) +* Removed deprecated force reload argument in singular and collection association readers. + ([Commit](https://github.com/rails/rails/commit/09cac8c67af)) -* Removed deprecated support to passing a column to `#quote`. - ([Commit](https://github.com/rails/rails/commit/e646bad5b7c)) +* Removed deprecated support to passing a column to `#quote`. + ([Commit](https://github.com/rails/rails/commit/e646bad5b7c)) -* Removed deprecated `name` arguments from `#tables`. - ([Commit](https://github.com/rails/rails/commit/d5be101dd02214468a27b6839ffe338cfe8ef5f3)) +* Removed deprecated `name` arguments from `#tables`. + ([Commit](https://github.com/rails/rails/commit/d5be101dd02214468a27b6839ffe338cfe8ef5f3)) -* Removed deprecated behavior of `#tables` and `#table_exists?` to return tables and views - to return only tables and not views. - ([Commit](https://github.com/rails/rails/commit/5973a984c369a63720c2ac18b71012b8347479a8)) +* Removed deprecated behavior of `#tables` and `#table_exists?` to return tables and views + to return only tables and not views. + ([Commit](https://github.com/rails/rails/commit/5973a984c369a63720c2ac18b71012b8347479a8)) -* Removed deprecated `original_exception` argument in `ActiveRecord::StatementInvalid#initialize` - and `ActiveRecord::StatementInvalid#original_exception`. - ([Commit](https://github.com/rails/rails/commit/bc6c5df4699d3f6b4a61dd12328f9e0f1bd6cf46)) +* Removed deprecated `original_exception` argument in `ActiveRecord::StatementInvalid#initialize` + and `ActiveRecord::StatementInvalid#original_exception`. + ([Commit](https://github.com/rails/rails/commit/bc6c5df4699d3f6b4a61dd12328f9e0f1bd6cf46)) * Removed deprecated support of passing a class as a value in a query. ([Commit](https://github.com/rails/rails/commit/b4664864c972463c7437ad983832d2582186e886)) @@ -490,12 +490,12 @@ Please refer to the [Changelog][active-record] for detailed changes. ### Deprecations -* Deprecated `error_on_ignored_order_or_limit` flag in favor of - `error_on_ignored_order`. - ([Commit](https://github.com/rails/rails/commit/451437c6f57e66cc7586ec966e530493927098c7)) +* Deprecated `error_on_ignored_order_or_limit` flag in favor of + `error_on_ignored_order`. + ([Commit](https://github.com/rails/rails/commit/451437c6f57e66cc7586ec966e530493927098c7)) -* Deprecated `sanitize_conditions` in favor of `sanitize_sql`. - ([Pull Request](https://github.com/rails/rails/pull/25999)) +* Deprecated `sanitize_conditions` in favor of `sanitize_sql`. + ([Pull Request](https://github.com/rails/rails/pull/25999)) * Deprecated `supports_migrations?` on connection adapters. ([Pull Request](https://github.com/rails/rails/pull/28172)) -- cgit v1.2.3 From 1005c42a65e8a9027a6abf6a0ff3d3427283a883 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Thu, 27 Apr 2017 18:22:21 -0400 Subject: Small grammar fixes Will backport to 5-1-stable, since the original PR landed there. [ci skip] --- guides/source/working_with_javascript_in_rails.md | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 9af1c5438c..047aeae37d 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -161,9 +161,9 @@ remote elements inside your application. #### form_with [`form_with`](http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with) -is a helper that assists with writing forms. By default, `form_with` considers -that your form will be using Ajax ; you can opt-out by specifying the `:local` -option. +is a helper that assists with writing forms. By default, `form_with` assumes that +your form will be using Ajax. You can opt out of this behavior by +passing the `:local` option `form_with`. ```erb <%= form_with(model: @article) do |f| %> @@ -257,13 +257,13 @@ attributes to accomplish this. Activating hyperlinks always results in an HTTP GET request. However, if your application is [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer), -some links are in fact actions that change data on the server and must be +some links are in fact actions that change data on the server, and must be performed with non-GET requests. This attribute allows marking up such links with an explicit method such as "post", "put" or "delete". The way it works is that, when the link is activated, it constructs a hidden form in the document with the "action" attribute corresponding to "href" value of the -link and the method corresponding to `data-method` value, and submits that form. +link, and the method corresponding to `data-method` value, and submits that form. NOTE: Because submitting forms with HTTP methods other than GET and POST isn't widely supported across browsers, all other HTTP methods are actually sent over @@ -272,8 +272,8 @@ automatically detects and compensates for this. #### `data-url` and `data-params` -Certain elements of your page aren't actually referring to any URL but you would -like them to trigger Ajax calls. Specifying the `data-url` attribute along with +Certain elements of your page aren't actually referring to any URL, but you may want +them to trigger Ajax calls. Specifying the `data-url` attribute along with the `data-remote` one will trigger an Ajax call to the given URL. You can also specify extra parameters through the `data-params` attribute. @@ -286,8 +286,8 @@ This can be useful to trigger an action on check-boxes for instance: #### `data-type` -It is also possible to defines the Ajax `dataType` explicitly when performing -requests for `data-remote` elements through the `data-type` attribute. +It is also possible to define the Ajax `dataType` explicitly while performing +requests for `data-remote` elements, by way of the `data-type` attribute. ### Confirmations @@ -296,7 +296,7 @@ attribute on links and forms. The user will be presented a JavaScript `confirm() dialog containing the attribute's text. If the user chooses to cancel, the action doesn't take place. -Adding this attribute on links will trigger the dialog on click and adding it +Adding this attribute on links will trigger the dialog on click, and adding it on forms will trigger it on submit. For example: ```erb @@ -315,8 +315,8 @@ the warning message depending on the button which was activated. In this case, you should **not** have `data-confirm` on the form itself. The default confirmation uses a JavaScript confirm dialog, but you can customize -it by listening to the `confirm` event, that is fired just before the confirmation -window appears to the user. To cancel this default confirmation, make the confirm +this by listening to the `confirm` event, which is fired just before the confirmation +window appears to the user. To cancel this default confirmation, have the confirm handler to return `false`. ### Automatic disabling @@ -324,7 +324,7 @@ handler to return `false`. It is also possible to automatically disable an input while the form is submitting by using the `data-disable-with` attribute. This is to prevent accidental double-clicks from the user, which could result in duplicate HTTP requests that -the backend may not detect as such. The value of the attribute is text that will +the backend may not detect as such. The value of the attribute is the text that will become the new value of the button in its disabled state. This also works for links with `data-method` attribute. -- cgit v1.2.3 From 8d79eed3e99aa503dfbd37fe262c047f3daf068d Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Thu, 27 Apr 2017 18:28:01 -0400 Subject: Small grammar fix [ci skip] --- guides/source/5_1_release_notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index 73067d29f2..ac26b2994a 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -453,7 +453,7 @@ Please refer to the [Changelog][active-record] for detailed changes. * Removed deprecated force reload argument in singular and collection association readers. ([Commit](https://github.com/rails/rails/commit/09cac8c67af)) -* Removed deprecated support to passing a column to `#quote`. +* Removed deprecated support for passing a column to `#quote`. ([Commit](https://github.com/rails/rails/commit/e646bad5b7c)) * Removed deprecated `name` arguments from `#tables`. -- cgit v1.2.3 From 7902c01d1faa27fb9fa0f03bdfb90725780cf540 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Thu, 27 Apr 2017 21:28:45 -0400 Subject: Small grammar fix [ci skip] --- guides/source/5_1_release_notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index ac26b2994a..fc79287d4c 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -341,7 +341,7 @@ Please refer to the [Changelog][action-pack] for detailed changes. ### Removals -* Removed support to non-keyword arguments in `#process`, `#get`, `#post`, +* Removed support for non-keyword arguments in `#process`, `#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head` for the `ActionDispatch::IntegrationTest` and `ActionController::TestCase` classes. ([Commit](https://github.com/rails/rails/commit/98b8309569a326910a723f521911e54994b112fb), -- cgit v1.2.3 From a9e5457d8cdd1a67a7c6f34a433a9e18057b4222 Mon Sep 17 00:00:00 2001 From: claudiob Date: Fri, 28 Apr 2017 06:10:58 -0700 Subject: 5.1 Release Notes are complete [ci skip] @prathamesh-sonpatki added the last missing commits in #28911. --- guides/source/documents.yaml | 1 - 1 file changed, 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/documents.yaml b/guides/source/documents.yaml index 5fccdcccec..2afef57fc2 100644 --- a/guides/source/documents.yaml +++ b/guides/source/documents.yaml @@ -197,7 +197,6 @@ name: Ruby on Rails 5.1 Release Notes url: 5_1_release_notes.html description: Release notes for Rails 5.1. - work_in_progress: true - name: Ruby on Rails 5.0 Release Notes url: 5_0_release_notes.html -- cgit v1.2.3 From df6aef2518884f65871f719125a972790518fd17 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Sat, 29 Apr 2017 13:33:37 +0900 Subject: Remove entries included in 5.0 [ci skip] * `Permit same-origin connections by default` was backported in db70978, 549d732. * `Deprecated `:controller` and `:action` path parameters` was included in 6520ea5. * `Exception handling: use `rescue_from` was included in 6b54316. --- guides/source/5_1_release_notes.md | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index fc79287d4c..ecdb951870 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -328,9 +328,6 @@ Please refer to the [Changelog][action-cable] for detailed changes. with multiple applications. ([Pull Request](https://github.com/rails/rails/pull/27425)) -* Permit same-origin connections by default. - ([commit](https://github.com/rails/rails/commit/dae404473409fcab0e07976aec626df670e52282)) - * Add `ActiveSupport::Notifications` hook for broadcasting data. ([Pull Request](https://github.com/rails/rails/pull/24988)) @@ -356,9 +353,6 @@ Please refer to the [Changelog][action-pack] for detailed changes. ### Deprecations -* Deprecated `:controller` and `:action` path parameters. - ([Pull Request](https://github.com/rails/rails/pull/23980)) - * Deprecated `config.action_controller.raise_on_unfiltered_parameters`. It doesn't have any effect in Rails 5.1. ([Commit](https://github.com/rails/rails/commit/c6640fb62b10db26004a998d2ece98baede509e5)) @@ -416,10 +410,6 @@ Please refer to the [Changelog][action-mailer] for detailed changes. ### Notable changes -* Exception handling: use `rescue_from` to handle exceptions raised by - mailer actions, by message delivery, and by deferred delivery jobs. - ([commit](https://github.com/rails/rails/commit/e35b98e6f5c54330245645f2ed40d56c74538902)) - * Allowed setting custom content type when attachments are included and body is set inline. ([Pull Request](https://github.com/rails/rails/pull/27227)) -- cgit v1.2.3 From 06dfda12aeb7dd1c530169ab96eef09869a3a425 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Sun, 30 Apr 2017 16:33:00 +0900 Subject: Fix note about `secrets.yml` [ci skip] The `secrets` method is in `Application` class, not `Configuration` class. --- guides/source/upgrading_ruby_on_rails.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'guides/source') diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index ff747a95a0..93864db141 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -83,7 +83,7 @@ Also, if you have pretty old YAML documents containing dumps of such objects, you may need to load and dump them again to make sure that they reference the right constant, and that loading them won't break in the future. -### `config.secrets` now loaded with all keys as symbols +### `application.secrets` now loaded with all keys as symbols If your application stores nested configuration in `config/secrets.yml`, all keys are now loaded as symbols, so access using strings should be changed. @@ -91,13 +91,13 @@ are now loaded as symbols, so access using strings should be changed. From: ```ruby -Rails.appplication.config.secrets[:smtp_settings]["address"] +Rails.application.secrets[:smtp_settings]["address"] ``` To: ```ruby -Rails.application.config.secrets[:smtp_settings][:address] +Rails.application.secrets[:smtp_settings][:address] ``` Upgrading from Rails 4.2 to Rails 5.0 -- cgit v1.2.3 From 19a76b8749d961a13a4c485c110a5a35bd0825db Mon Sep 17 00:00:00 2001 From: Bart Date: Tue, 2 May 2017 10:17:08 -0400 Subject: Rails secrets is not built on but inspired by Sekrets Put wording in line with http://weblog.rubyonrails.org/2017/4/27/Rails-5-1-final/ --- guides/source/5_1_release_notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md index ecdb951870..fa92b9e5f8 100644 --- a/guides/source/5_1_release_notes.md +++ b/guides/source/5_1_release_notes.md @@ -87,7 +87,7 @@ screenshots. [Pull Request](https://github.com/rails/rails/pull/28038) Rails now allows management of application secrets in a secure way, -building on top of the [sekrets](https://github.com/ahoward/sekrets) gem. +inspired by the [sekrets](https://github.com/ahoward/sekrets) gem. Run `bin/rails secrets:setup` to setup a new encrypted secrets file. This will also generate a master key, which must be stored outside of the repository. The -- cgit v1.2.3 From b201474756a2ee493406ad0cb49f49c6873bdc28 Mon Sep 17 00:00:00 2001 From: Ryuta Kamizono Date: Sun, 7 May 2017 04:08:58 +0900 Subject: Should escape meta characters in regexp --- guides/source/testing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index 7741834153..5224d11f45 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -1482,7 +1482,7 @@ class UserControllerTest < ActionDispatch::IntegrationTest assert_equal "You have been invited by me@example.com", invite_email.subject assert_equal 'friend@example.com', invite_email.to[0] - assert_match(/Hi friend@example.com/, invite_email.body.to_s) + assert_match(/Hi friend@example\.com/, invite_email.body.to_s) end end ``` -- cgit v1.2.3 From d25eeb85577fc28b3bb47f8ee2c36195f0fc787c Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Mon, 8 May 2017 21:55:38 +0900 Subject: Fix link to `assert_nothing_raised` doc [ci skip] The `assert_nothing_raised` was moved to `ActiveSupport::Testing::Assertions` in 3cece0b6574c496605df055a2ebf77177f5b6e7f. --- guides/source/testing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index 5224d11f45..71fb6fb0e8 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -350,7 +350,7 @@ Rails adds some custom assertions of its own to the `minitest` framework: | --------------------------------------------------------------------------------- | ------- | | [`assert_difference(expressions, difference = 1, message = nil) {...}`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_difference) | Test numeric difference between the return value of an expression as a result of what is evaluated in the yielded block.| | [`assert_no_difference(expressions, message = nil, &block)`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_no_difference) | Asserts that the numeric result of evaluating an expression is not changed before and after invoking the passed in block.| -| [`assert_nothing_raised { block }`](http://api.rubyonrails.org/classes/ActiveSupport/TestCase.html#method-i-assert_nothing_raised) | Ensures that the given block doesn't raise any exceptions.| +| [`assert_nothing_raised { block }`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_nothing_raised) | Ensures that the given block doesn't raise any exceptions.| | [`assert_recognizes(expected_options, path, extras={}, message=nil)`](http://api.rubyonrails.org/classes/ActionDispatch/Assertions/RoutingAssertions.html#method-i-assert_recognizes) | Asserts that the routing of the given path was handled correctly and that the parsed options (given in the expected_options hash) match path. Basically, it asserts that Rails recognizes the route given by expected_options.| | [`assert_generates(expected_path, options, defaults={}, extras = {}, message=nil)`](http://api.rubyonrails.org/classes/ActionDispatch/Assertions/RoutingAssertions.html#method-i-assert_generates) | Asserts that the provided options can be used to generate the provided path. This is the inverse of assert_recognizes. The extras parameter is used to tell the request the names and values of additional request parameters that would be in a query string. The message parameter allows you to specify a custom error message for assertion failures.| | [`assert_response(type, message = nil)`](http://api.rubyonrails.org/classes/ActionDispatch/Assertions/ResponseAssertions.html#method-i-assert_response) | Asserts that the response comes with a specific status code. You can specify `:success` to indicate 200-299, `:redirect` to indicate 300-399, `:missing` to indicate 404, or `:error` to match the 500-599 range. You can also pass an explicit status number or its symbolic equivalent. For more information, see [full list of status codes](http://rubydoc.info/github/rack/rack/master/Rack/Utils#HTTP_STATUS_CODES-constant) and how their [mapping](http://rubydoc.info/github/rack/rack/master/Rack/Utils#SYMBOL_TO_STATUS_CODE-constant) works.| -- cgit v1.2.3 From 9b28a2ff4add8b55a6a80f5fe33b7bb7d4280746 Mon Sep 17 00:00:00 2001 From: Steven Chanin Date: Tue, 9 May 2017 09:40:20 -0700 Subject: [ci skip] explain async queue and rake tasks [ci skip] --- guides/source/active_job_basics.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'guides/source') diff --git a/guides/source/active_job_basics.md b/guides/source/active_job_basics.md index b58ca61848..ee8e652485 100644 --- a/guides/source/active_job_basics.md +++ b/guides/source/active_job_basics.md @@ -310,6 +310,12 @@ UserMailer.welcome(@user).deliver_now UserMailer.welcome(@user).deliver_later ``` +NOTE: Using the asynchronous queue from a rake task (for example, to +send an email using `.deliver_later`) will generally not work because rake will +likely end, causing the in-process thread pool to be deleted, before any/all +of the `.deliver_later` emails are processed. To avoid this problem, use +`.deliver_now` or run a persistent queue in development as well. + Internationalization -------------------- -- cgit v1.2.3 From b9d7bd476893345165e38191612f27ec836c44e7 Mon Sep 17 00:00:00 2001 From: Steven Chanin Date: Tue, 9 May 2017 17:18:16 -0700 Subject: Capitalize Rake --- guides/source/active_job_basics.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_job_basics.md b/guides/source/active_job_basics.md index ee8e652485..978d1b55a4 100644 --- a/guides/source/active_job_basics.md +++ b/guides/source/active_job_basics.md @@ -310,8 +310,8 @@ UserMailer.welcome(@user).deliver_now UserMailer.welcome(@user).deliver_later ``` -NOTE: Using the asynchronous queue from a rake task (for example, to -send an email using `.deliver_later`) will generally not work because rake will +NOTE: Using the asynchronous queue from a Rake task (for example, to +send an email using `.deliver_later`) will generally not work because Rake will likely end, causing the in-process thread pool to be deleted, before any/all of the `.deliver_later` emails are processed. To avoid this problem, use `.deliver_now` or run a persistent queue in development as well. -- cgit v1.2.3 From de499d6775efb433ff6b6ffb3503f67e18b54ee9 Mon Sep 17 00:00:00 2001 From: Steven Chanin Date: Tue, 9 May 2017 17:20:37 -0700 Subject: remove the phrase as well [ci skip] --- guides/source/active_job_basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/active_job_basics.md b/guides/source/active_job_basics.md index 978d1b55a4..443be77934 100644 --- a/guides/source/active_job_basics.md +++ b/guides/source/active_job_basics.md @@ -314,7 +314,7 @@ NOTE: Using the asynchronous queue from a Rake task (for example, to send an email using `.deliver_later`) will generally not work because Rake will likely end, causing the in-process thread pool to be deleted, before any/all of the `.deliver_later` emails are processed. To avoid this problem, use -`.deliver_now` or run a persistent queue in development as well. +`.deliver_now` or run a persistent queue in development. Internationalization -- cgit v1.2.3 From bff2ef921f15b19dac482aa0aec22198afcd3249 Mon Sep 17 00:00:00 2001 From: Koichi ITO Date: Thu, 11 May 2017 13:35:01 +0900 Subject: Fix a typo in guide [ci skip] --- guides/source/working_with_javascript_in_rails.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 047aeae37d..cf08c5dd1d 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -351,7 +351,7 @@ that have a `data-remote` attribute: NOTE: All handlers bound to these events are always passed the event object as the first argument. The table below describes the extra parameters passed after the -event argument. For exemple, if the extra parameters are listed as `xhr, settings`, +event argument. For example, if the extra parameters are listed as `xhr, settings`, then to access them, you would define your handler with `function(event, xhr, settings)`. | Event name | Extra parameters | Fired | -- cgit v1.2.3 From b373d84fb2a3d9756f3e0276e4fb52fd2ae09afa Mon Sep 17 00:00:00 2001 From: Cody Boyko Date: Fri, 12 May 2017 20:13:18 +0000 Subject: [ci skip] Mailer fixtures in Testing guide. Update guide to clarify that mailer fixtures are not created when using the mailer generator. --- guides/source/testing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index 71fb6fb0e8..ced88e888c 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -1406,7 +1406,7 @@ In order to test that your mailer is working as expected, you can use unit tests For the purposes of unit testing a mailer, fixtures are used to provide an example of how the output _should_ look. Because these are example emails, and not Active Record data like the other fixtures, they are kept in their own subdirectory apart from the other fixtures. The name of the directory within `test/fixtures` directly corresponds to the name of the mailer. So, for a mailer named `UserMailer`, the fixtures should reside in `test/fixtures/user_mailer` directory. -When you generated your mailer, the generator creates stub fixtures for each of the mailers actions. If you didn't use the generator, you'll have to create those files yourself. +If you generated your mailer, the generator does not create stub fixtures for the mailers actions. You'll have to create those files yourself as described above. #### The Basic Test Case -- cgit v1.2.3 From c4c48b0d2a3df706b720a1aaf2986b61bdfb2ec2 Mon Sep 17 00:00:00 2001 From: eileencodes Date: Fri, 28 Apr 2017 08:56:43 -0700 Subject: Use a more realistic use-case for system test generator It's more likely you'll generate a test for testing users than a users creates test. This is a better example of a real world test. Additionally the users create view is unlikely to have the text "UserCreates" since that is likely generated as well. This is now an example of visiting the users index. --- guides/source/testing.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index ced88e888c..e528b2e2a2 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -610,9 +610,9 @@ For creating Rails system tests, you use the `test/system` directory in your application. Rails provides a generator to create a system test skeleton for you. ```bash -$ bin/rails generate system_test users_create +$ bin/rails generate system_test users invoke test_unit - create test/system/users_creates_test.rb + create test/system/users_test.rb ``` Here's what a freshly-generated system test looks like: @@ -620,11 +620,11 @@ Here's what a freshly-generated system test looks like: ```ruby require "application_system_test_case" -class UsersCreatesTest < ApplicationSystemTestCase +class UsersTest < ApplicationSystemTestCase # test "visiting the index" do - # visit users_creates_url + # visit users_url # - # assert_selector "h1", text: "UsersCreate" + # assert_selector "h1", text: "Users" # end end ``` -- cgit v1.2.3 From 46adb59b3474351e95ddc2357e67d169d6ffec51 Mon Sep 17 00:00:00 2001 From: eileencodes Date: Fri, 28 Apr 2017 09:01:12 -0700 Subject: Clarify documentation for system test arguments Previously this implied that system tests provided other non-headless drivers when Selenium is the only driver that uses `:using`, `:screen_size` or `:options` arguments. This change clarifies that Selenium is the only non-headless driver. --- guides/source/testing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index e528b2e2a2..c0394f927e 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -658,8 +658,8 @@ end The driver name is a required argument for `driven_by`. The optional arguments that can be passed to `driven_by` are `:using` for the browser (this will only -be used for non-headless drivers like Selenium), and `:screen_size` to change -the size of the screen for screenshots. +be used by Selenium), and `:screen_size` to change the size of the screen for +screenshots. ```ruby require "test_helper" -- cgit v1.2.3 From d48008f16438c2c9c9c7295f550568b82b95ef9e Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Sun, 14 May 2017 21:25:44 +0200 Subject: explain why guide translations need a fork [ci skip] --- guides/source/contributing_to_ruby_on_rails.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'guides/source') diff --git a/guides/source/contributing_to_ruby_on_rails.md b/guides/source/contributing_to_ruby_on_rails.md index 39f4272b3c..2f2962a3e6 100644 --- a/guides/source/contributing_to_ruby_on_rails.md +++ b/guides/source/contributing_to_ruby_on_rails.md @@ -141,14 +141,15 @@ NOTE: To help our CI servers you should add [ci skip] to your documentation comm Translating Rails Guides ------------------------ -We are happy to have people volunteer to translate the Rails guides into their own language. -If you want to translate the Rails guides in your own language, follows these steps: +We are happy to have people volunteer to translate the Rails guides. Just follow these steps: -* Fork the project (rails/rails). +* Fork https://github.com/rails/rails. * Add a source folder for your own language, for example: *guides/source/it-IT* for Italian. * Copy the contents of *guides/source* into your own language directory and translate them. * Do NOT translate the HTML files, as they are automatically generated. +Note that translations are not submitted to the Rails repository. As detailed above, your work happens in a fork. This is so because in practice documentation maintenance via patches is only sustainable in English. + To generate the guides in HTML format cd into the *guides* directory then run (eg. for it-IT): ```bash -- cgit v1.2.3 From 062e5f2b068fbce74102d7301b58a3cd7c5da883 Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sat, 20 May 2017 04:00:13 -0500 Subject: Add :json type to auto_discovery_link_tag This allows auto_discovery_link_tag to support the JSON Feed standard. See https://jsonfeed.org/version/1 for more information. --- guides/source/action_view_overview.md | 2 +- guides/source/layouts_and_rendering.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index c835adeab6..10412128cc 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -419,7 +419,7 @@ image_tag("rails.png") # => diff --git a/guides/source/layouts_and_rendering.md b/guides/source/layouts_and_rendering.md index 48bb3147f3..caa3d21d23 100644 --- a/guides/source/layouts_and_rendering.md +++ b/guides/source/layouts_and_rendering.md @@ -768,7 +768,7 @@ WARNING: The asset tag helpers do _not_ verify the existence of the assets at th #### Linking to Feeds with the `auto_discovery_link_tag` -The `auto_discovery_link_tag` helper builds HTML that most browsers and feed readers can use to detect the presence of RSS or Atom feeds. It takes the type of the link (`:rss` or `:atom`), a hash of options that are passed through to url_for, and a hash of options for the tag: +The `auto_discovery_link_tag` helper builds HTML that most browsers and feed readers can use to detect the presence of RSS, Atom, or JSON feeds. It takes the type of the link (`:rss`, `:atom`, or `:json`), a hash of options that are passed through to url_for, and a hash of options for the tag: ```erb <%= auto_discovery_link_tag(:rss, {action: "feed"}, -- cgit v1.2.3 From 99209b4ec06b2f87b28de5bd7d02b6ed815994e6 Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sat, 20 May 2017 09:30:51 -0500 Subject: Update 'Rails on Rack' guide [ci skip] * Adjust middlewares list to match current defaults * application.routes runs on application object, not Rails * Add explanation of Sprockets::Rails::QuietAssets --- guides/source/rails_on_rack.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'guides/source') diff --git a/guides/source/rails_on_rack.md b/guides/source/rails_on_rack.md index f25b185fb5..cef8450ee4 100644 --- a/guides/source/rails_on_rack.md +++ b/guides/source/rails_on_rack.md @@ -110,11 +110,12 @@ use ActiveSupport::Cache::Strategy::LocalCache::Middleware use Rack::Runtime use Rack::MethodOverride use ActionDispatch::RequestId +use ActionDispatch::RemoteIp +use Sprockets::Rails::QuietAssets use Rails::Rack::Logger use ActionDispatch::ShowExceptions use WebConsole::Middleware use ActionDispatch::DebugExceptions -use ActionDispatch::RemoteIp use ActionDispatch::Reloader use ActionDispatch::Callbacks use ActiveRecord::Migration::CheckPending @@ -124,7 +125,7 @@ use ActionDispatch::Flash use Rack::Head use Rack::ConditionalGet use Rack::ETag -run Rails.application.routes +run MyApp.application.routes ``` The default middlewares shown here (and some others) are each summarized in the [Internal Middlewares](#internal-middleware-stack) section, below. @@ -238,6 +239,14 @@ Much of Action Controller's functionality is implemented as Middlewares. The fol * Makes a unique `X-Request-Id` header available to the response and enables the `ActionDispatch::Request#request_id` method. +**`ActionDispatch::RemoteIp`** + +* Checks for IP spoofing attacks. + +**`Sprockets::Rails::QuietAssets`** + +* Suppresses logger output for asset requests. + **`Rails::Rack::Logger`** * Notifies the logs that the request has began. After request is complete, flushes all the logs. @@ -250,10 +259,6 @@ Much of Action Controller's functionality is implemented as Middlewares. The fol * Responsible for logging exceptions and showing a debugging page in case the request is local. -**`ActionDispatch::RemoteIp`** - -* Checks for IP spoofing attacks. - **`ActionDispatch::Reloader`** * Provides prepare and cleanup callbacks, intended to assist with code reloading during development. -- cgit v1.2.3 From 3508909dc8afb76d3781a7282a1cbc4bb5b07a93 Mon Sep 17 00:00:00 2001 From: Kevin Kim Date: Sun, 21 May 2017 02:29:09 -0700 Subject: Fix typo in guides --- guides/source/working_with_javascript_in_rails.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index cf08c5dd1d..290f2a509b 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -250,7 +250,7 @@ Since it's just a ``, all of the information on `form_with` also applies. ### Customize remote elements It is possible to customize the behavior of elements with a `data-remote` -attribute without writing a line of JavaScript. Your can specify extra `data-` +attribute without writing a line of JavaScript. You can specify extra `data-` attributes to accomplish this. #### `data-method` -- cgit v1.2.3 From d23fb68e3d4b8cc81e877266aefce95dac562699 Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sun, 21 May 2017 08:56:24 -0500 Subject: Fix broken external link in security guide. --- guides/source/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/security.md b/guides/source/security.md index c305350243..1fcb2fc91f 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -796,7 +796,7 @@ In December 2006, 34,000 actual user names and passwords were stolen in a [MySpa INFO: _CSS Injection is actually JavaScript injection, because some browsers (IE, some versions of Safari and others) allow JavaScript in CSS. Think twice about allowing custom CSS in your web application._ -CSS Injection is explained best by the well-known [MySpace Samy worm](http://namb.la/popular/tech.html). This worm automatically sent a friend request to Samy (the attacker) simply by visiting his profile. Within several hours he had over 1 million friend requests, which created so much traffic that MySpace went offline. The following is a technical explanation of that worm. +CSS Injection is explained best by the well-known [MySpace Samy worm](https://samy.pl/popular/tech.html). This worm automatically sent a friend request to Samy (the attacker) simply by visiting his profile. Within several hours he had over 1 million friend requests, which created so much traffic that MySpace went offline. The following is a technical explanation of that worm. MySpace blocked many tags, but allowed CSS. So the worm's author put JavaScript into CSS like this: -- cgit v1.2.3 From ea37cb4cb456d2d2feb5b582f0efd53b80e8e5cd Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sun, 21 May 2017 09:19:05 -0500 Subject: Update Rails API Application guide to match current code [ci skip] * Adjust list of middlewares loaded by default * Add routing middleware to list to match the list in the Rack guide * Adjust list of Controller modules loaded by default Plus fix one singular/plural mistake --- guides/source/api_app.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'guides/source') diff --git a/guides/source/api_app.md b/guides/source/api_app.md index f373d313cc..64200ec242 100644 --- a/guides/source/api_app.md +++ b/guides/source/api_app.md @@ -206,16 +206,17 @@ An API application comes with the following middleware by default: - `ActiveSupport::Cache::Strategy::LocalCache::Middleware` - `Rack::Runtime` - `ActionDispatch::RequestId` +- `ActionDispatch::RemoteIp` - `Rails::Rack::Logger` - `ActionDispatch::ShowExceptions` - `ActionDispatch::DebugExceptions` -- `ActionDispatch::RemoteIp` - `ActionDispatch::Reloader` - `ActionDispatch::Callbacks` - `ActiveRecord::Migration::CheckPending` - `Rack::Head` - `Rack::ConditionalGet` - `Rack::ETag` +- `MyApi::Application::Routes` See the [internal middleware](rails_on_rack.html#internal-middleware-stack) section of the Rack guide for further information on them. @@ -360,7 +361,7 @@ middleware set, you can remove it with: config.middleware.delete ::Rack::Sendfile ``` -Keep in mind that removing these middleware will remove support for certain +Keep in mind that removing these middlewares will remove support for certain features in Action Controller. Choosing Controller Modules @@ -385,8 +386,9 @@ controller modules by default: hooks defined by Action Controller (see [the instrumentation guide](active_support_instrumentation.html#action-controller) for more information regarding this). -- `ActionController::ParamsWrapper`: Wraps the parameters hash into a nested hash, +- `ActionController::ParamsWrapper`: Wraps the parameters hash into a nested hash, so that you don't have to specify root elements sending POST requests for instance. +- `ActionController::Head`: Support for returning a response with no content, only headers Other plugins may add additional modules. You can get a list of all modules included into `ActionController::API` in the rails console: @@ -394,12 +396,12 @@ included into `ActionController::API` in the rails console: ```bash $ bin/rails c >> ActionController::API.ancestors - ActionController::Metal.ancestors -=> [ActionController::API, - ActiveRecord::Railties::ControllerRuntime, - ActionDispatch::Routing::RouteSet::MountedHelpers, - ActionController::ParamsWrapper, - ... , - AbstractController::Rendering, +=> [ActionController::API, + ActiveRecord::Railties::ControllerRuntime, + ActionDispatch::Routing::RouteSet::MountedHelpers, + ActionController::ParamsWrapper, + ... , + AbstractController::Rendering, ActionView::ViewPaths] ``` -- cgit v1.2.3 From 1a5d93999fe83e45ee98e0e28c77f37b13af669b Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sun, 21 May 2017 10:00:20 -0500 Subject: Remove obsolete Guides source files [ci skip] * Nested Model Forms guide is out of date, not linked from index, and material is covered in the Form Helpers guide. * Profiling guide was committed as an outline years ago and never actually written. --- guides/source/nested_model_forms.md | 230 ------------------------------------ guides/source/profiling.md | 16 --- 2 files changed, 246 deletions(-) delete mode 100644 guides/source/nested_model_forms.md delete mode 100644 guides/source/profiling.md (limited to 'guides/source') diff --git a/guides/source/nested_model_forms.md b/guides/source/nested_model_forms.md deleted file mode 100644 index 71efa4b0d0..0000000000 --- a/guides/source/nested_model_forms.md +++ /dev/null @@ -1,230 +0,0 @@ -**DO NOT READ THIS FILE ON GITHUB, GUIDES ARE PUBLISHED ON http://guides.rubyonrails.org.** - -Rails Nested Model Forms -======================== - -Creating a form for a model _and_ its associations can become quite tedious. Therefore Rails provides helpers to assist in dealing with the complexities of generating these forms _and_ the required CRUD operations to create, update, and destroy associations. - -After reading this guide, you will know: - -* do stuff. - --------------------------------------------------------------------------------- - -NOTE: This guide assumes the user knows how to use the [Rails form helpers](form_helpers.html) in general. Also, it's **not** an API reference. For a complete reference please visit [the Rails API documentation](http://api.rubyonrails.org/). - - -Model setup ------------ - -To be able to use the nested model functionality in your forms, the model will need to support some basic operations. - -First of all, it needs to define a writer method for the attribute that corresponds to the association you are building a nested model form for. The `fields_for` form helper will look for this method to decide whether or not a nested model form should be built. - -If the associated object is an array, a form builder will be yielded for each object, else only a single form builder will be yielded. - -Consider a Person model with an associated Address. When asked to yield a nested FormBuilder for the `:address` attribute, the `fields_for` form helper will look for a method on the Person instance named `address_attributes=`. - -### ActiveRecord::Base model - -For an ActiveRecord::Base model and association this writer method is commonly defined with the `accepts_nested_attributes_for` class method: - -#### has_one - -```ruby -class Person < ApplicationRecord - has_one :address - accepts_nested_attributes_for :address -end -``` - -#### belongs_to - -```ruby -class Person < ApplicationRecord - belongs_to :firm - accepts_nested_attributes_for :firm -end -``` - -#### has_many / has_and_belongs_to_many - -```ruby -class Person < ApplicationRecord - has_many :projects - accepts_nested_attributes_for :projects -end -``` - -NOTE: For greater detail on associations see [Active Record Associations](association_basics.html). -For a complete reference on associations please visit the API documentation for [ActiveRecord::Associations::ClassMethods](http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html). - -### Custom model - -As you might have inflected from this explanation, you _don't_ necessarily need an ActiveRecord::Base model to use this functionality. The following examples are sufficient to enable the nested model form behavior: - -#### Single associated object - -```ruby -class Person - def address - Address.new - end - - def address_attributes=(attributes) - # ... - end -end -``` - -#### Association collection - -```ruby -class Person - def projects - [Project.new, Project.new] - end - - def projects_attributes=(attributes) - # ... - end -end -``` - -NOTE: See (TODO) in the advanced section for more information on how to deal with the CRUD operations in your custom model. - -Views ------ - -### Controller code - -A nested model form will _only_ be built if the associated object(s) exist. This means that for a new model instance you would probably want to build the associated object(s) first. - -Consider the following typical RESTful controller which will prepare a new Person instance and its `address` and `projects` associations before rendering the `new` template: - -```ruby -class PeopleController < ApplicationController - def new - @person = Person.new - @person.build_address - 2.times { @person.projects.build } - end - - def create - @person = Person.new(params[:person]) - if @person.save - # ... - end - end -end -``` - -NOTE: Obviously the instantiation of the associated object(s) can become tedious and not DRY, so you might want to move that into the model itself. ActiveRecord::Base provides an `after_initialize` callback which is a good way to refactor this. - -### Form code - -Now that you have a model instance, with the appropriate methods and associated object(s), you can start building the nested model form. - -#### Standard form - -Start out with a regular RESTful form: - -```erb -<%= form_for @person do |f| %> - <%= f.text_field :name %> -<% end %> -``` - -This will generate the following html: - -```html - - - -``` - -#### Nested form for a single associated object - -Now add a nested form for the `address` association: - -```erb -<%= form_for @person do |f| %> - <%= f.text_field :name %> - - <%= f.fields_for :address do |af| %> - <%= af.text_field :street %> - <% end %> -<% end %> -``` - -This generates: - -```html -
- - - -
-``` - -Notice that `fields_for` recognized the `address` as an association for which a nested model form should be built by the way it has namespaced the `name` attribute. - -When this form is posted the Rails parameter parser will construct a hash like the following: - -```ruby -{ - "person" => { - "name" => "Eloy Duran", - "address_attributes" => { - "street" => "Nieuwe Prinsengracht" - } - } -} -``` - -That's it. The controller will simply pass this hash on to the model from the `create` action. The model will then handle building the `address` association for you and automatically save it when the parent (`person`) is saved. - -#### Nested form for a collection of associated objects - -The form code for an association collection is pretty similar to that of a single associated object: - -```erb -<%= form_for @person do |f| %> - <%= f.text_field :name %> - - <%= f.fields_for :projects do |pf| %> - <%= pf.text_field :name %> - <% end %> -<% end %> -``` - -Which generates: - -```html -
- - - - -
-``` - -As you can see it has generated 2 `project name` inputs, one for each new `project` that was built in the controller's `new` action. Only this time the `name` attribute of the input contains a digit as an extra namespace. This will be parsed by the Rails parameter parser as: - -```ruby -{ - "person" => { - "name" => "Eloy Duran", - "projects_attributes" => { - "0" => { "name" => "Project 1" }, - "1" => { "name" => "Project 2" } - } - } -} -``` - -You can basically see the `projects_attributes` hash as an array of attribute hashes, one for each model instance. - -NOTE: The reason that `fields_for` constructed a hash instead of an array is that it won't work for any form nested deeper than one level deep. - -TIP: You _can_ however pass an array to the writer method generated by `accepts_nested_attributes_for` if you're using plain Ruby or some other API access. See (TODO) for more info and example. diff --git a/guides/source/profiling.md b/guides/source/profiling.md deleted file mode 100644 index ce093f78ba..0000000000 --- a/guides/source/profiling.md +++ /dev/null @@ -1,16 +0,0 @@ -*DO NOT READ THIS FILE ON GITHUB, GUIDES ARE PUBLISHED ON http://guides.rubyonrails.org.** - -A Guide to Profiling Rails Applications -======================================= - -This guide covers built-in mechanisms in Rails for profiling your application. - -After reading this guide, you will know: - -* Rails profiling terminology. -* How to write benchmark tests for your application. -* Other benchmarking approaches and plugins. - --------------------------------------------------------------------------------- - - -- cgit v1.2.3 From 4f3955657736796664aa8d6f6d149ef9b213b058 Mon Sep 17 00:00:00 2001 From: dixpac Date: Sat, 13 May 2017 13:56:37 +0200 Subject: Improving docs for callbacks execution order [ci skip] When define callbacks latest definition on the same callback/method overwrites previous ones. --- guides/source/action_controller_overview.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'guides/source') diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index 5d987264f5..22537f960c 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -715,6 +715,9 @@ end Now, the `LoginsController`'s `new` and `create` actions will work as before without requiring the user to be logged in. The `:only` option is used to skip this filter only for these actions, and there is also an `:except` option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place. +NOTE: Calling the same filter multiple times with different options will not work, +since the last filter definition will overwrite the previous ones. + ### After Filters and Around Filters In addition to "before" filters, you can also run filters after an action has been executed, or both before and after. -- cgit v1.2.3 From 65cc7b228d97b717d7d143148c21eaed1a7dafdd Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sun, 21 May 2017 13:06:33 -0500 Subject: Simplify handling of prerequisites in Getting Started guide [ci skip] Telling people about prerequisites, and then telling them a page later how to check and install those prerequisites, is confusing. This commit removes the list and just handles the software installation in one place. Fixes #28565 --- guides/source/getting_started.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'guides/source') diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index f3ae5a5b28..5553f08456 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -20,16 +20,7 @@ Guide Assumptions This guide is designed for beginners who want to get started with a Rails application from scratch. It does not assume that you have any prior experience -with Rails. However, to get the most out of it, you need to have some -prerequisites installed: - -* The [Ruby](https://www.ruby-lang.org/en/downloads) language version 2.2.2 or newer. -* Right version of [Development Kit](http://rubyinstaller.org/downloads/), if you - are using Windows. -* The [RubyGems](https://rubygems.org) packaging system, which is installed with - Ruby by default. To learn more about RubyGems, please read the - [RubyGems Guides](http://guides.rubygems.org). -* A working installation of the [SQLite3 Database](https://www.sqlite.org). +with Rails. Rails is a web application framework running on the Ruby programming language. If you have no prior experience with Ruby, you will find a very steep learning @@ -86,6 +77,9 @@ your prompt will look something like `c:\source_code>` ### Installing Rails +Before you install Rails, you should check to make sure that your system has the +proper prerequisites installed. These include Ruby and SQLite3. + Open up a command line prompt. On macOS open Terminal.app, on Windows choose "Run" from your Start menu and type 'cmd.exe'. Any commands prefaced with a dollar sign `$` should be run in the command line. Verify that you have a @@ -96,12 +90,19 @@ $ ruby -v ruby 2.3.1p112 ``` +Rails requires Ruby version 2.2.2 or later. If the version number returned is +less than that number, you'll need to install a fresh copy of Ruby. + TIP: A number of tools exist to help you quickly install Ruby and Ruby on Rails on your system. Windows users can use [Rails Installer](http://railsinstaller.org), while macOS users can use [Tokaido](https://github.com/tokaido/tokaidoapp). For more installation methods for most Operating Systems take a look at [ruby-lang.org](https://www.ruby-lang.org/en/documentation/installation/). +If you are working on Windows, you should also install the +[Ruby Installer Development Kit](http://rubyinstaller.org/downloads/). + +You will also need an installation of the SQLite3 database. Many popular UNIX-like OSes ship with an acceptable version of SQLite3. On Windows, if you installed Rails through Rails Installer, you already have SQLite installed. Others can find installation instructions @@ -127,7 +128,7 @@ run the following: $ rails --version ``` -If it says something like "Rails 5.1.0", you are ready to continue. +If it says something like "Rails 5.1.1", you are ready to continue. ### Creating the Blog Application @@ -1195,7 +1196,7 @@ it look as follows: This time we point the form to the `update` action, which is not defined yet but will be very soon. -Passing the article object to the method, will automagically create url for submitting the edited article form. +Passing the article object to the method, will automagically create url for submitting the edited article form. This option tells Rails that we want this form to be submitted via the `PATCH` HTTP method which is the HTTP method you're expected to use to **update** resources according to the REST protocol. -- cgit v1.2.3 From d414881a342d849d65810a037c0b1baff8538e41 Mon Sep 17 00:00:00 2001 From: Akira Matsuda Date: Mon, 22 May 2017 08:44:42 +0900 Subject: We always + 1 to __LINE__ when class_evaling with << [ci skip] --- guides/source/api_documentation_guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/api_documentation_guidelines.md b/guides/source/api_documentation_guidelines.md index 3c61754982..c3c7367304 100644 --- a/guides/source/api_documentation_guidelines.md +++ b/guides/source/api_documentation_guidelines.md @@ -281,7 +281,7 @@ Methods created with `(module|class)_eval(STRING)` have a comment by their side ```ruby for severity in Severity.constants - class_eval <<-EOT, __FILE__, __LINE__ + class_eval <<-EOT, __FILE__, __LINE__ + 1 def #{severity.downcase}(message = nil, progname = nil, &block) # def debug(message = nil, progname = nil, &block) add(#{severity}, message, progname, &block) # add(DEBUG, message, progname, &block) end # end -- cgit v1.2.3 From 5a3ba63d9abad86b7f6dd36a92cfaf722e52760b Mon Sep 17 00:00:00 2001 From: Michael Coyne Date: Thu, 23 Feb 2017 13:54:17 -0500 Subject: AEAD encrypted cookies and sessions This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted. --- guides/source/configuring.md | 8 ++++++-- guides/source/security.md | 23 +++++++++++++++-------- 2 files changed, 21 insertions(+), 10 deletions(-) (limited to 'guides/source') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index bf9456a482..6a7eaf00e1 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -456,10 +456,14 @@ to `'http authentication'`. Defaults to `'signed cookie'`. * `config.action_dispatch.encrypted_cookie_salt` sets the encrypted cookies salt -value. Defaults to `'encrypted cookie'`. + value. Defaults to `'encrypted cookie'`. * `config.action_dispatch.encrypted_signed_cookie_salt` sets the signed -encrypted cookies salt value. Defaults to `'signed encrypted cookie'`. + encrypted cookies salt value. Defaults to `'signed encrypted cookie'`. + +* `config.action_dispatch.authenticated_encrypted_cookie_salt` sets the + authenticated encrypted cookie salt. Defaults to `'authenticated encrypted + cookie'`. * `config.action_dispatch.perform_deep_munge` configures whether `deep_munge` method should be performed on the parameters. See [Security Guide](security.html#unsafe-query-generation) diff --git a/guides/source/security.md b/guides/source/security.md index c305350243..61b0c5e368 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -95,16 +95,23 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves * The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, _you don't want to store any secrets here_. To prevent session hash tampering, a digest is calculated from the session with a server-side secret (`secrets.secret_token`) and inserted into the end of the cookie. -However, since Rails 4, the default store is EncryptedCookieStore. With -EncryptedCookieStore the session is encrypted before being stored in a cookie. -This prevents the user from accessing and tampering the content of the cookie. -Thus the session becomes a more secure place to store data. The encryption is -done using a server-side secret key `secrets.secret_key_base` stored in -`config/secrets.yml`. +In Rails 4, encrypted cookies through AES in CBC mode with HMAC using SHA1 for +verification was introduced. This prevents the user from accessing and tampering +the content of the cookie. Thus the session becomes a more secure place to store +data. The encryption is performed using a server-side `secrets.secret_key_base`. +Two salts are used when deriving keys for encryption and verification. These +salts are set via the `config.action_dispatch.encrypted_cookie_salt` and +`config.action_dispatch.encrypted_signed_cookie_salt` configuration values. -That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA1, for compatibility). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters, use `rails secret` instead_. +Rails 5.2 uses AES-GCM for the encryption which couples authentication +and encryption in one faster step and produces shorter ciphertexts. -`secrets.secret_key_base` is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`, e.g.: +Encrypted cookies are automatically upgraded if the +`config.action_dispatch.use_authenticated_cookie_encryption` is enabled. + +_Do not use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters! Instead use `rails secret` to generate secret keys!_ + +Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`, e.g.: development: secret_key_base: a75d... -- cgit v1.2.3 From 40bdbce191ad90dfea43dad51fac5c4726b89392 Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Mon, 15 May 2017 14:17:28 +0000 Subject: Define path with __dir__ ".. with __dir__ we can restore order in the Universe." - by @fxn Related to 5b8738c2df003a96f0e490c43559747618d10f5f --- guides/source/generators.md | 4 ++-- guides/source/rails_application_templates.md | 2 +- guides/source/security.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'guides/source') diff --git a/guides/source/generators.md b/guides/source/generators.md index a554e08204..d4ed2355d4 100644 --- a/guides/source/generators.md +++ b/guides/source/generators.md @@ -96,7 +96,7 @@ This is the generator just created: ```ruby class InitializerGenerator < Rails::Generators::NamedBase - source_root File.expand_path("../templates", __FILE__) + source_root File.expand_path("templates", __dir__) end ``` @@ -122,7 +122,7 @@ And now let's change the generator to copy this template when invoked: ```ruby class InitializerGenerator < Rails::Generators::NamedBase - source_root File.expand_path("../templates", __FILE__) + source_root File.expand_path("templates", __dir__) def copy_initializer_file copy_file "initializer.rb", "config/initializers/#{file_name}.rb" diff --git a/guides/source/rails_application_templates.md b/guides/source/rails_application_templates.md index 3e99ee7021..e087834a2f 100644 --- a/guides/source/rails_application_templates.md +++ b/guides/source/rails_application_templates.md @@ -277,6 +277,6 @@ relative paths to your template's location. ```ruby def source_paths - [File.expand_path(File.dirname(__FILE__))] + [__dir__] end ``` diff --git a/guides/source/security.md b/guides/source/security.md index 1fcb2fc91f..75522834df 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -356,7 +356,7 @@ send_file('/var/www/uploads/' + params[:filename]) Simply pass a file name like "../../../etc/passwd" to download the server's login information. A simple solution against this, is to _check that the requested file is in the expected directory_: ```ruby -basename = File.expand_path(File.join(File.dirname(__FILE__), '../../files')) +basename = File.expand_path('../../files', __dir__) filename = File.expand_path(File.join(basename, @file.public_filename)) raise if basename != File.expand_path(File.join(File.dirname(filename), '../../../')) -- cgit v1.2.3 From d225f0b94c9d89e8837ee8e98ee3a7837877631b Mon Sep 17 00:00:00 2001 From: willnet Date: Wed, 24 May 2017 13:04:03 +0900 Subject: [ci skip]fix wrong method name in docs --- guides/source/association_basics.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/association_basics.md b/guides/source/association_basics.md index 5794bfa666..d8e85497fa 100644 --- a/guides/source/association_basics.md +++ b/guides/source/association_basics.md @@ -599,7 +599,7 @@ class CreateBooks < ActiveRecord::Migration[5.0] t.string :book_number t.integer :author_id end - + add_index :books, :author_id add_foreign_key :books, :authors end @@ -1417,7 +1417,7 @@ If either of these saves fails due to validation errors, then the assignment sta If the parent object (the one declaring the `has_one` association) is unsaved (that is, `new_record?` returns `true`) then the child objects are not saved. They will automatically when the parent object is saved. -If you want to assign an object to a `has_one` association without saving the object, use the `association.build` method. +If you want to assign an object to a `has_one` association without saving the object, use the `build_association` method. ### `has_many` Association Reference -- cgit v1.2.3 From d0854d397ac72e50420e7c86a29db84cc5de4eac Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Wed, 24 May 2017 11:38:57 -0500 Subject: Update information on using Gmail when 2FA is in use [ci skip] --- guides/source/action_mailer_basics.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md index 65146ee7da..baea924c7f 100644 --- a/guides/source/action_mailer_basics.md +++ b/guides/source/action_mailer_basics.md @@ -781,7 +781,8 @@ config.action_mailer.smtp_settings = { enable_starttls_auto: true } ``` Note: As of July 15, 2014, Google increased [its security measures](https://support.google.com/accounts/answer/6010255) and now blocks attempts from apps it deems less secure. -You can change your gmail settings [here](https://www.google.com/settings/security/lesssecureapps) to allow the attempts or +You can change your gmail settings [here](https://www.google.com/settings/security/lesssecureapps) to allow the attempts. If your Gmail account has 2-factor authentication enabled, +then you will need to set an [app password](https://myaccount.google.com/apppasswords) and use that instead of your regular password. Alternatively, you can use another ESP to send email by replacing 'smtp.gmail.com' above with the address of your provider. Mailer Testing -- cgit v1.2.3 From 43b09b0c9ccc70f6514c441970d0d0ac03ce525b Mon Sep 17 00:00:00 2001 From: Makoto Nihei Date: Thu, 25 May 2017 04:26:54 +0900 Subject: [ci skip]fix wrong variable name in docs --- guides/source/association_basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/association_basics.md b/guides/source/association_basics.md index d8e85497fa..5c7d1f5365 100644 --- a/guides/source/association_basics.md +++ b/guides/source/association_basics.md @@ -1559,7 +1559,7 @@ The `collection.size` method returns the number of objects in the collection. The `collection.find` method finds objects within the collection. It uses the same syntax and options as `ActiveRecord::Base.find`. ```ruby -@available_books = @author.books.find(1) +@available_book = @author.books.find(1) ``` ##### `collection.where(...)` -- cgit v1.2.3 From c7dd4a7a9f20216091399a30a9750a8cf598798e Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Wed, 24 May 2017 19:40:00 -0400 Subject: Capitalize Gmail `gmail` --> `Gmail` [ci skip] --- guides/source/action_mailer_basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md index baea924c7f..7751ac00df 100644 --- a/guides/source/action_mailer_basics.md +++ b/guides/source/action_mailer_basics.md @@ -781,7 +781,7 @@ config.action_mailer.smtp_settings = { enable_starttls_auto: true } ``` Note: As of July 15, 2014, Google increased [its security measures](https://support.google.com/accounts/answer/6010255) and now blocks attempts from apps it deems less secure. -You can change your gmail settings [here](https://www.google.com/settings/security/lesssecureapps) to allow the attempts. If your Gmail account has 2-factor authentication enabled, +You can change your Gmail settings [here](https://www.google.com/settings/security/lesssecureapps) to allow the attempts. If your Gmail account has 2-factor authentication enabled, then you will need to set an [app password](https://myaccount.google.com/apppasswords) and use that instead of your regular password. Alternatively, you can use another ESP to send email by replacing 'smtp.gmail.com' above with the address of your provider. -- cgit v1.2.3 From af41b98577a09c9177b0fae76b7d07d787d02ce3 Mon Sep 17 00:00:00 2001 From: Krzysztof Maicher Date: Thu, 25 May 2017 14:34:50 +0200 Subject: Add ActiveRecord::Relation#or description to guides [ci skip] --- guides/source/active_record_querying.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'guides/source') diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index 26d01d4ede..d1cbe506b4 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -557,6 +557,19 @@ In other words, this query can be generated by calling `where` with no argument, SELECT * FROM clients WHERE (clients.locked != 1) ``` +### OR Conditions + +`OR` condition between two relations can be build by calling `or` on the first relation +and passing the second one as an argument. + +```ruby +Client.where(locked: true).or(Client.where(orders_count: [1,3,5])) +``` + +```sql +SELECT * FROM clients WHERE (clients.locked = 1 OR clients.orders_count IN (1,3,5)) +``` + Ordering -------- -- cgit v1.2.3 From 9980709c5aa25af7c0fd598bade23c2a9e66efc5 Mon Sep 17 00:00:00 2001 From: Makoto Nihei Date: Sat, 27 May 2017 11:52:18 +0900 Subject: [ci skip]fix wrong variable name in docs --- guides/source/active_record_querying.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index d1cbe506b4..07950c6066 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -118,7 +118,7 @@ You can also use this method to query for multiple objects. Call the `find` meth ```ruby # Find the clients with primary keys 1 and 10. -client = Client.find([1, 10]) # Or even Client.find(1, 10) +clients = Client.find([1, 10]) # Or even Client.find(1, 10) # => [#, #] ``` -- cgit v1.2.3 From 7cceb729e64b8eef028dab042b79d8def0730372 Mon Sep 17 00:00:00 2001 From: Makoto Nihei Date: Sat, 27 May 2017 12:03:57 +0900 Subject: [ci skip]fix wrong variable name in docs --- guides/source/active_record_querying.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index d1cbe506b4..412ad0b006 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -150,7 +150,7 @@ The `take` method returns `nil` if no record is found and no exception will be r You can pass in a numerical argument to the `take` method to return up to that number of results. For example ```ruby -client = Client.take(2) +clients = Client.take(2) # => [ # #, # # @@ -189,7 +189,7 @@ If your [default scope](active_record_querying.html#applying-a-default-scope) co You can pass in a numerical argument to the `first` method to return up to that number of results. For example ```ruby -client = Client.first(3) +clients = Client.first(3) # => [ # #, # #, @@ -240,7 +240,7 @@ If your [default scope](active_record_querying.html#applying-a-default-scope) co You can pass in a numerical argument to the `last` method to return up to that number of results. For example ```ruby -client = Client.last(3) +clients = Client.last(3) # => [ # #, # #, -- cgit v1.2.3 From 3b2e3f01488581d9e153dcb6b8ef333bda370aa0 Mon Sep 17 00:00:00 2001 From: Christoph Lupprich Date: Sun, 28 May 2017 16:24:43 +0200 Subject: Remove mentions of deprecated callbacks on ActionDispatch::Callbacks ActionDispatch::Callbacks.to_prepare was removed in #27587 [ci skip] --- guides/source/configuring.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'guides/source') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index bf9456a482..aced401bca 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -493,8 +493,6 @@ encrypted cookies salt value. Defaults to `'signed encrypted cookie'`. * `ActionDispatch::Callbacks.before` takes a block of code to run before the request. -* `ActionDispatch::Callbacks.to_prepare` takes a block to run after `ActionDispatch::Callbacks.before`, but before the request. Runs for every request in `development` mode, but only once for `production` or environments with `cache_classes` set to `true`. - * `ActionDispatch::Callbacks.after` takes a block of code to run after the request. ### Configuring Action View @@ -1188,7 +1186,7 @@ Below is a comprehensive list of all the initializers found in Rails in the orde * `finisher_hook`: Provides a hook for after the initialization of process of the application is complete, as well as running all the `config.after_initialize` blocks for the application, railties and engines. -* `set_routes_reloader_hook`: Configures Action Dispatch to reload the routes file using `ActionDispatch::Callbacks.to_prepare`. +* `set_routes_reloader_hook`: Configures Action Dispatch to reload the routes file using `ActiveSupport::Callbacks.to_run`. * `disable_dependency_loading`: Disables the automatic dependency loading if the `config.eager_load` is set to `true`. -- cgit v1.2.3 From 9bd7881c2047f59b42f325ed882068cc881cbe48 Mon Sep 17 00:00:00 2001 From: Genadi Samokovarov Date: Mon, 29 May 2017 13:12:48 +0300 Subject: List assert_{,no_}changes in the testing guide This lists the `assert_changes` and `assert_no_changes` methods in the guides. [ci skip] --- guides/source/testing.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'guides/source') diff --git a/guides/source/testing.md b/guides/source/testing.md index c0394f927e..1db48ed56c 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -350,6 +350,8 @@ Rails adds some custom assertions of its own to the `minitest` framework: | --------------------------------------------------------------------------------- | ------- | | [`assert_difference(expressions, difference = 1, message = nil) {...}`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_difference) | Test numeric difference between the return value of an expression as a result of what is evaluated in the yielded block.| | [`assert_no_difference(expressions, message = nil, &block)`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_no_difference) | Asserts that the numeric result of evaluating an expression is not changed before and after invoking the passed in block.| +| [`assert_changes(expressions, message = nil, from:, to:, &block) {...}`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_changes) | Test that the result of evaluating an expression is changed after invoking the passed in block.| +| [`assert_no_changes(expressions, message = nil, &block)`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_no_changes) | Test the result of evaluating an expression is not changed after invoking the passed in block.| | [`assert_nothing_raised { block }`](http://api.rubyonrails.org/classes/ActiveSupport/Testing/Assertions.html#method-i-assert_nothing_raised) | Ensures that the given block doesn't raise any exceptions.| | [`assert_recognizes(expected_options, path, extras={}, message=nil)`](http://api.rubyonrails.org/classes/ActionDispatch/Assertions/RoutingAssertions.html#method-i-assert_recognizes) | Asserts that the routing of the given path was handled correctly and that the parsed options (given in the expected_options hash) match path. Basically, it asserts that Rails recognizes the route given by expected_options.| | [`assert_generates(expected_path, options, defaults={}, extras = {}, message=nil)`](http://api.rubyonrails.org/classes/ActionDispatch/Assertions/RoutingAssertions.html#method-i-assert_generates) | Asserts that the provided options can be used to generate the provided path. This is the inverse of assert_recognizes. The extras parameter is used to tell the request the names and values of additional request parameters that would be in a query string. The message parameter allows you to specify a custom error message for assertion failures.| -- cgit v1.2.3