actionpack 4.1.7 → 4.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +311 -527
- data/README.rdoc +7 -2
- data/lib/abstract_controller/base.rb +16 -6
- data/lib/abstract_controller/callbacks.rb +28 -51
- data/lib/abstract_controller/helpers.rb +11 -4
- data/lib/abstract_controller/railties/routes_helpers.rb +3 -3
- data/lib/abstract_controller/url_for.rb +1 -1
- data/lib/action_controller/base.rb +2 -1
- data/lib/action_controller/caching/fragments.rb +7 -1
- data/lib/action_controller/caching.rb +1 -1
- data/lib/action_controller/log_subscriber.rb +26 -26
- data/lib/action_controller/metal/conditional_get.rb +37 -12
- data/lib/action_controller/metal/etag_with_template_digest.rb +50 -0
- data/lib/action_controller/metal/exceptions.rb +1 -1
- data/lib/action_controller/metal/force_ssl.rb +1 -1
- data/lib/action_controller/metal/head.rb +7 -3
- data/lib/action_controller/metal/http_authentication.rb +14 -9
- data/lib/action_controller/metal/instrumentation.rb +8 -5
- data/lib/action_controller/metal/live.rb +57 -6
- data/lib/action_controller/metal/mime_responds.rb +23 -246
- data/lib/action_controller/metal/params_wrapper.rb +2 -2
- data/lib/action_controller/metal/rack_delegation.rb +1 -1
- data/lib/action_controller/metal/redirecting.rb +14 -8
- data/lib/action_controller/metal/renderers.rb +30 -10
- data/lib/action_controller/metal/rendering.rb +2 -6
- data/lib/action_controller/metal/request_forgery_protection.rb +78 -7
- data/lib/action_controller/metal/streaming.rb +1 -1
- data/lib/action_controller/metal/strong_parameters.rb +125 -12
- data/lib/action_controller/metal/url_for.rb +11 -12
- data/lib/action_controller/metal.rb +12 -11
- data/lib/action_controller/model_naming.rb +1 -1
- data/lib/action_controller/railtie.rb +4 -0
- data/lib/action_controller/test_case.rb +112 -75
- data/lib/action_controller.rb +1 -1
- data/lib/action_dispatch/http/cache.rb +5 -4
- data/lib/action_dispatch/http/filter_parameters.rb +2 -2
- data/lib/action_dispatch/http/headers.rb +43 -9
- data/lib/action_dispatch/http/mime_negotiation.rb +10 -3
- data/lib/action_dispatch/http/mime_type.rb +2 -2
- data/lib/action_dispatch/http/parameter_filter.rb +1 -1
- data/lib/action_dispatch/http/parameters.rb +11 -26
- data/lib/action_dispatch/http/request.rb +37 -11
- data/lib/action_dispatch/http/response.rb +70 -18
- data/lib/action_dispatch/http/upload.rb +3 -8
- data/lib/action_dispatch/http/url.rb +88 -69
- data/lib/action_dispatch/journey/formatter.rb +33 -17
- data/lib/action_dispatch/journey/gtg/builder.rb +3 -3
- data/lib/action_dispatch/journey/gtg/simulator.rb +10 -7
- data/lib/action_dispatch/journey/gtg/transition_table.rb +20 -28
- data/lib/action_dispatch/journey/nfa/dot.rb +2 -2
- data/lib/action_dispatch/journey/nfa/simulator.rb +1 -1
- data/lib/action_dispatch/journey/nfa/transition_table.rb +5 -5
- data/lib/action_dispatch/journey/nodes/node.rb +4 -0
- data/lib/action_dispatch/journey/parser.rb +52 -60
- data/lib/action_dispatch/journey/parser.y +11 -10
- data/lib/action_dispatch/journey/path/pattern.rb +16 -19
- data/lib/action_dispatch/journey/route.rb +3 -18
- data/lib/action_dispatch/journey/router/strexp.rb +9 -6
- data/lib/action_dispatch/journey/router.rb +53 -77
- data/lib/action_dispatch/journey/scanner.rb +5 -5
- data/lib/action_dispatch/journey/visitors.rb +81 -92
- data/lib/action_dispatch/journey/visualizer/fsm.css +0 -4
- data/lib/action_dispatch/journey/visualizer/index.html.erb +2 -2
- data/lib/action_dispatch/middleware/callbacks.rb +1 -1
- data/lib/action_dispatch/middleware/cookies.rb +29 -29
- data/lib/action_dispatch/middleware/debug_exceptions.rb +15 -4
- data/lib/action_dispatch/middleware/exception_wrapper.rb +50 -18
- data/lib/action_dispatch/middleware/flash.rb +13 -7
- data/lib/action_dispatch/middleware/params_parser.rb +1 -1
- data/lib/action_dispatch/middleware/public_exceptions.rb +12 -3
- data/lib/action_dispatch/middleware/remote_ip.rb +40 -54
- data/lib/action_dispatch/middleware/request_id.rb +1 -1
- data/lib/action_dispatch/middleware/session/cookie_store.rb +1 -1
- data/lib/action_dispatch/middleware/show_exceptions.rb +1 -0
- data/lib/action_dispatch/middleware/static.rb +66 -37
- data/lib/action_dispatch/middleware/templates/rescues/_source.erb +21 -19
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +37 -9
- data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +2 -8
- data/lib/action_dispatch/middleware/templates/rescues/{diagnostics.erb → diagnostics.html.erb} +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +6 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +4 -0
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +2 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +1 -24
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +0 -1
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +120 -64
- data/lib/action_dispatch/routing/endpoint.rb +10 -0
- data/lib/action_dispatch/routing/inspector.rb +5 -12
- data/lib/action_dispatch/routing/mapper.rb +410 -281
- data/lib/action_dispatch/routing/polymorphic_routes.rb +191 -79
- data/lib/action_dispatch/routing/redirection.rb +10 -12
- data/lib/action_dispatch/routing/route_set.rb +297 -168
- data/lib/action_dispatch/routing/url_for.rb +15 -4
- data/lib/action_dispatch/testing/assertions/dom.rb +2 -26
- data/lib/action_dispatch/testing/assertions/response.rb +2 -7
- data/lib/action_dispatch/testing/assertions/routing.rb +22 -22
- data/lib/action_dispatch/testing/assertions/selector.rb +2 -429
- data/lib/action_dispatch/testing/assertions/tag.rb +2 -134
- data/lib/action_dispatch/testing/assertions.rb +11 -7
- data/lib/action_dispatch/testing/integration.rb +24 -19
- data/lib/action_dispatch/testing/test_request.rb +1 -1
- data/lib/action_dispatch/testing/test_response.rb +7 -0
- data/lib/action_pack/gem_version.rb +3 -3
- metadata +55 -13
- data/lib/action_controller/metal/responder.rb +0 -297
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8ef0e423a29cfd8eebd990a4b4a321fdb340b395
|
4
|
+
data.tar.gz: e5337332c73cacc288bd03eddbb9680609a40978
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 03137cd7e8c5220e0b2bc852e1e61cc90fbd0ba9a6ae181dcc04f3510f7e94e16819a4c0f9aa4b15975be413816fd189412f69c7accc74a87634346204299bd2
|
7
|
+
data.tar.gz: 89cb8daa44d1a361d123aa41594c61d0c4c0b89bf3bca750bc8c5854db90cf37dfc52575de22d9d140f9bded1f9fc28ed2d83306f44f0b297521253f39b83d20
|
data/CHANGELOG.md
CHANGED
@@ -1,722 +1,506 @@
|
|
1
|
-
## Rails 4.1
|
2
|
-
|
3
|
-
* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
|
4
|
-
("Rosetta Flash")
|
5
|
-
|
6
|
-
*Greg Campbell*
|
7
|
-
|
8
|
-
* Because URI paths may contain non US-ASCII characters we need to force
|
9
|
-
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
|
10
|
-
This essentially replicates the functionality of the monkey patch to
|
11
|
-
URI.parser.unescape in active_support/core_ext/uri.rb.
|
12
|
-
|
13
|
-
Fixes #16104.
|
14
|
-
|
15
|
-
*Karl Entwistle*
|
16
|
-
|
17
|
-
* Generate shallow paths for all children of shallow resources.
|
18
|
-
|
19
|
-
Fixes #15783.
|
20
|
-
|
21
|
-
*Seb Jacobs*
|
22
|
-
|
23
|
-
* JSONP responses are now rendered with the `text/javascript` content type
|
24
|
-
when rendering through a `respond_to` block.
|
25
|
-
|
26
|
-
Fixes #15081.
|
27
|
-
|
28
|
-
*Lucas Mazza*
|
29
|
-
|
30
|
-
* Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'.
|
31
|
-
|
32
|
-
Fixes #15511.
|
33
|
-
|
34
|
-
*Larry Lv*
|
35
|
-
|
36
|
-
* ActionController::Parameters#require now accepts `false` values.
|
37
|
-
|
38
|
-
Fixes #15685.
|
39
|
-
|
40
|
-
*Sergio Romano*
|
41
|
-
|
42
|
-
* With authorization header `Authorization: Token token=`, `authenticate` now
|
43
|
-
recognize token as nil, instead of "token".
|
44
|
-
|
45
|
-
Fixes #14846.
|
46
|
-
|
47
|
-
*Larry Lv*
|
48
|
-
|
49
|
-
|
50
|
-
## Rails 4.1.4 (July 2, 2014) ##
|
51
|
-
|
52
|
-
* No changes.
|
1
|
+
## Rails 4.2.1 (March 19, 2014) ##
|
53
2
|
|
3
|
+
* Non-string authenticity tokens do not raise NoMethodError when decoding
|
4
|
+
the masked token.
|
54
5
|
|
55
|
-
|
6
|
+
*Ville Lautanala*
|
56
7
|
|
57
|
-
*
|
58
|
-
|
59
|
-
|
60
|
-
## Rails 4.1.2 (June 26, 2014) ##
|
61
|
-
|
62
|
-
* Fix URL generation with `:trailing_slash` such that it does not add
|
63
|
-
a trailing slash after `.:format`
|
64
|
-
|
65
|
-
*Dan Langevin*
|
66
|
-
|
67
|
-
* Fix an issue with migrating legacy json cookies.
|
68
|
-
|
69
|
-
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumed all incoming
|
70
|
-
cookies were marshal-encoded. This was not the case when `secret_token` was
|
71
|
-
used in conjunction with the `:json` or `:hybrid` serializer.
|
72
|
-
|
73
|
-
In those cases, when upgrading to use `secret_key_base`, this would cause a
|
74
|
-
`TypeError: incompatible marshal file format` and a 500 error for the user.
|
75
|
-
|
76
|
-
Fixes #14774.
|
77
|
-
|
78
|
-
*Godfrey Chan*
|
8
|
+
* Explicitly ignored wildcard verbs when searching for HEAD routes before fallback
|
79
9
|
|
80
|
-
|
81
|
-
|
10
|
+
Fixes an issue where a mounted rack app at root would intercept the HEAD
|
11
|
+
request causing an incorrect behavior during the fall back to GET requests.
|
82
12
|
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
Fixes #15043.
|
97
|
-
|
98
|
-
*Guilherme Cavalcanti*, *Andrew White*
|
99
|
-
|
100
|
-
* Append a link in the backtrace to the bad code when a `SyntaxError` exception occurs.
|
101
|
-
|
102
|
-
*Boris Kuznetsov*
|
103
|
-
|
104
|
-
* Make URL escaping more consistent:
|
105
|
-
|
106
|
-
1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
|
107
|
-
2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters
|
108
|
-
3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation
|
109
|
-
4. Use `escape_segment` rather than `escape_path` in URL generation
|
110
|
-
|
111
|
-
For point 4 there are two exceptions. Firstly, when a route uses wildcard segments
|
112
|
-
(e.g. `*foo`) then we use `escape_path` as the value may contain '/' characters. This
|
113
|
-
means that wildcard routes can't be optimized. Secondly, if a `:controller` segment
|
114
|
-
is used in the path then this uses `escape_path` as the controller may be namespaced.
|
115
|
-
|
116
|
-
Fixes #14629, #14636 and #14070.
|
117
|
-
|
118
|
-
*Andrew White*, *Edho Arief*
|
13
|
+
Example:
|
14
|
+
```ruby
|
15
|
+
draw do
|
16
|
+
get '/home' => 'test#index'
|
17
|
+
mount rack_app, at: '/'
|
18
|
+
end
|
19
|
+
head '/home'
|
20
|
+
assert_response :success
|
21
|
+
```
|
22
|
+
In this case, a HEAD request runs through the routes the first time and fails
|
23
|
+
to match anything. Then, it runs through the list with the fallback and matches
|
24
|
+
`get '/home'`. The original behavior would match the rack app in the first pass.
|
119
25
|
|
120
|
-
*
|
121
|
-
`any` format block.
|
26
|
+
*Terence Sun*
|
122
27
|
|
123
|
-
|
28
|
+
* Preserve default format when generating URLs
|
124
29
|
|
125
|
-
|
30
|
+
Fixes an issue that would cause the format set in default_url_options to be
|
31
|
+
lost when generating URLs with fewer positional arguments than parameters in
|
32
|
+
the route definition.
|
126
33
|
|
127
|
-
|
34
|
+
Backport of #18627
|
128
35
|
|
129
|
-
|
36
|
+
*Tekin Suleyman*, *Dominic Baggott*
|
130
37
|
|
131
|
-
|
38
|
+
* Default headers, removed in controller actions, are no longer reapplied on
|
39
|
+
the test response.
|
132
40
|
|
41
|
+
*Jonas Baumann*
|
133
42
|
|
134
|
-
|
43
|
+
* Ensure `append_info_to_payload` is called even if an exception is raised.
|
135
44
|
|
136
|
-
|
45
|
+
Fixes an issue where when an exception is raised in the request the additonal
|
46
|
+
payload data is not available.
|
137
47
|
|
138
|
-
|
48
|
+
See:
|
49
|
+
* #14903
|
50
|
+
* https://github.com/roidrage/lograge/issues/37
|
139
51
|
|
140
|
-
|
52
|
+
*Dieter Komendera*, *Margus Pärt*
|
141
53
|
|
142
|
-
|
54
|
+
* Correctly rely on the response's status code to handle calls to `head`.
|
143
55
|
|
56
|
+
*Robin Dupret*
|
144
57
|
|
145
|
-
|
58
|
+
* Using `head` method returns empty response_body instead
|
59
|
+
of returning a single space " ".
|
146
60
|
|
147
|
-
|
148
|
-
|
61
|
+
The old behavior was added as a workaround for a bug in an early
|
62
|
+
version of Safari, where the HTTP headers are not returned correctly
|
63
|
+
if the response body has a 0-length. This is been fixed since and
|
64
|
+
the workaround is no longer necessary.
|
149
65
|
|
150
|
-
Fixes #
|
66
|
+
Fixes #18253.
|
151
67
|
|
152
|
-
*
|
68
|
+
*Prathamesh Sonpatki*
|
153
69
|
|
154
|
-
*
|
155
|
-
we need to check if we're not inside a nested scope before copying the :path
|
156
|
-
and :as options to their shallow equivalents.
|
70
|
+
* Fix how polymorphic routes works with objects that implement `to_model`.
|
157
71
|
|
158
|
-
|
72
|
+
*Travis Grathwell*
|
159
73
|
|
160
|
-
|
74
|
+
* Fixed handling of positional url helper arguments when `format: false`.
|
161
75
|
|
76
|
+
Fixes #17819.
|
162
77
|
|
163
|
-
|
78
|
+
*Andrew White*, *Tatiana Soukiassian*
|
164
79
|
|
165
|
-
*
|
166
|
-
`default_url_options` methods.
|
80
|
+
* Fixed usage of optional scopes in URL helpers.
|
167
81
|
|
168
|
-
*
|
82
|
+
*Alex Robbin*
|
169
83
|
|
170
|
-
* Introduce `render :html` as an option to render HTML content with a content
|
171
|
-
type of `text/html`. This rendering option calls `ERB::Util.html_escape`
|
172
|
-
internally to escape unsafe HTML strings, so you will need to mark a
|
173
|
-
string as `html_safe` if it contains any HTML tag.
|
174
84
|
|
175
|
-
|
85
|
+
## Rails 4.2.0 (December 20, 2014) ##
|
176
86
|
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
a plain text content.
|
182
|
-
|
183
|
-
See #14062, #12374.
|
184
|
-
|
185
|
-
*Prem Sichanugrist*
|
186
|
-
|
187
|
-
* Introduce `render :body` as an option for sending a raw content back to
|
188
|
-
browser. Note that this rendering option does not include "Content-Type"
|
189
|
-
header back in the response.
|
190
|
-
|
191
|
-
You should only use this option if you don't care about the content type
|
192
|
-
of the response. More information on "Content-Type" header can be found
|
193
|
-
on RFC 2616, section 7.2.1.
|
194
|
-
|
195
|
-
See #14062, #12374.
|
87
|
+
* Add `ActionController::Parameters#to_unsafe_h` to return an unfiltered
|
88
|
+
`Hash` representation of Parameters object. This is now a preferred way to
|
89
|
+
retrieve unfiltered parameters as we will stop inheriting `AC::Parameters`
|
90
|
+
object in Rails 5.0.
|
196
91
|
|
197
92
|
*Prem Sichanugrist*
|
198
93
|
|
199
|
-
*
|
200
|
-
|
201
|
-
|
202
|
-
Fixes #12552.
|
203
|
-
|
204
|
-
*Kevin Casey*
|
205
|
-
|
206
|
-
* Add a new config option `config.action_dispatch.cookies_serializer` for
|
207
|
-
specifying a serializer for the signed and encrypted cookie jars.
|
208
|
-
|
209
|
-
The possible values are:
|
210
|
-
|
211
|
-
* `:json` - serialize cookie values with `JSON`
|
212
|
-
* `:marshal` - serialize cookie values with `Marshal`
|
213
|
-
* `:hybrid` - transparently migrate existing `Marshal` cookie values to `JSON`
|
214
|
-
|
215
|
-
For new apps the `:json` option is added by default and `:marshal` is used
|
216
|
-
when no option is specified to maintain backwards compatibility.
|
217
|
-
|
218
|
-
*Łukasz Sarnacki*, *Matt Aimonetti*, *Guillermo Iguaran*, *Godfrey Chan*, *Rafael Mendonça França*
|
94
|
+
* Restore handling of a bare `Authorization` header, without `token=`
|
95
|
+
prefix.
|
219
96
|
|
220
|
-
|
97
|
+
Fixes #17108.
|
221
98
|
|
222
|
-
*
|
99
|
+
*Guo Xiang Tan*
|
223
100
|
|
224
|
-
*
|
225
|
-
waiting until the `shallow` option is set. Also make the behavior of the
|
226
|
-
`:shallow` resource option consistent with the behavior of the `shallow` method.
|
101
|
+
* Deprecate use of string keys in URL helpers.
|
227
102
|
|
228
|
-
|
103
|
+
Use symbols instead.
|
104
|
+
Fixes #16958.
|
229
105
|
|
230
|
-
*
|
106
|
+
*Byron Bischoff*, *Melanie Gilman*
|
231
107
|
|
232
|
-
*
|
233
|
-
an uninitialized constant error for `ENCODING_FLAG`.
|
108
|
+
* Deprecate the `only_path` option on `*_path` helpers.
|
234
109
|
|
235
|
-
|
110
|
+
In cases where this option is set to `true`, the option is redundant and can
|
111
|
+
be safely removed; otherwise, the corresponding `*_url` helper should be
|
112
|
+
used instead.
|
236
113
|
|
237
|
-
|
238
|
-
the `wrapper_key` for a request using `wrap_parameters`.
|
114
|
+
Fixes #17294.
|
239
115
|
|
240
|
-
*
|
116
|
+
*Dan Olson*, *Godfrey Chan*
|
241
117
|
|
242
|
-
*
|
243
|
-
in `ActionController::TestCase`.
|
118
|
+
* Improve Journey compliance to RFC 3986.
|
244
119
|
|
245
|
-
|
120
|
+
The scanner in Journey failed to recognize routes that use literals
|
121
|
+
from the sub-delims section of RFC 3986. It's now able to parse those
|
122
|
+
authorized delimiters and route as expected.
|
246
123
|
|
247
|
-
|
248
|
-
|
249
|
-
* Fix `rake routes` error when `Rails::Engine` with empty routes is mounted.
|
250
|
-
|
251
|
-
Fixes #13810.
|
252
|
-
|
253
|
-
*Maurizio De Santis*
|
254
|
-
|
255
|
-
* Log which keys were affected by deep munge.
|
256
|
-
|
257
|
-
Deep munge solves the CVE-2013-0155 security vulnerability, but its
|
258
|
-
behaviour is confusing. With this commit, the information about which
|
259
|
-
key values were set to nil is now visible in logs.
|
260
|
-
|
261
|
-
*Łukasz Sarnacki*
|
262
|
-
|
263
|
-
* Automatically convert dashes to underscores for shorthand routes, e.g:
|
124
|
+
Fixes #17212.
|
264
125
|
|
265
|
-
|
126
|
+
*Nicolas Cavigneaux*
|
266
127
|
|
267
|
-
|
128
|
+
* Deprecate implicit Array conversion for Response objects. It was added
|
129
|
+
(using `#to_ary`) so we could conveniently use implicit splatting:
|
268
130
|
|
269
|
-
|
270
|
-
our_work_latest GET /our-work/latest(.:format) our_work#latest
|
131
|
+
status, headers, body = response
|
271
132
|
|
272
|
-
|
133
|
+
But it also means `response + response` works and `[response].flatten`
|
134
|
+
cascades down to the Rack body. Nonsense behavior. Instead, rely on
|
135
|
+
explicit conversion and splatting with `#to_a`:
|
273
136
|
|
274
|
-
|
137
|
+
status, header, body = *response
|
275
138
|
|
276
|
-
|
277
|
-
get '/about-us' => 'pages#about_us'
|
139
|
+
*Jeremy Kemper*
|
278
140
|
|
279
|
-
|
141
|
+
* Don't rescue `IPAddr::InvalidAddressError`.
|
280
142
|
|
281
|
-
|
282
|
-
|
283
|
-
about_us GET /about-us(.:format) pages#about_us
|
143
|
+
`IPAddr::InvalidAddressError` does not exist in Ruby 1.9.3
|
144
|
+
and fails for JRuby in 1.9 mode.
|
284
145
|
|
285
|
-
*
|
146
|
+
*Peter Suschlik*
|
286
147
|
|
287
|
-
* Fix
|
148
|
+
* Fix bug where the router would ignore any constraints added to redirect
|
149
|
+
routes.
|
288
150
|
|
289
|
-
Fixes #
|
151
|
+
Fixes #16605.
|
290
152
|
|
291
|
-
*
|
153
|
+
*Agis Anastasopoulos*
|
292
154
|
|
293
|
-
* Allow
|
155
|
+
* Allow `config.action_dispatch.trusted_proxies` to accept an IPAddr object.
|
294
156
|
|
295
157
|
Example:
|
296
158
|
|
297
|
-
|
298
|
-
|
299
|
-
get '/special', to: '/bar#index'
|
300
|
-
end
|
301
|
-
|
302
|
-
|
303
|
-
* Unique the segment keys array for non-optimized url helpers
|
304
|
-
|
305
|
-
In Rails 3.2 you only needed to pass an argument for a dynamic segment
|
306
|
-
once so unique the segment keys array to match the number of args. Since
|
307
|
-
the number of args is less than the required parts, the non-optimized code
|
308
|
-
path is selected. To benefit from optimized url generation, the arg needs
|
309
|
-
to be specified as many times as it appears in the path.
|
310
|
-
|
311
|
-
Fixes #12808.
|
312
|
-
|
313
|
-
*Andrew White*
|
314
|
-
|
315
|
-
* Show full route constraints in error message.
|
159
|
+
# config/environments/production.rb
|
160
|
+
config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
|
316
161
|
|
317
|
-
|
318
|
-
in the error message. Previously it would only show the contraints that were
|
319
|
-
required as part of the path.
|
162
|
+
*Sam Aarons*
|
320
163
|
|
321
|
-
|
164
|
+
* Avoid duplicating routes for HEAD requests.
|
322
165
|
|
323
|
-
|
166
|
+
Instead of duplicating the routes, we will first match the HEAD request to
|
167
|
+
HEAD routes. If no match is found, we will then map the HEAD request to
|
168
|
+
GET routes.
|
324
169
|
|
325
|
-
*
|
170
|
+
*Guo Xiang Tan*, *Andrew White*
|
326
171
|
|
327
|
-
|
172
|
+
* Requests that hit `ActionDispatch::Static` can now take advantage
|
173
|
+
of gzipped assets on disk. By default a gzip asset will be served if
|
174
|
+
the client supports gzip and a compressed file is on disk.
|
328
175
|
|
329
|
-
*
|
176
|
+
*Richard Schneeman*
|
330
177
|
|
331
|
-
|
178
|
+
* `ActionController::Parameters` will stop inheriting from `Hash` and
|
179
|
+
`HashWithIndifferentAccess` in the next major release. If you use any method
|
180
|
+
that is not available on `ActionController::Parameters` you should consider
|
181
|
+
calling `#to_h` to convert it to a `Hash` first before calling that method.
|
332
182
|
|
333
|
-
|
334
|
-
mount BlogEngine => '/blog'
|
183
|
+
*Prem Sichanugrist*
|
335
184
|
|
336
|
-
|
337
|
-
|
185
|
+
* `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted
|
186
|
+
keys removed. This change is to reflect on a security concern where some
|
187
|
+
method performed on an `ActionController::Parameters` may yield a `Hash`
|
188
|
+
object which does not maintain `permitted?` status. If you would like to
|
189
|
+
get a `Hash` with all the keys intact, duplicate and mark it as permitted
|
190
|
+
before calling `#to_h`.
|
338
191
|
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
192
|
+
params = ActionController::Parameters.new({
|
193
|
+
name: 'Senjougahara Hitagi',
|
194
|
+
oddity: 'Heavy stone crab'
|
195
|
+
})
|
196
|
+
params.to_h
|
197
|
+
# => {}
|
344
198
|
|
345
|
-
|
199
|
+
unsafe_params = params.dup.permit!
|
200
|
+
unsafe_params.to_h
|
201
|
+
# => {"name"=>"Senjougahara Hitagi", "oddity"=>"Heavy stone crab"}
|
346
202
|
|
347
|
-
|
203
|
+
safe_params = params.permit(:name)
|
204
|
+
safe_params.to_h
|
205
|
+
# => {"name"=>"Senjougahara Hitagi"}
|
348
206
|
|
349
|
-
|
207
|
+
This change is consider a stopgap as we cannot change the code to stop
|
208
|
+
`ActionController::Parameters` to inherit from `HashWithIndifferentAccess`
|
209
|
+
in the next minor release.
|
350
210
|
|
351
|
-
|
352
|
-
handling from blowing up before an application has had a chance to deal
|
353
|
-
with possibly invalid urls. However this has a negative side effect of
|
354
|
-
making it an incompatible encoding if the application's public path has
|
355
|
-
UTF-8 characters in it.
|
211
|
+
*Prem Sichanugrist*
|
356
212
|
|
357
|
-
|
358
|
-
it has been unescaped. If it is not valid then we can return early since it will
|
359
|
-
not match any file anyway.
|
213
|
+
* Deprecated `TagAssertions`.
|
360
214
|
|
361
|
-
|
215
|
+
*Kasper Timm Hansen*
|
362
216
|
|
363
|
-
|
217
|
+
* Use the Active Support JSON encoder for cookie jars using the `:json` or
|
218
|
+
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
|
219
|
+
cookies by defining the `#as_json` hook on such objects.
|
364
220
|
|
365
|
-
|
221
|
+
Fixes #16520.
|
366
222
|
|
367
|
-
*
|
223
|
+
*Godfrey Chan*
|
368
224
|
|
369
|
-
*
|
225
|
+
* Add `config.action_dispatch.cookies_digest` option for setting custom
|
226
|
+
digest. The default remains the same - 'SHA1'.
|
370
227
|
|
371
|
-
|
228
|
+
*Łukasz Strzałkowski*
|
372
229
|
|
373
|
-
|
230
|
+
* Move `respond_with` (and the class-level `respond_to`) to
|
231
|
+
the `responders` gem.
|
374
232
|
|
375
|
-
*
|
376
|
-
address the security vulnerability CVE-2013-0155. In your app config:
|
233
|
+
*José Valim*
|
377
234
|
|
378
|
-
|
235
|
+
* When your templates change, browser caches bust automatically.
|
379
236
|
|
380
|
-
|
381
|
-
|
237
|
+
New default: the template digest is automatically included in your ETags.
|
238
|
+
When you call `fresh_when @post`, the digest for `posts/show.html.erb`
|
239
|
+
is mixed in so future changes to the HTML will blow HTTP caches for you.
|
240
|
+
This makes it easy to HTTP-cache many more of your actions.
|
382
241
|
|
383
|
-
|
242
|
+
If you render a different template, you can now pass the `:template`
|
243
|
+
option to include its digest instead:
|
384
244
|
|
385
|
-
|
245
|
+
fresh_when @post, template: 'widgets/show'
|
386
246
|
|
387
|
-
|
247
|
+
Pass `template: false` to skip the lookup. To turn this off entirely, set:
|
388
248
|
|
389
|
-
|
390
|
-
JavaScript responses, protecting apps from cross-origin `<script>` tags.
|
249
|
+
config.action_controller.etag_with_template_digest = false
|
391
250
|
|
392
251
|
*Jeremy Kemper*
|
393
252
|
|
394
|
-
*
|
395
|
-
|
396
|
-
Fixes #8533.
|
397
|
-
|
398
|
-
*Piotr Sarnacki*
|
399
|
-
|
400
|
-
* Add `Mime::Type.register "text/vcard", :vcf` to the default list of mime types.
|
401
|
-
|
402
|
-
*DHH*
|
403
|
-
|
404
|
-
* Remove deprecated `ActionController::RecordIdentifier`, use
|
405
|
-
`ActionView::RecordIdentifier` instead.
|
406
|
-
|
407
|
-
*kennyj*
|
408
|
-
|
409
|
-
* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
|
410
|
-
`options[:raise]`.
|
253
|
+
* Remove deprecated `AbstractController::Helpers::ClassMethods::MissingHelperError`
|
254
|
+
in favor of `AbstractController::Helpers::MissingHelperError`.
|
411
255
|
|
412
|
-
|
413
|
-
|
414
|
-
*Shota Fukumori (sora_h)*
|
256
|
+
*Yves Senn*
|
415
257
|
|
416
|
-
*
|
258
|
+
* Fix `assert_template` not being able to assert that no files were rendered.
|
417
259
|
|
418
|
-
|
419
|
-
tablets, and desktop browsers. Variants make it easy.
|
260
|
+
*Guo Xiang Tan*
|
420
261
|
|
421
|
-
|
422
|
-
|
262
|
+
* Extract source code for the entire exception stack trace for
|
263
|
+
better debugging and diagnosis.
|
423
264
|
|
424
|
-
|
265
|
+
*Ryan Dao*
|
425
266
|
|
426
|
-
|
267
|
+
* Allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8
|
268
|
+
loopback address.
|
427
269
|
|
428
|
-
|
270
|
+
*Earl St Sauver*, *Sven Riedel*
|
429
271
|
|
430
|
-
|
431
|
-
|
432
|
-
html.tablet # renders app/views/projects/show.html+tablet.erb
|
433
|
-
html.phone { extra_setup; render ... }
|
434
|
-
end
|
435
|
-
end
|
272
|
+
* Preserve original path in `ShowExceptions` middleware by stashing it as
|
273
|
+
`env["action_dispatch.original_path"]`
|
436
274
|
|
437
|
-
|
275
|
+
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
|
276
|
+
for the exception defined in `ExceptionWrapper`, so the path
|
277
|
+
the user was visiting when an exception occurred was not previously
|
278
|
+
available to any custom exceptions_app. The original `PATH_INFO` is now
|
279
|
+
stashed in `env["action_dispatch.original_path"]`.
|
438
280
|
|
439
|
-
|
440
|
-
app/views/projects/show.html+tablet.erb
|
441
|
-
app/views/projects/show.html+phone.erb
|
281
|
+
*Grey Baker*
|
442
282
|
|
443
|
-
|
283
|
+
* Use `String#bytesize` instead of `String#size` when checking for cookie
|
284
|
+
overflow.
|
444
285
|
|
445
|
-
|
446
|
-
format.js { render "trash" }
|
447
|
-
format.html.phone { redirect_to progress_path }
|
448
|
-
format.html.none { render "trash" }
|
449
|
-
end
|
286
|
+
*Agis Anastasopoulos*
|
450
287
|
|
451
|
-
|
288
|
+
* `render nothing: true` or rendering a `nil` body no longer add a single
|
289
|
+
space to the response body.
|
452
290
|
|
453
|
-
|
291
|
+
The old behavior was added as a workaround for a bug in an early version of
|
292
|
+
Safari, where the HTTP headers are not returned correctly if the response
|
293
|
+
body has a 0-length. This is been fixed since and the workaround is no
|
294
|
+
longer necessary.
|
454
295
|
|
455
|
-
|
456
|
-
format.html.any { render text: "any" }
|
457
|
-
format.html.phone { render text: "phone" }
|
458
|
-
end
|
296
|
+
Use `render body: ' '` if the old behavior is desired.
|
459
297
|
|
460
|
-
|
298
|
+
See #14883 for details.
|
461
299
|
|
462
|
-
|
463
|
-
format.html do |variant|
|
464
|
-
variant.any(:tablet, :phablet){ render text: "any" }
|
465
|
-
variant.phone { render text: "phone" }
|
466
|
-
end
|
467
|
-
end
|
300
|
+
*Godfrey Chan*
|
468
301
|
|
469
|
-
|
302
|
+
* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
|
303
|
+
("Rosetta Flash").
|
470
304
|
|
471
|
-
*
|
472
|
-
content header and not passing correct formats to template due to the
|
473
|
-
introduction of the `NullType` for mimes.
|
305
|
+
*Greg Campbell*
|
474
306
|
|
475
|
-
|
307
|
+
* Because URI paths may contain non US-ASCII characters we need to force
|
308
|
+
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
|
309
|
+
This essentially replicates the functionality of the monkey patch to
|
310
|
+
URI.parser.unescape in active_support/core_ext/uri.rb.
|
476
311
|
|
477
|
-
Fixes #
|
312
|
+
Fixes #16104.
|
478
313
|
|
479
|
-
*
|
314
|
+
*Karl Entwistle*
|
480
315
|
|
481
|
-
*
|
316
|
+
* Generate shallow paths for all children of shallow resources.
|
482
317
|
|
483
|
-
Fixes #
|
318
|
+
Fixes #15783.
|
484
319
|
|
485
|
-
*
|
320
|
+
*Seb Jacobs*
|
486
321
|
|
487
|
-
*
|
322
|
+
* JSONP responses are now rendered with the `text/javascript` content type
|
323
|
+
when rendering through a `respond_to` block.
|
488
324
|
|
489
|
-
|
490
|
-
response type, `assert_response` now throws an ArgumentError with a clear
|
491
|
-
message. This is intended to help debug typos in the response type.
|
325
|
+
Fixes #15081.
|
492
326
|
|
493
|
-
*
|
327
|
+
*Lucas Mazza*
|
494
328
|
|
495
|
-
*
|
329
|
+
* Add `config.action_controller.always_permitted_parameters` to configure which
|
330
|
+
parameters are permitted globally. The default value of this configuration is
|
331
|
+
`['controller', 'action']`.
|
496
332
|
|
497
|
-
*
|
333
|
+
*Gary S. Weaver*, *Rafael Chacon*
|
498
334
|
|
499
|
-
*
|
335
|
+
* Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'.
|
500
336
|
|
501
|
-
|
337
|
+
Fixes #15511.
|
502
338
|
|
503
|
-
|
504
|
-
# => http://example.com/admin/posts/new?param=value
|
339
|
+
*Larry Lv*
|
505
340
|
|
506
|
-
|
341
|
+
* ActionController::Parameters#require now accepts `false` values.
|
507
342
|
|
508
|
-
|
343
|
+
Fixes #15685.
|
509
344
|
|
510
|
-
|
511
|
-
It returns a value from the hash for the given key.
|
512
|
-
If the key can’t be found, there are several options:
|
345
|
+
*Sergio Romano*
|
513
346
|
|
514
|
-
|
515
|
-
|
516
|
-
* If the optional code block is specified, then it will be run and its result returned.
|
347
|
+
* With authorization header `Authorization: Token token=`, `authenticate` now
|
348
|
+
recognize token as nil, instead of "token".
|
517
349
|
|
518
|
-
|
350
|
+
Fixes #14846.
|
519
351
|
|
520
|
-
*
|
352
|
+
*Larry Lv*
|
521
353
|
|
522
|
-
|
523
|
-
|
524
|
-
overriding its default value.
|
354
|
+
* Ensure the controller is always notified as soon as the client disconnects
|
355
|
+
during live streaming, even when the controller is blocked on a write.
|
525
356
|
|
526
|
-
*
|
357
|
+
*Nicholas Jakobsen*, *Matthew Draper*
|
527
358
|
|
528
|
-
*
|
529
|
-
|
359
|
+
* Routes specifying 'to:' must be a string that contains a "#" or a rack
|
360
|
+
application. Use of a symbol should be replaced with `action: symbol`.
|
361
|
+
Use of a string without a "#" should be replaced with `controller: string`.
|
530
362
|
|
531
|
-
*
|
363
|
+
*Aaron Patterson*
|
532
364
|
|
533
|
-
*
|
365
|
+
* Fix URL generation with `:trailing_slash` such that it does not add
|
366
|
+
a trailing slash after `.:format`
|
534
367
|
|
535
|
-
|
368
|
+
*Dan Langevin*
|
536
369
|
|
537
|
-
|
538
|
-
|
370
|
+
* Build full URI as string when processing path in integration tests for
|
371
|
+
performance reasons. One consequence of this is that the leading slash
|
372
|
+
is now required in integration test `process` helpers, whereas previously
|
373
|
+
it could be omitted. The fact that this worked was a unintended consequence
|
374
|
+
of the implementation and was never an intentional feature.
|
539
375
|
|
540
|
-
|
541
|
-
# => http://mycdn.com/assets/fallback.png
|
376
|
+
*Guo Xiang Tan*
|
542
377
|
|
543
|
-
|
378
|
+
* Fix `'Stack level too deep'` when rendering `head :ok` in an action method
|
379
|
+
called 'status' in a controller.
|
544
380
|
|
545
|
-
|
381
|
+
Fixes #13905.
|
546
382
|
|
547
|
-
*
|
383
|
+
*Christiaan Van den Poel*
|
548
384
|
|
549
|
-
|
385
|
+
* Add MKCALENDAR HTTP method (RFC 4791).
|
550
386
|
|
551
|
-
|
552
|
-
mount BlogEngine => '/blog'
|
387
|
+
*Sergey Karpesh*
|
553
388
|
|
554
|
-
|
555
|
-
get '/admin' => redirect('admin/dashboard')
|
389
|
+
* Instrument fragment cache metrics.
|
556
390
|
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
to a subdirectory of a website.
|
391
|
+
Adds `:controller`: and `:action` keys to the instrumentation payload
|
392
|
+
for the `*_fragment.action_controller` notifications. This allows tracking
|
393
|
+
e.g. the fragment cache hit rates for each controller action.
|
561
394
|
|
562
|
-
|
395
|
+
*Daniel Schierbeck*
|
563
396
|
|
564
|
-
|
397
|
+
* Always use the provided port if the protocol is relative.
|
565
398
|
|
566
|
-
|
567
|
-
This fixes an issue where the `respond_with` worked directly with the given
|
568
|
-
options hash, so that if a user relied on it after calling `respond_with`,
|
569
|
-
the hash wouldn't be the same.
|
399
|
+
Fixes #15043.
|
570
400
|
|
571
|
-
|
401
|
+
*Guilherme Cavalcanti*, *Andrew White*
|
572
402
|
|
573
|
-
|
403
|
+
* Moved `params[request_forgery_protection_token]` into its own method
|
404
|
+
and improved tests.
|
574
405
|
|
575
|
-
|
576
|
-
attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
|
406
|
+
Fixes #11316.
|
577
407
|
|
578
|
-
|
408
|
+
*Tom Kadwill*
|
579
409
|
|
580
|
-
|
410
|
+
* Added verification of route constraints given as a Proc or an object responding
|
411
|
+
to `:matches?`. Previously, when given an non-complying object, it would just
|
412
|
+
silently fail to enforce the constraint. It will now raise an `ArgumentError`
|
413
|
+
when setting up the routes.
|
581
414
|
|
582
|
-
*
|
415
|
+
*Xavier Defrang*
|
583
416
|
|
584
|
-
|
417
|
+
* Properly treat the entire IPv6 User Local Address space as private for
|
418
|
+
purposes of remote IP detection. Also handle uppercase private IPv6
|
419
|
+
addresses.
|
585
420
|
|
586
|
-
|
421
|
+
Fixes #12638.
|
587
422
|
|
588
|
-
*
|
589
|
-
with RFC 3986.
|
423
|
+
*Caleb Spare*
|
590
424
|
|
591
|
-
|
425
|
+
* Fixed an issue with migrating legacy json cookies.
|
592
426
|
|
593
|
-
|
594
|
-
|
427
|
+
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
|
428
|
+
cookies are marshal-encoded. This is not the case when `secret_token` is
|
429
|
+
used in conjunction with the `:json` or `:hybrid` serializer.
|
595
430
|
|
596
|
-
|
431
|
+
In those case, when upgrading to use `secret_key_base`, this would cause a
|
432
|
+
`TypeError: incompatible marshal file format` and a 500 error for the user.
|
597
433
|
|
598
|
-
|
434
|
+
Fixes #14774.
|
599
435
|
|
600
|
-
|
436
|
+
*Godfrey Chan*
|
601
437
|
|
602
|
-
|
438
|
+
* Make URL escaping more consistent:
|
603
439
|
|
604
|
-
|
605
|
-
|
440
|
+
1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
|
441
|
+
2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters
|
442
|
+
3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation
|
443
|
+
4. Use `escape_segment` rather than `escape_path` in URL generation
|
606
444
|
|
607
|
-
|
445
|
+
For point 4 there are two exceptions. Firstly, when a route uses wildcard segments
|
446
|
+
(e.g. `*foo`) then we use `escape_path` as the value may contain '/' characters. This
|
447
|
+
means that wildcard routes can't be optimized. Secondly, if a `:controller` segment
|
448
|
+
is used in the path then this uses `escape_path` as the controller may be namespaced.
|
608
449
|
|
609
|
-
|
450
|
+
Fixes #14629, #14636 and #14070.
|
610
451
|
|
611
|
-
*
|
452
|
+
*Andrew White*, *Edho Arief*
|
612
453
|
|
613
|
-
|
454
|
+
* Add alias `ActionDispatch::Http::UploadedFile#to_io` to
|
455
|
+
`ActionDispatch::Http::UploadedFile#tempfile`.
|
614
456
|
|
615
|
-
*
|
457
|
+
*Tim Linquist*
|
616
458
|
|
617
|
-
*
|
618
|
-
|
459
|
+
* Returns null type format when format is not know and controller is using `any`
|
460
|
+
format block.
|
619
461
|
|
620
|
-
|
462
|
+
Fixes #14462.
|
621
463
|
|
622
|
-
*
|
623
|
-
before checking for the correct action in the :only and :unless options.
|
464
|
+
*Rafael Mendonça França*
|
624
465
|
|
625
|
-
|
466
|
+
* Improve routing error page with fuzzy matching search.
|
626
467
|
|
627
|
-
*
|
468
|
+
*Winston*
|
628
469
|
|
629
|
-
*
|
630
|
-
ignoring the passed failure message argument.
|
470
|
+
* Only make deeply nested routes shallow when parent is shallow.
|
631
471
|
|
632
|
-
Fixes #
|
472
|
+
Fixes #14684.
|
633
473
|
|
634
|
-
*
|
474
|
+
*Andrew White*, *James Coglan*
|
635
475
|
|
636
|
-
*
|
637
|
-
the environment passed into `ActionDispatch::TestRequest.new`.
|
476
|
+
* Append link to bad code to backtrace when exception is `SyntaxError`.
|
638
477
|
|
639
|
-
|
478
|
+
*Boris Kuznetsov*
|
640
479
|
|
641
|
-
|
480
|
+
* Swapped the parameters of assert_equal in `assert_select` so that the
|
481
|
+
proper values were printed correctly.
|
642
482
|
|
643
|
-
|
644
|
-
routes were reloaded and since it doesn't overwrite existing routes then if a
|
645
|
-
route changed but wasn't renamed it kept the old definition. This was being
|
646
|
-
masked by the optimised url helpers so it only became apparent when passing an
|
647
|
-
options hash to the url helper.
|
483
|
+
Fixes #14422.
|
648
484
|
|
649
|
-
*
|
485
|
+
*Vishal Lal*
|
650
486
|
|
651
|
-
*
|
652
|
-
|
487
|
+
* The method `shallow?` returns false if the parent resource is a singleton so
|
488
|
+
we need to check if we're not inside a nested scope before copying the :path
|
489
|
+
and :as options to their shallow equivalents.
|
653
490
|
|
654
|
-
Fixes #
|
491
|
+
Fixes #14388.
|
655
492
|
|
656
493
|
*Andrew White*
|
657
494
|
|
658
|
-
*
|
659
|
-
|
660
|
-
|
661
|
-
|
662
|
-
* Fix an issue where Rails raised an exception about a missing helper when
|
663
|
-
it should have thrown a `LoadError` instead. When the helper file exists
|
664
|
-
and only the loaded file from the helper does not exist, Rails should now
|
665
|
-
throw a `LoadError` instead of a `MissingHelperError`.
|
666
|
-
|
667
|
-
*Piotr Niełacny*
|
668
|
-
|
669
|
-
* Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind
|
670
|
-
body input stream on parsing json params.
|
671
|
-
|
672
|
-
Fixes #11345.
|
673
|
-
|
674
|
-
*Yuri Bol*, *Paul Nikitochkin*
|
675
|
-
|
676
|
-
* Ignore spaces around delimiters in the Set-Cookie header.
|
677
|
-
|
678
|
-
*Yamagishi Kazutoshi*
|
495
|
+
* Make logging of CSRF failures optional (but on by default) with the
|
496
|
+
`log_warning_on_csrf_failure` configuration setting in
|
497
|
+
`ActionController::RequestForgeryProtection`.
|
679
498
|
|
680
|
-
*
|
681
|
-
Set `ActionDispatch.test_app` instead.
|
499
|
+
*John Barton*
|
682
500
|
|
683
|
-
|
684
|
-
|
685
|
-
* Remove deprecated `page_cache_extension` config.
|
686
|
-
|
687
|
-
*Francesco Rodriguez*
|
688
|
-
|
689
|
-
* Remove deprecated constants from Action Controller:
|
690
|
-
|
691
|
-
ActionController::AbstractRequest => ActionDispatch::Request
|
692
|
-
ActionController::Request => ActionDispatch::Request
|
693
|
-
ActionController::AbstractResponse => ActionDispatch::Response
|
694
|
-
ActionController::Response => ActionDispatch::Response
|
695
|
-
ActionController::Routing => ActionDispatch::Routing
|
696
|
-
ActionController::Integration => ActionDispatch::Integration
|
697
|
-
ActionController::IntegrationTest => ActionDispatch::IntegrationTest
|
698
|
-
|
699
|
-
*Carlos Antonio da Silva*
|
700
|
-
|
701
|
-
* Fix `Mime::Type.parse` when a bad accepts header is looked up.
|
702
|
-
Previously, it was setting `request.formats` with an array containing a
|
703
|
-
`nil` value, which raised an error when setting the controller formats.
|
704
|
-
|
705
|
-
Fixes #10965.
|
706
|
-
|
707
|
-
*Becker*
|
708
|
-
|
709
|
-
* Merge `:action` from routing scope and assign endpoint if both `:controller`
|
710
|
-
and `:action` are present. The endpoint assignment only occurs if there is
|
711
|
-
no `:to` present in the options hash, so should only affect routes using the
|
712
|
-
shorthand syntax (i.e. endpoint is inferred from the path).
|
713
|
-
|
714
|
-
Fixes #9856.
|
715
|
-
|
716
|
-
*Yves Senn*, *Andrew White*
|
717
|
-
|
718
|
-
* Action View extracted from Action Pack.
|
501
|
+
* Fix URL generation in controller tests with request-dependent
|
502
|
+
`default_url_options` methods.
|
719
503
|
|
720
|
-
*
|
504
|
+
*Tony Wooster*
|
721
505
|
|
722
|
-
Please check [4-
|
506
|
+
Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionpack/CHANGELOG.md) for previous changes.
|