actionpack 4.0.13 → 4.1.0.beta1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

Files changed (194) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +131 -1636
  3. data/README.rdoc +1 -6
  4. data/lib/abstract_controller.rb +1 -2
  5. data/lib/abstract_controller/base.rb +3 -25
  6. data/lib/abstract_controller/callbacks.rb +4 -2
  7. data/lib/abstract_controller/collector.rb +11 -1
  8. data/lib/abstract_controller/helpers.rb +18 -15
  9. data/lib/abstract_controller/rendering.rb +48 -127
  10. data/lib/action_controller.rb +1 -17
  11. data/lib/action_controller/base.rb +14 -6
  12. data/lib/action_controller/caching.rb +1 -11
  13. data/lib/action_controller/log_subscriber.rb +1 -1
  14. data/lib/action_controller/metal.rb +0 -4
  15. data/lib/action_controller/metal/flash.rb +17 -0
  16. data/lib/action_controller/metal/force_ssl.rb +1 -1
  17. data/lib/action_controller/metal/head.rb +1 -3
  18. data/lib/action_controller/metal/helpers.rb +6 -2
  19. data/lib/action_controller/metal/http_authentication.rb +7 -14
  20. data/lib/action_controller/metal/instrumentation.rb +1 -1
  21. data/lib/action_controller/metal/live.rb +74 -0
  22. data/lib/action_controller/metal/mime_responds.rb +93 -16
  23. data/lib/action_controller/metal/params_wrapper.rb +4 -11
  24. data/lib/action_controller/metal/rack_delegation.rb +1 -1
  25. data/lib/action_controller/metal/redirecting.rb +20 -20
  26. data/lib/action_controller/metal/renderers.rb +8 -5
  27. data/lib/action_controller/metal/rendering.rb +14 -11
  28. data/lib/action_controller/metal/request_forgery_protection.rb +67 -13
  29. data/lib/action_controller/metal/responder.rb +12 -2
  30. data/lib/action_controller/metal/streaming.rb +18 -20
  31. data/lib/action_controller/metal/strong_parameters.rb +22 -34
  32. data/lib/action_controller/railtie.rb +0 -1
  33. data/lib/action_controller/test_case.rb +0 -15
  34. data/lib/action_dispatch.rb +1 -0
  35. data/lib/action_dispatch/http/headers.rb +1 -3
  36. data/lib/action_dispatch/http/mime_negotiation.rb +16 -2
  37. data/lib/action_dispatch/http/mime_type.rb +4 -22
  38. data/lib/action_dispatch/http/mime_types.rb +1 -0
  39. data/lib/action_dispatch/http/parameters.rb +18 -19
  40. data/lib/action_dispatch/http/request.rb +16 -25
  41. data/lib/action_dispatch/http/response.rb +21 -8
  42. data/lib/action_dispatch/http/upload.rb +0 -13
  43. data/lib/action_dispatch/http/url.rb +10 -18
  44. data/lib/action_dispatch/journey/formatter.rb +3 -3
  45. data/lib/action_dispatch/journey/gtg/transition_table.rb +3 -5
  46. data/lib/action_dispatch/journey/parser.rb +1 -1
  47. data/lib/action_dispatch/journey/parser.y +1 -0
  48. data/lib/action_dispatch/journey/router.rb +7 -1
  49. data/lib/action_dispatch/journey/router/utils.rb +1 -1
  50. data/lib/action_dispatch/journey/visitors.rb +26 -47
  51. data/lib/action_dispatch/middleware/callbacks.rb +6 -6
  52. data/lib/action_dispatch/middleware/cookies.rb +15 -15
  53. data/lib/action_dispatch/middleware/debug_exceptions.rb +21 -13
  54. data/lib/action_dispatch/middleware/exception_wrapper.rb +1 -1
  55. data/lib/action_dispatch/middleware/flash.rb +5 -11
  56. data/lib/action_dispatch/middleware/params_parser.rb +1 -1
  57. data/lib/action_dispatch/middleware/public_exceptions.rb +1 -5
  58. data/lib/action_dispatch/middleware/session/cache_store.rb +3 -3
  59. data/lib/action_dispatch/middleware/session/cookie_store.rb +4 -3
  60. data/lib/action_dispatch/middleware/show_exceptions.rb +5 -2
  61. data/lib/action_dispatch/middleware/ssl.rb +1 -1
  62. data/lib/action_dispatch/middleware/static.rb +5 -25
  63. data/lib/action_dispatch/middleware/templates/rescues/{_request_and_response.erb → _request_and_response.html.erb} +0 -0
  64. data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
  65. data/lib/action_dispatch/middleware/templates/rescues/{_trace.erb → _trace.html.erb} +0 -0
  66. data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +15 -0
  67. data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +1 -1
  68. data/lib/action_dispatch/middleware/templates/rescues/{missing_template.erb → missing_template.html.erb} +1 -1
  69. data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
  70. data/lib/action_dispatch/middleware/templates/rescues/{routing_error.erb → routing_error.html.erb} +1 -1
  71. data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
  72. data/lib/action_dispatch/middleware/templates/rescues/{template_error.erb → template_error.html.erb} +1 -1
  73. data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +8 -0
  74. data/lib/action_dispatch/middleware/templates/rescues/{unknown_action.erb → unknown_action.html.erb} +1 -1
  75. data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
  76. data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +3 -3
  77. data/lib/action_dispatch/railtie.rb +1 -2
  78. data/lib/action_dispatch/request/session.rb +12 -0
  79. data/lib/action_dispatch/request/utils.rb +24 -0
  80. data/lib/action_dispatch/routing.rb +7 -6
  81. data/lib/action_dispatch/routing/inspector.rb +4 -4
  82. data/lib/action_dispatch/routing/mapper.rb +81 -138
  83. data/lib/action_dispatch/routing/polymorphic_routes.rb +13 -0
  84. data/lib/action_dispatch/routing/redirection.rb +34 -27
  85. data/lib/action_dispatch/routing/route_set.rb +43 -37
  86. data/lib/action_dispatch/routing/url_for.rb +3 -1
  87. data/lib/action_dispatch/testing/assertions/response.rb +8 -15
  88. data/lib/action_dispatch/testing/assertions/selector.rb +4 -4
  89. data/lib/action_dispatch/testing/integration.rb +1 -7
  90. data/lib/action_pack/version.rb +1 -1
  91. metadata +43 -167
  92. data/lib/abstract_controller/layouts.rb +0 -423
  93. data/lib/abstract_controller/view_paths.rb +0 -96
  94. data/lib/action_controller/deprecated.rb +0 -7
  95. data/lib/action_controller/deprecated/integration_test.rb +0 -5
  96. data/lib/action_controller/record_identifier.rb +0 -31
  97. data/lib/action_controller/vendor/html-scanner.rb +0 -5
  98. data/lib/action_view.rb +0 -93
  99. data/lib/action_view/base.rb +0 -205
  100. data/lib/action_view/buffers.rb +0 -49
  101. data/lib/action_view/context.rb +0 -36
  102. data/lib/action_view/dependency_tracker.rb +0 -93
  103. data/lib/action_view/digestor.rb +0 -113
  104. data/lib/action_view/flows.rb +0 -76
  105. data/lib/action_view/helpers.rb +0 -58
  106. data/lib/action_view/helpers/active_model_helper.rb +0 -49
  107. data/lib/action_view/helpers/asset_tag_helper.rb +0 -320
  108. data/lib/action_view/helpers/asset_url_helper.rb +0 -355
  109. data/lib/action_view/helpers/atom_feed_helper.rb +0 -203
  110. data/lib/action_view/helpers/cache_helper.rb +0 -196
  111. data/lib/action_view/helpers/capture_helper.rb +0 -216
  112. data/lib/action_view/helpers/controller_helper.rb +0 -25
  113. data/lib/action_view/helpers/csrf_helper.rb +0 -32
  114. data/lib/action_view/helpers/date_helper.rb +0 -1087
  115. data/lib/action_view/helpers/debug_helper.rb +0 -39
  116. data/lib/action_view/helpers/form_helper.rb +0 -1882
  117. data/lib/action_view/helpers/form_options_helper.rb +0 -838
  118. data/lib/action_view/helpers/form_tag_helper.rb +0 -785
  119. data/lib/action_view/helpers/javascript_helper.rb +0 -117
  120. data/lib/action_view/helpers/number_helper.rb +0 -451
  121. data/lib/action_view/helpers/output_safety_helper.rb +0 -38
  122. data/lib/action_view/helpers/record_tag_helper.rb +0 -106
  123. data/lib/action_view/helpers/rendering_helper.rb +0 -90
  124. data/lib/action_view/helpers/sanitize_helper.rb +0 -256
  125. data/lib/action_view/helpers/tag_helper.rb +0 -173
  126. data/lib/action_view/helpers/tags.rb +0 -39
  127. data/lib/action_view/helpers/tags/base.rb +0 -148
  128. data/lib/action_view/helpers/tags/check_box.rb +0 -64
  129. data/lib/action_view/helpers/tags/checkable.rb +0 -16
  130. data/lib/action_view/helpers/tags/collection_check_boxes.rb +0 -53
  131. data/lib/action_view/helpers/tags/collection_helpers.rb +0 -84
  132. data/lib/action_view/helpers/tags/collection_radio_buttons.rb +0 -36
  133. data/lib/action_view/helpers/tags/collection_select.rb +0 -28
  134. data/lib/action_view/helpers/tags/color_field.rb +0 -25
  135. data/lib/action_view/helpers/tags/date_field.rb +0 -13
  136. data/lib/action_view/helpers/tags/date_select.rb +0 -72
  137. data/lib/action_view/helpers/tags/datetime_field.rb +0 -22
  138. data/lib/action_view/helpers/tags/datetime_local_field.rb +0 -19
  139. data/lib/action_view/helpers/tags/datetime_select.rb +0 -8
  140. data/lib/action_view/helpers/tags/email_field.rb +0 -8
  141. data/lib/action_view/helpers/tags/file_field.rb +0 -8
  142. data/lib/action_view/helpers/tags/grouped_collection_select.rb +0 -29
  143. data/lib/action_view/helpers/tags/hidden_field.rb +0 -8
  144. data/lib/action_view/helpers/tags/label.rb +0 -65
  145. data/lib/action_view/helpers/tags/month_field.rb +0 -13
  146. data/lib/action_view/helpers/tags/number_field.rb +0 -18
  147. data/lib/action_view/helpers/tags/password_field.rb +0 -12
  148. data/lib/action_view/helpers/tags/radio_button.rb +0 -31
  149. data/lib/action_view/helpers/tags/range_field.rb +0 -8
  150. data/lib/action_view/helpers/tags/search_field.rb +0 -22
  151. data/lib/action_view/helpers/tags/select.rb +0 -40
  152. data/lib/action_view/helpers/tags/tel_field.rb +0 -8
  153. data/lib/action_view/helpers/tags/text_area.rb +0 -18
  154. data/lib/action_view/helpers/tags/text_field.rb +0 -30
  155. data/lib/action_view/helpers/tags/time_field.rb +0 -13
  156. data/lib/action_view/helpers/tags/time_select.rb +0 -8
  157. data/lib/action_view/helpers/tags/time_zone_select.rb +0 -20
  158. data/lib/action_view/helpers/tags/url_field.rb +0 -8
  159. data/lib/action_view/helpers/tags/week_field.rb +0 -13
  160. data/lib/action_view/helpers/text_helper.rb +0 -448
  161. data/lib/action_view/helpers/translation_helper.rb +0 -112
  162. data/lib/action_view/helpers/url_helper.rb +0 -635
  163. data/lib/action_view/locale/en.yml +0 -56
  164. data/lib/action_view/log_subscriber.rb +0 -30
  165. data/lib/action_view/lookup_context.rb +0 -248
  166. data/lib/action_view/model_naming.rb +0 -12
  167. data/lib/action_view/path_set.rb +0 -77
  168. data/lib/action_view/railtie.rb +0 -43
  169. data/lib/action_view/record_identifier.rb +0 -84
  170. data/lib/action_view/renderer/abstract_renderer.rb +0 -47
  171. data/lib/action_view/renderer/partial_renderer.rb +0 -500
  172. data/lib/action_view/renderer/renderer.rb +0 -50
  173. data/lib/action_view/renderer/streaming_template_renderer.rb +0 -103
  174. data/lib/action_view/renderer/template_renderer.rb +0 -96
  175. data/lib/action_view/routing_url_for.rb +0 -107
  176. data/lib/action_view/tasks/dependencies.rake +0 -17
  177. data/lib/action_view/template.rb +0 -339
  178. data/lib/action_view/template/error.rb +0 -138
  179. data/lib/action_view/template/handlers.rb +0 -53
  180. data/lib/action_view/template/handlers/builder.rb +0 -26
  181. data/lib/action_view/template/handlers/erb.rb +0 -146
  182. data/lib/action_view/template/handlers/raw.rb +0 -11
  183. data/lib/action_view/template/resolver.rb +0 -340
  184. data/lib/action_view/template/text.rb +0 -34
  185. data/lib/action_view/template/types.rb +0 -57
  186. data/lib/action_view/test_case.rb +0 -270
  187. data/lib/action_view/testing/resolvers.rb +0 -50
  188. data/lib/action_view/vendor/html-scanner.rb +0 -20
  189. data/lib/action_view/vendor/html-scanner/html/document.rb +0 -68
  190. data/lib/action_view/vendor/html-scanner/html/node.rb +0 -532
  191. data/lib/action_view/vendor/html-scanner/html/sanitizer.rb +0 -188
  192. data/lib/action_view/vendor/html-scanner/html/selector.rb +0 -830
  193. data/lib/action_view/vendor/html-scanner/html/tokenizer.rb +0 -107
  194. data/lib/action_view/vendor/html-scanner/html/version.rb +0 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7877d55b615844ee80e0ee4e85d132c4bef1000f
4
- data.tar.gz: 5070a023c0083de647a5853c3a7b4726918ea571
3
+ metadata.gz: 6c4d25b7fd21b3690935e2d9b6c8301e705678c6
4
+ data.tar.gz: da4a3ecfc9339623476995d3c819d789817b20dc
5
5
  SHA512:
6
- metadata.gz: 005c4d6fbc06296353a72cab40618166418995591fd437572df1f1f3419e7c7c336ae5bc9648b800e4ff2f8545a2e8599ce0fa56d32aff39226ebb22877cd2f1
7
- data.tar.gz: db30257c19ae40a8c9d5ae48546832939331eb7509fb38f7b51d1643cfa3b2d17b5baf26c0424ead4faa1006b0c6f720118a51120e62220b0d34c79615a929e4
6
+ metadata.gz: 0bc5f1e7547dcd101f573e8d67af155abb0e6fc6b433cd71cf29ad6c391cd154fa1ef8bb6069576f50559eaceb7b327e3f9db3777dee7e86ad7c93e8bdbed08a
7
+ data.tar.gz: eb2ae4d9084440e8c2b5e76889a1e341c93884d31de906385a24aa31baa3d45c7c9b930d8fa64354ca2be4a28d7fcc0a84bbc7372be8b8159d275a9cf8e36e5c
@@ -1,349 +1,116 @@
1
- ## Rails 4.0.13 (January 6, 2015) ##
1
+ * Extend cross-site request forgery (CSRF) protection to GET requests with
2
+ JavaScript responses, protecting apps from cross-origin `<script>` tags.
2
3
 
3
- * Added an explicit error message, in `ActionView::PartialRenderer`
4
- for partial `rendering`, when the value of option `as` has invalid characters.
5
-
6
- *Angelo Capilleri*
7
-
8
- * Restore handling of a bare `Authorization` header, without `token=`
9
- prefix.
10
-
11
- Fixes #17108.
12
-
13
- *Guo Xiang Tan*
14
-
15
-
16
- ## Rails 4.0.12 (November 16, 2014) ##
17
-
18
- * Fix a bug where malformed query strings lead to 500.
19
-
20
- fixes #11502.
21
-
22
- *Yuki Nishijima*
23
-
24
-
25
- ## Rails 4.0.11.1 (November 19, 2014) ##
26
-
27
- * Fix arbitrary file existence disclosure in Action Pack.
28
-
29
- CVE-2014-7829.
30
-
31
-
32
- ## Rails 4.0.11 (September 11, 2014) ##
33
-
34
- * Fix arbitrary file existence disclosure in Action Pack.
35
-
36
- CVE-2014-7818.
37
-
38
-
39
- ## Rails 4.0.10 (September 11, 2014) ##
40
-
41
- * Return an absolute instead of relative path from an asset url in the case
42
- of the `asset_host` proc returning nil
43
-
44
- *Jolyon Pawlyn*
45
-
46
- * Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
47
- ("Rosetta Flash")
48
-
49
- *Greg Campbell*
50
-
51
- * Generate shallow paths for all children of shallow resources.
52
-
53
- Fixes #15783.
54
-
55
- *Seb Jacobs*
56
-
57
- * JSONP responses are now rendered with the `text/javascript` content type
58
- when rendering through a `respond_to` block.
59
-
60
- Fixes #15081.
61
-
62
- *Lucas Mazza*
63
-
64
- * Added `config.action_view.raise_on_missing_translations` to define whether an
65
- error should be raised for missing translations.
66
-
67
- Fixes #13196
68
-
69
- *Kassio Borges*
70
-
71
- * ActionController::Parameters#require now accepts `false` values.
72
-
73
- Fixes #15685.
74
-
75
- *Sergio Romano*
76
-
77
- * With authorization header `Authorization: Token token=`, `authenticate` now
78
- recognize token as nil, instead of "token".
79
-
80
- Fixes #14846.
81
-
82
- *Larry Lv*
83
-
84
-
85
- ## Rails 4.0.9 (August 18, 2014) ##
86
-
87
- *No changes*
88
-
89
-
90
- ## Rails 4.0.8 (July 2, 2014) ##
91
-
92
- *No changes*
93
-
94
-
95
- ## Rails 4.0.7 (July 2, 2014) ##
96
-
97
- *No changes*
98
-
99
-
100
- ## Rails 4.0.6 (June 26, 2014) ##
101
-
102
- * Fix URL generation with `:trailing_slash` such that it does not add
103
- a trailing slash after `.:format`
104
-
105
- *Dan Langevin*
106
-
107
- * Fix `'Stack level too deep'` when rendering `head :ok` in an action method
108
- called 'status' in a controller.
109
-
110
- Fixes #13905.
111
-
112
- *Christiaan Van den Poel*
113
-
114
- * Always use the provided port if the protocol is relative.
115
-
116
- Fixes #15043.
117
-
118
- *Guilherme Cavalcanti*, *Andrew White*
119
-
120
- * Change `asset_path` to use File.join to create proper paths.
121
-
122
- https://some.host.com//assets/some.js
123
-
124
- becomes
125
-
126
- https://some.host.com/assets/some.js
127
-
128
- *Peter Schröder*
129
-
130
- * Returns null type format when format is not known and controller is using `any`
131
- format block.
132
-
133
- Fixes #14462.
134
-
135
- *Rafael Mendonça França*
136
-
137
- * `collection_check_boxes` respects `:index` option for the hidden field name.
138
-
139
- Fixes #14147.
140
-
141
- *Vasiliy Ermolovich*
142
-
143
- * Only make deeply nested routes shallow when parent is shallow.
144
-
145
- Fixes #14684.
4
+ *Jeremy Kemper*
146
5
 
147
- *Andrew White*, *James Coglan*
6
+ * Fix generating a path for engine inside a resources block.
148
7
 
149
- * `date_select` helper with option `with_css_classes: true` does not overwrite other classes.
8
+ Fixes #8533.
150
9
 
151
- *Izumi Wong-Horiuchi*
10
+ *Piotr Sarnacki*
152
11
 
153
- * Swaps the parameters of `assert_equal` in `assert_select` so that the
154
- proper values are printed correctly.
12
+ * Add `Mime::Type.register "text/vcard", :vcf` to the default list of mime types.
155
13
 
156
- Fixes #14422.
14
+ *DHH*
157
15
 
158
- *Vishal Lal*
16
+ * Remove deprecated `ActionController::RecordIdentifier`, use
17
+ `ActionView::RecordIdentifier` instead.
159
18
 
160
- * The method `shallow?` returns false if the parent resource is a singleton so
161
- we need to check if we're not inside a nested scope before copying the `:path`
162
- and `:as` options to their shallow equivalents.
19
+ *kennyj*
163
20
 
164
- Fixes #14388.
21
+ * Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
22
+ `options[:raise]`.
165
23
 
166
- *Andrew White*
24
+ This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
167
25
 
26
+ *Shota Fukumori (sora_h)*
168
27
 
169
- ## Rails 4.0.5 (May 6, 2014) ##
28
+ * Introducing Variants
170
29
 
171
- * Only accept actions without File::SEPARATOR in the name.
30
+ We often want to render different html/json/xml templates for phones,
31
+ tablets, and desktop browsers. Variants make it easy.
172
32
 
173
- This will avoid directory traversal in implicit render.
33
+ The request variant is a specialization of the request format, like `:tablet`,
34
+ `:phone`, or `:desktop`.
174
35
 
175
- Fixes: CVE-2014-0130
36
+ You can set the variant in a `before_action`:
176
37
 
177
- *Rafael Mendonça França*
38
+ request.variant = :tablet if request.user_agent =~ /iPad/
178
39
 
40
+ Respond to variants in the action just like you respond to formats:
179
41
 
180
- ## Rails 4.0.4 (March 14, 2014) ##
42
+ respond_to do |format|
43
+ format.html do |html|
44
+ html.tablet # renders app/views/projects/show.html+tablet.erb
45
+ html.phone { extra_setup; render ... }
46
+ end
47
+ end
181
48
 
182
- * Fix label translation for more than 10 nested elements.
49
+ Provide separate templates for each format and variant:
183
50
 
184
- *Vladimir Krylov*
51
+ app/views/projects/show.html.erb
52
+ app/views/projects/show.html+tablet.erb
53
+ app/views/projects/show.html+phone.erb
185
54
 
186
- * Use a custom route visitor for optimized url generation. Fixes #13349.
55
+ You can also simplify the variants definition using the inline syntax:
187
56
 
188
- *Andrew White*
57
+ respond_to do |format|
58
+ format.js { render "trash" }
59
+ format.html.phone { redirect_to progress_path }
60
+ format.html.none { render "trash" }
61
+ end
189
62
 
190
- * Set the `:shallow_path` scope option as each scope is generated rather than
191
- waiting until the `shallow` option is set. Also make the behavior of the
192
- `:shallow` resource option consistent with the behavior of the `shallow` method.
63
+ *Łukasz Strzałkowski*
193
64
 
194
- Fixes #12498.
65
+ * Fix header `Content-Type: #<Mime::NullType:...>` in localized template.
195
66
 
196
- *Andrew White*, *Aleksi Aalto*
67
+ When localized template has no format in the template name,
68
+ the response now has the default and correct `content-type`.
197
69
 
198
- * Do not discard query parameters that form a hash with the same root key as
199
- the `wrapper_key` for a request using `wrap_parameters`.
70
+ Fixes #13064.
200
71
 
201
- *Josh Jordan*
72
+ *Angelo Capilleri*
202
73
 
203
- * Ensure that `request.filtered_parameters` is reset between calls to `process`
204
- in `ActionController::TestCase`.
74
+ * Try to escape each part of a url correctly when using a redirect route.
205
75
 
206
- Fixes #13803.
76
+ Fixes #13110.
207
77
 
208
78
  *Andrew White*
209
79
 
210
- * Fix `rake routes` error when `Rails::Engine` with empty routes is mounted.
211
-
212
- Fixes #13810.
80
+ * Better error message for typos in assert_response argument.
213
81
 
214
- *Maurizio De Santis*
82
+ When the response type argument to `assert_response` is not a known
83
+ response type, `assert_response` now throws an ArgumentError with a clear
84
+ message. This is intended to help debug typos in the response type.
215
85
 
216
- * Unique the segment keys array for non-optimized url helpers
86
+ *Victor Costan*
217
87
 
218
- In Rails 3.2 you only needed to pass an argument for a dynamic segment once so
219
- unique the segment keys array to match the number of args. Since the number
220
- of args is less than required parts, the non-optimized code path is selected.
221
- To benefit from optimized url generation, the arg needs to be specified as
222
- many times as it appears in the path.
223
-
224
- Fixes #12808.
225
-
226
- *Andrew White*
227
-
228
- * Show full route constraints in error message
229
-
230
- When an optimized helper fails to generate, show the full route constraints
231
- in the error message. Previously it would only show the contraints that were
232
- required as part of the path.
233
-
234
- Fixes #13592.
88
+ * Fix formatting for `rake routes` when a section is shorter than a header.
235
89
 
236
- *Andrew White*
90
+ *Sıtkı Bağdat*
237
91
 
238
- * Allow engine root relative redirects using an empty string.
92
+ * Take a hash with options inside array in `#url_for`.
239
93
 
240
94
  Example:
241
95
 
242
- # application routes.rb
243
- mount BlogEngine => '/blog'
244
-
245
- # engine routes.rb
246
- get '/welcome' => redirect('')
247
-
248
- This now redirects to the path `/blog`, whereas before it would redirect
249
- to the application root path. In the case of a path redirect or a custom
250
- redirect, if the path returned contains a host then the path is treated as
251
- absolute. Similarly for option redirects, if the options hash returned
252
- contains a `:host` or `:domain` key then the path is treated as absolute.
253
-
254
- Fixes #7977.
255
-
256
- *Andrew White*
257
-
258
- * Fix `Encoding::CompatibilityError` when public path is UTF-8
259
-
260
- In #5337 we forced the path encoding to ASCII-8BIT to prevent static file handling
261
- from blowing up before an application has had a chance to deal with possibly
262
- invalid urls. However this has a negative side effect of making it an incompatible
263
- encoding if the application's public path has UTF-8 characters in it.
264
-
265
- To work around the problem we check to see if the path has a valid encoding once
266
- it has been unescaped. If it is not valid then we can return early since it will
267
- not match any file anyway.
268
-
269
- Fixes #13518.
270
-
271
- *Andrew White*
272
-
273
- * `ActionController::Parameters#permit!` permits hashes in array values.
274
-
275
- *Xavier Noria*
276
-
277
- * Converts hashes in arrays of unfiltered params to unpermitted params.
278
-
279
- Fixes #13382.
280
-
281
- *Xavier Noria*
282
-
283
- * `rake routes` shows routes defined under assets prefix.
284
-
285
- *Ryunosuke SATO*
286
-
287
- * Label tags generated by collection helpers only inherit the `:index` and
288
- `:namespace` from the input, because only these attributes modify the
289
- `for` attribute of the label. Also, the input attributes don't have
290
- precedence over the label attributes anymore.
291
-
292
- Before:
293
-
294
- collection = [[1, true, { class: 'foo' }]]
295
- f.collection_check_boxes :options, collection, :second, :first do |b|
296
- b.label(class: 'my_custom_class')
297
- end
298
-
299
- # => <label class="foo" for="user_active_true">1</label>
300
-
301
- After:
302
-
303
- collection = [[1, true, { class: 'foo' }]]
304
- f.collection_check_boxes :options, collection, :second, :first do |b|
305
- b.label(class: 'my_custom_class')
306
- end
307
-
308
- # => <label class="my_custom_class" for="user_active_true">1</label>
96
+ url_for [:new, :admin, :post, { param: 'value' }]
97
+ # => http://example.com/admin/posts/new?param=value
309
98
 
310
- *Andriel Nuernberg*
99
+ *Andrey Ognevsky*
311
100
 
312
- * Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
313
- `options[:raise]`.
314
-
315
- This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
316
-
317
- *Shota Fukumori (sora_h)*
318
-
319
- * Fix rendering localized templates without an explicit format using wrong
320
- content header and not passing correct formats to template due to the
321
- introduction of the `NullType` for mimes.
322
-
323
- Templates like `hello.it.erb` were subject to this issue.
324
-
325
- Fixes #13064.
326
-
327
- *Angelo Capilleri*, *Carlos Antonio da Silva*
328
-
329
- * Fix regression with `simple_format` not having access to the `raw` method
330
- when included in isolation, introduced with the security fix in Rails 4.0.2.
331
-
332
- *Mario Visic*
333
-
334
- * Fix formatting for `rake routes` when a section is shorter than a header.
335
-
336
- *Sıtkı Bağdat*
337
-
338
- * Use `set_backtrace` instead of instance variable `@backtrace` in ActionView exceptions.
101
+ * Add `session#fetch` method
339
102
 
340
- *Shimpei Makimoto*
103
+ fetch behaves like [Hash#fetch](http://www.ruby-doc.org/core-1.9.3/Hash.html#method-i-fetch).
104
+ It returns a value from the hash for the given key.
105
+ If the key can’t be found, there are several options:
341
106
 
342
- * Fix `simple_format` escapes own output when passing `sanitize: true`.
107
+ * With no other arguments, it will raise an KeyError exception.
108
+ * If a default value is given, then that will be returned.
109
+ * If the optional code block is specified, then that will be run and its result returned.
343
110
 
344
- *Paul Seidemann*
111
+ *Damien Mathieu*
345
112
 
346
- * Don't let strong parameters mutate the given hash via `fetch`.
113
+ * Don't let strong parameters mutate the given hash via `fetch`
347
114
 
348
115
  Create a new instance if the given parameter is a `Hash` instead of
349
116
  passing it to the `convert_hashes_to_parameters` method since it is
@@ -351,32 +118,29 @@
351
118
 
352
119
  *Brendon Murphy*, *Doug Cole*
353
120
 
121
+ * Add `params` option to `button_to` form helper, which renders the given hash
122
+ as hidden form fields.
354
123
 
355
- ## Rails 4.0.3 (February 18, 2014) ##
356
-
357
- * Escape format, negative_format and units options of number helpers
358
-
359
- Fixes: CVE-2014-0081
124
+ *Andy Waite*
360
125
 
126
+ * Make assets helpers work in the controllers like it works in the views.
361
127
 
362
- ## Rails 4.0.2 (December 02, 2013) ##
363
-
364
- * Ensure simple_format escapes its html attributes. This fixes CVE-2013-6416
365
-
366
- * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
367
-
368
- * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491
128
+ Example:
369
129
 
370
- * Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
130
+ # config/application.rb
131
+ config.asset_host = 'http://mycdn.com'
371
132
 
372
- * Only use valid mime type symbols as cache keys CVE-2013-6414
133
+ ActionController::Base.helpers.asset_path('fallback.png')
134
+ # => http://mycdn.com/assets/fallback.png
373
135
 
136
+ Fixes #10051.
374
137
 
375
- ## Rails 4.0.1 (November 01, 2013) ##
138
+ *Tima Maslyuchenko*
376
139
 
377
140
  * Respect `SCRIPT_NAME` when using `redirect` with a relative path
378
141
 
379
142
  Example:
143
+
380
144
  # application routes.rb
381
145
  mount BlogEngine => '/blog'
382
146
 
@@ -392,6 +156,15 @@
392
156
 
393
157
  *Andrew White*
394
158
 
159
+ * Fixing repond_with working directly on the options hash
160
+ This fixes an issue where the respond_with worked directly with the given
161
+ options hash, so that if a user relied on it after calling respond_with,
162
+ the hash wouldn't be the same.
163
+
164
+ Fixes #12029.
165
+
166
+ *bluehotdog*
167
+
395
168
  * Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
396
169
  attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
397
170
 
@@ -405,18 +178,15 @@
405
178
 
406
179
  *kennyj*
407
180
 
408
- * Fix `collection_check_boxes` generated hidden input to use the name attribute provided
409
- in the options hash.
410
-
411
- *Angel N. Sciortino*
181
+ * Fix regex used to detect URI schemes in `redirect_to` to be consistent with
182
+ RFC 3986.
412
183
 
413
- * Fix some edge cases for AV `select` helper with `:selected` option
184
+ *Derek Prior*
414
185
 
415
- *Bogdan Gusiev*
186
+ * Fix incorrect `assert_redirected_to` failure message for protocol-relative
187
+ URLs.
416
188
 
417
- * Handle `:namespace` form option in collection labels
418
-
419
- *Vasiliy Ermolovich*
189
+ *Derek Prior*
420
190
 
421
191
  * Fix an issue where router can't recognize downcased url encoding path.
422
192
 
@@ -424,7 +194,7 @@
424
194
 
425
195
  *kennyj*
426
196
 
427
- * Fix custom flash type definition. Misuse of the `_flash_types` class variable
197
+ * Fix custom flash type definition. Misusage of the `_flash_types` class variable
428
198
  caused an error when reloading controllers with custom flash types.
429
199
 
430
200
  Fixes #12057.
@@ -437,44 +207,12 @@
437
207
 
438
208
  *Vasiliy Ermolovich*
439
209
 
440
- * Fix `excerpt` when `:separator` is `nil`.
210
+ * Development mode exceptions are rendered in text format in case of XHR request.
441
211
 
442
- *Paul Nikitochkin*
212
+ *Kir Shatrov*
443
213
 
444
- * Make Live Streaming work with basic authentication or builder.
445
-
446
- Fixes #10984.
447
-
448
- *Aaron Patterson*
449
-
450
- * Always use `Rack::Sendfile` to make possible to it be automatically
451
- configured by the webserver.
452
-
453
- Fixes #11440.
454
-
455
- *Martin Schürrer*
456
-
457
- * Flag cookies as secure with ignore case in `ActionDispatch::SSL`.
458
-
459
- *Yamagishi Kazutoshi*
460
-
461
- * Don't include STS header in non-HTTPS responses.
462
-
463
- *Geoff Buesing*
464
-
465
- * Fix an issue where rails raise exception about missing helper where it
466
- should throw `LoadError`. When helper file exists and only loaded file from
467
- this helper does not exist rails should throw LoadError instead of
468
- `MissingHelperError`.
469
-
470
- *Piotr Niełacny*
471
-
472
- * Only cache template digests if `config.cache_template_loading` is true.
473
-
474
- *Josh Lauer*, *Justin Ridgewell*
475
-
476
- * Fix an issue where `:if` and `:unless` controller action procs were being run
477
- before checking for the correct action in the `:only` and `:unless` options.
214
+ * Fix an issue where :if and :unless controller action procs were being run
215
+ before checking for the correct action in the :only and :unless options.
478
216
 
479
217
  Fixes #11799.
480
218
 
@@ -487,32 +225,13 @@
487
225
 
488
226
  *Ryan McGeary*
489
227
 
490
- * Fix `current_page?` when the URL contains escaped characters and the
491
- original URL is using the hexadecimal lowercased.
492
-
493
- *Rafael Mendonça França*
494
-
495
- * Allow `REMOTE_ADDR`, `HTTP_HOST` and `HTTP_USER_AGENT` to be overridden from
228
+ * Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
496
229
  the environment passed into `ActionDispatch::TestRequest.new`.
497
230
 
498
231
  Fixes #11590.
499
232
 
500
233
  *Andrew White*
501
234
 
502
- * Fix `text_area` to behave like `text_field` when `nil` is given as
503
- value.
504
-
505
- Before:
506
-
507
- f.text_field :field, value: nil #=> <input value="">
508
- f.text_area :field, value: nil #=> <textarea>value of field</textarea>
509
-
510
- After:
511
-
512
- f.text_area :field, value: nil #=> <textarea></textarea>
513
-
514
- *Joel Cogen*
515
-
516
235
  * Fix an issue where Journey was failing to clear the named routes hash when the
517
236
  routes were reloaded and since it doesn't overwrite existing routes then if a
518
237
  route changed but wasn't renamed it kept the old definition. This was being
@@ -528,12 +247,16 @@
528
247
 
529
248
  *Andrew White*
530
249
 
531
- * Fix default rendered format problem when calling `render` without `:content_type` option.
532
- It should return `:html`.
250
+ * Move `MissingHelperError` out of the `ClassMethods` module.
533
251
 
534
- Fixes #11393.
252
+ *Yves Senn*
253
+
254
+ * Fix an issue where rails raise exception about missing helper where it
255
+ should throw `LoadError`. When helper file exists and only loaded file from
256
+ this helper does not exist rails should throw LoadError instead of
257
+ `MissingHelperError`.
535
258
 
536
- *Gleb Mazovetskiy*, *Oleg*, *kennyj*
259
+ *Piotr Niełacny*
537
260
 
538
261
  * Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind body input stream on
539
262
  parsing json params.
@@ -542,29 +265,30 @@
542
265
 
543
266
  *Yuri Bol*, *Paul Nikitochkin*
544
267
 
545
- * Fix `link_to` with block and url hashes.
546
-
547
- Before:
268
+ * Ignore spaces around delimiter in Set-Cookie header.
548
269
 
549
- link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
550
- # => "<a action=\"bar\" controller=\"foo\"><span>Example site</span></a>"
551
-
552
- After:
270
+ *Yamagishi Kazutoshi*
553
271
 
554
- link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
555
- # => "<a href=\"/foo/bar\"><span>Example site</span></a>"
272
+ * Remove deprecated Rails application fallback for integration testing, set
273
+ `ActionDispatch.test_app` instead.
556
274
 
557
- *Murahashi Sanemat Kenichi*
275
+ *Carlos Antonio da Silva*
558
276
 
559
- * Fix "Stack Level Too Deep" error when rendering recursive partials.
277
+ * Remove deprecated `page_cache_extension` config.
560
278
 
561
- Fixes #11340.
279
+ *Francesco Rodriguez*
562
280
 
563
- *Rafael Mendonça França*
281
+ * Remove deprecated constants from Action Controller:
564
282
 
565
- * Pick `DateField` `DateTimeField` and `ColorField` values from stringified options allowing use of symbol keys with helpers.
283
+ ActionController::AbstractRequest => ActionDispatch::Request
284
+ ActionController::Request => ActionDispatch::Request
285
+ ActionController::AbstractResponse => ActionDispatch::Response
286
+ ActionController::Response => ActionDispatch::Response
287
+ ActionController::Routing => ActionDispatch::Routing
288
+ ActionController::Integration => ActionDispatch::Integration
289
+ ActionController::IntegrationTest => ActionDispatch::IntegrationTest
566
290
 
567
- *Jon Rowe*
291
+ *Carlos Antonio da Silva*
568
292
 
569
293
  * Fix `Mime::Type.parse` when bad accepts header is looked up. Previously it
570
294
  was setting `request.formats` with an array containing a `nil` value, which
@@ -574,1252 +298,23 @@
574
298
 
575
299
  *Becker*
576
300
 
577
- * Always escape the result of `link_to_unless` method.
578
-
579
- Before:
580
-
581
- link_to_unless(true, '<b>Showing</b>', 'github.com')
582
- # => "<b>Showing</b>"
583
-
584
- After:
585
-
586
- link_to_unless(true, '<b>Showing</b>', 'github.com')
587
- # => "&lt;b&gt;Showing&lt;/b&gt;"
588
-
589
- *dtaniwaki*
590
-
591
-
592
- ## Rails 4.0.0 (June 25, 2013) ##
593
-
594
301
  * Merge `:action` from routing scope and assign endpoint if both `:controller`
595
302
  and `:action` are present. The endpoint assignment only occurs if there is
596
303
  no `:to` present in the options hash so should only affect routes using the
597
- shorthand syntax (i.e. endpoint is inferred from the the path).
304
+ shorthand syntax (i.e. endpoint is inferred from the path).
598
305
 
599
- Fixes #9856
306
+ Fixes #9856.
600
307
 
601
308
  *Yves Senn*, *Andrew White*
602
309
 
603
- * Use a case insensitive URI Regexp for #asset_path.
604
-
605
- This fix a problem where the same asset path using different case are generating
606
- different URIs.
607
-
608
- Before:
609
-
610
- image_tag("HTTP://google.com")
611
- # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
612
- image_tag("http://google.com")
613
- # => "<img alt=\"Google\" src=\"http://google.com\" />"
614
-
615
- After:
616
-
617
- image_tag("HTTP://google.com")
618
- # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
619
- image_tag("http://google.com")
620
- # => "<img alt=\"Google\" src=\"http://google.com\" />"
621
-
622
- *David Celis*
623
-
624
- * Add `has_named_route?(route_name)` to the mapper API.
625
-
626
- *José Valim*
627
-
628
- * Fix an issue where partials with a number in the filename weren't being digested for cache dependencies.
629
-
630
- *Bryan Ricker*
631
-
632
- * Add support for passing custom url options other than `:host` and custom
633
- status and flash options to `force_ssl`.
634
-
635
- *Andrew White*
636
-
637
- * The `force_ssl` command now builds the redirect url from `request.fullpath`.
638
- This ensures that the format is maintained and it doesn't redirect to a route
639
- that has the same parameters but is defined earlier in `routes.rb`. Also any
640
- optional segments are maintained.
641
-
642
- Fixes #7528, #9061, #10305.
643
-
644
- *Andrew White*
645
-
646
- * Return a 405 Method Not Allowed response when a request contains an unknown
647
- HTTP method.
648
-
649
- *Lewis Marshall*
650
-
651
- * Add support for extracting the port from the `:host` option passed to `url_for`.
652
-
653
- *Andrew White*
654
-
655
- * Add support for removing the subdomain from a url by passing `nil`, `false` or `''`.
656
- Fixes #10180.
657
-
658
- *Derek Watson + Andrew White*
659
-
660
- * Element of the collection for `options_from_collection_for_select` helper can
661
- optionally contain html attributes as the last element of the array as
662
- `options_for_select` helper.
663
-
664
- *Vasiliy Ermolovich*
665
-
666
- * Fix explicit names on multiple file fields. If a file field tag has
667
- the multiple option, it is turned into an array field (appending `[]`),
668
- but if an explicit name is passed to `file_field` the `[]` is not
669
- appended.
670
- Fixes #9830.
671
-
672
- *Ryan McGeary*
673
-
674
- * Add block support for the `mail_to` helper, similar to the `link_to` helper.
675
-
676
- *Sam Pohlenz*
677
-
678
- * Automatically configure cookie-based sessions to be encrypted if
679
- `secret_key_base` is set, falling back to signed if only `secret_token`
680
- is set. Automatically upgrade existing signed cookie-based sessions from
681
- Rails 3.x to be encrypted if both `secret_key_base` and `secret_token`
682
- are set, or signed with the new key generator if only `secret_token` is
683
- set. This leaves only the `config.session_store :cookie_store` option and
684
- removes the two new options introduced in 4.0.0.beta1:
685
- `encrypted_cookie_store` and `upgrade_signature_to_encryption_cookie_store`.
686
-
687
- *Trevor Turk*
688
-
689
- * Ensure consistent fallback to the default layout lookup for layouts set
690
- using symbols or procs that return `nil`.
691
-
692
- All of the following layouts will result in the default layout lookup:
693
-
694
- layout nil
695
-
696
- layout proc { nil }
697
-
698
- layout :returns_nil
699
- def returns_nil
700
- nil
701
- end
702
-
703
- Previously symbols and procs which returned `nil` resulted in no layout which
704
- differed from the `layout nil` behavior. To get the "no layout" behavior just
705
- return `false` instead of `nil` for `layout`.
706
-
707
- *Chris Nicola*
708
-
709
- * Create `UpgradeLegacySignedCookieJar` to transparently upgrade existing signed
710
- cookies generated by Rails 3.x to avoid invalidating them when upgrading to Rails 4.x.
711
-
712
- *Trevor Turk + Neeraj Singh*
713
-
714
- * Raise an `ArgumentError` when a clashing named route is defined.
715
-
716
- *Trevor Turk*
717
-
718
- * Allow default url options to accept host with protocol such as `http://`
310
+ * Action View extracted from Action Pack.
719
311
 
720
- config.action_mailer.default_url_options = { host: "http://mydomain.com" }
312
+ *Piotr Sarnacki*, *Łukasz Strzałkowski*
721
313
 
722
- *Richard Schneeman*
314
+ * Fix removing trailing slash for mounted apps.
723
315
 
724
- * Ensure that digest authentication responds with a 401 status when a basic
725
- header is received.
316
+ Fixes #3215.
726
317
 
727
- *Brad Dunbar*
728
-
729
- * Include I18n locale fallbacks in view lookup.
730
- Fixes #3512.
731
-
732
- *Juan Barreneche*
733
-
734
- * Integration and functional tests allow headers and rack env
735
- variables to be passed when performing requests.
736
- Fixes #6513.
737
-
738
- Example:
739
-
740
- # integration test
741
- get "/success", {}, "HTTP_REFERER" => "http://test.com/",
742
- "Accepts" => "text/plain, text/html"
743
-
744
- # functional test
745
- @request.headers["Accepts"] = "text/plain, text/html"
746
-
747
- *Yves Senn*
748
-
749
- * Http::Headers respects headers that are not prefixed with HTTP_
750
-
751
- *Yves Senn*
752
-
753
- * Fix incorrectly appended square brackets to a multiple select box
754
- if an explicit name has been given and it already ends with "[]"
755
-
756
- Before:
757
-
758
- select(:category, [], {}, multiple: true, name: "post[category][]")
759
- # => <select name="post[category][][]" ...>
760
-
761
- After:
762
-
763
- select(:category, [], {}, multiple: true, name: "post[category][]")
764
- # => <select name="post[category][]" ...>
765
-
766
- *Olek Janiszewski*
767
-
768
- * Fixed regression when using `assert_template` to verify files sent using
769
- `render file: 'README.md'`.
770
- Fixes #9464.
771
-
772
- *Justin Coyne*
773
-
774
- * Fixed `ActionView::Helpers::CaptureHelper#content_for` regression when trying to use it in
775
- a boolean statement.
776
- Fixes #9360.
777
-
778
- *Nikolay Shebanov*
779
-
780
- * `format: true` does not override existing format constraints.
781
- Fixes #9466.
782
-
783
- Example:
784
-
785
- # This will force the .json extension.
786
- get '/json_only', to: ok, format: true, constraints: { format: /json/ }
787
-
788
- *Yves Senn*
789
-
790
- * Skip valid encoding checks for non-String parameters that come
791
- from the matched route's defaults.
792
- Fixes #9435.
793
-
794
- Example:
795
-
796
- root to: 'main#posts', page: 1
797
-
798
- *Yves Senn*
799
-
800
- * Don't verify Regexp requirements for non-Regexp `:constraints`.
801
- Fixes #9432.
802
-
803
- Example:
804
-
805
- get '/photos.:format' => 'feeds#photos', constraints: {format: 'xml'}
806
-
807
- *Yves Senn*
808
-
809
- * Make `ActionDispatch::Journey::Path::Pattern#new` raise more meaningful exception message.
810
-
811
- *Thierry Zires*
812
-
813
- * Fix `respond_to` not using formats that have no block if all is present. *Michael Grosser*
814
-
815
- * New applications use an encrypted session store by default.
816
-
817
- *Santiago Pastorino*
818
-
819
- * Determine the controller#action from only the matched path when using the
820
- shorthand syntax. Previously the complete path was used, which led
821
- to problems with nesting (scopes and namespaces).
822
- Fixes #7554.
823
-
824
- Example:
825
-
826
- # This will route to questions#new.
827
- scope ':locale' do
828
- get 'questions/new'
829
- end
830
-
831
- *Yves Senn*
832
-
833
- * Remove support for parsing XML parameters from request. If you still want to parse XML
834
- parameters, please install `actionpack-xml_parser' gem.
835
-
836
- *Prem Sichanugrist*
837
-
838
- * Remove support for parsing YAML parameters from request.
839
-
840
- *Aaron Patterson*
841
-
842
- * Add a message when you have no routes defined to both `rake routes` and
843
- GET "/rails/info/routes" that lets you know you have none defined and links
844
- to the Rails guide on the topic.
845
-
846
- *Steve Klabnik*
847
-
848
- * Change `image_alt` method to replace underscores/hyphens to spaces in filenames.
849
-
850
- Previously, underscored filenames became `alt="A_long_file_name_with_underscores"`
851
- in HTML, which is poor for accessibility. For instance, Apple's VoiceOver Utility
852
- pronounces each underscore. `A_long_file_name` thus would be read as `A underscore
853
- long underscore file underscore name.` Now underscored or hyphenated filenames
854
- (both of which are very popular naming conventions) read more naturally in
855
- screen readers by converting both hyphens and underscores to spaces.
856
-
857
- Before:
858
-
859
- image_tag('underscored_file_name.png')
860
- # => <img alt="Underscored_file_name" src="/assets/underscored_file_name.png" />
861
-
862
- After:
863
-
864
- image_tag('underscored_file_name.png')
865
- # => <img alt="Underscored file name" src="/assets/underscored_file_name.png" />
866
-
867
- *Nick Cox*
868
-
869
- * We don't support Ruby constant notation in the `:controller` option for route
870
- definitions. So, this raises an `ArgumentError` now:
871
-
872
- resources :posts, controller: "Admin::Posts" # WRONG
873
-
874
- Use path notation instead:
875
-
876
- resources :posts, controller: "admin/posts" # RIGHT
877
-
878
- *Yves Senn*
879
-
880
- * `assert_template` can be used to verify the locals of partials,
881
- which live inside a directory.
882
-
883
- # Prefixed partials inside directories worked and still work.
884
- assert_template partial: 'directory/_partial', locals: {name: 'John'}
885
-
886
- # This did not work but does now.
887
- assert_template partial: 'directory/partial', locals: {name: 'John'}
888
-
889
- Fixes #8516.
890
-
891
- *Yves Senn*
892
-
893
- * Fix `content_tag_for` with array HTML option.
894
- It would embed array as string instead of joining it like `content_tag` does:
895
-
896
- content_tag(:td, class: ["foo", "bar"]){}
897
- # => <td class="foo bar"></td>
898
-
899
- Before:
900
-
901
- content_tag_for(:td, item, class: ["foo", "bar"])
902
- # => <td class="item [&quot;foo&quot;, &quot;bar&quot;]" id="item_1"></td>
903
-
904
- After:
905
-
906
- content_tag_for(:td, item, class: ["foo", "bar"])
907
- # => <td class="item foo bar" id="item_1"></td>
908
-
909
- *Semyon Perepelitsa*
910
-
911
- * Remove `BestStandardsSupport` middleware, !DOCTYPE html already triggers
912
- standards mode per http://msdn.microsoft.com/en-us/library/jj676915(v=vs.85).aspx
913
- and ChromeFrame header has been moved to `config.action_dispatch.default_headers`
914
-
915
- *Guillermo Iguaran*
916
-
917
- * Fix CSRF protection and `current_url?` helper to work with HEAD requests
918
- now that `ActionDispatch::Head` has been removed in favor of `Rack::Head`.
919
-
920
- *Michiel Sikkes*
921
-
922
- * Change `asset_path` to not include `SCRIPT_NAME` when it's used
923
- from a mounted engine. Fixes #8119.
924
-
925
- *Piotr Sarnacki*
926
-
927
- * Add JavaScript based routing path matcher to `/rails/info/routes`.
928
- Routes can now be filtered by whether or not they match a path.
929
-
930
- *Richard Schneeman*
931
-
932
- * Change the behavior of route defaults so that explicit defaults are no longer
933
- required where the key is not part of the path. For example:
934
-
935
- resources :posts, bucket_type: 'posts'
936
-
937
- will be required whenever constructing the url from a hash such as a functional
938
- test or using `url_for` directly. However using the explicit form alters the
939
- behavior so it's not required:
940
-
941
- resources :projects, defaults: { bucket_type: 'projects' }
942
-
943
- This changes existing behavior slightly in that any routes which only differ
944
- in their defaults will match the first route rather than the closest match.
945
-
946
- *Andrew White*
947
-
948
- * Add support for routing constraints other than Regexp and String.
949
- For example this now allows the use of arrays like this:
950
-
951
- get '/foo/:action', to: 'foo', constraints: { subdomain: %w[www admin] }
952
-
953
- or constraints where the request method returns an Fixnum like this:
954
-
955
- get '/foo', to: 'foo#index', constraints: { port: 8080 }
956
-
957
- Note that this only applies to constraints on the request - path constraints
958
- still need to be specified as Regexps as the various constraints are compiled
959
- into a single Regexp.
960
-
961
- *Andrew White*
962
-
963
- * Fix a bug in integration tests where setting the port via a url passed to
964
- the process method was ignored when constructing the request environment.
965
-
966
- *Andrew White*
967
-
968
- * Allow `:selected` to be set on `date_select` tag helper.
969
-
970
- *Colin Burn-Murdoch*
971
-
972
- * Fixed JSON params parsing regression for non-object JSON content.
973
-
974
- *Dylan Smith*
975
-
976
- * Extract `ActionDispatch::PerformanceTest` into https://github.com/rails/rails-perftest
977
- You can add the gem to your Gemfile to keep using performance tests.
978
-
979
- gem 'rails-perftest'
980
-
981
- *Yves Senn*
982
-
983
- * Added view_cache_dependency API for declaring dependencies that affect
984
- cache digest computation.
985
-
986
- *Jamis Buck*
987
-
988
- * `image_submit_tag` will set `alt` attribute from image source if not
989
- specified.
990
-
991
- *Nihad Abbasov*
992
-
993
- * Do not generate local variables for partials without object or collection.
994
- Previously rendering a partial without giving `:object` or `:collection`
995
- would generate a local variable with the partial name by default.
996
-
997
- *Carlos Antonio da Silva*
998
-
999
- * Return the last valid, non-private IP address from the X-Forwarded-For,
1000
- Client-IP and Remote-Addr headers, in that order. Document the rationale
1001
- for that decision, and describe the options that can be passed to the
1002
- RemoteIp middleware to change it.
1003
- Fixes #7979.
1004
-
1005
- *André Arko*, *Steve Klabnik*, *Alexey Gaziev*
1006
-
1007
- * Do not append second slash to `root_url` when using `trailing_slash: true`
1008
- Fixes #8700.
1009
-
1010
- Before:
1011
-
1012
- root_url(trailing_slash: true) # => http://test.host//
1013
-
1014
- After:
1015
-
1016
- root_url(trailing_slash: true) # => http://test.host/
1017
-
1018
- *Yves Senn*
1019
-
1020
- * Allow to toggle dumps on error pages.
1021
-
1022
- *Gosha Arinich*
1023
-
1024
- * Fix a bug in `content_tag_for` that prevents it from working without a block.
1025
-
1026
- *Jasl*
1027
-
1028
- * Change the stylesheet of exception pages for development mode.
1029
- Additionally display also the line of code and fragment that raised
1030
- the exception in all exceptions pages.
1031
-
1032
- *Guillermo Iguaran + Jorge Cuadrado*
1033
-
1034
- * Do not append `charset=` parameter when `head` is called with a
1035
- `:content_type` option.
1036
- Fixes #8661.
1037
-
1038
- *Yves Senn*
1039
-
1040
- * Added `Mime::NullType` class. This allows to use `html?`, `xml?`, `json?`, etc.
1041
- when the format of the request is unknown, without raising an exception.
1042
-
1043
- *Angelo Capilleri*
1044
-
1045
- * Integrate the Journey gem into Action Dispatch so that the global namespace
1046
- is not polluted with names that may be used as models.
1047
-
1048
- *Andrew White*
1049
-
1050
- * Extract support for email address obfuscation via `:encode`, `:replace_at`, and `replace_dot`
1051
- options from the `mail_to` helper into the `actionview-encoded_mail_to` gem.
1052
-
1053
- *Nick Reed + DHH*
1054
-
1055
- * Handle `:protocol` option in `stylesheet_link_tag` and `javascript_include_tag`
1056
-
1057
- *Vasiliy Ermolovich*
1058
-
1059
- * Clear url helper methods when routes are reloaded. *Andrew White*
1060
-
1061
- * Fix a bug in `ActionDispatch::Request#raw_post` that caused `env['rack.input']`
1062
- to be read but not rewound.
1063
-
1064
- *Matt Venables*
1065
-
1066
- * Prevent raising `EOFError` on multipart GET request (IE issue). *Adam Stankiewicz*
1067
-
1068
- * Rename all action callbacks from *_filter to *_action to avoid the misconception that these
1069
- callbacks are only suited for transforming or halting the response. With the new style,
1070
- it's more inviting to use them as they were intended, like setting shared ivars for views.
1071
-
1072
- Example:
1073
-
1074
- class PeopleController < ActionController::Base
1075
- before_action :set_person, except: [:index, :new, :create]
1076
- before_action :ensure_permission, only: [:edit, :update]
1077
-
1078
- ...
1079
-
1080
- private
1081
- def set_person
1082
- @person = current_account.people.find(params[:id])
1083
- end
1084
-
1085
- def ensure_permission
1086
- current_person.can_change?(@person)
1087
- end
1088
- end
1089
-
1090
- The old *_filter methods still work with no deprecation notice.
1091
-
1092
- *DHH*
1093
-
1094
- * Add `cache_if` and `cache_unless` for conditional fragment caching:
1095
-
1096
- Example:
1097
-
1098
- <%= cache_if condition, project do %>
1099
- <b>All the topics on this project</b>
1100
- <%= render project.topics %>
1101
- <% end %>
1102
-
1103
- # and
1104
-
1105
- <%= cache_unless condition, project do %>
1106
- <b>All the topics on this project</b>
1107
- <%= render project.topics %>
1108
- <% end %>
1109
-
1110
- *Stephen Ausman + Fabrizio Regini + Angelo Capilleri*
1111
-
1112
- * Add logging filter capability for redirect URLs:
1113
-
1114
- config.filter_redirect << 'http://please.hide.it/'
1115
-
1116
- *Fabrizio Regini*
1117
-
1118
- * Fixed a bug that ignores constraints on a glob route. This was caused because the constraint
1119
- regular expression is overwritten when the `routes.rb` file is processed. Fixes #7924
1120
-
1121
- *Maura Fitzgerald*
1122
-
1123
- * More descriptive error messages when calling `render :partial` with
1124
- an invalid `:layout` argument.
1125
-
1126
- Fixes #8376.
1127
-
1128
- render partial: 'partial', layout: true
1129
-
1130
- # results in ActionView::MissingTemplate: Missing partial /true
1131
-
1132
- *Yves Senn*
1133
-
1134
- * Sweepers was extracted from Action Controller as `rails-observers` gem.
1135
-
1136
- *Rafael Mendonça França*
1137
-
1138
- * Add option flag to `CacheHelper#cache` to manually bypass automatic template digests:
1139
-
1140
- <% cache project, skip_digest: true do %>
1141
- ...
1142
- <% end %>
1143
-
1144
- *Drew Ulmer*
1145
-
1146
- * Do not sort Hash options in `grouped_options_for_select`. *Sergey Kojin*
1147
-
1148
- * Accept symbols as `send_data :disposition` value *Elia Schito*
1149
-
1150
- * Add i18n scope to `distance_of_time_in_words`. *Steve Klabnik*
1151
-
1152
- * `assert_template`:
1153
- - is no more passing with empty string.
1154
- - is now validating option keys. It accepts: `:layout`, `:partial`, `:locals` and `:count`.
1155
-
1156
- *Roberto Soares*
1157
-
1158
- * Allow setting a symbol as path in scope on routes. This is now allowed:
1159
-
1160
- scope :api do
1161
- resources :users
1162
- end
1163
-
1164
- It is also possible to pass multiple symbols to scope to shorten multiple nested scopes:
1165
-
1166
- scope :api do
1167
- scope :v1 do
1168
- resources :users
1169
- end
1170
- end
1171
-
1172
- can be rewritten as:
1173
-
1174
- scope :api, :v1 do
1175
- resources :users
1176
- end
1177
-
1178
- *Guillermo Iguaran + Amparo Luna*
1179
-
1180
- * Fix error when using a non-hash query argument named "params" in `url_for`.
1181
-
1182
- Before:
1183
-
1184
- url_for(params: "") # => undefined method `reject!' for "":String
1185
-
1186
- After:
1187
-
1188
- url_for(params: "") # => http://www.example.com?params=
1189
-
1190
- *tumayun + Carlos Antonio da Silva*
1191
-
1192
- * Render every partial with a new `ActionView::PartialRenderer`. This resolves
1193
- issues when rendering nested partials.
1194
- Fixes #8197.
1195
-
1196
- *Yves Senn*
1197
-
1198
- * Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`. This is a list
1199
- of mime types where template text is not html escaped by default. It prevents `Jack & Joe`
1200
- from rendering as `Jack &amp; Joe` for the whitelisted mime types. The default whitelist
1201
- contains `text/plain`.
1202
- Fixes #7976.
1203
-
1204
- *Joost Baaij*
1205
-
1206
- * Fix input name when `multiple: true` and `:index` are set.
1207
-
1208
- Before:
1209
-
1210
- check_box("post", "comment_ids", { multiple: true, index: "foo" }, 1)
1211
- # => <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />
1212
-
1213
- After:
1214
-
1215
- check_box("post", "comment_ids", { multiple: true, index: "foo" }, 1)
1216
- # => <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
1217
-
1218
- Fixes #8108.
1219
-
1220
- *Daniel Fox, Grant Hutchins & Trace Wax*
1221
-
1222
- * `date_select` helper accepts `with_css_classes: true` to add css classes similar with type
1223
- of generated select tags.
1224
-
1225
- *Pavel Nikitin*
1226
-
1227
- * Only non-js/css under `app/assets` path will be included in default `config.assets.precompile`.
1228
-
1229
- *Josh Peek*
1230
-
1231
- * Remove support for the `RAILS_ASSET_ID` environment configuration
1232
- (no longer needed now that we have the asset pipeline).
1233
-
1234
- *Josh Peek*
1235
-
1236
- * Remove old `asset_path` configuration (no longer needed now that we have the asset pipeline).
1237
-
1238
- *Josh Peek*
1239
-
1240
- * `assert_template` can be used to assert on the same template with different locals
1241
- Fixes #3675.
1242
-
1243
- *Yves Senn*
1244
-
1245
- * Remove old asset tag concatenation (no longer needed now that we have the asset pipeline).
1246
-
1247
- *Josh Peek*
1248
-
1249
- * Accept `:remote` as symbolic option for `link_to` helper. *Riley Lynch*
1250
-
1251
- * Warn when the `:locals` option is passed to `assert_template` outside of a view test case
1252
- Fixes #3415.
1253
-
1254
- *Yves Senn*
1255
-
1256
- * The `Rack::Cache` middleware is now disabled by default. To enable it,
1257
- set `config.action_dispatch.rack_cache = true` and add `gem rack-cache` to your Gemfile.
1258
-
1259
- *Guillermo Iguaran*
1260
-
1261
- * `ActionController::Base.page_cache_extension` option is deprecated
1262
- in favour of `ActionController::Base.default_static_extension`.
1263
-
1264
- *Francesco Rodriguez*
1265
-
1266
- * Action and Page caching has been extracted from Action Dispatch
1267
- as `actionpack-action_caching` and `actionpack-page_caching` gems.
1268
- Please read the `README.md` file on both gems for the usage.
1269
-
1270
- *Francesco Rodriguez*
1271
-
1272
- * Failsafe exception returns `text/plain`. *Steve Klabnik*
1273
-
1274
- * Rename internal variables on `ActionController::TemplateAssertions` to prevent
1275
- naming collisions. `@partials`, `@templates` and `@layouts` are now prefixed with an underscore.
1276
- Fixes #7459.
1277
-
1278
- *Yves Senn*
1279
-
1280
- * `resource` and `resources` don't modify the passed options hash.
1281
- Fixes #7777.
1282
-
1283
- *Yves Senn*
1284
-
1285
- * Precompiled assets include aliases from `foo.js` to `foo/index.js` and vice versa.
1286
-
1287
- # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
1288
- config.assets.precompile = [ 'phone.css' ]
1289
-
1290
- # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
1291
- config.assets.precompile = [ 'phone/index.css' ]
1292
-
1293
- # Both of these work with either precompile thanks to their aliases.
1294
- <%= stylesheet_link_tag 'phone', media: 'all' %>
1295
- <%= stylesheet_link_tag 'phone/index', media: 'all' %>
1296
-
1297
- *Jeremy Kemper*
1298
-
1299
- * `assert_template` is no more passing with what ever string that matches
1300
- with the template name.
1301
-
1302
- Before when we have a template `/layout/hello.html.erb`, `assert_template`
1303
- was passing with any string that matches. This behavior allowed false
1304
- positive like:
1305
-
1306
- assert_template "layout"
1307
- assert_template "out/hello"
1308
-
1309
- Now it only passes with:
1310
-
1311
- assert_template "layout/hello"
1312
- assert_template "hello"
1313
-
1314
- Fixes #3849.
1315
-
1316
- *Hugolnx*
1317
-
1318
- * `image_tag` will set the same width and height for image if numerical value
1319
- passed to `size` option.
1320
-
1321
- *Nihad Abbasov*
1322
-
1323
- * Deprecate `Mime::Type#verify_request?` and `Mime::Type.browser_generated_types`,
1324
- since they are no longer used inside of Rails, they will be removed in Rails 4.1.
1325
-
1326
- *Michael Grosser*
1327
-
1328
- * `ActionDispatch::Http::UploadedFile` now delegates `close` to its tempfile. *Sergio Gil*
1329
-
1330
- * Add `ActionController::StrongParameters`, this module converts `params` hash into
1331
- an instance of ActionController::Parameters that allows whitelisting of permitted
1332
- parameters. Non-permitted parameters are forbidden to be used in Active Model by default
1333
- For more details check the documentation of the module or the
1334
- [strong_parameters gem](https://github.com/rails/strong_parameters)
1335
-
1336
- *DHH + Guillermo Iguaran*
1337
-
1338
- * Remove Integration between `attr_accessible`/`attr_protected` and
1339
- `ActionController::ParamsWrapper`. ParamWrapper now wraps all the parameters returned
1340
- by the class method `attribute_names`.
1341
-
1342
- *Guillermo Iguaran*
1343
-
1344
- * Log now displays the correct status code when an exception is raised.
1345
- Fixes #7646.
1346
-
1347
- *Yves Senn*
1348
-
1349
- * Allow pass couple extensions to `ActionView::Template.register_template_handler` call.
1350
-
1351
- *Tima Maslyuchenko*
1352
-
1353
- * Sprockets integration has been extracted from Action Pack to the `sprockets-rails`
1354
- gem. `rails` gem is depending on `sprockets-rails` by default.
1355
-
1356
- *Guillermo Iguaran*
1357
-
1358
- * `ActionDispatch::Session::MemCacheStore` now uses `dalli` instead of the deprecated
1359
- `memcache-client` gem.
1360
-
1361
- *Arun Agrawal + Guillermo Iguaran*
1362
-
1363
- * Support multiple etags in If-None-Match header. *Travis Warlick*
1364
-
1365
- * Allow to configure how unverified request will be handled using `:with`
1366
- option in `protect_from_forgery` method.
1367
-
1368
- Valid unverified request handling methods are:
1369
-
1370
- - `:exception` - Raises ActionController::InvalidAuthenticityToken exception.
1371
- - `:reset_session` - Resets the session.
1372
- - `:null_session` - Provides an empty session during request but doesn't
1373
- reset it completely. Used as default if `:with` option is not specified.
1374
-
1375
- New applications are generated with:
1376
-
1377
- protect_from_forgery with: :exception
1378
-
1379
- *Sergey Nartimov*
1380
-
1381
- * Add `.ruby` template handler, this handler simply allows arbitrary Ruby code as a template. *Guillermo Iguaran*
1382
-
1383
- * Add `separator` option for `ActionView::Helpers::TextHelper#excerpt`:
1384
-
1385
- excerpt('This is a very beautiful morning', 'very', separator: ' ', radius: 1)
1386
- # => ...a very beautiful...
1387
-
1388
- *Guirec Corbel*
1389
-
1390
- * Added controller-level etag additions that will be part of the action etag computation *Jeremy Kemper/DHH*
1391
-
1392
- class InvoicesController < ApplicationController
1393
- etag { current_user.try :id }
1394
-
1395
- def show
1396
- # Etag will differ even for the same invoice when it's viewed by a different current_user
1397
- @invoice = Invoice.find(params[:id])
1398
- fresh_when(@invoice)
1399
- end
1400
- end
1401
-
1402
- * Add automatic template digests to all `CacheHelper#cache` calls (originally spiked in the `cache_digests` plugin) *DHH*
1403
-
1404
- * When building a URL fails, add missing keys provided by Journey. Failed URL
1405
- generation now returns a 500 status instead of a 404.
1406
-
1407
- *Richard Schneeman*
1408
-
1409
- * Deprecate availability of `ActionView::RecordIdentifier` in controllers by default.
1410
- It's view specific and can be easily included in controllers manually if someone
1411
- really needs it. Also deprecate calling `ActionController::RecordIdentifier.dom_id` and
1412
- `dom_class` directly, in favor of `ActionView::RecordIdentifier.dom_id` and `dom_class`.
1413
- `RecordIdentifier` will be removed from `ActionController::Base` in Rails 4.1.
1414
-
1415
- *Piotr Sarnacki*
1416
-
1417
- * Fix `ActionView::RecordIdentifier` to work as a singleton. *Piotr Sarnacki*
1418
-
1419
- * Deprecate `Template#mime_type`, it will be removed in Rails 4.1 in favor of `#type`.
1420
318
  *Piotr Sarnacki*
1421
319
 
1422
- * Move vendored html-scanner from `action_controller` to `action_view` directory. If you
1423
- require it directly, please use 'action_view/vendor/html-scanner', reference to
1424
- 'action_controller/vendor/html-scanner' will be removed in Rails 4.1. *Piot Sarnacki*
1425
-
1426
- * Fix handling of date selects when using both disabled and discard options.
1427
- Fixes #7431.
1428
-
1429
- *Vasiliy Ermolovich*
1430
-
1431
- * `ActiveRecord::SessionStore` is extracted out of Rails into a gem `activerecord-session_store`.
1432
- Setting `config.session_store` to `:active_record_store` will no longer work and will break
1433
- if the `activerecord-session_store` gem isn't available. *Prem Sichanugrist*
1434
-
1435
- * Fix `select_tag` when `option_tags` is nil.
1436
- Fixes #7404.
1437
-
1438
- *Sandeep Ravichandran*
1439
-
1440
- * Add `Request#formats=(extensions)` that lets you set multiple formats directly in a prioritized order.
1441
-
1442
- Example of using this for custom iphone views with an HTML fallback:
1443
-
1444
- class ApplicationController < ActionController::Base
1445
- before_filter :adjust_format_for_iphone_with_html_fallback
1446
-
1447
- private
1448
- def adjust_format_for_iphone_with_html_fallback
1449
- request.formats = [ :iphone, :html ] if request.env["HTTP_USER_AGENT"][/iPhone/]
1450
- end
1451
- end
1452
-
1453
- *DHH*
1454
-
1455
- * Add Routing Concerns to declare common routes that can be reused inside
1456
- others resources and routes.
1457
-
1458
- Code before:
1459
-
1460
- resources :messages do
1461
- resources :comments
1462
- end
1463
-
1464
- resources :posts do
1465
- resources :comments
1466
- resources :images, only: :index
1467
- end
1468
-
1469
- Code after:
1470
-
1471
- concern :commentable do
1472
- resources :comments
1473
- end
1474
-
1475
- concern :image_attachable do
1476
- resources :images, only: :index
1477
- end
1478
-
1479
- resources :messages, concerns: :commentable
1480
-
1481
- resources :posts, concerns: [:commentable, :image_attachable]
1482
-
1483
- *DHH + Rafael Mendonça França*
1484
-
1485
- * Add `start_hour` and `end_hour` options to the `select_hour` helper. *Evan Tann*
1486
-
1487
- * Raises an `ArgumentError` when the first argument in `form_for` contain `nil`
1488
- or is empty.
1489
-
1490
- *Richard Schneeman*
1491
-
1492
- * Add 'X-Frame-Options' => 'SAMEORIGIN'
1493
- 'X-XSS-Protection' => '1; mode=block' and
1494
- 'X-Content-Type-Options' => 'nosniff'
1495
- as default headers.
1496
-
1497
- *Egor Homakov*
1498
-
1499
- * Allow data attributes to be set as a first-level option for `form_for`, so you can write `form_for @record, data: { behavior: 'autosave' }` instead of `form_for @record, html: { data: { behavior: 'autosave' } }` *DHH*
1500
-
1501
- * Deprecate `button_to_function` and `link_to_function` helpers.
1502
-
1503
- We recommend the use of Unobtrusive JavaScript instead. For example:
1504
-
1505
- link_to "Greeting", "#", class: "nav_link"
1506
-
1507
- $(function() {
1508
- $('.nav_link').click(function() {
1509
- // Some complex code
1510
-
1511
- return false;
1512
- });
1513
- });
1514
-
1515
- or
1516
-
1517
- link_to "Greeting", '#', onclick: "alert('Hello world!'); return false", class: "nav_link"
1518
-
1519
- for simple cases.
1520
-
1521
- *Rafael Mendonça França*
1522
-
1523
- * `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*
1524
-
1525
- * Send an empty response body when call `head` with status between 100 and 199, 204, 205 or 304.
1526
-
1527
- *Armand du Plessis*
1528
-
1529
- * Fixed issue with where digest authentication would not work behind a proxy. *Arthur Smith*
1530
-
1531
- * Added `ActionController::Live`. Mix it in to your controller and you can
1532
- stream data to the client live. For example:
1533
-
1534
- class FooController < ActionController::Base
1535
- include ActionController::Live
1536
-
1537
- def index
1538
- 100.times {
1539
- # Client will see this as it's written
1540
- response.stream.write "hello world\n"
1541
- sleep 1
1542
- }
1543
- response.stream.close
1544
- end
1545
- end
1546
-
1547
- *Aaron Patterson*
1548
-
1549
- * Remove `ActionDispatch::Head` middleware in favor of `Rack::Head`. *Santiago Pastorino*
1550
-
1551
- * Deprecate `:confirm` in favor of `data: { confirm: "Text" }` option for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and `submit_tag` helpers.
1552
-
1553
- *Carlos Galdino + Rafael Mendonça França*
1554
-
1555
- * Show routes in exception page while debugging a `RoutingError` in development.
1556
-
1557
- *Richard Schneeman + Mattt Thompson + Yves Senn*
1558
-
1559
- * Add `ActionController::Flash.add_flash_types` method to allow people to register their own flash types. e.g.:
1560
-
1561
- class ApplicationController
1562
- add_flash_types :error, :warning
1563
- end
1564
-
1565
- If you add the above code, you can use `<%= error %>` in an erb, and `redirect_to /foo, error: 'message'` in a controller.
1566
-
1567
- *kennyj*
1568
-
1569
- * Remove Active Model dependency from Action Pack. *Guillermo Iguaran*
1570
-
1571
- * Support unicode characters in routes. Route will be automatically escaped, so instead of manually escaping:
1572
-
1573
- get Rack::Utils.escape('こんにちは') => 'home#index'
1574
-
1575
- You just have to write the unicode route:
1576
-
1577
- get 'こんにちは' => 'home#index'
1578
-
1579
- *kennyj*
1580
-
1581
- * Return proper format on exceptions. *Santiago Pastorino*
1582
-
1583
- * Allow to use `mounted_helpers` (helpers for accessing mounted engines) in `ActionView::TestCase`. *Piotr Sarnacki*
1584
-
1585
- * Include `mounted_helpers` (helpers for accessing mounted engines) in `ActionDispatch::IntegrationTest` by default. *Piotr Sarnacki*
1586
-
1587
- * Extracted redirect logic from `ActionController::ForceSSL::ClassMethods.force_ssl` into `ActionController::ForceSSL#force_ssl_redirect`
1588
-
1589
- *Jeremy Friesen*
1590
-
1591
- * Make possible to use a block in `button_to` if the button text is hard
1592
- to fit into the name parameter, e.g.:
1593
-
1594
- <%= button_to [:make_happy, @user] do %>
1595
- Make happy <strong><%= @user.name %></strong>
1596
- <% end %>
1597
- # => "<form method="post" action="/users/1/make_happy" class="button_to">
1598
- # <div>
1599
- # <button type="submit">
1600
- # Make happy <strong>Name</strong>
1601
- # </button>
1602
- # </div>
1603
- # </form>"
1604
-
1605
- *Sergey Nartimov*
1606
-
1607
- * Change a way of ordering helpers from several directories. Previously,
1608
- when loading helpers from multiple paths, all of the helpers files were
1609
- gathered into one array an then they were sorted. Helpers from different
1610
- directories should not be mixed before loading them to make loading more
1611
- predictable. The most common use case for such behavior is loading helpers
1612
- from engines. When you load helpers from application and engine Foo, in
1613
- that order, first rails will load all of the helpers from application,
1614
- sorted alphabetically and then it will do the same for Foo engine.
1615
-
1616
- *Piotr Sarnacki*
1617
-
1618
- * `truncate` now always returns an escaped HTML-safe string. The option `:escape` can be used as
1619
- false to not escape the result.
1620
-
1621
- *Li Ellis Gallardo + Rafael Mendonça França*
1622
-
1623
- * `truncate` now accepts a block to show extra content when the text is truncated. *Li Ellis Gallardo*
1624
-
1625
- * Add `week_field`, `week_field_tag`, `month_field`, `month_field_tag`, `datetime_local_field`,
1626
- `datetime_local_field_tag`, `datetime_field` and `datetime_field_tag` helpers. *Carlos Galdino*
1627
-
1628
- * Add `color_field` and `color_field_tag` helpers. *Carlos Galdino*
1629
-
1630
- * `assert_generates`, `assert_recognizes`, and `assert_routing` all raise
1631
- `Assertion` instead of `RoutingError` *David Chelimsky*
1632
-
1633
- * URL path parameters with invalid encoding now raise `ActionController::BadRequest`. *Andrew White*
1634
-
1635
- * Malformed query and request parameter hashes now raise `ActionController::BadRequest`. *Andrew White*
1636
-
1637
- * Add `divider` option to `grouped_options_for_select` to generate a separator
1638
- `optgroup` automatically, and deprecate `prompt` as third argument, in favor
1639
- of using an options hash. *Nicholas Greenfield*
1640
-
1641
- * Add `time_field` and `time_field_tag` helpers which render an `input[type="time"]` tag. *Alex Soulim*
1642
-
1643
- * Removed old text helper apis from `highlight`, `excerpt` and `word_wrap`. *Jeremy Walker*
1644
-
1645
- * Templates without a handler extension now raises a deprecation warning but still
1646
- defaults to ERB. In future releases, it will simply return the template contents. *Steve Klabnik*
1647
-
1648
- * Deprecate `:disable_with` in favor of `data: { disable_with: "Text" }` option from `submit_tag`, `button_tag` and `button_to` helpers.
1649
-
1650
- *Carlos Galdino + Rafael Mendonça França*
1651
-
1652
- * Remove `:mouseover` option from `image_tag` helper. *Rafael Mendonça França*
1653
-
1654
- * The `select` method (select tag) forces `:include_blank` if `required` is true and
1655
- `display size` is one and `multiple` is not true. *Angelo Capilleri*
1656
-
1657
- * Copy literal route constraints to defaults so that url generation know about them.
1658
- The copied constraints are `:protocol`, `:subdomain`, `:domain`, `:host` and `:port`.
1659
-
1660
- *Andrew White*
1661
-
1662
- * `respond_to` and `respond_with` now raise `ActionController::UnknownFormat` instead
1663
- of directly returning head 406. The exception is rescued and converted to 406
1664
- in the exception handling middleware. *Steven Soroka*
1665
-
1666
- * Allows `assert_redirected_to` to match against a regular expression. *Andy Lindeman*
1667
-
1668
- * Add backtrace to development routing error page. *Richard Schneeman*
1669
-
1670
- * Replace `include_seconds` boolean argument with `include_seconds: true` option
1671
- in `distance_of_time_in_words` and `time_ago_in_words` signature. *Dmitriy Kiriyenko*
1672
-
1673
- * Make current object and counter (when it applies) variables accessible when
1674
- rendering templates with :object / :collection. *Carlos Antonio da Silva*
1675
-
1676
- * JSONP now uses mimetype `text/javascript` instead of `application/json`. *omjokine*
1677
-
1678
- * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
1679
-
1680
- * Session arguments passed to `process` calls in functional tests are now merged into
1681
- the existing session, whereas previously they would replace the existing session.
1682
- This change may break some existing tests if they are asserting the exact contents of
1683
- the session but should not break existing tests that only assert individual keys.
1684
-
1685
- *Andrew White*
1686
-
1687
- * In the routes DSL the `:via` option of `match` is now mandatory.
1688
-
1689
- For routes that respond to one single verb it is recommended to use the more specific
1690
- macros `get`, `post`, etc. instead. You can still map all HTTP verbs to one action
1691
- with `match`, but it has to be explictly configured using `:via => :all`.
1692
-
1693
- *José Valim and Yehuda Katz*
1694
-
1695
- * Add `index` method to FormBuilder class. *Jorge Bejar*
1696
-
1697
- * Remove the leading \n added by textarea on `assert_select`. *Santiago Pastorino*
1698
-
1699
- * Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
1700
- to `false`. This change breaks remote forms that need to work also without JavaScript,
1701
- so if you need such behavior, you can either set it to `true` or explicitly pass
1702
- `authenticity_token: true` in form options.
1703
-
1704
- * Added `ActionDispatch::SSL` middleware that when included force all the requests to be under HTTPS protocol. *Rafael Mendonça França*
1705
-
1706
- * Add `include_hidden` option to select tag. With `include_hidden: false` select with `multiple` attribute doesn't generate hidden input with blank value. *Vasiliy Ermolovich*
1707
-
1708
- * Removed default `size` option from the `text_field`, `search_field`, `telephone_field`, `url_field`, `email_field` helpers. *Philip Arndt*
1709
-
1710
- * Removed default `cols` and `rows` options from the `text_area` helper. *Philip Arndt*
1711
-
1712
- * Adds support for layouts when rendering a partial with a given collection. *serabe*
1713
-
1714
- * Allows the route helper `root` to take a string argument. For example, `root 'pages#main'`. *bcardarella*
1715
-
1716
- * Forms of persisted records use always PATCH (via the `_method` hack). *fxn*
1717
-
1718
- * For resources, both PATCH and PUT are routed to the `update` action. *fxn*
1719
-
1720
- * Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior.
1721
-
1722
- class AccountsController < ApplicationController
1723
- force_ssl if: :ssl_configured?
1724
-
1725
- def ssl_configured?
1726
- !Rails.env.development?
1727
- end
1728
- end
1729
-
1730
- *Pat Allan*
1731
-
1732
- * Adds support for the PATCH verb:
1733
- * Request objects respond to `patch?`.
1734
- * Routes have a new `patch` method, and understand `:patch` in the
1735
- existing places where a verb is configured, like `:via`.
1736
- * New method `patch` available in functional tests.
1737
- * If `:patch` is the default verb for updates, edits are
1738
- tunneled as PATCH rather than as PUT, and routing acts accordingly.
1739
- * New method `patch_via_redirect` available in integration tests.
1740
-
1741
- *dlee*
1742
-
1743
- * `expires_in` accepts a `must_revalidate` flag. If true, "must-revalidate"
1744
- is added to the Cache-Control header. *fxn*
1745
-
1746
- * Add `date_field` and `date_field_tag` helpers which render an `input[type="date"]` tag *Olek Janiszewski*
1747
-
1748
- * Adds `image_url`, `javascript_url`, `stylesheet_url`, `audio_url`, `video_url`, and `font_url`
1749
- to assets tag helper. These URL helpers will return the full path to your assets. This is useful
1750
- when you are going to reference this asset from external host. *Prem Sichanugrist*
1751
-
1752
- * Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
1753
-
1754
- * Allow `value_method` and `text_method` arguments from `collection_select` and
1755
- `options_from_collection_for_select` to receive an object that responds to `:call`,
1756
- such as a `proc`, to evaluate the option in the current element context. This works
1757
- the same way with `collection_radio_buttons` and `collection_check_boxes`.
1758
-
1759
- *Carlos Antonio da Silva + Rafael Mendonça França*
1760
-
1761
- * Add `collection_check_boxes` form helper, similar to `collection_select`:
1762
- Example:
1763
-
1764
- collection_check_boxes :post, :author_ids, Author.all, :id, :name
1765
- # Outputs something like:
1766
- <input id="post_author_ids_1" name="post[author_ids][]" type="checkbox" value="1" />
1767
- <label for="post_author_ids_1">D. Heinemeier Hansson</label>
1768
- <input id="post_author_ids_2" name="post[author_ids][]" type="checkbox" value="2" />
1769
- <label for="post_author_ids_2">D. Thomas</label>
1770
- <input name="post[author_ids][]" type="hidden" value="" />
1771
-
1772
- The label/check_box pairs can be customized with a block.
1773
-
1774
- *Carlos Antonio da Silva + Rafael Mendonça França*
1775
-
1776
- * Add `collection_radio_buttons` form helper, similar to `collection_select`:
1777
- Example:
1778
-
1779
- collection_radio_buttons :post, :author_id, Author.all, :id, :name
1780
- # Outputs something like:
1781
- <input id="post_author_id_1" name="post[author_id]" type="radio" value="1" />
1782
- <label for="post_author_id_1">D. Heinemeier Hansson</label>
1783
- <input id="post_author_id_2" name="post[author_id]" type="radio" value="2" />
1784
- <label for="post_author_id_2">D. Thomas</label>
1785
-
1786
- The label/radio_button pairs can be customized with a block.
1787
-
1788
- *Carlos Antonio da Silva + Rafael Mendonça França*
1789
-
1790
- * `check_box` with `:form` html5 attribute will now replicate the `:form`
1791
- attribute to the hidden field as well. *Carlos Antonio da Silva*
1792
-
1793
- * `label` form helper accepts `for: nil` to not generate the attribute. *Carlos Antonio da Silva*
1794
-
1795
- * Add `:format` option to `number_to_percentage`. *Rodrigo Flores*
1796
-
1797
- * Add `config.action_view.logger` to configure logger for Action View. *Rafael Mendonça França*
1798
-
1799
- * Deprecated `ActionController::Integration` in favour of `ActionDispatch::Integration`.
1800
-
1801
- * Deprecated `ActionController::IntegrationTest` in favour of `ActionDispatch::IntegrationTest`.
1802
-
1803
- * Deprecated `ActionController::PerformanceTest` in favour of `ActionDispatch::PerformanceTest`.
1804
-
1805
- * Deprecated `ActionController::AbstractRequest` in favour of `ActionDispatch::Request`.
1806
-
1807
- * Deprecated `ActionController::Request` in favour of `ActionDispatch::Request`.
1808
-
1809
- * Deprecated `ActionController::AbstractResponse` in favour of `ActionDispatch::Response`.
1810
-
1811
- * Deprecated `ActionController::Response` in favour of `ActionDispatch::Response`.
1812
-
1813
- * Deprecated `ActionController::Routing` in favour of `ActionDispatch::Routing`.
1814
-
1815
- * `check_box helper` with `disabled: true` will generate a disabled
1816
- hidden field to conform with the HTML convention where disabled fields are
1817
- not submitted with the form. This is a behavior change, previously the hidden
1818
- tag had a value of the disabled checkbox. *Tadas Tamosauskas*
1819
-
1820
- * `favicon_link_tag` helper will now use the favicon in app/assets by default. *Lucas Caton*
1821
-
1822
- * `ActionView::Helpers::TextHelper#highlight` now defaults to the
1823
- HTML5 `mark` element. *Brian Cardarella*
1824
-
1825
- Please check [3-2-stable](https://github.com/rails/rails/blob/3-2-stable/actionpack/CHANGELOG.md) for previous changes.
320
+ Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/actionpack/CHANGELOG.md) for previous changes.