2021-05-15 04:50:37 -04:00
|
|
|
* Writing into a disabled session will now raise an error.
|
|
|
|
|
|
|
|
Previously when no session store was set, writing into the session would silently fail.
|
|
|
|
|
|
|
|
*Jean Boussier*
|
|
|
|
|
2021-05-02 15:31:55 -04:00
|
|
|
* Add support for 'require-trusted-types-for' and 'trusted-types' headers.
|
|
|
|
|
|
|
|
Fixes #42034
|
|
|
|
|
|
|
|
*lfalcao*
|
|
|
|
|
2021-04-11 10:18:49 -04:00
|
|
|
* Remove inline styles and address basic accessibility issues on rescue templates.
|
2021-04-07 23:56:20 -04:00
|
|
|
|
|
|
|
*Jacob Herrington*
|
|
|
|
|
Allow 'private, no-store' Cache-Control header
https://github.com/rails/rails/pull/39461 changed the `no-store`
directive for the `Cache-Control` header to be exclusive, i.e. when
setting `Cache-Control` to `private, no-store`, this is simplified to
just `no-store`. `private` should typically be superfluous there, but
it's not always.
For instance, Fastly "does not currently respect no-store or no-cache
directives" and says that "if you need to prevent caching by both Fastly
and web browsers, we recommend combining the private directive with
max-age=0 or no-store".
https://docs.fastly.com/en/guides/configuring-caching#do-not-cache
Since it's not possible to override this directive reduction behaviour,
the changes in #39461 prevent Fastly users from upgrading Rails.
This changes the behaviour to allow setting a 'private, no-store' header
when private is specified - similar to how 'public' can be specified
when 'no-cache' is, but not as a default.
Fixes https://github.com/rails/rails/issues/40798
2021-03-22 19:38:04 -04:00
|
|
|
* Add support for 'private, no-store' Cache-Control headers.
|
|
|
|
|
|
|
|
Previously, 'no-store' was exclusive; no other directives could be specified.
|
|
|
|
|
|
|
|
*Alex Smith*
|
|
|
|
|
2021-03-31 07:24:36 -04:00
|
|
|
* Expand payload of `unpermitted_parameters.action_controller` instrumentation to allow subscribers to
|
|
|
|
know which controller action received unpermitted parameters.
|
|
|
|
|
|
|
|
*bbuchalter*
|
|
|
|
|
2021-02-18 16:35:36 -05:00
|
|
|
* Add `ActionController::Live#send_stream` that makes it more convenient to send generated streams:
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
send_stream(filename: "subscribers.csv") do |stream|
|
2021-02-20 04:02:49 -05:00
|
|
|
stream.writeln "email_address,updated_at"
|
2021-04-11 11:44:46 -04:00
|
|
|
|
2021-02-18 16:35:36 -05:00
|
|
|
@subscribers.find_each do |subscriber|
|
2021-02-20 04:02:49 -05:00
|
|
|
stream.writeln [ subscriber.email_address, subscriber.updated_at ].join(",")
|
2021-02-18 16:35:36 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
```
|
2021-04-11 11:44:46 -04:00
|
|
|
|
2021-02-18 16:35:36 -05:00
|
|
|
*DHH*
|
|
|
|
|
2021-02-20 04:02:49 -05:00
|
|
|
* Add `ActionController::Live::Buffer#writeln` to write a line to the stream with a newline included.
|
|
|
|
|
|
|
|
*DHH*
|
|
|
|
|
2021-01-26 18:41:38 -05:00
|
|
|
* `ActionDispatch::Request#content_type` now returned Content-Type header as it is.
|
|
|
|
|
|
|
|
Previously, `ActionDispatch::Request#content_type` returned value does NOT contain charset part.
|
|
|
|
This behavior changed to returned Content-Type header containing charset part as it is.
|
|
|
|
|
|
|
|
If you want just MIME type, please use `ActionDispatch::Request#media_type` instead.
|
|
|
|
|
|
|
|
Before:
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
request = ActionDispatch::Request.new("CONTENT_TYPE" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET")
|
|
|
|
request.content_type #=> "text/csv"
|
|
|
|
```
|
|
|
|
|
|
|
|
After:
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
request = ActionDispatch::Request.new("Content-Type" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET")
|
|
|
|
request.content_type #=> "text/csv; header=present; charset=utf-16"
|
|
|
|
request.media_type #=> "text/csv"
|
|
|
|
```
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2021-01-26 18:24:27 -05:00
|
|
|
* Change `ActionDispatch::Request#media_type` to return `nil` when the request don't have a `Content-Type` header.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
2020-11-24 04:17:11 -05:00
|
|
|
|
2021-01-23 17:48:25 -05:00
|
|
|
* Fix error in `ActionController::LogSubscriber` that would happen when throwing inside a controller action.
|
|
|
|
|
|
|
|
*Janko Marohnić*
|
|
|
|
|
2021-02-08 08:53:16 -05:00
|
|
|
* Allow anything with `#to_str` (like `Addressable::URI`) as a `redirect_to` location
|
|
|
|
|
|
|
|
*ojab*
|
|
|
|
|
change request method to a `GET` when passing failed requests to `config.exceptions_app`
Similar to #38998 (fixed in #40246), HTTP method validation occurring whenever methods are called on `ActionDispatch::Request` can cause some weird unintended consequences. For example, if `config.exceptions_app = self.routes`, you get an exception raised via the `ActionDispatch::ShowExceptions` middleware failsafe:
```
Started TEST "/" for 127.0.0.1 at 2020-11-05 15:40:31 -0500
(1.0ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH excluded from capture: DSN not set
ActionController::UnknownHttpMethod (TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH):
actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:431:in `check_method'
actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:143:in `request_method'
rack (2.2.3) lib/rack/request.rb:187:in `head?'
actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:113:in `find_routes'
actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.3.4) lib/action_dispatch/routing/route_set.rb:834:in `call'
Error during failsafe response: TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:431:in `check_method'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:143:in `request_method'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/request.rb:187:in `head?'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:113:in `find_routes'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:32:in `serve'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/routing/route_set.rb:834:in `call'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:50:in `render_exception'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:36:in `rescue in call'
/usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
# ...
```
Now, to prevent the redundant exception, we overwrite `request_method` before passing `env` down to `config.exceptions_app`. `action_dispatch.original_request_method` is set to keep the original request method available for inspection.
2020-12-16 20:48:09 -05:00
|
|
|
* Change the request method to a `GET` when passing failed requests down to `config.exceptions_app`.
|
|
|
|
|
|
|
|
*Alex Robbin*
|
|
|
|
|
2020-12-10 12:42:52 -05:00
|
|
|
* Deprecate the ability to assign a single value to `config.action_dispatch.trusted_proxies`
|
|
|
|
as `RemoteIp` middleware behaves inconsistently depending on whether this is configured
|
|
|
|
with a single value or an enumerable.
|
|
|
|
|
|
|
|
Fixes #40772
|
|
|
|
|
|
|
|
*Christian Sutter*
|
|
|
|
|
2020-11-24 05:00:56 -05:00
|
|
|
* Add `redirect_back_or_to(fallback_location, **)` as a more aesthetically pleasing version of `redirect_back fallback_location:, **`.
|
2020-11-24 04:17:11 -05:00
|
|
|
The old method name is retained without explicit deprecation.
|
2019-04-20 22:09:50 -04:00
|
|
|
|
2020-12-02 18:37:26 -05:00
|
|
|
*DHH*
|
2019-04-20 22:09:50 -04:00
|
|
|
|
2019-06-04 16:47:33 -04:00
|
|
|
|
2020-12-02 18:37:26 -05:00
|
|
|
Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actionpack/CHANGELOG.md) for previous changes.
|