kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/CHANGELOG.md

177 lines
5.9 KiB
Markdown
Raw Normal View History

Deprecate :poltergeist, :webkit instead of removing.
2021-07-20 10:10:58 -04:00
* Deprecate `poltergeist` and `webkit` (capybara-webkit) driver registration for system testing (they will be removed in Rails 7.1). Add `cuprite` instead.
Remove `poltergeist` and `webkit` driver registration logics in system testing. Add `cuprite` instead. Poltergeist and capybara-webkit are already not maintained. * https://github.com/teampoltergeist/poltergeist * https://github.com/thoughtbot/capybara-webkit Most users actually use Selenium with Headless Chrome in these years, and it is not encouraged to use poltergeist or capybara-webkit at this moment. Cuprite is a good alternative driver to Poltergeist: https://evilmartians.com/chronicles/system-of-a-test-setting-up-end-to-end-rails-testing Not only removing deprecated Capybara drivers, also introducing Cuprite.
2021-07-14 22:40:03 -04:00
[Poltergeist](https://github.com/teampoltergeist/poltergeist) and [capybara-webkit](https://github.com/thoughtbot/capybara-webkit) are already not maintained. These usage in Rails are removed for avoiding confusing users.
[Cuprite](https://github.com/rubycdp/cuprite) is a good alternative to Poltergeist. Some guide descriptions are replaced from Poltergeist to Cuprite.
*Yusuke Iwaki*
Add `Middleware#remove` to delete middleware or raise if not found. `Middleware#remove` works just like `Middleware#delete` but will raise an error if the middleware isn't found. This partly reverts 07558ff57c32ac96ec75d744e304944c36282b1b, where `delete` would raise an error. It might be expected that `delete` fails silently for some environments. Or maybe you want to make sure a middleware isn't present. Co-authored-by: Alex Ghiculescu <alexghiculescu@gmail.com>
2021-07-20 12:06:01 -04:00
* Add `Middleware#remove` to delete middleware or raise if not found.
`Middleware#remove` works just like `Middleware#delete` but will
raise an error if the middleware isn't found.
*Alex Ghiculescu*, *Petrik de Heus*
Exclude added flash types from action_methods
2021-07-13 10:04:15 -04:00
* Exclude additional flash types from `ActionController::Base.action_methods`.
Ensures that additional flash types defined on ActionController::Base subclasses
are not listed as actions on that controller.
class MyController < ApplicationController
add_flash_types :hype
end
MyController.action_methods.include?('hype') # => false
*Gavin Morrice*
Always use OpenSSL constants for Digest operations As also previously discussed in https://github.com/rails/rails/pull/40770#issuecomment-748347066, this moves the usage of Digest constants to always use the OpenSSL version of those Digest implementations.
2021-03-22 05:25:49 -04:00
* OpenSSL constants are now used for Digest computations.
*Dirkjan Bussink*
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
* Remove IE6-7-8 file download related hack/fix from ActionController::DataStreaming module.
Remove IE6-7-8 file download related hack/fix IE 6-7-8 has bug when 'Cache-Control: no-cache' head would break file download. It's been fixed in IE9 (which is also ancient and barely used version). Some extra details [here][1] and [here][2]. The way this fix is implemented clashes with what's been done in PR #40324. By adding ':public' key to cache control header set it wipes default headers. Since IE 6-7-8 are ancient browsers - let's just get rid of this hack. [1]: https://stackoverflow.com/q/9766639/843067 [2]: https://stackoverflow.com/q/3415370/843067
2021-06-24 16:43:36 -04:00
:nail_care: Adjust the wording for AC::DataStreaming Cache-Control hack [ci skip]
2021-06-26 18:07:18 -04:00
Due to the age of those versions of IE this fix is no longer relevant, more importantly it creates an edge-case for unexpected Cache-Control headers.
Remove IE6-7-8 file download related hack/fix IE 6-7-8 has bug when 'Cache-Control: no-cache' head would break file download. It's been fixed in IE9 (which is also ancient and barely used version). Some extra details [here][1] and [here][2]. The way this fix is implemented clashes with what's been done in PR #40324. By adding ':public' key to cache control header set it wipes default headers. Since IE 6-7-8 are ancient browsers - let's just get rid of this hack. [1]: https://stackoverflow.com/q/9766639/843067 [2]: https://stackoverflow.com/q/3415370/843067
2021-06-24 16:43:36 -04:00
*Tadas Sasnauskas*
Skip logging backtrace when exception is in `rescue_responses` Closes #9343 Co-authored-by: Mike Dalessio <mike.dalessio@gmail.com>
2018-09-25 03:31:11 -04:00
* Configuration setting to skip logging an uncaught exception backtrace when the exception is
present in `rescued_responses`.
It may be too noisy to get all backtraces logged for applications that manage uncaught
exceptions via `rescued_responses` and `exceptions_app`.
`config.action_dispatch.log_rescued_responses` (defaults to `true`) can be set to `false` in
this case, so that only exceptions not found in `rescued_responses` will be logged.
*Alexander Azarov*, *Mike Dalessio*
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
* Ignore file fixtures on `db:fixtures:load`.
Ignore file fixtures on `db:fixtures:load`
2021-05-05 13:59:26 -04:00
*Kevin Sjöberg*
actionpack: Use an infinite sized queue in testing ActionController::Live To avoid a deadlock from the buffer filling up during testing due to the ActionController::Live test monkey patch that processes the request in the same thread, which means there is no consumer of the queue until the request is processed.
2021-03-03 14:19:52 -05:00
* Fix ActionController::Live controller test deadlocks by removing the body buffer size limit for tests.
*Dylan Thacker-Smith*
Implement 'no_store' HTTP cache directive method Summary ======= Currently there is no way to set "Cache-Control: no-store" header using built-in cache control methods ("expires_now"/"expires_in"/etc..). One of the [top StackOverflow][1] answers currently suggests putting it directly into header set. Unfortunately, it cannot later be overridden in specific/individual actions by calling say 'expires_in 5.minutes'. Resulting header in that case is stays the same, i.e. 'Cache-Control: no-store'. This: 1. Adds the 'no_store' method to set "Cache-Control: no-store" header. 2. Changes cache control "merge and normalize" code so default "no-store" directive can be overridden using built in cache control methods mentioned above. What's the use of it -------------------- Couple examples: * To [prevent rendering stale content][3] if browser return button is used ('expires_now' does not help). * To prevent browser disk cache being used. In some situations it's considered a [privacy/security risk][4]. Other Information ================= Mozilla developer docs for [Cache-Control][2] header. [1]: https://stackoverflow.com/questions/10744169/rails-set-no-cache-method-cannot-disable-browser-caching-in-safari-and-opera [2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control [3]: https://engineering.mixmax.com/blog/chrome-back-button-cache-no-store/ [4]: https://portswigger.net/kb/issues/00700100_cacheable-https-response
2021-06-12 03:58:14 -04:00
* New `ActionController::ConditionalGet#no_store` method to set HTTP cache control `no-store` directive.
*Tadas Sasnauskas*
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
* Drop support for the `SERVER_ADDR` header.
Drop support for the `SERVER_ADDR` header Following up https://github.com/rails/rails/pull/42349 and https://github.com/rack/rack/pull/1573 the `SERVER_ADDR` header can be dropped, considering that it's not required by the CGI spec.
2021-06-02 01:18:01 -04:00
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
Following up https://github.com/rack/rack/pull/1573 and https://github.com/rails/rails/pull/42349.
Drop support for the `SERVER_ADDR` header Following up https://github.com/rails/rails/pull/42349 and https://github.com/rack/rack/pull/1573 the `SERVER_ADDR` header can be dropped, considering that it's not required by the CGI spec.
2021-06-02 01:18:01 -04:00
*Ricardo Díaz*
Set session options when initializing a basic session
2021-05-12 17:17:06 -04:00
* Set session options when initializing a basic session.
*Gannon McGibbon*
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
* Add `cache_control: {}` option to `fresh_when` and `stale?`.
Allow to overwrite Cache-Control header in `fresh_when` and `stale?` Add a `cache_control: {}` option to `fresh_when` and `stale?`, when given works as a shortcut to set `response.cache_control` manually. Closes #41644
2021-05-28 04:22:29 -04:00
Works as a shortcut to set `response.cache_control` with the above methods.
*Jacopo Beschi*
Explicitly fail on attempts to write into disabled sessions Until now `config.session_store :disabled` simply silently discard the session hash at the end of the request. By explictly failing on writes, it can help discovering bugs earlier. Reads are still permitted.
2021-05-15 04:50:37 -04:00
* Writing into a disabled session will now raise an error.
Previously when no session store was set, writing into the session would silently fail.
*Jean Boussier*
Add support for require-trusted-types-for and trusted-types csp headers
2021-05-02 15:31:55 -04:00
* Add support for 'require-trusted-types-for' and 'trusted-types' headers.
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
Fixes #42034.
Add support for require-trusted-types-for and trusted-types csp headers
2021-05-02 15:31:55 -04:00
*lfalcao*
chore: fix spelling in actionpack/CHANGELOG.md
2021-04-11 10:18:49 -04:00
* Remove inline styles and address basic accessibility issues on rescue templates.
Address basic accessibility issues These are super basic issues that were flagged by the axe browser extension. I tried to change as few things as possible to avoid breaking anything that might be making assumptions about the markup on this page. Generally, there is a lot more work that would need to be done on these pages to make them as friendly as possible to assistive technologies. Relevant: - https://dequeuniversity.com/rules/axe/4.1/landmark-one-main - https://dequeuniversity.com/rules/axe/4.1/color-contrast
2021-04-07 23:56:20 -04:00
*Jacob Herrington*
Allow 'private, no-store' Cache-Control header https://github.com/rails/rails/pull/39461 changed the `no-store` directive for the `Cache-Control` header to be exclusive, i.e. when setting `Cache-Control` to `private, no-store`, this is simplified to just `no-store`. `private` should typically be superfluous there, but it's not always. For instance, Fastly "does not currently respect no-store or no-cache directives" and says that "if you need to prevent caching by both Fastly and web browsers, we recommend combining the private directive with max-age=0 or no-store". https://docs.fastly.com/en/guides/configuring-caching#do-not-cache Since it's not possible to override this directive reduction behaviour, the changes in #39461 prevent Fastly users from upgrading Rails. This changes the behaviour to allow setting a 'private, no-store' header when private is specified - similar to how 'public' can be specified when 'no-cache' is, but not as a default. Fixes https://github.com/rails/rails/issues/40798
2021-03-22 19:38:04 -04:00
* Add support for 'private, no-store' Cache-Control headers.
Previously, 'no-store' was exclusive; no other directives could be specified.
*Alex Smith*
Provide context when logging unpermitted parameters Currently, the payload of the unpermitted_parameters.action_controller events emitted by StrongParameters does not provide enough information for developers to understand which controller and action received the unpermitted parameters. This PR modifies ActionController::Parameters to allow callers to specify a "context" which is included in the logging payload. *Implementation Strategy* Since the ActionController::Parameters class is only loosely coupled with controllers and can technically be used in any context, this PR expects the caller to provide logging context. Since StrongParameters is caller in Rails and has access to the request object I chose to provide a payload similar to the start_processing.action_controller event.
2021-03-31 07:24:36 -04:00
* Expand payload of `unpermitted_parameters.action_controller` instrumentation to allow subscribers to
know which controller action received unpermitted parameters.
*bbuchalter*
Add send_stream to do for dynamic streams what send_data does for static files (#41488)
2021-02-18 16:35:36 -05:00
* Add `ActionController::Live#send_stream` that makes it more convenient to send generated streams:
```ruby
send_stream(filename: "subscribers.csv") do |stream|
Add ActionController::Live::Buffer#writeln the write a line to the stream with a newline included (#41501) * Add ActionController::Live::Buffer#writeln to write a line to the stream with a newline included * Don't add newlines to strings that already have them
2021-02-20 04:02:49 -05:00
stream.writeln "email_address,updated_at"
chore: remove unneeded trailing whitespace
2021-04-11 11:44:46 -04:00
Add send_stream to do for dynamic streams what send_data does for static files (#41488)
2021-02-18 16:35:36 -05:00
@subscribers.find_each do |subscriber|
Add ActionController::Live::Buffer#writeln the write a line to the stream with a newline included (#41501) * Add ActionController::Live::Buffer#writeln to write a line to the stream with a newline included * Don't add newlines to strings that already have them
2021-02-20 04:02:49 -05:00
stream.writeln [ subscriber.email_address, subscriber.updated_at ].join(",")
Add send_stream to do for dynamic streams what send_data does for static files (#41488)
2021-02-18 16:35:36 -05:00
end
end
```
chore: remove unneeded trailing whitespace
2021-04-11 11:44:46 -04:00
Add send_stream to do for dynamic streams what send_data does for static files (#41488)
2021-02-18 16:35:36 -05:00
*DHH*
Add ActionController::Live::Buffer#writeln the write a line to the stream with a newline included (#41501) * Add ActionController::Live::Buffer#writeln to write a line to the stream with a newline included * Don't add newlines to strings that already have them
2021-02-20 04:02:49 -05:00
* Add `ActionController::Live::Buffer#writeln` to write a line to the stream with a newline included.
*DHH*
`ActionDispatch::Request#content_type` now returned Content-Type header as it is
2021-01-26 18:41:38 -05:00
* `ActionDispatch::Request#content_type` now returned Content-Type header as it is.
Previously, `ActionDispatch::Request#content_type` returned value does NOT contain charset part.
This behavior changed to returned Content-Type header containing charset part as it is.
If you want just MIME type, please use `ActionDispatch::Request#media_type` instead.
Before:
```ruby
request = ActionDispatch::Request.new("CONTENT_TYPE" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET")
request.content_type #=> "text/csv"
```
After:
```ruby
request = ActionDispatch::Request.new("Content-Type" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET")
request.content_type #=> "text/csv; header=present; charset=utf-16"
request.media_type #=> "text/csv"
```
*Rafael Mendonça França*
Change Request#media_type to return nil When the request don't have a Content-Type header we were returning an empty string instead of nil like Rack does.
2021-01-26 18:24:27 -05:00
* Change `ActionDispatch::Request#media_type` to return `nil` when the request don't have a `Content-Type` header.
*Rafael Mendonça França*
Get rid of the cumbersome fallback_location keyword argument for redirect_back (#40671)
2020-11-24 04:17:11 -05:00
Handle throwing in controller action in log subscriber When throw was used in a controller action, and there is matching catch around the request in a Rack middleware, then :exception won't be present in the event payload. This is because ActiveSupport::Notifications::Instrumenter.instrument sets :exception in a rescue handler, but rescue is never called in a throw/catch scenario: catch(:halt) do begin throw :halt rescue Exception => e puts "rescue" # never reached ensure puts "ensure" end end Missing :exception was actually handled prior to Rails 6.1.0, but an optimization updated the code to assume this was present. So this can be considered a regression fix.
2021-01-23 17:48:25 -05:00
* Fix error in `ActionController::LogSubscriber` that would happen when throwing inside a controller action.
*Janko Marohnić*
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
* Allow anything with `#to_str` (like `Addressable::URI`) as a `redirect_to` location.
Allow passing anything with `#to_str` into `redirect_to`
2021-02-08 08:53:16 -05:00
*ojab*
change request method to a `GET` when passing failed requests to `config.exceptions_app` Similar to #38998 (fixed in #40246), HTTP method validation occurring whenever methods are called on `ActionDispatch::Request` can cause some weird unintended consequences. For example, if `config.exceptions_app = self.routes`, you get an exception raised via the `ActionDispatch::ShowExceptions` middleware failsafe: ``` Started TEST "/" for 127.0.0.1 at 2020-11-05 15:40:31 -0500 (1.0ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH excluded from capture: DSN not set ActionController::UnknownHttpMethod (TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH): actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:431:in `check_method' actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:143:in `request_method' rack (2.2.3) lib/rack/request.rb:187:in `head?' actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:113:in `find_routes' actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:32:in `serve' actionpack (6.0.3.4) lib/action_dispatch/routing/route_set.rb:834:in `call' Error during failsafe response: TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:431:in `check_method' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:143:in `request_method' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/request.rb:187:in `head?' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:113:in `find_routes' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:32:in `serve' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/routing/route_set.rb:834:in `call' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:50:in `render_exception' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:36:in `rescue in call' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call' # ... ``` Now, to prevent the redundant exception, we overwrite `request_method` before passing `env` down to `config.exceptions_app`. `action_dispatch.original_request_method` is set to keep the original request method available for inspection.
2020-12-16 20:48:09 -05:00
* Change the request method to a `GET` when passing failed requests down to `config.exceptions_app`.
*Alex Robbin*
Deprecate assigning single `trusted_proxies` value Fixes #40772 The `RemoteIp` middleware currently behaves inconsistently depending on whether `config.action_dispatch.trusted_proxies` is configured with a single value or an enumerable. - Deprecate ability to assign a single value to `trusted_proxies` in `RemoteIp` middleware - Add an explicit test for the setting overriding the default list of trusted proxies
2020-12-10 12:42:52 -05:00
* Deprecate the ability to assign a single value to `config.action_dispatch.trusted_proxies`
as `RemoteIp` middleware behaves inconsistently depending on whether this is configured
with a single value or an enumerable.
Fixup CHANGELOGs [ci skip]
2021-07-20 21:08:08 -04:00
Fixes #40772.
Deprecate assigning single `trusted_proxies` value Fixes #40772 The `RemoteIp` middleware currently behaves inconsistently depending on whether `config.action_dispatch.trusted_proxies` is configured with a single value or an enumerable. - Deprecate ability to assign a single value to `trusted_proxies` in `RemoteIp` middleware - Add an explicit test for the setting overriding the default list of trusted proxies
2020-12-10 12:42:52 -05:00
*Christian Sutter*
Fix CHANGELOG reference to old method name
2020-11-24 05:00:56 -05:00
* Add `redirect_back_or_to(fallback_location, **)` as a more aesthetically pleasing version of `redirect_back fallback_location:, **`.
Get rid of the cumbersome fallback_location keyword argument for redirect_back (#40671)
2020-11-24 04:17:11 -05:00
The old method name is retained without explicit deprecation.
Make system tests take failed screenshots in `before_teardown` hook Previously we were calling the `take_failed_screenshot` method in an `after_teardown` hook. However, this means that other teardown hooks have to be executed before we take the screenshot. Since there can be dynamic updates to the page after the assertion fails and before we take a screenshot, it seems desirable to minimize that gap as much as possible. Taking the screenshot in a `before_teardown` rather than an `after_teardown` helps with that, and has a side benefit of allowing us to remove the nested `ensure` commented on here: https://github.com/rails/rails/pull/34411#discussion_r232819478
2019-04-20 22:09:50 -04:00
Start Rails 6.2 development :tada:
2020-12-02 18:37:26 -05:00
*DHH*
Make system tests take failed screenshots in `before_teardown` hook Previously we were calling the `take_failed_screenshot` method in an `after_teardown` hook. However, this means that other teardown hooks have to be executed before we take the screenshot. Since there can be dynamic updates to the page after the assertion fails and before we take a screenshot, it seems desirable to minimize that gap as much as possible. Taking the screenshot in a `before_teardown` rather than an `after_teardown` helps with that, and has a side benefit of allowing us to remove the nested `ensure` commented on here: https://github.com/rails/rails/pull/34411#discussion_r232819478
2019-04-20 22:09:50 -04:00
Unify to use 4 spaces indentation in CHANGELOGs [ci skip] Especially, somehow `CHANGELOG.md` in actiontext and activestorage in master branch had used 3 spaces indentation.
2019-06-04 16:47:33 -04:00
Start Rails 6.2 development :tada:
2020-12-02 18:37:26 -05:00
Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actionpack/CHANGELOG.md) for previous changes.
Copy permalink