rails--rails/actionpack/CHANGELOG.md

*   Include the content of the flash in the auto-generated etag. This solves the following problem:

      1. POST /messages
      2. redirect_to messages_url, notice: 'Message was created'
      3. GET /messages/1
      4. GET /messages
      
      Step 4 would before still include the flash message, even though it's no longer relevant,
      because the etag cache was recorded with the flash in place and didn't change when it was gone.

    *DHH*

*   SSL: Changes redirect behavior for all non-GET and non-HEAD requests
    (like POST/PUT/PATCH etc) to `http://` resources to redirect to `https://`
    with a [307 status code](http://tools.ietf.org/html/rfc7231#section-6.4.7) instead of [301 status code](http://tools.ietf.org/html/rfc7231#section-6.4.2).

    307 status code instructs the HTTP clients to preserve the original
    request method while redirecting. It has been part of HTTP RFC since
    1999 and is implemented/recognized by most (if not all) user agents.

        # Before
        POST http://example.com/articles (i.e. ArticlesContoller#create)
        redirects to
        GET https://example.com/articles (i.e. ArticlesContoller#index)

        # After
        POST http://example.com/articles (i.e. ArticlesContoller#create)
        redirects to
        POST https://example.com/articles (i.e. ArticlesContoller#create)

   *Chirag Singhal*

*   Add `:as` option to `ActionController:TestCase#process` and related methods.

    Specifying `as: mime_type` allows the `CONTENT_TYPE` header to be specified
    in controller tests without manually doing this through `@request.headers['CONTENT_TYPE']`.

    *Everest Stefan Munro-Zeisberger*

*   Show cache hits and misses when rendering partials.

    Partials using the `cache` helper will show whether a render hit or missed
    the cache:

    ```
    Rendered messages/_message.html.erb in 1.2 ms [cache hit]
    Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]
    ```

    This removes the need for the old fragment cache logging:

    ```
    Read fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/d0bdf2974e1ef6d31685c3b392ad0b74 (0.6ms)
    Rendered messages/_message.html.erb in 1.2 ms [cache hit]
    Write fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/3b4e249ac9d168c617e32e84b99218b5 (1.1ms)
    Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]
    ```

    Though that full output can be reenabled with
    `config.action_controller.enable_fragment_cache_logging = true`.

    *Stan Lo*

*   Don't override the `Accept` header in integration tests when called with `xhr: true`.

    Fixes #25859.

    *David Chen*

*   Fix `defaults` option for root route.

    A regression from some refactoring for the 5.0 release, this change
    fixes the use of `defaults` (default parameters) in the `root` routing method.

    *Chris Arcand*

*   Check `request.path_parameters` encoding at the point they're set.

    Check for any non-UTF8 characters in path parameters at the point they're
    set in `env`. Previously they were checked for when used to get a controller
    class, but this meant routes that went directly to a Rack app, or skipped
    controller instantiation for some other reason, had to defend against
    non-UTF8 characters themselves.

    *Grey Baker*

*   Don't raise `ActionController::UnknownHttpMethod` from `ActionDispatch::Static`.

    Pass `Rack::Request` objects to `ActionDispatch::FileHandler` to avoid it
    raising `ActionController::UnknownHttpMethod`. If an unknown method is
    passed, it should pass exception higher in the stack instead, once we've had a
    chance to define exception handling behaviour.

    *Grey Baker*

*   Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`.

    Updated `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespace
    for `ParameterTypeError` and `InvalidParameterError` errors.

    *Grey Baker*

Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/actionpack/CHANGELOG.md) for previous changes.
Include the content of the flash in the auto-generated etag (#26250) Include the content of the flash in the auto-generated etag 2016-08-22 16:34:35 -04:00			`* Include the content of the flash in the auto-generated etag. This solves the following problem:`

			`1. POST /messages`
			`2. redirect_to messages_url, notice: 'Message was created'`
			`3. GET /messages/1`
			`4. GET /messages`

			`Step 4 would before still include the flash message, even though it's no longer relevant,`
			`because the etag cache was recorded with the flash in place and didn't change when it was gone.`

			`DHH`

Return 307 status instead of 301 when rerouting POST requests to SSL When `config.force_ssl` is set to `true`, any POST/PUT/DELETE requests coming in to non-secure url are being redirected with a 301 status. However, when that happens, the request is converted to a GET request and ends up hitting a different action on the controller. Since we can not do non-GET redirects, we can instead redirect with a 307 status code instead to indicate to the caller that a fresh request should be tried preserving the original request method. `rack-ssl` gem which was used to achieve this before we had this middleware directly baked into Rails also used to do the same, ref: https://github.com/josh/rack-ssl/blob/master/lib/rack/ssl.rb#L54 This would be specially important for any apps switching from older version of Rails or apps which expose an API through Rails. 2016-02-28 05:26:12 -05:00			`* SSL: Changes redirect behavior for all non-GET and non-HEAD requests`
			(like POST/PUT/PATCH etc) to `http://` resources to redirect to `https://`
			`with a [307 status code](http://tools.ietf.org/html/rfc7231#section-6.4.7) instead of [301 status code](http://tools.ietf.org/html/rfc7231#section-6.4.2).`

			`307 status code instructs the HTTP clients to preserve the original`
			`request method while redirecting. It has been part of HTTP RFC since`
			`1999 and is implemented/recognized by most (if not all) user agents.`

			`# Before`
			`POST http://example.com/articles (i.e. ArticlesContoller#create)`
			`redirects to`
			`GET https://example.com/articles (i.e. ArticlesContoller#index)`

			`# After`
			`POST http://example.com/articles (i.e. ArticlesContoller#create)`
			`redirects to`
			`POST https://example.com/articles (i.e. ArticlesContoller#create)`

			`Chirag Singhal`

Set the request type if as: is specified Documentation & testing 2016-08-18 14:00:38 -04:00			* Add `:as` option to `ActionController:TestCase#process` and related methods.
Copy edits in the documentation [ci skip] 2016-08-19 00:48:56 -04:00
			Specifying `as: mime_type` allows the `CONTENT_TYPE` header to be specified
			in controller tests without manually doing this through `@request.headers['CONTENT_TYPE']`.

			`Everest Stefan Munro-Zeisberger`
Set the request type if as: is specified Documentation & testing 2016-08-18 14:00:38 -04:00
Add changelog entry to Action Pack as well. The entry was a result of a combination of changes in Action View and Action Controller. 2016-08-07 13:15:11 -04:00			`* Show cache hits and misses when rendering partials.`

			Partials using the `cache` helper will show whether a render hit or missed
			`the cache:`

			```
			`Rendered messages/_message.html.erb in 1.2 ms [cache hit]`
			`Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]`
			```

			`This removes the need for the old fragment cache logging:`

			```
			`Read fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/d0bdf2974e1ef6d31685c3b392ad0b74 (0.6ms)`
			`Rendered messages/_message.html.erb in 1.2 ms [cache hit]`
			`Write fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/3b4e249ac9d168c617e32e84b99218b5 (1.1ms)`
			`Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]`
			```

			`Though that full output can be reenabled with`
			`config.action_controller.enable_fragment_cache_logging = true`.

			`Stan Lo`

Fix Accept header overridden when "xhr: true" in integration test In integration test when specify the "Accept" header with "xhr: true" option, the Accept header is overridden with a default xhr Accept header. The issue only affects HTTP header "Accept" but not CGI variable "HTTP_ACCEPT". For example: get '/page', headers: { 'Accept' => 'application/json' }, xhr: true # This is WRONG! And the response.content_type is also affected. # It should be "application/json" assert_equal "text/javascript, text/html, ...", request.accept assert_equal 'text/html', response.content_type The issue is in `ActionDispatch::Integration::RequestHelpers`. When setting "xhr: true" the helper sets a default HTTP_ACCEPT if blank. But the code doesn't consider supporting both HTTP header style and CGI variable style. For detail see this GitHub issue: https://github.com/rails/rails/issues/25859 2016-07-31 03:05:08 -04:00			* Don't override the `Accept` header in integration tests when called with `xhr: true`.

			`Fixes #25859.`

			`David Chen`

Pass over changelogs [ci skip] 2016-08-10 00:02:22 -04:00			* Fix `defaults` option for root route.
Update changelog 2016-07-21 17:10:42 -04:00
			`A regression from some refactoring for the 5.0 release, this change`
Pass over changelogs [ci skip] 2016-08-10 00:02:22 -04:00			fixes the use of `defaults` (default parameters) in the `root` routing method.
Update changelog 2016-07-21 17:10:42 -04:00
			`Chris Arcand`

CHANGELOG for https://github.com/rails/rails/pull/25257 [ci skip] - Also minor weekly CHANGELOG cleanup. 2016-07-10 12:43:12 -04:00			* Check `request.path_parameters` encoding at the point they're set.
Check `request.path_parameters` encoding at the point they're set Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves. 2016-07-13 13:44:04 -04:00
			`Check for any non-UTF8 characters in path parameters at the point they're`
			set in `env`. Previously they were checked for when used to get a controller
			`class, but this meant routes that went directly to a Rack app, or skipped`
			`controller instantiation for some other reason, had to defend against`
			`non-UTF8 characters themselves.`

			`Grey Baker`

Pass over changelogs [ci skip] 2016-08-10 00:02:22 -04:00			* Don't raise `ActionController::UnknownHttpMethod` from `ActionDispatch::Static`.
Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static The `ActionDispatch::Static` middleware is used low down in the stack to serve static assets before doing much processing. Since it's called from so low in the stack, we don't have access to the request ID at this point, and generally won't have any exception handling defined (by default `ShowExceptions` is added to the stack quite a bit higher and relies on logging and request ID). Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3 this middleware would ignore unknown HTTP methods, and an exception about these would be raised higher in the stack. After that commit, however, that exception will be raised here. If we want to keep `ActionDispatch::Static` so low in the stack (I think we do) we should suppress the `ActionController::UnknownHttpMethod` exception here, and instead let it be raised higher up the stack, once we've had a chance to define exception handling behaviour. This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to `ActionDispatch::FileHandler`, which won't raise an `ActionController::UnknownHttpMethod` error. If an unknown method is passed, it should exception higher in the stack instead, once we've had a chance to define exception handling behaviour.` 2016-07-12 07:34:21 -04:00
			Pass `Rack::Request` objects to `ActionDispatch::FileHandler` to avoid it
			raising `ActionController::UnknownHttpMethod`. If an unknown method is
Pass over changelogs [ci skip] 2016-08-10 00:02:22 -04:00			`passed, it should pass exception higher in the stack instead, once we've had a`
Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static The `ActionDispatch::Static` middleware is used low down in the stack to serve static assets before doing much processing. Since it's called from so low in the stack, we don't have access to the request ID at this point, and generally won't have any exception handling defined (by default `ShowExceptions` is added to the stack quite a bit higher and relies on logging and request ID). Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3 this middleware would ignore unknown HTTP methods, and an exception about these would be raised higher in the stack. After that commit, however, that exception will be raised here. If we want to keep `ActionDispatch::Static` so low in the stack (I think we do) we should suppress the `ActionController::UnknownHttpMethod` exception here, and instead let it be raised higher up the stack, once we've had a chance to define exception handling behaviour. This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to `ActionDispatch::FileHandler`, which won't raise an `ActionController::UnknownHttpMethod` error. If an unknown method is passed, it should exception higher in the stack instead, once we've had a chance to define exception handling behaviour.` 2016-07-12 07:34:21 -04:00			`chance to define exception handling behaviour.`

			`Grey Baker`

Pass over changelogs [ci skip] 2016-08-10 00:02:22 -04:00			* Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`.
Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper` Rack [recently](https://github.com/rack/rack/commit/7e7a3890449b5cf5b86929c79373506e5f1909fb) moved the namespace of its `ParameterTypeError` and `InvalidParameterError` errors. Whilst an alias for the old name was added, the logic in `ActionDispatch::ExceptionWrapper` was still broken by this change, since it relies on the class name. This PR updates `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespaced errors correctly. We no longer need to worry about the old names, since Rails specifies Rack ~> 2.0. 2016-07-12 11:41:09 -04:00
			Updated `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespace
			for `ParameterTypeError` and `InvalidParameterError` errors.

			`Grey Baker`
Preparing for 5.0.0.rc1 release 2016-05-06 17:54:40 -04:00
Start Rails 5.1 development :tada: 2016-05-10 00:07:09 -04:00			`Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/actionpack/CHANGELOG.md) for previous changes.`