2019-10-06 17:28:43 -04:00
|
|
|
* Updated `ActionDispatch::Request.remote_ip` setter to clear set the instance
|
|
|
|
`remote_ip` to `nil` before setting the header that the value is derived
|
|
|
|
from.
|
|
|
|
|
|
|
|
Fixes https://github.com/rails/rails/issues/37383
|
|
|
|
|
|
|
|
*Norm Provost*
|
|
|
|
|
2019-09-24 13:47:34 -04:00
|
|
|
* `ActionController::Base.log_at` allows setting a different log level per request.
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
# Use the debug level if a particular cookie is set.
|
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
log_at :debug, if: -> { cookies[:debug] }
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
*George Claghorn*
|
|
|
|
|
2019-06-23 22:41:30 -04:00
|
|
|
* Allow system test screen shots to be taken more than once in
|
|
|
|
a test by prefixing the file name with an incrementing counter.
|
|
|
|
|
|
|
|
Add an environment variable `RAILS_SYSTEM_TESTING_SCREENSHOT_HTML` to
|
|
|
|
enable saving of HTML during a screenshot in addition to the image.
|
|
|
|
This uses the same image name, with the extension replaced with `.html`
|
|
|
|
|
|
|
|
*Tom Fakes*
|
|
|
|
|
2019-05-08 10:28:47 -04:00
|
|
|
* Add `Vary: Accept` header when using `Accept` header for response
|
|
|
|
|
|
|
|
For some requests like `/users/1`, Rails uses requests' `Accept`
|
|
|
|
header to determine what to return. And if we don't add `Vary`
|
|
|
|
in the response header, browsers might accidentally cache different
|
|
|
|
types of content, which would cause issues: e.g. javascript got displayed
|
|
|
|
instead of html content. This PR fixes these issues by adding `Vary: Accept`
|
|
|
|
in these types of requests. For more detailed problem description, please read:
|
|
|
|
|
|
|
|
https://github.com/rails/rails/pull/36213
|
|
|
|
|
|
|
|
Fixes #25842
|
|
|
|
|
|
|
|
*Stan Lo*
|
|
|
|
|
2018-10-12 02:06:13 -04:00
|
|
|
* Fix IntegrationTest `follow_redirect!` to follow redirection using the same HTTP verb when following
|
|
|
|
a 307 redirection.
|
|
|
|
|
|
|
|
*Edouard Chin*
|
|
|
|
|
2019-07-24 22:19:21 -04:00
|
|
|
* System tests require Capybara 3.26 or newer.
|
|
|
|
|
|
|
|
*George Claghorn*
|
|
|
|
|
2018-01-04 06:27:14 -05:00
|
|
|
* Reduced log noise handling ActionController::RoutingErrors.
|
|
|
|
|
|
|
|
*Alberto Fernández-Capel*
|
|
|
|
|
2019-07-10 18:33:16 -04:00
|
|
|
* Add DSL for configuring HTTP Feature Policy
|
|
|
|
|
2019-09-23 19:33:10 -04:00
|
|
|
This new DSL provides a way to configure an HTTP Feature Policy at a
|
2019-07-10 18:33:16 -04:00
|
|
|
global or per-controller level. Full details of HTTP Feature Policy
|
|
|
|
specification and guidelines can be found at MDN:
|
|
|
|
|
|
|
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
|
|
|
|
|
|
|
|
Example global policy
|
|
|
|
|
|
|
|
```
|
|
|
|
Rails.application.config.feature_policy do |f|
|
|
|
|
f.camera :none
|
|
|
|
f.gyroscope :none
|
|
|
|
f.microphone :none
|
|
|
|
f.usb :none
|
|
|
|
f.fullscreen :self
|
2019-07-14 17:10:22 -04:00
|
|
|
f.payment :self, "https://secure.example.com"
|
2019-07-10 18:33:16 -04:00
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
Example controller level policy
|
|
|
|
|
|
|
|
```
|
|
|
|
class PagesController < ApplicationController
|
|
|
|
feature_policy do |p|
|
|
|
|
p.geolocation "https://example.com"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
*Jacob Bednarz*
|
|
|
|
|
2019-02-02 21:33:44 -05:00
|
|
|
* Add the ability to set the CSP nonce only to the specified directives.
|
|
|
|
|
|
|
|
Fixes #35137.
|
|
|
|
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
|
2019-06-04 16:47:33 -04:00
|
|
|
* Keep part when scope option has value.
|
2018-12-08 16:42:40 -05:00
|
|
|
|
|
|
|
When a route was defined within an optional scope, if that route didn't
|
|
|
|
take parameters the scope was lost when using path helpers. This commit
|
|
|
|
ensures scope is kept both when the route takes parameters or when it
|
|
|
|
doesn't.
|
|
|
|
|
2019-06-04 16:47:33 -04:00
|
|
|
Fixes #33219.
|
2018-12-08 16:42:40 -05:00
|
|
|
|
|
|
|
*Alberto Almagro*
|
|
|
|
|
2019-05-17 09:13:03 -04:00
|
|
|
* Added `deep_transform_keys` and `deep_transform_keys!` methods to ActionController::Parameters.
|
|
|
|
|
|
|
|
*Gustavo Gutierrez*
|
|
|
|
|
2019-07-28 02:53:51 -04:00
|
|
|
* Calling `ActionController::Parameters#transform_keys`/`!` without a block now returns
|
2019-05-18 17:49:32 -04:00
|
|
|
an enumerator for the parameters instead of the underlying hash.
|
|
|
|
|
|
|
|
*Eugene Kenny*
|
|
|
|
|
2019-06-04 16:47:33 -04:00
|
|
|
* Fix strong parameters blocks all attributes even when only some keys are invalid (non-numerical).
|
|
|
|
It should only block invalid key's values instead.
|
2019-04-20 22:09:50 -04:00
|
|
|
|
2017-08-01 14:02:41 -04:00
|
|
|
*Stan Lo*
|
2019-04-20 22:09:50 -04:00
|
|
|
|
2019-06-04 16:47:33 -04:00
|
|
|
|
2019-04-24 15:57:14 -04:00
|
|
|
Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md) for previous changes.
|