2013-12-23 16:55:03 -05:00
|
|
|
|
* `ActionController::Parameters#permit!` permits hashes in array values.
|
|
|
|
|
|
|
|
|
|
*Xavier Noria*
|
|
|
|
|
|
2013-12-20 19:11:47 -05:00
|
|
|
|
* Converts hashes in arrays of unfiltered params to unpermitted params.
|
|
|
|
|
|
|
|
|
|
Fixes #13382
|
|
|
|
|
|
|
|
|
|
*Xavier Noria*
|
|
|
|
|
|
2013-12-20 01:39:17 -05:00
|
|
|
|
* New config option to opt out of params "deep munging" that was used to
|
|
|
|
|
address security vulnerability CVE-2013-0155. In your app config:
|
2013-12-05 06:08:34 -05:00
|
|
|
|
|
|
|
|
|
config.action_dispatch.perform_deep_munge = false
|
|
|
|
|
|
2013-12-20 01:39:17 -05:00
|
|
|
|
Take care to understand the security risk involved before disabling this.
|
|
|
|
|
[Read more.](https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI)
|
2013-12-05 06:08:34 -05:00
|
|
|
|
|
|
|
|
|
*Bernard Potocki*
|
|
|
|
|
|
2013-12-06 11:32:25 -05:00
|
|
|
|
* `rake routes` shows routes defined under assets prefix.
|
|
|
|
|
|
|
|
|
|
*Ryunosuke SATO*
|
|
|
|
|
|
2013-12-12 22:41:14 -05:00
|
|
|
|
* Extend cross-site request forgery (CSRF) protection to GET requests with
|
|
|
|
|
JavaScript responses, protecting apps from cross-origin `<script>` tags.
|
|
|
|
|
|
|
|
|
|
*Jeremy Kemper*
|
|
|
|
|
|
2013-12-12 05:33:46 -05:00
|
|
|
|
* Fix generating a path for engine inside a resources block.
|
|
|
|
|
|
|
|
|
|
Fixes #8533.
|
2013-10-30 07:05:13 -04:00
|
|
|
|
|
|
|
|
|
*Piotr Sarnacki*
|
|
|
|
|
|
2013-12-12 05:33:46 -05:00
|
|
|
|
* Add `Mime::Type.register "text/vcard", :vcf` to the default list of mime types.
|
2013-12-05 18:48:32 -05:00
|
|
|
|
|
|
|
|
|
*DHH*
|
|
|
|
|
|
2013-12-05 05:40:24 -05:00
|
|
|
|
* Remove deprecated `ActionController::RecordIdentifier`, use
|
|
|
|
|
`ActionView::RecordIdentifier` instead.
|
|
|
|
|
|
|
|
|
|
*kennyj*
|
|
|
|
|
|
2013-12-03 22:48:21 -05:00
|
|
|
|
* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
|
|
|
|
|
`options[:raise]`.
|
|
|
|
|
|
|
|
|
|
This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
|
|
|
|
|
|
|
|
|
|
*Shota Fukumori (sora_h)*
|
|
|
|
|
|
2013-12-03 05:17:01 -05:00
|
|
|
|
* Introducing Variants
|
|
|
|
|
|
|
|
|
|
We often want to render different html/json/xml templates for phones,
|
|
|
|
|
tablets, and desktop browsers. Variants make it easy.
|
|
|
|
|
|
2013-12-04 14:48:32 -05:00
|
|
|
|
The request variant is a specialization of the request format, like `:tablet`,
|
|
|
|
|
`:phone`, or `:desktop`.
|
2013-12-03 05:17:01 -05:00
|
|
|
|
|
2013-12-12 05:33:46 -05:00
|
|
|
|
You can set the variant in a `before_action`:
|
2013-12-03 05:17:01 -05:00
|
|
|
|
|
|
|
|
|
request.variant = :tablet if request.user_agent =~ /iPad/
|
|
|
|
|
|
|
|
|
|
Respond to variants in the action just like you respond to formats:
|
|
|
|
|
|
|
|
|
|
respond_to do |format|
|
|
|
|
|
format.html do |html|
|
|
|
|
|
html.tablet # renders app/views/projects/show.html+tablet.erb
|
|
|
|
|
html.phone { extra_setup; render ... }
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
Provide separate templates for each format and variant:
|
|
|
|
|
|
|
|
|
|
app/views/projects/show.html.erb
|
|
|
|
|
app/views/projects/show.html+tablet.erb
|
|
|
|
|
app/views/projects/show.html+phone.erb
|
|
|
|
|
|
2013-12-12 05:02:06 -05:00
|
|
|
|
You can also simplify the variants definition using the inline syntax:
|
|
|
|
|
|
|
|
|
|
respond_to do |format|
|
|
|
|
|
format.js { render "trash" }
|
|
|
|
|
format.html.phone { redirect_to progress_path }
|
|
|
|
|
format.html.none { render "trash" }
|
|
|
|
|
end
|
|
|
|
|
|
2013-12-03 05:17:01 -05:00
|
|
|
|
*Łukasz Strzałkowski*
|
|
|
|
|
|
2013-12-19 13:30:48 -05:00
|
|
|
|
* Fix render of localized templates without an explicit format using wrong
|
|
|
|
|
content header and not passing correct formats to template due to the
|
|
|
|
|
introduction of the `NullType` for mimes.
|
2013-11-29 06:26:12 -05:00
|
|
|
|
|
2013-12-19 13:30:48 -05:00
|
|
|
|
Templates like `hello.it.erb` were subject to this issue.
|
2013-11-29 06:26:12 -05:00
|
|
|
|
|
2013-12-03 11:38:12 -05:00
|
|
|
|
Fixes #13064.
|
|
|
|
|
|
2013-12-19 13:30:48 -05:00
|
|
|
|
*Angelo Capilleri*, *Carlos Antonio da Silva*
|
2013-11-29 06:26:12 -05:00
|
|
|
|
|
2013-12-02 00:03:37 -05:00
|
|
|
|
* Try to escape each part of a url correctly when using a redirect route.
|
|
|
|
|
|
|
|
|
|
Fixes #13110.
|
|
|
|
|
|
|
|
|
|
*Andrew White*
|
|
|
|
|
|
2013-11-24 22:46:58 -05:00
|
|
|
|
* Better error message for typos in assert_response argument.
|
|
|
|
|
|
|
|
|
|
When the response type argument to `assert_response` is not a known
|
|
|
|
|
response type, `assert_response` now throws an ArgumentError with a clear
|
|
|
|
|
message. This is intended to help debug typos in the response type.
|
|
|
|
|
|
|
|
|
|
*Victor Costan*
|
|
|
|
|
|
2013-11-21 12:10:38 -05:00
|
|
|
|
* Fix formatting for `rake routes` when a section is shorter than a header.
|
2013-11-20 18:52:09 -05:00
|
|
|
|
|
|
|
|
|
*Sıtkı Bağdat*
|
2013-11-21 12:10:38 -05:00
|
|
|
|
|
2013-11-22 05:30:03 -05:00
|
|
|
|
* Take a hash with options inside array in `#url_for`.
|
2013-11-12 15:18:36 -05:00
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
|
|
url_for [:new, :admin, :post, { param: 'value' }]
|
2013-11-15 08:22:49 -05:00
|
|
|
|
# => http://example.com/admin/posts/new?param=value
|
2013-11-12 15:18:36 -05:00
|
|
|
|
|
|
|
|
|
*Andrey Ognevsky*
|
|
|
|
|
|
2013-10-29 12:00:45 -04:00
|
|
|
|
* Add `session#fetch` method
|
|
|
|
|
|
2013-12-12 05:33:46 -05:00
|
|
|
|
fetch behaves like [Hash#fetch](http://www.ruby-doc.org/core-1.9.3/Hash.html#method-i-fetch).
|
2013-10-29 12:00:45 -04:00
|
|
|
|
It returns a value from the hash for the given key.
|
|
|
|
|
If the key can’t be found, there are several options:
|
|
|
|
|
|
|
|
|
|
* With no other arguments, it will raise an KeyError exception.
|
|
|
|
|
* If a default value is given, then that will be returned.
|
|
|
|
|
* If the optional code block is specified, then that will be run and its result returned.
|
|
|
|
|
|
|
|
|
|
*Damien Mathieu*
|
|
|
|
|
|
2013-10-27 11:01:03 -04:00
|
|
|
|
* Don't let strong parameters mutate the given hash via `fetch`
|
|
|
|
|
|
|
|
|
|
Create a new instance if the given parameter is a `Hash` instead of
|
|
|
|
|
passing it to the `convert_hashes_to_parameters` method since it is
|
|
|
|
|
overriding its default value.
|
|
|
|
|
|
|
|
|
|
*Brendon Murphy*, *Doug Cole*
|
|
|
|
|
|
2013-05-05 07:32:00 -04:00
|
|
|
|
* Add `params` option to `button_to` form helper, which renders the given hash
|
|
|
|
|
as hidden form fields.
|
|
|
|
|
|
|
|
|
|
*Andy Waite*
|
|
|
|
|
|
2013-10-24 12:43:07 -04:00
|
|
|
|
* Make assets helpers work in the controllers like it works in the views.
|
2013-10-24 03:46:57 -04:00
|
|
|
|
|
|
|
|
|
Example:
|
2013-10-24 12:43:07 -04:00
|
|
|
|
|
2013-10-24 03:46:57 -04:00
|
|
|
|
# config/application.rb
|
|
|
|
|
config.asset_host = 'http://mycdn.com'
|
2013-10-24 12:43:07 -04:00
|
|
|
|
|
2013-10-24 03:46:57 -04:00
|
|
|
|
ActionController::Base.helpers.asset_path('fallback.png')
|
|
|
|
|
# => http://mycdn.com/assets/fallback.png
|
2013-10-24 12:43:07 -04:00
|
|
|
|
|
|
|
|
|
Fixes #10051.
|
|
|
|
|
|
2013-10-24 03:46:57 -04:00
|
|
|
|
*Tima Maslyuchenko*
|
2013-10-24 12:43:07 -04:00
|
|
|
|
|
2013-10-10 08:01:03 -04:00
|
|
|
|
* Respect `SCRIPT_NAME` when using `redirect` with a relative path
|
|
|
|
|
|
|
|
|
|
Example:
|
2013-10-24 12:43:07 -04:00
|
|
|
|
|
2013-10-10 08:01:03 -04:00
|
|
|
|
# application routes.rb
|
|
|
|
|
mount BlogEngine => '/blog'
|
|
|
|
|
|
|
|
|
|
# engine routes.rb
|
|
|
|
|
get '/admin' => redirect('admin/dashboard')
|
|
|
|
|
|
|
|
|
|
This now redirects to the path `/blog/admin/dashboard`, whereas before it would've
|
|
|
|
|
generated an invalid url because there would be no slash between the host name and
|
|
|
|
|
the path. It also allows redirects to work where the application is deployed to a
|
|
|
|
|
subdirectory of a website.
|
|
|
|
|
|
2013-10-24 12:43:07 -04:00
|
|
|
|
Fixes #7977.
|
2013-10-10 08:01:03 -04:00
|
|
|
|
|
|
|
|
|
*Andrew White*
|
|
|
|
|
|
2013-08-30 05:53:03 -04:00
|
|
|
|
* Fixing repond_with working directly on the options hash
|
|
|
|
|
This fixes an issue where the respond_with worked directly with the given
|
|
|
|
|
options hash, so that if a user relied on it after calling respond_with,
|
|
|
|
|
the hash wouldn't be the same.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #12029.
|
2013-08-30 05:53:03 -04:00
|
|
|
|
|
|
|
|
|
*bluehotdog*
|
|
|
|
|
|
2013-09-30 07:51:37 -04:00
|
|
|
|
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
|
|
|
|
|
attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #10844.
|
2013-09-30 07:51:37 -04:00
|
|
|
|
|
|
|
|
|
*Tamir Duberstein*
|
|
|
|
|
|
2013-09-22 10:57:21 -04:00
|
|
|
|
* Strong parameters should permit nested number as key.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #12293.
|
2013-09-22 10:57:21 -04:00
|
|
|
|
|
|
|
|
|
*kennyj*
|
|
|
|
|
|
2013-09-19 09:17:15 -04:00
|
|
|
|
* Fix regex used to detect URI schemes in `redirect_to` to be consistent with
|
|
|
|
|
RFC 3986.
|
|
|
|
|
|
|
|
|
|
*Derek Prior*
|
|
|
|
|
|
2013-04-26 14:30:29 -04:00
|
|
|
|
* Fix incorrect `assert_redirected_to` failure message for protocol-relative
|
|
|
|
|
URLs.
|
|
|
|
|
|
|
|
|
|
*Derek Prior*
|
|
|
|
|
|
2013-09-18 13:40:03 -04:00
|
|
|
|
* Fix an issue where router can't recognize downcased url encoding path.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #12269.
|
2013-09-18 13:40:03 -04:00
|
|
|
|
|
|
|
|
|
*kennyj*
|
|
|
|
|
|
2013-09-13 09:03:38 -04:00
|
|
|
|
* Fix custom flash type definition. Misusage of the `_flash_types` class variable
|
|
|
|
|
caused an error when reloading controllers with custom flash types.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #12057.
|
2013-09-13 09:03:38 -04:00
|
|
|
|
|
|
|
|
|
*Ricardo de Cillo*
|
|
|
|
|
|
2013-09-12 18:22:06 -04:00
|
|
|
|
* Do not break params filtering on `nil` values.
|
|
|
|
|
|
|
|
|
|
Fixes #12149.
|
|
|
|
|
|
|
|
|
|
*Vasiliy Ermolovich*
|
|
|
|
|
|
2013-08-21 08:42:04 -04:00
|
|
|
|
* Development mode exceptions are rendered in text format in case of XHR request.
|
|
|
|
|
|
|
|
|
|
*Kir Shatrov*
|
|
|
|
|
|
2013-08-07 15:43:22 -04:00
|
|
|
|
* Fix an issue where :if and :unless controller action procs were being run
|
|
|
|
|
before checking for the correct action in the :only and :unless options.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #11799.
|
2013-08-07 15:43:22 -04:00
|
|
|
|
|
|
|
|
|
*Nicholas Jakobsen*
|
|
|
|
|
|
2013-08-04 08:53:22 -04:00
|
|
|
|
* Fix an issue where `assert_dom_equal` and `assert_dom_not_equal` were
|
|
|
|
|
ignoring the passed failure message argument.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #11751.
|
2013-08-04 08:53:22 -04:00
|
|
|
|
|
|
|
|
|
*Ryan McGeary*
|
|
|
|
|
|
2013-07-25 02:46:54 -04:00
|
|
|
|
* Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
|
|
|
|
|
the environment passed into `ActionDispatch::TestRequest.new`.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #11590.
|
2013-07-25 02:46:54 -04:00
|
|
|
|
|
|
|
|
|
*Andrew White*
|
|
|
|
|
|
2013-07-21 12:10:34 -04:00
|
|
|
|
* Fix an issue where Journey was failing to clear the named routes hash when the
|
|
|
|
|
routes were reloaded and since it doesn't overwrite existing routes then if a
|
|
|
|
|
route changed but wasn't renamed it kept the old definition. This was being
|
|
|
|
|
masked by the optimised url helpers so it only became apparent when passing an
|
|
|
|
|
options hash to the url helper.
|
|
|
|
|
|
|
|
|
|
*Andrew White*
|
|
|
|
|
|
2013-07-16 08:27:22 -04:00
|
|
|
|
* Skip routes pointing to a redirect or mounted application when generating urls
|
|
|
|
|
using an options hash as they aren't relevant and generate incorrect urls.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #8018.
|
2013-07-16 08:27:22 -04:00
|
|
|
|
|
|
|
|
|
*Andrew White*
|
|
|
|
|
|
2013-07-12 03:37:15 -04:00
|
|
|
|
* Move `MissingHelperError` out of the `ClassMethods` module.
|
|
|
|
|
|
|
|
|
|
*Yves Senn*
|
|
|
|
|
|
2013-05-16 09:37:19 -04:00
|
|
|
|
* Fix an issue where rails raise exception about missing helper where it
|
|
|
|
|
should throw `LoadError`. When helper file exists and only loaded file from
|
|
|
|
|
this helper does not exist rails should throw LoadError instead of
|
|
|
|
|
`MissingHelperError`.
|
|
|
|
|
|
|
|
|
|
*Piotr Niełacny*
|
|
|
|
|
|
2013-07-07 18:32:22 -04:00
|
|
|
|
* Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind body input stream on
|
|
|
|
|
parsing json params.
|
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #11345.
|
2013-07-07 18:32:22 -04:00
|
|
|
|
|
|
|
|
|
*Yuri Bol*, *Paul Nikitochkin*
|
|
|
|
|
|
2013-06-26 16:59:16 -04:00
|
|
|
|
* Ignore spaces around delimiter in Set-Cookie header.
|
|
|
|
|
|
|
|
|
|
*Yamagishi Kazutoshi*
|
|
|
|
|
|
2013-07-02 21:59:59 -04:00
|
|
|
|
* Remove deprecated Rails application fallback for integration testing, set
|
|
|
|
|
`ActionDispatch.test_app` instead.
|
|
|
|
|
|
|
|
|
|
*Carlos Antonio da Silva*
|
|
|
|
|
|
2013-07-01 23:09:11 -04:00
|
|
|
|
* Remove deprecated `page_cache_extension` config.
|
|
|
|
|
|
|
|
|
|
*Francesco Rodriguez*
|
|
|
|
|
|
2013-07-01 21:19:32 -04:00
|
|
|
|
* Remove deprecated constants from Action Controller:
|
|
|
|
|
|
|
|
|
|
ActionController::AbstractRequest => ActionDispatch::Request
|
|
|
|
|
ActionController::Request => ActionDispatch::Request
|
|
|
|
|
ActionController::AbstractResponse => ActionDispatch::Response
|
|
|
|
|
ActionController::Response => ActionDispatch::Response
|
|
|
|
|
ActionController::Routing => ActionDispatch::Routing
|
|
|
|
|
ActionController::Integration => ActionDispatch::Integration
|
|
|
|
|
ActionController::IntegrationTest => ActionDispatch::IntegrationTest
|
|
|
|
|
|
|
|
|
|
*Carlos Antonio da Silva*
|
|
|
|
|
|
2013-06-25 18:34:20 -04:00
|
|
|
|
* Fix `Mime::Type.parse` when bad accepts header is looked up. Previously it
|
|
|
|
|
was setting `request.formats` with an array containing a `nil` value, which
|
|
|
|
|
raised an error when setting the controller formats.
|
2013-06-18 17:22:30 -04:00
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #10965.
|
2013-06-16 10:39:03 -04:00
|
|
|
|
|
2013-06-25 18:34:20 -04:00
|
|
|
|
*Becker*
|
2013-06-16 10:39:03 -04:00
|
|
|
|
|
2013-06-25 01:04:26 -04:00
|
|
|
|
* Merge `:action` from routing scope and assign endpoint if both `:controller`
|
|
|
|
|
and `:action` are present. The endpoint assignment only occurs if there is
|
|
|
|
|
no `:to` present in the options hash so should only affect routes using the
|
2013-06-25 06:25:03 -04:00
|
|
|
|
shorthand syntax (i.e. endpoint is inferred from the path).
|
2013-06-25 01:04:26 -04:00
|
|
|
|
|
2013-10-09 05:49:12 -04:00
|
|
|
|
Fixes #9856.
|
2013-06-25 01:04:26 -04:00
|
|
|
|
|
|
|
|
|
*Yves Senn*, *Andrew White*
|
|
|
|
|
|
2013-11-28 11:21:18 -05:00
|
|
|
|
* Action View extracted from Action Pack.
|
2013-06-16 20:37:23 -04:00
|
|
|
|
|
2013-06-20 13:06:52 -04:00
|
|
|
|
*Piotr Sarnacki*, *Łukasz Strzałkowski*
|
2013-04-18 12:11:12 -04:00
|
|
|
|
|
2013-11-21 12:10:38 -05:00
|
|
|
|
* Fix removing trailing slash for mounted apps.
|
|
|
|
|
|
|
|
|
|
Fixes #3215.
|
2013-06-21 02:51:28 -04:00
|
|
|
|
|
|
|
|
|
*Piotr Sarnacki*
|
|
|
|
|
|
2013-04-29 12:06:45 -04:00
|
|
|
|
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/actionpack/CHANGELOG.md) for previous changes.
|