2015-12-18 15:58:25 -05:00
|
|
|
## Rails 5.0.0.beta1 (December 18, 2015) ##
|
|
|
|
|
2015-12-16 09:41:47 -05:00
|
|
|
* Deprecate `redirect_to :back` in favor of `redirect_back`, which accepts a
|
|
|
|
required `fallback_location` argument, thus eliminating the possibility of a
|
|
|
|
`RedirectBackError`.
|
|
|
|
|
|
|
|
*Derek Prior*
|
|
|
|
|
2015-12-15 20:17:32 -05:00
|
|
|
* Add `redirect_back` method to `ActionController::Redirecting` to provide a
|
|
|
|
way to safely redirect to the `HTTP_REFERER` if it is present, falling back
|
|
|
|
to a provided redirect otherwise.
|
|
|
|
|
|
|
|
*Derek Prior*
|
|
|
|
|
2015-12-12 13:48:52 -05:00
|
|
|
* `ActionController::TestCase` will be moved to it's own gem in Rails 5.1
|
|
|
|
|
|
|
|
With the speed improvements made to `ActionDispatch::IntegrationTest` we no
|
|
|
|
longer need to keep two separate code bases for testing controllers. In
|
|
|
|
Rails 5.1 `ActionController::TestCase` will be deprecated and moved into a
|
|
|
|
gem outside of Rails source.
|
|
|
|
|
|
|
|
This is a documentation deprecation so that going forward so new tests will use
|
|
|
|
`ActionDispatch::IntegrationTest` instead of `ActionController::TestCase`.
|
|
|
|
|
|
|
|
*Eileen M. Uchitelle*
|
|
|
|
|
2015-08-03 10:12:07 -04:00
|
|
|
* Add a `response_format` option to `ActionDispatch::DebugExceptions`
|
|
|
|
to configure the format of the response when errors occur in
|
|
|
|
development mode.
|
|
|
|
|
|
|
|
If `response_format` is `:default` the debug info will be rendered
|
|
|
|
in an HTML page. In the other hand, if the provided value is `:api`
|
|
|
|
the debug info will be rendered in the original response format.
|
|
|
|
|
|
|
|
*Jorge Bejar*
|
|
|
|
|
2015-12-07 09:46:56 -05:00
|
|
|
* Change the `protect_from_forgery` prepend default to `false`
|
|
|
|
|
|
|
|
Per this comment
|
|
|
|
https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
|
|
|
|
`protect_from_forgery` to default to `prepend: false`.
|
|
|
|
|
|
|
|
`protect_from_forgery` will now be insterted into the callback chain at the
|
|
|
|
point it is called in your application. This is useful for cases where you
|
|
|
|
want to `protect_from_forgery` after you perform required authentication
|
|
|
|
callbacks or other callbacks that are required to run after forgery protection.
|
|
|
|
|
|
|
|
If you want `protect_from_forgery` callbacks to always run first, regardless of
|
|
|
|
position they are called in your application then you can add `prepend: true`
|
|
|
|
to your `protect_from_forgery` call.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
protect_from_forgery prepend: true
|
|
|
|
```
|
|
|
|
|
2015-12-12 14:27:44 -05:00
|
|
|
*Eileen M. Uchitelle*
|
2015-12-07 09:46:56 -05:00
|
|
|
|
2015-08-14 18:19:56 -04:00
|
|
|
* In url_for, never append a question mark to the URL when the query string
|
|
|
|
is empty anyway. (It used to do that when called like `url_for(controller:
|
|
|
|
'x', action: 'y', q: {})`.)
|
|
|
|
|
2015-11-28 03:39:38 -05:00
|
|
|
*Paul Grayson*
|
|
|
|
|
2015-10-18 14:27:54 -04:00
|
|
|
* Catch invalid UTF-8 querystring values and respond with BadRequest
|
|
|
|
|
|
|
|
Check querystring params for invalid UTF-8 characters, and raise an
|
|
|
|
ActionController::BadRequest error if present. Previously these strings
|
|
|
|
would typically trigger errors further down the stack.
|
|
|
|
|
|
|
|
*Grey Baker*
|
|
|
|
|
2015-10-20 18:08:56 -04:00
|
|
|
* Parse RSS/ATOM responses as XML, not HTML.
|
|
|
|
|
|
|
|
*Alexander Kaupanin*
|
|
|
|
|
2015-10-19 10:18:09 -04:00
|
|
|
* Show helpful message in `BadRequest` exceptions due to invalid path
|
|
|
|
parameter encodings.
|
|
|
|
|
|
|
|
Fixes #21923.
|
|
|
|
|
|
|
|
*Agis Anastasopoulos*
|
|
|
|
|
2015-05-01 22:12:45 -04:00
|
|
|
* Add the ability of returning arbitrary headers to ActionDispatch::Static
|
|
|
|
|
|
|
|
Now ActionDispatch::Static can accept HTTP headers so that developers
|
|
|
|
will have control of returning arbitrary headers like
|
|
|
|
'Access-Control-Allow-Origin' when a response is delivered. They can be
|
|
|
|
configured with `#config`:
|
|
|
|
|
|
|
|
config.public_file_server.headers = {
|
|
|
|
"Cache-Control" => "public, max-age=60",
|
|
|
|
"Access-Control-Allow-Origin" => "http://rubyonrails.org"
|
|
|
|
}
|
|
|
|
|
|
|
|
*Yuki Nishijima*
|
|
|
|
|
Allow multiple `root` routes in same scope level
When an application has multiple root entries with different
constraints, the current solution is to use `get '/'`. Example:
**Currently I have to do:**
```ruby
get '/', to: 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) }
get '/', to: 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
root 'landing#show'
```
**But I would like to do:**
```ruby
root 'portfolio#show', constraints: ->(req) { Hostname.portfolio_site?(req.host) }
root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
root 'landing#show'
```
Other URL matchers such as `get`, `post`, etc, already allows this, so I
think it's fair that `root` also allow it since it's just a shortcut for
a `get` internally.
2015-10-10 07:14:58 -04:00
|
|
|
* Allow multiple `root` routes in same scope level. Example:
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
|
|
|
|
root 'landing#show'
|
|
|
|
```
|
|
|
|
*Rafael Sales*
|
|
|
|
|
2015-09-28 18:00:01 -04:00
|
|
|
* Fix regression in mounted engine named routes generation for app deployed to
|
|
|
|
a subdirectory. `relative_url_root` was prepended to the path twice (e.g.
|
|
|
|
"/subdir/subdir/engine_path" instead of "/subdir/engine_path")
|
|
|
|
|
|
|
|
Fixes #20920. Fixes #21459.
|
|
|
|
|
|
|
|
*Matthew Erhard*
|
|
|
|
|
2015-09-23 17:39:45 -04:00
|
|
|
* ActionDispatch::Response#new no longer applies default headers. If you want
|
|
|
|
default headers applied to the response object, then call
|
|
|
|
`ActionDispatch::Response.create`. This change only impacts people who are
|
|
|
|
directly constructing an `ActionDispatch::Response` object.
|
|
|
|
|
2015-09-21 15:13:13 -04:00
|
|
|
* Accessing mime types via constants like `Mime::HTML` is deprecated. Please
|
|
|
|
change code like this:
|
|
|
|
|
|
|
|
Mime::HTML
|
|
|
|
|
|
|
|
To this:
|
|
|
|
|
2015-10-05 01:14:04 -04:00
|
|
|
Mime[:html]
|
2015-09-21 15:13:13 -04:00
|
|
|
|
|
|
|
This change is so that Rails will not manage a list of constants, and fixes
|
|
|
|
an issue where if a type isn't registered you could possibly get the wrong
|
|
|
|
object.
|
|
|
|
|
2015-10-05 01:14:04 -04:00
|
|
|
`Mime[:html]` is available in older versions of Rails, too, so you can
|
|
|
|
safely change libraries and plugins and maintain compatibility with
|
|
|
|
multiple versions of Rails.
|
|
|
|
|
2015-09-04 15:23:29 -04:00
|
|
|
* `url_for` does not modify its arguments when generating polymorphic URLs.
|
|
|
|
|
|
|
|
*Bernerd Schaefer*
|
|
|
|
|
2015-09-06 22:24:00 -04:00
|
|
|
* Make it easier to opt in to `config.force_ssl` and `config.ssl_options` by
|
|
|
|
making them less dangerous to try and easier to disable.
|
|
|
|
|
|
|
|
SSL redirect:
|
|
|
|
* Move `:host` and `:port` options within `redirect: { … }`. Deprecate.
|
|
|
|
* Introduce `:status` and `:body` to customize the redirect response.
|
|
|
|
The 301 permanent default makes it difficult to test the redirect and
|
|
|
|
back out of it since browsers remember the 301. Test with a 302 or 307
|
|
|
|
instead, then switch to 301 once you're confident that all is well.
|
|
|
|
|
|
|
|
HTTP Strict Transport Security (HSTS):
|
|
|
|
* Shorter max-age. Shorten the default max-age from 1 year to 180 days,
|
|
|
|
the low end for https://www.ssllabs.com/ssltest/ grading and greater
|
|
|
|
than the 18-week minimum to qualify for browser preload lists.
|
|
|
|
* Disabling HSTS. Setting `hsts: false` now sets `hsts { expires: 0 }`
|
|
|
|
instead of omitting the header. Omitting does nothing to disable HSTS
|
|
|
|
since browsers hang on to your previous settings until they expire.
|
|
|
|
Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and
|
|
|
|
actually disables HSTS:
|
|
|
|
http://tools.ietf.org/html/rfc6797#section-6.1.1
|
|
|
|
* HSTS Preload. Introduce `preload: true` to set the `preload` flag,
|
|
|
|
indicating that your site may be included in browser preload lists,
|
|
|
|
including Chrome, Firefox, Safari, IE11, and Edge. Submit your site:
|
|
|
|
https://hstspreload.appspot.com
|
|
|
|
|
|
|
|
*Jeremy Daer*
|
|
|
|
|
2015-08-27 08:20:09 -04:00
|
|
|
* Update `ActionController::TestSession#fetch` to behave more like
|
|
|
|
`ActionDispatch::Request::Session#fetch` when using non-string keys.
|
2015-08-26 09:08:18 -04:00
|
|
|
|
|
|
|
*Jeremy Friesen*
|
|
|
|
|
2015-08-07 17:26:21 -04:00
|
|
|
* Using strings or symbols for middleware class names is deprecated. Convert
|
|
|
|
things like this:
|
|
|
|
|
|
|
|
middleware.use "Foo::Bar"
|
|
|
|
|
|
|
|
to this:
|
|
|
|
|
|
|
|
middleware.use Foo::Bar
|
|
|
|
|
2014-06-27 17:27:41 -04:00
|
|
|
* ActionController::TestSession now accepts a default value as well as
|
|
|
|
a block for generating a default value based off the key provided.
|
|
|
|
|
|
|
|
This fixes calls to session#fetch in ApplicationController instances that
|
|
|
|
take more two arguments or a block from raising `ArgumentError: wrong
|
|
|
|
number of arguments (2 for 1)` when performing controller tests.
|
|
|
|
|
|
|
|
*Matthew Gerrior*
|
|
|
|
|
2015-07-18 18:40:47 -04:00
|
|
|
* Fix `ActionController::Parameters#fetch` overwriting `KeyError` returned by
|
|
|
|
default block.
|
|
|
|
|
|
|
|
*Jonas Schuber Erlandsson*, *Roque Pinel*
|
|
|
|
|
2015-07-13 16:43:21 -04:00
|
|
|
* `ActionController::Parameters` no longer inherits from
|
|
|
|
`HashWithIndifferentAccess`
|
|
|
|
|
|
|
|
Inheriting from `HashWithIndifferentAccess` allowed users to call any
|
|
|
|
enumerable methods on `Parameters` object, resulting in a risk of losing the
|
|
|
|
`permitted?` status or even getting back a pure `Hash` object instead of
|
|
|
|
a `Parameters` object with proper sanitization.
|
|
|
|
|
2015-07-14 14:57:10 -04:00
|
|
|
By not inheriting from `HashWithIndifferentAccess`, we are able to make
|
2015-07-13 16:43:21 -04:00
|
|
|
sure that all methods that are defined in `Parameters` object will return
|
|
|
|
a proper `Parameters` object with a correct `permitted?` flag.
|
|
|
|
|
|
|
|
*Prem Sichanugrist*
|
|
|
|
|
2015-07-13 14:22:54 -04:00
|
|
|
* Replaced `ActiveSupport::Concurrency::Latch` with `Concurrent::CountDownLatch`
|
|
|
|
from the concurrent-ruby gem.
|
|
|
|
|
|
|
|
*Jerry D'Antonio*
|
|
|
|
|
2014-01-30 22:50:09 -05:00
|
|
|
* Add ability to filter parameters based on parent keys.
|
|
|
|
|
|
|
|
# matches {credit_card: {code: "xxxx"}}
|
|
|
|
# doesn't match {file: { code: "xxxx"}}
|
|
|
|
config.filter_parameters += [ "credit_card.code" ]
|
|
|
|
|
|
|
|
See #13897.
|
|
|
|
|
|
|
|
*Guillaume Malette*
|
|
|
|
|
2015-06-15 16:53:45 -04:00
|
|
|
* Deprecate passing first parameter as `Hash` and default status code for `head` method.
|
|
|
|
|
|
|
|
*Mehmet Emin İNAÇ*
|
|
|
|
|
2015-04-02 06:40:34 -04:00
|
|
|
* Adds`Rack::Utils::ParameterTypeError` and `Rack::Utils::InvalidParameterError`
|
|
|
|
to the rescue_responses hash in `ExceptionWrapper` (Rack recommends
|
|
|
|
integrators serve 400s for both of these).
|
|
|
|
|
|
|
|
*Grey Baker*
|
|
|
|
|
2015-05-14 17:46:29 -04:00
|
|
|
* Add support for API only apps.
|
|
|
|
ActionController::API is added as a replacement of
|
|
|
|
ActionController::Base for this kind of applications.
|
|
|
|
|
|
|
|
*Santiago Pastorino & Jorge Bejar*
|
|
|
|
|
2015-05-13 06:28:33 -04:00
|
|
|
* Remove `assigns` and `assert_template`. Both methods have been extracted
|
|
|
|
into a gem at https://github.com/rails/rails-controller-testing.
|
|
|
|
|
|
|
|
See #18950.
|
|
|
|
|
|
|
|
*Alan Guo Xiang Tan*
|
|
|
|
|
2015-05-04 15:55:23 -04:00
|
|
|
* `FileHandler` and `Static` middleware initializers accept `index` argument
|
|
|
|
to configure the directory index file name. Defaults to `index` (as in
|
|
|
|
`index.html`).
|
|
|
|
|
|
|
|
See #20017.
|
|
|
|
|
|
|
|
*Eliot Sykes*
|
|
|
|
|
2015-05-28 08:13:32 -04:00
|
|
|
* Deprecate `:nothing` option for `render` method.
|
|
|
|
|
|
|
|
*Mehmet Emin İNAÇ*
|
|
|
|
|
2015-05-16 01:30:17 -04:00
|
|
|
* Fix `rake routes` not showing the right format when
|
2015-04-27 09:18:43 -04:00
|
|
|
nesting multiple routes.
|
|
|
|
|
|
|
|
See #18373.
|
|
|
|
|
|
|
|
*Ravil Bayramgalin*
|
|
|
|
|
2015-04-06 22:20:57 -04:00
|
|
|
* Add ability to override default form builder for a controller.
|
|
|
|
|
|
|
|
class AdminController < ApplicationController
|
|
|
|
default_form_builder AdminFormBuilder
|
|
|
|
end
|
|
|
|
|
|
|
|
*Kevin McPhillips*
|
|
|
|
|
2015-03-17 10:36:21 -04:00
|
|
|
* For actions with no corresponding templates, render `head :no_content`
|
|
|
|
instead of raising an error. This allows for slimmer API controller
|
|
|
|
methods that simply work, without needing further instructions.
|
|
|
|
|
|
|
|
See #19036.
|
|
|
|
|
|
|
|
*Stephen Bussey*
|
|
|
|
|
2015-02-13 23:41:19 -05:00
|
|
|
* Provide friendlier access to request variants.
|
|
|
|
|
|
|
|
request.variant = :phone
|
|
|
|
request.variant.phone? # true
|
|
|
|
request.variant.tablet? # false
|
|
|
|
|
|
|
|
request.variant = [:phone, :tablet]
|
|
|
|
request.variant.phone? # true
|
|
|
|
request.variant.desktop? # false
|
|
|
|
request.variant.any?(:phone, :desktop) # true
|
|
|
|
request.variant.any?(:desktop, :watch) # false
|
|
|
|
|
|
|
|
*George Claghorn*
|
|
|
|
|
2015-03-24 15:12:11 -04:00
|
|
|
* Fix regression where a gzip file response would have a Content-type,
|
|
|
|
even when it was a 304 status code.
|
|
|
|
|
|
|
|
See #19271.
|
|
|
|
|
|
|
|
*Kohei Suzuki*
|
|
|
|
|
2015-04-22 08:44:30 -04:00
|
|
|
* Fix handling of empty `X_FORWARDED_HOST` header in `raw_host_with_port`.
|
2015-03-20 16:30:30 -04:00
|
|
|
|
2015-04-22 08:44:30 -04:00
|
|
|
Previously, an empty `X_FORWARDED_HOST` header would cause
|
|
|
|
`Actiondispatch::Http:URL.raw_host_with_port` to return `nil`, causing
|
|
|
|
`Actiondispatch::Http:URL.host` to raise a `NoMethodError`.
|
2015-03-20 16:30:30 -04:00
|
|
|
|
|
|
|
*Adam Forsyth*
|
|
|
|
|
2015-06-01 11:39:06 -04:00
|
|
|
* Allow `Bearer` as token-keyword in `Authorization-Header`.
|
|
|
|
|
|
|
|
Aditionally to `Token`, the keyword `Bearer` is acceptable as a keyword
|
|
|
|
for the auth-token. The `Bearer` keyword is described in the original
|
|
|
|
OAuth RFC and used in libraries like Angular-JWT.
|
|
|
|
|
|
|
|
See #19094.
|
|
|
|
|
|
|
|
*Peter Schröder*
|
|
|
|
|
2015-03-04 14:02:24 -05:00
|
|
|
* Drop request class from RouteSet constructor.
|
2015-02-13 23:41:19 -05:00
|
|
|
|
2015-03-14 16:05:46 -04:00
|
|
|
If you would like to use a custom request class, please subclass and implement
|
2015-03-04 14:02:24 -05:00
|
|
|
the `request_class` method.
|
|
|
|
|
|
|
|
*tenderlove@ruby-lang.org*
|
|
|
|
|
2015-02-24 16:04:27 -05:00
|
|
|
* Fallback to `ENV['RAILS_RELATIVE_URL_ROOT']` in `url_for`.
|
|
|
|
|
|
|
|
Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not
|
|
|
|
prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack)
|
|
|
|
is set, it takes precedence.
|
|
|
|
|
|
|
|
Fixes #5122.
|
|
|
|
|
|
|
|
*Yasyf Mohamedali*
|
|
|
|
|
2014-06-18 22:16:30 -04:00
|
|
|
* Partitioning of routes is now done when the routes are being drawn. This
|
|
|
|
helps to decrease the time spent filtering the routes during the first request.
|
|
|
|
|
|
|
|
*Guo Xiang Tan*
|
|
|
|
|
2015-02-25 12:03:20 -05:00
|
|
|
* Fix regression in functional tests. Responses should have default headers
|
|
|
|
assigned.
|
|
|
|
|
|
|
|
See #18423.
|
|
|
|
|
|
|
|
*Jeremy Kemper*, *Yves Senn*
|
|
|
|
|
2015-02-23 15:33:04 -05:00
|
|
|
* Deprecate AbstractController#skip_action_callback in favor of individual skip_callback methods
|
|
|
|
(which can be made to raise an error if no callback was removed).
|
|
|
|
|
|
|
|
*Iain Beeston*
|
|
|
|
|
2015-02-20 17:52:19 -05:00
|
|
|
* Alias the `ActionDispatch::Request#uuid` method to `ActionDispatch::Request#request_id`.
|
2014-08-15 18:44:01 -04:00
|
|
|
Due to implementation, `config.log_tags = [:request_id]` also works in substitute
|
|
|
|
for `config.log_tags = [:uuid]`.
|
|
|
|
|
|
|
|
*David Ilizarov*
|
|
|
|
|
2015-02-23 11:51:30 -05:00
|
|
|
* Change filter on /rails/info/routes to use an actual path regexp from rails
|
|
|
|
and not approximate javascript version. Oniguruma supports much more
|
|
|
|
extensive list of features than javascript regexp engine.
|
|
|
|
|
|
|
|
Fixes #18402.
|
|
|
|
|
|
|
|
*Ravil Bayramgalin*
|
|
|
|
|
2015-02-12 15:24:45 -05:00
|
|
|
* Non-string authenticity tokens do not raise NoMethodError when decoding
|
|
|
|
the masked token.
|
|
|
|
|
|
|
|
*Ville Lautanala*
|
|
|
|
|
2015-02-23 10:54:40 -05:00
|
|
|
* Add `http_cache_forever` to Action Controller, so we can cache a response
|
|
|
|
that never gets expired.
|
2015-01-07 21:23:55 -05:00
|
|
|
|
|
|
|
*arthurnn*
|
|
|
|
|
2015-02-23 10:54:40 -05:00
|
|
|
* `ActionController#translate` supports symbols as shortcuts.
|
2015-07-17 14:15:35 -04:00
|
|
|
When a shortcut is given it also performs the lookup without the action
|
|
|
|
name.
|
2013-08-07 04:33:28 -04:00
|
|
|
|
|
|
|
*Max Melentiev*
|
|
|
|
|
2015-01-06 15:14:49 -05:00
|
|
|
* Expand `ActionController::ConditionalGet#fresh_when` and `stale?` to also
|
|
|
|
accept a collection of records as the first argument, so that the
|
|
|
|
following code can be written in a shorter form.
|
|
|
|
|
|
|
|
# Before
|
|
|
|
def index
|
2015-02-12 02:54:01 -05:00
|
|
|
@articles = Article.all
|
|
|
|
fresh_when(etag: @articles, last_modified: @articles.maximum(:updated_at))
|
2015-01-06 15:14:49 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# After
|
|
|
|
def index
|
2015-02-12 02:54:01 -05:00
|
|
|
@articles = Article.all
|
2015-01-06 15:14:49 -05:00
|
|
|
fresh_when(@articles)
|
|
|
|
end
|
|
|
|
|
|
|
|
*claudiob*
|
|
|
|
|
2015-01-31 22:15:42 -05:00
|
|
|
* Explicitly ignored wildcard verbs when searching for HEAD routes before fallback
|
|
|
|
|
2015-02-20 17:52:19 -05:00
|
|
|
Fixes an issue where a mounted rack app at root would intercept the HEAD
|
2015-01-31 22:15:42 -05:00
|
|
|
request causing an incorrect behavior during the fall back to GET requests.
|
|
|
|
|
|
|
|
Example:
|
2015-02-23 10:54:40 -05:00
|
|
|
|
|
|
|
draw do
|
|
|
|
get '/home' => 'test#index'
|
|
|
|
mount rack_app, at: '/'
|
|
|
|
end
|
|
|
|
head '/home'
|
|
|
|
assert_response :success
|
|
|
|
|
2015-01-31 22:15:42 -05:00
|
|
|
In this case, a HEAD request runs through the routes the first time and fails
|
|
|
|
to match anything. Then, it runs through the list with the fallback and matches
|
|
|
|
`get '/home'`. The original behavior would match the rack app in the first pass.
|
|
|
|
|
|
|
|
*Terence Sun*
|
|
|
|
|
2015-02-01 08:07:42 -05:00
|
|
|
* Migrating xhr methods to keyword arguments syntax
|
|
|
|
in `ActionController::TestCase` and `ActionDispatch::Integration`
|
|
|
|
|
|
|
|
Old syntax:
|
|
|
|
|
|
|
|
xhr :get, :create, params: { id: 1 }
|
|
|
|
|
|
|
|
New syntax example:
|
|
|
|
|
|
|
|
get :create, params: { id: 1 }, xhr: true
|
|
|
|
|
|
|
|
*Kir Shatrov*
|
|
|
|
|
2015-01-29 08:52:10 -05:00
|
|
|
* Migrating to keyword arguments syntax in `ActionController::TestCase` and
|
2015-01-31 05:54:00 -05:00
|
|
|
`ActionDispatch::Integration` HTTP request methods.
|
2015-01-04 04:35:06 -05:00
|
|
|
|
2015-01-31 05:54:00 -05:00
|
|
|
Example:
|
2015-01-29 08:52:10 -05:00
|
|
|
|
|
|
|
post :create, params: { y: x }, session: { a: 'b' }
|
|
|
|
get :view, params: { id: 1 }
|
|
|
|
get :view, params: { id: 1 }, format: :json
|
2015-01-04 04:35:06 -05:00
|
|
|
|
|
|
|
*Kir Shatrov*
|
|
|
|
|
2015-01-31 05:54:00 -05:00
|
|
|
* Preserve default url options when generating URLs.
|
2015-01-21 10:40:02 -05:00
|
|
|
|
2015-06-15 03:33:27 -04:00
|
|
|
Fixes an issue that would cause `default_url_options` to be lost when
|
2015-01-21 10:40:02 -05:00
|
|
|
generating URLs with fewer positional arguments than parameters in the
|
|
|
|
route definition.
|
|
|
|
|
|
|
|
*Tekin Suleyman*
|
|
|
|
|
2015-06-15 03:33:27 -04:00
|
|
|
* Deprecate `*_via_redirect` integration test methods.
|
2015-01-28 15:50:01 -05:00
|
|
|
|
|
|
|
Use `follow_redirect!` manually after the request call for the same behavior.
|
|
|
|
|
|
|
|
*Aditya Kapoor*
|
|
|
|
|
2015-01-17 19:06:10 -05:00
|
|
|
* Add `ActionController::Renderer` to render arbitrary templates
|
|
|
|
outside controller actions.
|
|
|
|
|
2015-01-21 16:23:22 -05:00
|
|
|
Its functionality is accessible through class methods `render` and
|
|
|
|
`renderer` of `ActionController::Base`.
|
|
|
|
|
2015-01-17 19:06:10 -05:00
|
|
|
*Ravil Bayramgalin*
|
|
|
|
|
2015-01-15 08:52:46 -05:00
|
|
|
* Support `:assigns` option when rendering with controllers/mailers.
|
|
|
|
|
|
|
|
*Ravil Bayramgalin*
|
|
|
|
|
2015-01-09 11:01:04 -05:00
|
|
|
* Default headers, removed in controller actions, are no longer reapplied on
|
2015-01-09 10:55:02 -05:00
|
|
|
the test response.
|
|
|
|
|
|
|
|
*Jonas Baumann*
|
|
|
|
|
2015-06-15 03:33:27 -04:00
|
|
|
* Deprecate all `*_filter` callbacks in favor of `*_action` callbacks.
|
2015-01-08 15:51:51 -05:00
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-06-15 03:33:27 -04:00
|
|
|
* Allow you to pass `prepend: false` to `protect_from_forgery` to have the
|
2015-01-04 19:38:54 -05:00
|
|
|
verification callback appended instead of prepended to the chain.
|
|
|
|
This allows you to let the verification step depend on prior callbacks.
|
2015-01-31 05:54:00 -05:00
|
|
|
|
2015-01-04 19:38:54 -05:00
|
|
|
Example:
|
|
|
|
|
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
before_action :authenticate
|
2015-01-08 14:18:06 -05:00
|
|
|
protect_from_forgery prepend: false, unless: -> { @authenticated_by.oauth? }
|
2015-01-04 19:38:54 -05:00
|
|
|
|
|
|
|
private
|
|
|
|
def authenticate
|
|
|
|
if oauth_request?
|
|
|
|
# authenticate with oauth
|
|
|
|
@authenticated_by = 'oauth'.inquiry
|
|
|
|
else
|
|
|
|
# authenticate with cookies
|
|
|
|
@authenticated_by = 'cookie'.inquiry
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
*Josef Šimánek*
|
|
|
|
|
2015-01-10 06:17:57 -05:00
|
|
|
* Remove `ActionController::HideActions`.
|
2015-01-06 15:33:31 -05:00
|
|
|
|
|
|
|
*Ravil Bayramgalin*
|
|
|
|
|
2015-01-04 15:20:17 -05:00
|
|
|
* Remove `respond_to`/`respond_with` placeholder methods, this functionality
|
|
|
|
has been extracted to the `responders` gem.
|
|
|
|
|
|
|
|
*Carlos Antonio da Silva*
|
|
|
|
|
2015-01-03 15:39:42 -05:00
|
|
|
* Remove deprecated assertion files.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-03 15:37:03 -05:00
|
|
|
* Remove deprecated usage of string keys in URL helpers.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-03 15:34:50 -05:00
|
|
|
* Remove deprecated `only_path` option on `*_path` helpers.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 22:26:36 -05:00
|
|
|
* Remove deprecated `NamedRouteCollection#helpers`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 22:17:17 -05:00
|
|
|
* Remove deprecated support to define routes with `:to` option that doesn't contain `#`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 21:25:57 -05:00
|
|
|
* Remove deprecated `ActionDispatch::Response#to_ary`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 21:22:22 -05:00
|
|
|
* Remove deprecated `ActionDispatch::Request#deep_munge`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 21:19:29 -05:00
|
|
|
* Remove deprecated `ActionDispatch::Http::Parameters#symbolized_path_parameters`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2015-01-02 21:16:51 -05:00
|
|
|
* Remove deprecated option `use_route` in controller tests.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2014-12-09 04:55:58 -05:00
|
|
|
* Ensure `append_info_to_payload` is called even if an exception is raised.
|
|
|
|
|
2015-05-07 07:49:34 -04:00
|
|
|
Fixes an issue where when an exception is raised in the request the additional
|
2014-12-09 04:55:58 -05:00
|
|
|
payload data is not available.
|
|
|
|
|
|
|
|
See:
|
2015-01-02 12:16:15 -05:00
|
|
|
* #14903
|
2014-12-09 04:55:58 -05:00
|
|
|
* https://github.com/roidrage/lograge/issues/37
|
|
|
|
|
|
|
|
*Dieter Komendera*, *Margus Pärt*
|
|
|
|
|
2014-12-31 06:21:55 -05:00
|
|
|
* Correctly rely on the response's status code to handle calls to `head`.
|
|
|
|
|
|
|
|
*Robin Dupret*
|
|
|
|
|
2014-12-30 10:04:18 -05:00
|
|
|
* Using `head` method returns empty response_body instead
|
|
|
|
of returning a single space " ".
|
|
|
|
|
|
|
|
The old behavior was added as a workaround for a bug in an early
|
|
|
|
version of Safari, where the HTTP headers are not returned correctly
|
|
|
|
if the response body has a 0-length. This is been fixed since and
|
|
|
|
the workaround is no longer necessary.
|
|
|
|
|
|
|
|
Fixes #18253.
|
|
|
|
|
|
|
|
*Prathamesh Sonpatki*
|
|
|
|
|
2014-12-30 09:15:07 -05:00
|
|
|
* Fix how polymorphic routes works with objects that implement `to_model`.
|
|
|
|
|
|
|
|
*Travis Grathwell*
|
|
|
|
|
2015-01-31 05:54:00 -05:00
|
|
|
* Stop converting empty arrays in `params` to `nil`.
|
2014-09-14 06:22:29 -04:00
|
|
|
|
2015-05-20 13:22:18 -04:00
|
|
|
This behavior was introduced in response to CVE-2012-2660, CVE-2012-2694
|
2014-09-14 06:22:29 -04:00
|
|
|
and CVE-2013-0155
|
|
|
|
|
|
|
|
ActiveRecord now issues a safe query when passing an empty array into
|
|
|
|
a where clause, so there is no longer a need to defend against this type
|
|
|
|
of input (any nils are still stripped from the array).
|
|
|
|
|
|
|
|
*Chris Sinjakli*
|
|
|
|
|
2014-12-23 02:56:17 -05:00
|
|
|
* Fixed usage of optional scopes in url helpers.
|
2014-12-13 15:46:52 -05:00
|
|
|
|
|
|
|
*Alex Robbin*
|
|
|
|
|
2014-12-23 02:56:17 -05:00
|
|
|
* Fixed handling of positional url helper arguments when `format: false`.
|
2014-12-13 10:34:41 -05:00
|
|
|
|
|
|
|
Fixes #17819.
|
|
|
|
|
|
|
|
*Andrew White*, *Tatiana Soukiassian*
|
|
|
|
|
2014-11-28 12:00:06 -05:00
|
|
|
Please check [4-2-stable](https://github.com/rails/rails/blob/4-2-stable/actionpack/CHANGELOG.md) for previous changes.
|