2017-10-21 11:01:57 -04:00
|
|
|
* Add `:allow_other_host` option to `redirect_back` method.
|
|
|
|
When `allow_other_host` is set to `false`, the `redirect_back`
|
|
|
|
will not allow a redirecting from a different host.
|
|
|
|
`allow_other_host` is `true` by default.
|
|
|
|
|
|
|
|
*Tim Masliuchenko*
|
|
|
|
|
2017-10-13 02:17:17 -04:00
|
|
|
* Add headless chrome support to System Tests.
|
|
|
|
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
|
2017-09-26 13:27:53 -04:00
|
|
|
* Add ability to enable Early Hints for HTTP/2
|
|
|
|
|
|
|
|
If supported by the server, and enabled in Puma this allows H2 Early Hints to be used.
|
|
|
|
|
|
|
|
The `javascript_include_tag` and the `stylesheet_link_tag` automatically add Early Hints if requested.
|
|
|
|
|
|
|
|
*Eileen M. Uchitelle*, *Aaron Patterson*
|
|
|
|
|
2017-09-23 17:18:01 -04:00
|
|
|
* Simplify cookies middleware with key rotation support
|
|
|
|
|
|
|
|
Use the `rotate` method for both `MessageEncryptor` and
|
|
|
|
`MessageVerifier` to add key rotation support for encrypted and
|
|
|
|
signed cookies. This also helps simplify support for legacy cookie
|
|
|
|
security.
|
|
|
|
|
|
|
|
*Michael J Coyne*
|
|
|
|
|
2017-09-26 01:54:22 -04:00
|
|
|
* Use Capybara registered `:puma` server config.
|
2017-09-17 18:04:20 -04:00
|
|
|
|
|
|
|
The Capybara registered `:puma` server ensures the puma server is run in process so
|
|
|
|
connection sharing and open request detection work correctly by default.
|
|
|
|
|
|
|
|
*Thomas Walpole*
|
|
|
|
|
2017-09-26 01:54:22 -04:00
|
|
|
* Cookies `:expires` option supports `ActiveSupport::Duration` object.
|
2017-09-06 12:01:32 -04:00
|
|
|
|
2017-08-25 08:48:16 -04:00
|
|
|
cookies[:user_name] = { value: "assain", expires: 1.hour }
|
|
|
|
cookies[:key] = { value: "a yummy cookie", expires: 6.months }
|
|
|
|
|
|
|
|
Pull Request: #30121
|
|
|
|
|
|
|
|
*Assain Jaleel*
|
|
|
|
|
2017-09-26 01:54:22 -04:00
|
|
|
* Enforce signed/encrypted cookie expiry server side.
|
2017-08-25 08:48:16 -04:00
|
|
|
|
|
|
|
Rails can thwart attacks by malicious clients that don't honor a cookie's expiry.
|
|
|
|
|
|
|
|
It does so by stashing the expiry within the written cookie and relying on the
|
|
|
|
signing/encrypting to vouch that it hasn't been tampered with. Then on a
|
|
|
|
server-side read, the expiry is verified and any expired cookie is discarded.
|
|
|
|
|
|
|
|
Pull Request: #30121
|
|
|
|
|
|
|
|
*Assain Jaleel*
|
|
|
|
|
2017-08-26 05:39:40 -04:00
|
|
|
* Make `take_failed_screenshot` work within engine.
|
|
|
|
|
|
|
|
Fixes #30405.
|
|
|
|
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
|
2017-08-06 23:35:11 -04:00
|
|
|
* Deprecate `ActionDispatch::TestResponse` response aliases
|
|
|
|
|
|
|
|
`#success?`, `#missing?` & `#error?` are not supported by the actual
|
|
|
|
`ActionDispatch::Response` object and can produce false-positives. Instead,
|
|
|
|
use the response helpers provided by `Rack::Response`.
|
|
|
|
|
|
|
|
*Trevor Wistaff*
|
|
|
|
|
2017-07-10 11:12:45 -04:00
|
|
|
* Protect from forgery by default
|
|
|
|
|
2017-07-10 17:45:53 -04:00
|
|
|
Rather than protecting from forgery in the generated `ApplicationController`,
|
|
|
|
add it to `ActionController::Base` depending on
|
2017-07-10 11:12:45 -04:00
|
|
|
`config.action_controller.default_protect_from_forgery`. This configuration
|
|
|
|
defaults to false to support older versions which have removed it from their
|
2017-07-10 17:45:53 -04:00
|
|
|
`ApplicationController`, but is set to true for Rails 5.2.
|
2017-07-10 11:12:45 -04:00
|
|
|
|
|
|
|
*Lisa Ugray*
|
|
|
|
|
2017-06-30 16:08:10 -04:00
|
|
|
* Fallback `ActionController::Parameters#to_s` to `Hash#to_s`.
|
|
|
|
|
|
|
|
*Kir Shatrov*
|
|
|
|
|
2017-06-01 15:58:42 -04:00
|
|
|
* `driven_by` now registers poltergeist and capybara-webkit
|
|
|
|
|
2017-08-06 22:17:35 -04:00
|
|
|
If poltergeist or capybara-webkit are set as drivers is set for System Tests,
|
2017-06-01 15:58:42 -04:00
|
|
|
`driven_by` will register the driver and set additional options passed via
|
2017-08-06 22:17:35 -04:00
|
|
|
the `:options` parameter.
|
2017-06-01 15:58:42 -04:00
|
|
|
|
2017-08-06 22:17:35 -04:00
|
|
|
Refer to the respective driver's documentation to see what options can be passed.
|
2017-06-01 15:58:42 -04:00
|
|
|
|
|
|
|
*Mario Chavez*
|
|
|
|
|
2017-02-23 13:54:17 -05:00
|
|
|
* AEAD encrypted cookies and sessions with GCM
|
|
|
|
|
|
|
|
Encrypted cookies now use AES-GCM which couples authentication and
|
|
|
|
encryption in one faster step and produces shorter ciphertexts. Cookies
|
|
|
|
encrypted using AES in CBC HMAC mode will be seamlessly upgraded when
|
|
|
|
this new mode is enabled via the
|
|
|
|
`action_dispatch.use_authenticated_cookie_encryption` configuration value.
|
|
|
|
|
|
|
|
*Michael J Coyne*
|
|
|
|
|
2017-05-18 19:28:15 -04:00
|
|
|
* Change the cache key format for fragments to make it easier to debug key churn. The new format is:
|
2017-05-18 12:12:32 -04:00
|
|
|
|
2017-05-18 19:28:15 -04:00
|
|
|
views/template/action.html.erb:7a1156131a6928cb0026877f8b749ac9/projects/123
|
|
|
|
^template path ^template tree digest ^class ^id
|
2017-05-18 12:12:32 -04:00
|
|
|
|
2017-05-18 19:28:15 -04:00
|
|
|
*DHH*
|
2017-05-18 12:12:32 -04:00
|
|
|
|
2017-05-18 19:28:15 -04:00
|
|
|
* Add support for recyclable cache keys with fragment caching. This uses the new versioned entries in the
|
|
|
|
`ActiveSupport::Cache` stores and relies on the fact that Active Record has split `#cache_key` and `#cache_version`
|
|
|
|
to support it.
|
2017-05-18 12:12:32 -04:00
|
|
|
|
2017-05-18 19:28:15 -04:00
|
|
|
*DHH*
|
|
|
|
|
|
|
|
* Add `action_controller_api` and `action_controller_base` load hooks to be called in `ActiveSupport.on_load`
|
2017-04-11 18:52:02 -04:00
|
|
|
|
|
|
|
`ActionController::Base` and `ActionController::API` have differing implementations. This means that
|
|
|
|
the one umbrella hook `action_controller` is not able to address certain situations where a method
|
|
|
|
may not exist in a certain implementation.
|
|
|
|
|
|
|
|
This is fixed by adding two new hooks so you can target `ActionController::Base` vs `ActionController::API`
|
|
|
|
|
|
|
|
Fixes #27013.
|
|
|
|
|
|
|
|
*Julian Nadeau*
|
|
|
|
|
2017-04-29 13:41:44 -04:00
|
|
|
|
2017-03-21 19:41:39 -04:00
|
|
|
Please check [5-1-stable](https://github.com/rails/rails/blob/5-1-stable/actionpack/CHANGELOG.md) for previous changes.
|