kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Include default headers by default in API mode

Browse source 
ActionDispatch's default headers are now moved into their own module that are by default included in both Base and API. This allows API-mode applications to take advantage of the default security headers, as well as providing an easy way to add more.
This commit is contained in:
Kevin Deisz 2018-04-06 15:13:28 -04:00
parent 03bd370c02
commit f22bc41a92
No known key found for this signature in database
GPG key ID: D78C2D8FB232C59C
5 changed files with 24 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/CHANGELOG.md
View file

@ -1,3 +1,7 @@
* Move default headers configuration into their own module that can be included in controllers.
*Kevin Deisz*
* Add method `dig` to `session`. * Add method `dig` to `session`.
*claudiob*, *Takumi Shotoku* *claudiob*, *Takumi Shotoku*

1
actionpack/lib/action_controller.rb
View file

@ -25,6 +25,7 @@ module ActionController
autoload :ContentSecurityPolicy autoload :ContentSecurityPolicy
autoload :Cookies autoload :Cookies
autoload :DataStreaming autoload :DataStreaming
autoload :DefaultHeaders
autoload :EtagWithTemplateDigest autoload :EtagWithTemplateDigest
autoload :EtagWithFlash autoload :EtagWithFlash
autoload :Flash autoload :Flash

1
actionpack/lib/action_controller/api.rb
View file

@ -122,6 +122,7 @@ module ActionController
ForceSSL, ForceSSL,
DataStreaming, DataStreaming,
DefaultHeaders,
# Before callbacks should also be executed as early as possible, so # Before callbacks should also be executed as early as possible, so
# also include them at the bottom. # also include them at the bottom.

7
actionpack/lib/action_controller/base.rb
View file

@ -232,6 +232,7 @@ module ActionController
HttpAuthentication::Basic::ControllerMethods, HttpAuthentication::Basic::ControllerMethods,
HttpAuthentication::Digest::ControllerMethods, HttpAuthentication::Digest::ControllerMethods,
HttpAuthentication::Token::ControllerMethods, HttpAuthentication::Token::ControllerMethods,
DefaultHeaders,
# Before callbacks should also be executed as early as possible, so # Before callbacks should also be executed as early as possible, so
# also include them at the bottom. # also include them at the bottom.
@ -264,12 +265,6 @@ module ActionController
PROTECTED_IVARS PROTECTED_IVARS
end end
def self.make_response!(request)
ActionDispatch::Response.create.tap do |res|
res.request = request
end
end
ActiveSupport.run_load_hooks(:action_controller_base, self) ActiveSupport.run_load_hooks(:action_controller_base, self)
ActiveSupport.run_load_hooks(:action_controller, self) ActiveSupport.run_load_hooks(:action_controller, self)
end end

17
actionpack/lib/action_controller/metal/default_headers.rb Normal file
View file

@ -0,0 +1,17 @@
# frozen_string_literal: true
module ActionController
# Allows configuring default headers that will be automatically merged into
# each response.
module DefaultHeaders
extend ActiveSupport::Concern
module ClassMethods
def make_response!(request)
ActionDispatch::Response.create.tap do |res|
res.request = request
end
end
end
end
end