mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
86433b8d5f
Also cleanup test a bit [related #14886] [related #14743]
237 lines
7.1 KiB
Markdown
237 lines
7.1 KiB
Markdown
* Allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8
|
|
loopback address.
|
|
|
|
*Earl St Sauver*, *Sven Riedel*
|
|
|
|
* Preserve original path in `ShowExceptions` middleware by stashing it as
|
|
`env["action_dispatch.original_path"]`
|
|
|
|
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
|
|
for the exception defined in `ExceptionWrapper`, so the path
|
|
the user was visiting when an exception occurred was not previously
|
|
available to any custom exceptions_app. The original `PATH_INFO` is now
|
|
stashed in `env["action_dispatch.original_path"]`.
|
|
|
|
*Grey Baker*
|
|
|
|
* Use `String#bytesize` instead of `String#size` when checking for cookie
|
|
overflow.
|
|
|
|
*Agis Anastasopoulos*
|
|
|
|
* `render nothing: true` or rendering a `nil` body no longer add a single
|
|
space to the response body.
|
|
|
|
The old behavior was added as a workaround for a bug in an early version of
|
|
Safari, where the HTTP headers are not returned correctly if the response
|
|
body has a 0-length. This is been fixed since and the workaround is no
|
|
longer necessary.
|
|
|
|
Use `render body: ' '` if the old behavior is desired.
|
|
|
|
See #14883 for details.
|
|
|
|
*Godfrey Chan*
|
|
|
|
* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
|
|
("Rosetta Flash")
|
|
|
|
*Greg Campbell*
|
|
|
|
* Because URI paths may contain non US-ASCII characters we need to force
|
|
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
|
|
This essentially replicates the functionality of the monkey patch to
|
|
URI.parser.unescape in active_support/core_ext/uri.rb.
|
|
|
|
Fixes #16104.
|
|
|
|
*Karl Entwistle*
|
|
|
|
* Generate shallow paths for all children of shallow resources.
|
|
|
|
Fixes #15783.
|
|
|
|
*Seb Jacobs*
|
|
|
|
* JSONP responses are now rendered with the `text/javascript` content type
|
|
when rendering through a `respond_to` block.
|
|
|
|
Fixes #15081.
|
|
|
|
*Lucas Mazza*
|
|
|
|
* Add `config.action_controller.always_permitted_parameters` to configure which
|
|
parameters are permitted globally. The default value of this configuration is
|
|
`['controller', 'action']`.
|
|
|
|
*Gary S. Weaver*, *Rafael Chacon*
|
|
|
|
* Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'.
|
|
|
|
Fixes #15511.
|
|
|
|
*Larry Lv*
|
|
|
|
* ActionController::Parameters#require now accepts `false` values.
|
|
|
|
Fixes #15685.
|
|
|
|
*Sergio Romano*
|
|
|
|
* With authorization header `Authorization: Token token=`, `authenticate` now
|
|
recognize token as nil, instead of "token".
|
|
|
|
Fixes #14846.
|
|
|
|
*Larry Lv*
|
|
|
|
* Ensure the controller is always notified as soon as the client disconnects
|
|
during live streaming, even when the controller is blocked on a write.
|
|
|
|
*Nicholas Jakobsen*, *Matthew Draper*
|
|
|
|
* Routes specifying 'to:' must be a string that contains a "#" or a rack
|
|
application. Use of a symbol should be replaced with `action: symbol`.
|
|
Use of a string without a "#" should be replaced with `controller: string`.
|
|
|
|
*Aaron Patterson*
|
|
|
|
* Fix URL generation with `:trailing_slash` such that it does not add
|
|
a trailing slash after `.:format`
|
|
|
|
*Dan Langevin*
|
|
|
|
* Build full URI as string when processing path in integration tests for
|
|
performance reasons.
|
|
|
|
*Guo Xiang Tan*
|
|
|
|
* Fix `'Stack level too deep'` when rendering `head :ok` in an action method
|
|
called 'status' in a controller.
|
|
|
|
Fixes #13905.
|
|
|
|
*Christiaan Van den Poel*
|
|
|
|
* Add MKCALENDAR HTTP method (RFC 4791).
|
|
|
|
*Sergey Karpesh*
|
|
|
|
* Instrument fragment cache metrics.
|
|
|
|
Adds `:controller`: and `:action` keys to the instrumentation payload
|
|
for the `*_fragment.action_controller` notifications. This allows tracking
|
|
e.g. the fragment cache hit rates for each controller action.
|
|
|
|
*Daniel Schierbeck*
|
|
|
|
* Always use the provided port if the protocol is relative.
|
|
|
|
Fixes #15043.
|
|
|
|
*Guilherme Cavalcanti*, *Andrew White*
|
|
|
|
* Moved `params[request_forgery_protection_token]` into its own method
|
|
and improved tests.
|
|
|
|
Fixes #11316.
|
|
|
|
*Tom Kadwill*
|
|
|
|
* Added verification of route constraints given as a Proc or an object responding
|
|
to `:matches?`. Previously, when given an non-complying object, it would just
|
|
silently fail to enforce the constraint. It will now raise an `ArgumentError`
|
|
when setting up the routes.
|
|
|
|
*Xavier Defrang*
|
|
|
|
* Properly treat the entire IPv6 User Local Address space as private for
|
|
purposes of remote IP detection. Also handle uppercase private IPv6
|
|
addresses.
|
|
|
|
Fixes #12638.
|
|
|
|
*Caleb Spare*
|
|
|
|
* Fixed an issue with migrating legacy json cookies.
|
|
|
|
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
|
|
cookies are marshal-encoded. This is not the case when `secret_token` is
|
|
used in conjunction with the `:json` or `:hybrid` serializer.
|
|
|
|
In those case, when upgrading to use `secret_key_base`, this would cause a
|
|
`TypeError: incompatible marshal file format` and a 500 error for the user.
|
|
|
|
Fixes #14774.
|
|
|
|
*Godfrey Chan*
|
|
|
|
* Make URL escaping more consistent:
|
|
|
|
1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
|
|
2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters
|
|
3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation
|
|
4. Use `escape_segment` rather than `escape_path` in URL generation
|
|
|
|
For point 4 there are two exceptions. Firstly, when a route uses wildcard segments
|
|
(e.g. `*foo`) then we use `escape_path` as the value may contain '/' characters. This
|
|
means that wildcard routes can't be optimized. Secondly, if a `:controller` segment
|
|
is used in the path then this uses `escape_path` as the controller may be namespaced.
|
|
|
|
Fixes #14629, #14636 and #14070.
|
|
|
|
*Andrew White*, *Edho Arief*
|
|
|
|
* Add alias `ActionDispatch::Http::UploadedFile#to_io` to
|
|
`ActionDispatch::Http::UploadedFile#tempfile`.
|
|
|
|
*Tim Linquist*
|
|
|
|
* Returns null type format when format is not know and controller is using `any`
|
|
format block.
|
|
|
|
Fixes #14462.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Improve routing error page with fuzzy matching search.
|
|
|
|
*Winston*
|
|
|
|
* Only make deeply nested routes shallow when parent is shallow.
|
|
|
|
Fixes #14684.
|
|
|
|
*Andrew White*, *James Coglan*
|
|
|
|
* Append link to bad code to backtrace when exception is `SyntaxError`.
|
|
|
|
*Boris Kuznetsov*
|
|
|
|
* Swapped the parameters of assert_equal in `assert_select` so that the
|
|
proper values were printed correctly.
|
|
|
|
Fixes #14422.
|
|
|
|
*Vishal Lal*
|
|
|
|
* The method `shallow?` returns false if the parent resource is a singleton so
|
|
we need to check if we're not inside a nested scope before copying the :path
|
|
and :as options to their shallow equivalents.
|
|
|
|
Fixes #14388.
|
|
|
|
*Andrew White*
|
|
|
|
* Make logging of CSRF failures optional (but on by default) with the
|
|
`log_warning_on_csrf_failure` configuration setting in
|
|
`ActionController::RequestForgeryProtection`.
|
|
|
|
*John Barton*
|
|
|
|
* Fix URL generation in controller tests with request-dependent
|
|
`default_url_options` methods.
|
|
|
|
*Tony Wooster*
|
|
|
|
Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionpack/CHANGELOG.md) for previous changes.
|