mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
880a1bedb9
Calling `skip_forgery_protection` without first calling `protect_from_forgery`--either manually or through default settings--raises an `ArgumentError` because `verify_authenticity_token` has not been defined as a callback. Since Rails 7.0 adds `skip_forgery_protection` to the `Rails::WelcomeController` (PR #42864), this behavior means that setting `default_protect_from_forgery` to false and visiting the Rails Welcome page (`/`) raises an error. This behavior also created an issue for `ActionMailbox` that was previously fixed in the Mailbox controller by running `skip_forgery_protection` only if `default_protect_from_forgery` was true (PR #35935). This PR addresses the underlying issue by setting the `raise` option for `skip_before_action` to default to false inside `skip_forgery_protection`. The fix is implemented in `request_forgery_protection.rb`. The change to `ActionMailbox`'s `base_controller.rb` removes the now-unnecessary check of `default_protect_from_forgery`. The tests added in `request_forgery_protection_test.rb` and `routing_test.rb` both raise an error when run against the current codebase and pass with the changes noted above. |
||
|---|---|---|
| .. | ||
| bin | ||
| lib | ||
| test | ||
| actionpack.gemspec | ||
| CHANGELOG.md | ||
| MIT-LICENSE | ||
| Rakefile | ||
| README.rdoc | ||
= Action Pack -- From request to response
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses. In short, Action Pack
provides the controller layer in the MVC paradigm.
It consists of several modules:
* Action Dispatch, which parses information about the web request, handles
routing as defined by the user, and does advanced processing related to HTTP
such as MIME-type negotiation, decoding parameters in POST, PATCH, or PUT bodies,
handling HTTP caching logic, cookies and sessions.
* Action Controller, which provides a base controller class that can be
subclassed to implement filters and actions to handle requests. The result
of an action is typically content generated from views.
With the Ruby on Rails framework, users only directly interface with the
Action Controller module. Necessary Action Dispatch functionality is activated
by default and Action View rendering is implicitly triggered by Action
Controller. However, these modules are designed to function on their own and
can be used outside of Rails.
You can read more about Action Pack in the {Action Controller Overview}[https://guides.rubyonrails.org/action_controller_overview.html] guide.
== Download and installation
The latest version of Action Pack can be installed with RubyGems:
$ gem install actionpack
Source code can be downloaded as part of the Rails project on GitHub:
* https://github.com/rails/rails/tree/main/actionpack
== License
Action Pack is released under the MIT license:
* https://opensource.org/licenses/MIT
== Support
API documentation is at:
* https://api.rubyonrails.org
Bug reports for the Ruby on Rails project can be filed here:
* https://github.com/rails/rails/issues
Feature requests should be discussed on the rails-core mailing list here:
* https://discuss.rubyonrails.org/c/rubyonrails-core