1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionpack/CHANGELOG.md
Santiago Pastorino d70ba48c4d Revert "Merge pull request #16434 from strzalek/cookies-digest-config-option"
This reverts commit 7059776205, reversing
changes made to dde91e9bf5.

IT BROKE THE BUILD!!!
2014-08-08 18:20:33 -03:00

7.2 KiB

  • Extract source code for the entire exception stack trace for better debugging and diagnosis.

    Ryan Dao

  • Allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8 loopback address.

    Earl St Sauver, Sven Riedel

  • Preserve original path in ShowExceptions middleware by stashing it as env["action_dispatch.original_path"]

    ActionDispatch::ShowExceptions overwrites PATH_INFO with the status code for the exception defined in ExceptionWrapper, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original PATH_INFO is now stashed in env["action_dispatch.original_path"].

    Grey Baker

  • Use String#bytesize instead of String#size when checking for cookie overflow.

    Agis Anastasopoulos

  • render nothing: true or rendering a nil body no longer add a single space to the response body.

    The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary.

    Use render body: ' ' if the old behavior is desired.

    See #14883 for details.

    Godfrey Chan

  • Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671 ("Rosetta Flash")

    Greg Campbell

  • Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb.

    Fixes #16104.

    Karl Entwistle

  • Generate shallow paths for all children of shallow resources.

    Fixes #15783.

    Seb Jacobs

  • JSONP responses are now rendered with the text/javascript content type when rendering through a respond_to block.

    Fixes #15081.

    Lucas Mazza

  • Add config.action_controller.always_permitted_parameters to configure which parameters are permitted globally. The default value of this configuration is ['controller', 'action'].

    Gary S. Weaver, Rafael Chacon

  • Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'.

    Fixes #15511.

    Larry Lv

  • ActionController::Parameters#require now accepts false values.

    Fixes #15685.

    Sergio Romano

  • With authorization header Authorization: Token token=, authenticate now recognize token as nil, instead of "token".

    Fixes #14846.

    Larry Lv

  • Ensure the controller is always notified as soon as the client disconnects during live streaming, even when the controller is blocked on a write.

    Nicholas Jakobsen, Matthew Draper

  • Routes specifying 'to:' must be a string that contains a "#" or a rack application. Use of a symbol should be replaced with action: symbol. Use of a string without a "#" should be replaced with controller: string.

    Aaron Patterson

  • Fix URL generation with :trailing_slash such that it does not add a trailing slash after .:format

    Dan Langevin

  • Build full URI as string when processing path in integration tests for performance reasons.

    Guo Xiang Tan

  • Fix 'Stack level too deep' when rendering head :ok in an action method called 'status' in a controller.

    Fixes #13905.

    Christiaan Van den Poel

  • Add MKCALENDAR HTTP method (RFC 4791).

    Sergey Karpesh

  • Instrument fragment cache metrics.

    Adds :controller: and :action keys to the instrumentation payload for the *_fragment.action_controller notifications. This allows tracking e.g. the fragment cache hit rates for each controller action.

    Daniel Schierbeck

  • Always use the provided port if the protocol is relative.

    Fixes #15043.

    Guilherme Cavalcanti, Andrew White

  • Moved params[request_forgery_protection_token] into its own method and improved tests.

    Fixes #11316.

    Tom Kadwill

  • Added verification of route constraints given as a Proc or an object responding to :matches?. Previously, when given an non-complying object, it would just silently fail to enforce the constraint. It will now raise an ArgumentError when setting up the routes.

    Xavier Defrang

  • Properly treat the entire IPv6 User Local Address space as private for purposes of remote IP detection. Also handle uppercase private IPv6 addresses.

    Fixes #12638.

    Caleb Spare

  • Fixed an issue with migrating legacy json cookies.

    Previously, the VerifyAndUpgradeLegacySignedMessage assumes all incoming cookies are marshal-encoded. This is not the case when secret_token is used in conjunction with the :json or :hybrid serializer.

    In those case, when upgrading to use secret_key_base, this would cause a TypeError: incompatible marshal file format and a 500 error for the user.

    Fixes #14774.

    Godfrey Chan

  • Make URL escaping more consistent:

    1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
    2. Add an escape_segment helper to Router::Utils that escapes '/' characters
    3. Use escape_segment rather than escape_fragment in optimized URL generation
    4. Use escape_segment rather than escape_path in URL generation

    For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use escape_path as the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a :controller segment is used in the path then this uses escape_path as the controller may be namespaced.

    Fixes #14629, #14636 and #14070.

    Andrew White, Edho Arief

  • Add alias ActionDispatch::Http::UploadedFile#to_io to ActionDispatch::Http::UploadedFile#tempfile.

    Tim Linquist

  • Returns null type format when format is not know and controller is using any format block.

    Fixes #14462.

    Rafael Mendonça França

  • Improve routing error page with fuzzy matching search.

    Winston

  • Only make deeply nested routes shallow when parent is shallow.

    Fixes #14684.

    Andrew White, James Coglan

  • Append link to bad code to backtrace when exception is SyntaxError.

    Boris Kuznetsov

  • Swapped the parameters of assert_equal in assert_select so that the proper values were printed correctly.

    Fixes #14422.

    Vishal Lal

  • The method shallow? returns false if the parent resource is a singleton so we need to check if we're not inside a nested scope before copying the :path and :as options to their shallow equivalents.

    Fixes #14388.

    Andrew White

  • Make logging of CSRF failures optional (but on by default) with the log_warning_on_csrf_failure configuration setting in ActionController::RequestForgeryProtection.

    John Barton

  • Fix URL generation in controller tests with request-dependent default_url_options methods.

    Tony Wooster

Please check 4-1-stable for previous changes.