There may be situations where you need to tunnel SSL connections over port 80 so we shouldn't remove it if it has been explicitly provided.
3.4 KiB
-
Always use the provided port if the protocol is relative.
Fixes #15043.
Guilherme Cavalcanti, Andrew White
-
Moved
params[request_forgery_protection_token]
into its own method and improved tests.Fixes #11316.
Tom Kadwill
-
Added verification of route constraints given as a Proc or an object responding to
:matches?
. Previously, when given an non-complying object, it would just silently fail to enforce the constraint. It will now raise anArgumentError
when setting up the routes.Xavier Defrang
-
Properly treat the entire IPv6 User Local Address space as private for purposes of remote IP detection. Also handle uppercase private IPv6 addresses.
Fixes #12638.
Caleb Spare
-
Fixed an issue with migrating legacy json cookies.
Previously, the
VerifyAndUpgradeLegacySignedMessage
assumes all incoming cookies are marshal-encoded. This is not the case whensecret_token
is used in conjunction with the:json
or:hybrid
serializer.In those case, when upgrading to use
secret_key_base
, this would cause aTypeError: incompatible marshal file format
and a 500 error for the user.Fixes #14774.
Godfrey Chan
-
Make URL escaping more consistent:
- Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
- Add an
escape_segment
helper toRouter::Utils
that escapes '/' characters - Use
escape_segment
rather thanescape_fragment
in optimized URL generation - Use
escape_segment
rather thanescape_path
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use
escape_path
as the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a:controller
segment is used in the path then this usesescape_path
as the controller may be namespaced.Fixes #14629, #14636 and #14070.
Andrew White, Edho Arief
-
Add alias
ActionDispatch::Http::UploadedFile#to_io
toActionDispatch::Http::UploadedFile#tempfile
.Tim Linquist
-
Returns null type format when format is not know and controller is using
any
format block.Fixes #14462.
Rafael Mendonça França
-
Improve routing error page with fuzzy matching search.
Winston
-
Only make deeply nested routes shallow when parent is shallow.
Fixes #14684.
Andrew White, James Coglan
-
Append link to bad code to backtrace when exception is SyntaxError.
Boris Kuznetsov
-
Swapped the parameters of assert_equal in
assert_select
so that the proper values were printed correctlyFixes #14422.
Vishal Lal
-
The method
shallow?
returns false if the parent resource is a singleton so we need to check if we're not inside a nested scope before copying the :path and :as options to their shallow equivalents.Fixes #14388.
Andrew White
-
Make logging of CSRF failures optional (but on by default) with the
log_warning_on_csrf_failure
configuration setting inActionController::RequestForgeryProtection
.John Barton
-
Fix URL generation in controller tests with request-dependent
default_url_options
methods.Tony Wooster
Please check 4-1-stable for previous changes.