Add `allow_other_host` options to `redirect_to`. Opt in to this behaviour with `ActionController::Base.raise_on_open_redirects = true`.
6.2 KiB
-
Raise error on unpermitted open redirects.
Add
allow_other_host
options toredirect_to
. Opt in to this behaviour withActionController::Base.raise_on_open_redirects = true
.Gannon McGibbon
-
Deprecate
poltergeist
andwebkit
(capybara-webkit) driver registration for system testing (they will be removed in Rails 7.1). Addcuprite
instead.Poltergeist and capybara-webkit are already not maintained. These usage in Rails are removed for avoiding confusing users.
Cuprite is a good alternative to Poltergeist. Some guide descriptions are replaced from Poltergeist to Cuprite.
Yusuke Iwaki
-
Add
Middleware#remove
to delete middleware or raise if not found.Middleware#remove
works just likeMiddleware#delete
but will raise an error if the middleware isn't found.Alex Ghiculescu, Petrik de Heus
-
Exclude additional flash types from
ActionController::Base.action_methods
.Ensures that additional flash types defined on ActionController::Base subclasses are not listed as actions on that controller.
class MyController < ApplicationController add_flash_types :hype end MyController.action_methods.include?('hype') # => false
Gavin Morrice
-
OpenSSL constants are now used for Digest computations.
Dirkjan Bussink
-
Remove IE6-7-8 file download related hack/fix from ActionController::DataStreaming module.
Due to the age of those versions of IE this fix is no longer relevant, more importantly it creates an edge-case for unexpected Cache-Control headers.
Tadas Sasnauskas
-
Configuration setting to skip logging an uncaught exception backtrace when the exception is present in
rescued_responses
.It may be too noisy to get all backtraces logged for applications that manage uncaught exceptions via
rescued_responses
andexceptions_app
.config.action_dispatch.log_rescued_responses
(defaults totrue
) can be set tofalse
in this case, so that only exceptions not found inrescued_responses
will be logged.Alexander Azarov, Mike Dalessio
-
Ignore file fixtures on
db:fixtures:load
.Kevin Sjöberg
-
Fix ActionController::Live controller test deadlocks by removing the body buffer size limit for tests.
Dylan Thacker-Smith
-
New
ActionController::ConditionalGet#no_store
method to set HTTP cache controlno-store
directive.Tadas Sasnauskas
-
Drop support for the
SERVER_ADDR
header.Following up https://github.com/rack/rack/pull/1573 and https://github.com/rails/rails/pull/42349.
Ricardo Díaz
-
Set session options when initializing a basic session.
Gannon McGibbon
-
Add
cache_control: {}
option tofresh_when
andstale?
.Works as a shortcut to set
response.cache_control
with the above methods.Jacopo Beschi
-
Writing into a disabled session will now raise an error.
Previously when no session store was set, writing into the session would silently fail.
Jean Boussier
-
Add support for 'require-trusted-types-for' and 'trusted-types' headers.
Fixes #42034.
lfalcao
-
Remove inline styles and address basic accessibility issues on rescue templates.
Jacob Herrington
-
Add support for 'private, no-store' Cache-Control headers.
Previously, 'no-store' was exclusive; no other directives could be specified.
Alex Smith
-
Expand payload of
unpermitted_parameters.action_controller
instrumentation to allow subscribers to know which controller action received unpermitted parameters.bbuchalter
-
Add
ActionController::Live#send_stream
that makes it more convenient to send generated streams:send_stream(filename: "subscribers.csv") do |stream| stream.writeln "email_address,updated_at" @subscribers.find_each do |subscriber| stream.writeln [ subscriber.email_address, subscriber.updated_at ].join(",") end end
DHH
-
Add
ActionController::Live::Buffer#writeln
to write a line to the stream with a newline included.DHH
-
ActionDispatch::Request#content_type
now returned Content-Type header as it is.Previously,
ActionDispatch::Request#content_type
returned value does NOT contain charset part. This behavior changed to returned Content-Type header containing charset part as it is.If you want just MIME type, please use
ActionDispatch::Request#media_type
instead.Before:
request = ActionDispatch::Request.new("CONTENT_TYPE" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET") request.content_type #=> "text/csv"
After:
request = ActionDispatch::Request.new("Content-Type" => "text/csv; header=present; charset=utf-16", "REQUEST_METHOD" => "GET") request.content_type #=> "text/csv; header=present; charset=utf-16" request.media_type #=> "text/csv"
Rafael Mendonça França
-
Change
ActionDispatch::Request#media_type
to returnnil
when the request don't have aContent-Type
header.Rafael Mendonça França
-
Fix error in
ActionController::LogSubscriber
that would happen when throwing inside a controller action.Janko Marohnić
-
Allow anything with
#to_str
(likeAddressable::URI
) as aredirect_to
location.ojab
-
Change the request method to a
GET
when passing failed requests down toconfig.exceptions_app
.Alex Robbin
-
Deprecate the ability to assign a single value to
config.action_dispatch.trusted_proxies
asRemoteIp
middleware behaves inconsistently depending on whether this is configured with a single value or an enumerable.Fixes #40772.
Christian Sutter
-
Add
redirect_back_or_to(fallback_location, **)
as a more aesthetically pleasing version ofredirect_back fallback_location:, **
. The old method name is retained without explicit deprecation.DHH
Please check 6-1-stable for previous changes.