kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/CHANGELOG.md
eileencodes 59a02fb7bc Implement H2 Early Hints for Rails 
When puma/puma#1403 is merged Puma will support the Early Hints status
code for sending assets before a request has finished.

While the Early Hints spec is still in draft, this PR prepares Rails to
allowing this status code.

If the proxy server supports Early Hints, it will send H2 pushes to the
client.

This PR adds a method for setting Early Hints Link headers via Rails,
and also automatically sends Early Hints if supported from the
`stylesheet_link_tag` and the `javascript_include_tag`.

Once puma supports Early Hints the `--early-hints` argument can be
passed to the server to enable this or set in the puma config with
`early_hints(true)`. Note that for Early Hints to work
in the browser the requirements are 1) a proxy that can handle H2,
and 2) HTTPS.

To start the server with Early Hints enabled pass `--early-hints` to
`rails s`.

This has been verified to work with h2o, Puma, and Rails with Chrome.

The commit adds a new option to the rails server to enable early hints
for Puma.

Early Hints spec:
https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04

[Eileen M. Uchitelle, Aaron Patterson]
2017-10-04 09:17:21 -04:00

4.3 KiB
Raw Blame History

  • Add ability to enable Early Hints for HTTP/2

    If supported by the server, and enabled in Puma this allows H2 Early Hints to be used.

    The javascript_include_tag and the stylesheet_link_tag automatically add Early Hints if requested.

    Eileen M. Uchitelle, Aaron Patterson

  • Simplify cookies middleware with key rotation support

    Use the rotate method for both MessageEncryptor and MessageVerifier to add key rotation support for encrypted and signed cookies. This also helps simplify support for legacy cookie security.

    Michael J Coyne

  • Use Capybara registered :puma server config.

    The Capybara registered :puma server ensures the puma server is run in process so connection sharing and open request detection work correctly by default.

    Thomas Walpole

  • Cookies :expires option supports ActiveSupport::Duration object.

    cookies[:user_name] = { value: "assain", expires: 1.hour }
cookies[:key] = { value: "a yummy cookie", expires: 6.months }

    Pull Request: #30121

    Assain Jaleel

  • Enforce signed/encrypted cookie expiry server side.

    Rails can thwart attacks by malicious clients that don't honor a cookie's expiry.

    It does so by stashing the expiry within the written cookie and relying on the signing/encrypting to vouch that it hasn't been tampered with. Then on a server-side read, the expiry is verified and any expired cookie is discarded.

    Pull Request: #30121

    Assain Jaleel

  • Make take_failed_screenshot work within engine.

    Fixes #30405.

    Yuji Yaginuma

  • Deprecate ActionDispatch::TestResponse response aliases

    #success?, #missing? & #error? are not supported by the actual ActionDispatch::Response object and can produce false-positives. Instead, use the response helpers provided by Rack::Response.

    Trevor Wistaff

  • Protect from forgery by default

    Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base depending on config.action_controller.default_protect_from_forgery. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.

    Lisa Ugray

  • Fallback ActionController::Parameters#to_s to Hash#to_s.

    Kir Shatrov

  • driven_by now registers poltergeist and capybara-webkit

    If poltergeist or capybara-webkit are set as drivers is set for System Tests, driven_by will register the driver and set additional options passed via the :options parameter.

    Refer to the respective driver's documentation to see what options can be passed.

    Mario Chavez

  • AEAD encrypted cookies and sessions with GCM

    Encrypted cookies now use AES-GCM which couples authentication and encryption in one faster step and produces shorter ciphertexts. Cookies encrypted using AES in CBC HMAC mode will be seamlessly upgraded when this new mode is enabled via the action_dispatch.use_authenticated_cookie_encryption configuration value.

    Michael J Coyne

  • Change the cache key format for fragments to make it easier to debug key churn. The new format is:

    views/template/action.html.erb:7a1156131a6928cb0026877f8b749ac9/projects/123
      ^template path           ^template tree digest            ^class   ^id

    DHH

  • Add support for recyclable cache keys with fragment caching. This uses the new versioned entries in the ActiveSupport::Cache stores and relies on the fact that Active Record has split #cache_key and #cache_version to support it.

    DHH

  • Add action_controller_api and action_controller_base load hooks to be called in ActiveSupport.on_load

    ActionController::Base and ActionController::API have differing implementations. This means that the one umbrella hook action_controller is not able to address certain situations where a method may not exist in a certain implementation.

    This is fixed by adding two new hooks so you can target ActionController::Base vs ActionController::API

    Fixes #27013.

    Julian Nadeau

Please check 5-1-stable for previous changes.