2018-04-30 21:54:11 +00:00
|
|
|
* Request Forgery takes relative paths into account.
|
|
|
|
|
|
|
|
*Stefan Wienert*
|
|
|
|
|
2024-02-14 16:28:25 +00:00
|
|
|
* Add ".test" as a default allowed host in development to ensure smooth golden-path setup with puma.dev.
|
|
|
|
|
|
|
|
*DHH*
|
|
|
|
|
2024-01-01 00:06:13 +00:00
|
|
|
* Add `allow_browser` to set minimum browser versions for the application.
|
|
|
|
|
|
|
|
A browser that's blocked will by default be served the file in `public/426.html` with a HTTP status code of "426 Upgrade Required".
|
|
|
|
|
|
|
|
```ruby
|
|
|
|
class ApplicationController < ActionController::Base
|
2024-01-01 00:20:15 +00:00
|
|
|
# Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has
|
2024-01-01 00:06:13 +00:00
|
|
|
allow_browser versions: :modern
|
|
|
|
end
|
2024-01-01 00:20:15 +00:00
|
|
|
|
2024-01-01 00:06:13 +00:00
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
# All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+.
|
|
|
|
allow_browser versions: { safari: 16.4, firefox: 121, ie: false }
|
|
|
|
end
|
2024-01-01 00:20:15 +00:00
|
|
|
|
2024-01-01 00:06:13 +00:00
|
|
|
class MessagesController < ApplicationController
|
|
|
|
# In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action.
|
|
|
|
allow_browser versions: { opera: 104, chrome: 119 }, only: :show
|
|
|
|
end
|
2024-01-01 00:20:15 +00:00
|
|
|
```
|
2024-01-01 00:06:13 +00:00
|
|
|
|
|
|
|
*DHH*
|
|
|
|
|
2024-01-17 14:24:22 +00:00
|
|
|
* Add rate limiting API.
|
2023-12-31 12:26:01 +00:00
|
|
|
|
|
|
|
```ruby
|
|
|
|
class SessionsController < ApplicationController
|
|
|
|
rate_limit to: 10, within: 3.minutes, only: :create
|
|
|
|
end
|
|
|
|
|
|
|
|
class SignupsController < ApplicationController
|
|
|
|
rate_limit to: 1000, within: 10.seconds,
|
|
|
|
by: -> { request.domain }, with: -> { redirect_to busy_controller_url, alert: "Too many signups!" }, only: :new
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
2024-01-17 14:24:22 +00:00
|
|
|
*DHH*, *Jean Boussier*
|
2023-12-31 12:26:01 +00:00
|
|
|
|
2021-06-06 07:45:53 +00:00
|
|
|
* Add `image/svg+xml` to the compressible content types of ActionDispatch::Static
|
|
|
|
|
|
|
|
*Georg Ledermann*
|
|
|
|
|
2023-09-15 22:03:05 +00:00
|
|
|
* Add instrumentation for ActionController::Live#send_stream
|
|
|
|
|
|
|
|
Allows subscribing to `send_stream` events. The event payload contains the filename, disposition, and type.
|
|
|
|
|
|
|
|
*Hannah Ramadan*
|
|
|
|
|
2023-10-27 05:46:03 +00:00
|
|
|
* Add support for `with_routing` test helper in `ActionDispatch::IntegrationTest`
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2023-10-12 18:42:40 +00:00
|
|
|
* Remove deprecated support to set `Rails.application.config.action_dispatch.show_exceptions` to `true` and `false`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2023-10-12 18:37:55 +00:00
|
|
|
* Remove deprecated `speaker`, `vibrate`, and `vr` permissions policy directives.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2023-10-12 18:03:42 +00:00
|
|
|
* Remove deprecated `Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2023-10-12 17:43:54 +00:00
|
|
|
* Deprecate `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
|
|
|
* Remove deprecated comparison between `ActionController::Parameters` and `Hash`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2023-10-12 17:32:26 +00:00
|
|
|
* Remove deprecated constant `AbstractController::Helpers::MissingHelperError`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
|
2023-11-03 20:45:20 +00:00
|
|
|
* Fix a race condition that could cause a `Text file busy - chromedriver`
|
|
|
|
error with parallel system tests
|
|
|
|
|
|
|
|
*Matt Brictson*
|
|
|
|
|
2023-10-20 16:50:18 +00:00
|
|
|
* Add `racc` as a dependency since it will become a bundled gem in Ruby 3.4.0
|
|
|
|
|
|
|
|
*Hartley McGuire*
|
2023-10-12 17:27:35 +00:00
|
|
|
* Remove deprecated constant `ActionDispatch::IllegalStateError`.
|
|
|
|
|
|
|
|
*Rafael Mendonça França*
|
2023-09-27 03:08:31 +00:00
|
|
|
|
2015-07-28 03:59:31 +00:00
|
|
|
* Add parameter filter capability for redirect locations.
|
|
|
|
|
|
|
|
It uses the `config.filter_parameters` to match what needs to be filtered.
|
|
|
|
The result would be like this:
|
|
|
|
|
|
|
|
Redirected to http://secret.foo.bar?username=roque&password=[FILTERED]
|
|
|
|
|
|
|
|
Fixes #14055.
|
|
|
|
|
|
|
|
*Roque Pinel*, *Trevor Turk*, *tonytonyjan*
|
|
|
|
|
2023-09-27 03:59:11 +00:00
|
|
|
Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionpack/CHANGELOG.md) for previous changes.
|