TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6b30c3f410
rails/actionpack/CHANGELOG.md

271 lines
9.0 KiB
Markdown
Raw Normal View History

Tag HTTP::Request with route URI pattern (#47129) In the GitHub RoR monolith, we output the route URI pattern in an HTML meta tag in our application layout for analysis purposes. However, our current implementation is quite manual. This change adds an attribute to requests with the URI pattern of the matched route. Co-authored-by: Rafael Mendonça França <rafael@rubyonrails.org> Co-authored-by: Kate Higa <khiga8@github.com>
2023-01-25 21:43:12 +00:00
* Add HTTP::Request#route_uri_pattern that returns URI pattern of matched route.
*Joel Hawksley*, *Kate Higa*
Allow use of SSL-terminating reserve proxy that doesn't set headers (#47139) * Allow use of SSL-terminating reserve proxy that doesn't set headers NGINX and other SSL-terminating reverse proxies can use HTTP headers to include forwarding information. If your stack includes SSL-termination through a network load balancer, that won't happen. You can use config.assume_ssl to address that. * I hate these warts * Document the new setting * Add autoload for AssumeSSL * Add CHANGELOG notice
2023-01-25 20:02:02 +00:00
* Add `ActionDispatch::AssumeSSL` middleware that can be turned on via `config.assume_ssl`.
Trailing whitespace
2023-01-25 20:27:16 +00:00
It makes the application believe that all requests are arring over SSL. This is useful
Allow use of SSL-terminating reserve proxy that doesn't set headers (#47139) * Allow use of SSL-terminating reserve proxy that doesn't set headers NGINX and other SSL-terminating reverse proxies can use HTTP headers to include forwarding information. If your stack includes SSL-termination through a network load balancer, that won't happen. You can use config.assume_ssl to address that. * I hate these warts * Document the new setting * Add autoload for AssumeSSL * Add CHANGELOG notice
2023-01-25 20:02:02 +00:00
when proxying through a load balancer that terminates SSL, the forwarded request will appear
as though its HTTP instead of HTTPS to the application. This makes redirects and cookie
security target HTTP instead of HTTPS. This middleware makes the server assume that the
proxy already terminated SSL, and that the request really is HTTPS.
*DHH*
Changelog for 0019dea As this is a user facing change, it should have a changelog entry
2023-01-05 22:43:15 +00:00
* Only use HostAuthorization middleware if `config.hosts` is not empty
*Hartley McGuire*
Add documentation for #43487 In #43487 we missed adding a changelog so that's been added here. In addition, since this isn't a new framework default unless you are creating a new application (and only in dev and test environments by default) it can be easy to miss this new option. I've updated the message to mention the option following DHH's suggestion on the original PR.
2023-01-03 18:37:22 +00:00
* Allow raising an error when a callback's only/unless symbols aren't existing methods.
When `before_action :callback, only: :action_name` is declared on a controller that doesn't respond to `action_name`, raise an exception at request time. This is a safety measure to ensure that typos or forgetfulness don't prevent a crucial callback from being run when it should.
For new applications, raising an error for undefined actions is turned on by default. If you do not want to opt-in to this behavior set `config.action_pack.raise_on_missing_callback_actions` to `false` in your application configuration. See #43487 for more details.
*Jess Bees*
Allow proc for per-request cookie domain Per-request cookie domain set through proc
2022-12-22 19:49:22 +00:00
* Allow cookie options[:domain] to accept a proc to set the cookie domain on a more flexible per-request basis
*RobL*
Use routes.default_url_options in AC::Renderer env When a host is not specified for an `ActionController::Renderer`'s env, the host and related options will now be derived from the routes' `default_url_options` and `ActionDispatch::Http::URL.secure_protocol`. For example, with: ```ruby Rails.application.default_url_options = { host: "rubyonrails.org" } Rails.application.config.force_ssl = true ``` Before: ```ruby ApplicationController.renderer.render inline: "<%= blog_url %>" # => "http://example.org/blog" ``` After: ```ruby ApplicationController.renderer.render inline: "<%= blog_url %>" # => "https://rubyonrails.org/blog" ``` As a consequence, Action Text attachment URLs rendered in a background job (a la Turbo Streams) will now use `Rails.application.default_url_options`. Fixes #41795. Fixes hotwired/turbo-rails#54. Fixes hotwired/turbo-rails#155.
2022-11-29 16:36:16 +00:00
* When a host is not specified for an `ActionController::Renderer`'s env,
the host and related options will now be derived from the routes'
`default_url_options` and `ActionDispatch::Http::URL.secure_protocol`.
This means that for an application with a configuration like:
```ruby
Rails.application.default_url_options = { host: "rubyonrails.org" }
Rails.application.config.force_ssl = true
```
rendering a URL like:
```ruby
ApplicationController.renderer.render inline: "<%= blog_url %>"
```
will now return `"https://rubyonrails.org/blog"` instead of
`"http://example.org/blog"`.
*Jonathan Hefner*
Add details of cookie name and size to `CookieOverflow` exception My app was raising a `CookieOverflow` exception but it was difficult to pinpoint the cause, since error trackers and logging system generally filter out cookies. This Pull Request has been created because I want the exception to provide additional information: - The name of the cookie that overflowed - The magnitude of how much it overflowed by I am assuming that only the cookie value is sensitive, and not its name or size.
2022-11-24 22:17:18 +00:00
* Add details of cookie name and size to `CookieOverflow` exception.
*Andy Waite*
Fix more double logging in `ActiveRecord::QueryLogs` ref: https://github.com/rails/rails/pull/46279 That PR missed the case where if you set `config.active_record.query_log_tags = [:namespaced_controller]`, it would log the controller twice: ``` /*namespaced_controller:Foo::BarController,controller:bar* ``` So this PR just fixes that bug, and tweaks the changelog entry rather than adding another one for the same bug.
2022-12-05 02:57:34 +00:00
* Don't double log the `controller`, `action`, or `namespaced_controller` when using `ActiveRecord::QueryLog`
Fix double logging in `ActiveRecord::QueryLog` Fixes https://github.com/rails/rails/issues/46103 An issue exists if you set `config.active_record.query_log_tags` to an array that includes `:controller`, `:action`, or `:job`; the relevant item will get duplicated in the log line. This occured because the relevant railties would add the item to `config.active_record.query_log_tags` again during setup. This PR fixes that by only adding those items to the config if they aren't already set. The issue proposed more documentation to work around this, but I think it's a bug and should be fixed directly.
2022-10-19 20:33:51 +00:00
Previously if you set `config.active_record.query_log_tags` to an array that included
Fix more double logging in `ActiveRecord::QueryLogs` ref: https://github.com/rails/rails/pull/46279 That PR missed the case where if you set `config.active_record.query_log_tags = [:namespaced_controller]`, it would log the controller twice: ``` /*namespaced_controller:Foo::BarController,controller:bar* ``` So this PR just fixes that bug, and tweaks the changelog entry rather than adding another one for the same bug.
2022-12-05 02:57:34 +00:00
`:controller`, `:namespaced_controller`, or `:action`, that item would get logged twice.
This bug has been fixed.
Fix double logging in `ActiveRecord::QueryLog` Fixes https://github.com/rails/rails/issues/46103 An issue exists if you set `config.active_record.query_log_tags` to an array that includes `:controller`, `:action`, or `:job`; the relevant item will get duplicated in the log line. This occured because the relevant railties would add the item to `config.active_record.query_log_tags` again during setup. This PR fixes that by only adding those items to the config if they aren't already set. The issue proposed more documentation to work around this, but I think it's a bug and should be fixed directly.
2022-10-19 20:33:51 +00:00
*Alex Ghiculescu*
Update CHANGELOG with PR #45427 changes (#46215) * Update CHANGELOG with PR #45427 changes [ci skip] Co-authored-by: Petrik de Heus <petrik@deheus.net>
2022-10-10 19:07:22 +00:00
* Add the following permissions policy directives: `hid`, `idle-detection`, `screen-wake-lock`,
`serial`, `sync-xhr`, `web-share`.
*Guillaume Cabanel*
Deprecate obsolete permissions policy directives `speaker`, `vibrate`, and `vr` were [listed as policy-controlled features][1] around the time when #33439 was first written (2018-07-25). However, `vibrate` was removed in w3c/webappsec-permissions-policy@b7271ac0f23c11d6d34ad27e7c837795f42c3caa, `vr` was changed to `xr` in w3c/webappsec-permissions-policy@bec5ce6547078b078ea4ced32f1453d83a736f4e, and `speaker` was removed in w3c/webappsec-permissions-policy@18707d396e1d3f0be3de348fc432383cc8866e0b. (And `xr` was later changed to `xr-spatial-tracking`, and still only has [experimental support][2].) Therefore, this commit deprecates these permissions policy directives. [1]: https://github.com/w3c/webappsec-permissions-policy/blob/6d8bbbe738368c317d280bb866c66cedaef3391c/features.md#policy-controlled-features [2]: https://github.com/w3c/webappsec-permissions-policy/blob/432a1532c943a079351eecbc445ae4c6ed9b949c/features.md#standardized-features
2022-10-05 16:55:05 +00:00
* The `speaker`, `vibrate`, and `vr` permissions policy directives are now
deprecated.
There is no browser support for these directives, and no plan for browser
support in the future. You can just remove these directives from your
application.
*Jonathan Hefner*
Allow specifying the HTTP status code in assert_redirected_to Previously, the method always asserts the status is `:redirect` which allows for any kind of 3XX response. However, sometimes it is worthwhile to precise the status code of the redirect. For example, a Rails application may want to verify the redirect is a 301 (Moved Permanently) and not the default 302 (Found). The new method argument makes this convenient to do in one assertion.
2022-09-17 14:05:53 +00:00
* Added the `:status` option to `assert_redirected_to` to specify the precise
HTTP status of the redirect. Defaults to `:redirect` for backwards
compatibility.
*Jon Dufresne*
Fix word case. `json` -> `JSON`
2022-09-16 18:11:36 +00:00
* Rescue `JSON::ParserError` in Cookies JSON deserializer to discards marshal dumps:
ActionDispatch::Cookies json deserializer discards marshal dumps Without this change if action_dispatch.cookies_serializer is set to json and the app tries to read a marshal-serialized cookie, it will raise a JSON::ParserError which won't clear the cookie and force app users to manually clear the cookie in their browser. (See #45127 for original bug discussion)
2022-09-07 00:51:21 +00:00
Merge PR #45956
2022-09-09 22:13:08 +00:00
Without this change, if `action_dispatch.cookies_serializer` is set to `:json` and
the app tries to read a `:marshal` serialized cookie, it would error out which wouldn't
clear the cookie and force app users to manually clear it in their browser.
ActionDispatch::Cookies json deserializer discards marshal dumps Without this change if action_dispatch.cookies_serializer is set to json and the app tries to read a marshal-serialized cookie, it will raise a JSON::ParserError which won't clear the cookie and force app users to manually clear the cookie in their browser. (See #45127 for original bug discussion)
2022-09-07 00:51:21 +00:00
(See #45127 for original bug discussion)
*Nathan Bardoux*
Copy-edit 8e65c22
2022-09-09 21:05:13 +00:00
* Add `HTTP_REFERER` when following redirects on integration tests
This makes `follow_redirect!` a closer simulation of what happens in a real browser
*Felipe Sateler*
Add exclude? method to ActionController::Parameters
2022-08-25 17:31:05 +00:00
* Added `exclude?` method to `ActionController::Parameters`.
*Ian Neubert*
Rescue EOFError error from rack on a multipart request
2022-08-15 22:50:10 +00:00
* Rescue `EOFError` exception from `rack` on a multipart request.
*Nikita Vasilevsky*
Log redirects from router similarly to controller redirects
2021-10-21 10:19:10 +00:00
* Log redirects from routes the same way as redirects from controllers.
*Dennis Paagman*
Prevent ActionDispatch::ServerTiming from overwriting existing header
2022-07-18 14:38:15 +00:00
Log redirects from router similarly to controller redirects
2021-10-21 10:19:10 +00:00
* Prevent `ActionDispatch::ServerTiming` from overwriting existing values in `Server-Timing`.
Prevent ActionDispatch::ServerTiming from overwriting existing header
2022-07-18 14:38:15 +00:00
Previously, if another middleware down the chain set `Server-Timing` header,
it would overwritten by `ActionDispatch::ServerTiming`.
*Jakub Malinowski*
Allow opting out of the `SameSite` cookie attribute when setting a cookie. Since https://github.com/rails/rails/commit/7ccaa125ba396d418aad1b217b63653d06044680 it's not been possible to not include `SameSite` on your cookies. `SameSite` is recommended, but it's not a required field, and you should be able to opt out of it. This PR introduces that ability: you can opt out of `SameSite` by passing `same_site: false`. ```ruby cookies[:foo] = { value: "bar", same_site: false } ``` Previously, this incorrectly set the `SameSite` attribute to the value of the `cookies_same_site_protection` setting. https://github.com/rails/rails/pull/44934 added docs saying that you could pass `nil` as a value, but that also would fall back to the default (`:lax`).
2022-06-30 21:57:53 +00:00
* Allow opting out of the `SameSite` cookie attribute when setting a cookie.
You can opt out of `SameSite` by passing `same_site: nil`.
`cookies[:foo] = { value: "bar", same_site: nil }`
Previously, this incorrectly set the `SameSite` attribute to the value of the `cookies_same_site_protection` setting.
*Alex Ghiculescu*
Fix using helpers in `content_security_policy` and `permissions_policy` Fixes https://github.com/rails/rails/issues/45034 Currently helpers that are generated using `helper_method` cannot be used in `content_security_policy` and `permissions_policy`, this is because the use of `yield` causes `self` to be set incorrectly. By using `instance_exec` we ensure the scoping is correct so that you can access the same methods you'd be able to if you wrote your own `before_action`.
2022-05-17 13:37:23 +00:00
* Allow using `helper_method`s in `content_security_policy` and `permissions_policy`
Previously you could access basic helpers (defined in helper modules), but not
helper methods defined using `helper_method`. Now you can use either.
```ruby
content_security_policy do |p|
p.default_src "https://example.com"
p.script_src "https://example.com" if helpers.script_csp?
end
```
*Alex Ghiculescu*
Make behaviour of has_value?/value? more consistent
2022-04-09 14:48:39 +00:00
* Reimplement `ActionController::Parameters#has_value?` and `#value?` to avoid parameters and hashes comparison.
Deprecated equality between parameters and hashes is going to be removed in Rails 7.2.
The new implementation takes care of conversions.
*Seva Stefkin*
Only allow String and Symbol keys in ActionController::Parameters
2022-04-05 09:23:25 +00:00
* Allow only String and Symbol keys in `ActionController::Parameters`.
Raise `ActionController::InvalidParameterKey` when initializing Parameters
with keys that aren't strings or symbols.
*Seva Stefkin*
Allow CSRF tokens to be stored outside of session
2022-03-11 15:53:39 +00:00
* Add the ability to use custom logic for storing and retrieving CSRF tokens.
By default, the token will be stored in the session. Custom classes can be
Rename behaviour to behavior in documentation
2022-05-25 23:48:46 +00:00
defined to specify arbitrary behavior, but the ability to store them in
Allow CSRF tokens to be stored outside of session
2022-03-11 15:53:39 +00:00
encrypted cookies is built in.
*Andrew Kowpak*
Don't delegate ActionController::Parameters#values to hash Instead, cast any nested hashes into ActionController::Parameters.
2022-03-31 22:10:23 +00:00
* Make ActionController::Parameters#values cast nested hashes into parameters.
*Gannon McGibbon*
Introduce `html:` and `screenshot:` kwargs for system test screenshot helper This builds on the environment variables added in https://github.com/rails/rails/pull/36545 Being able to request `html` or `screenshot` from test code is nice as it means you can do this selectively per-screenshot, rather than screenshotting/HTML dumping everything when running a test.
2022-03-18 20:17:10 +00:00
* Introduce `html:` and `screenshot:` kwargs for system test screenshot helper
Use these as an alternative to the already-available environment variables.
For example, this will display a screenshot in iTerm, save the HTML, and output
its path.
```ruby
take_screenshot(html: true, screenshot: "inline")
```
*Alex Ghiculescu*
Receive a block to ActionController::Parameters.to_h Allow `ActionController::Parameters.to_h` to receive a block to provide parity with `Hash#to_h`. The provided block recieves `key, value` and yields a two-element array/keypair which can be transformed in the resulting Hash. https://ruby-doc.org/core-2.7.5/Hash.html#method-i-to_h
2022-03-23 19:44:53 +00:00
* Allow `ActionController::Parameters#to_h` to receive a block.
*Bob Farrell*
Allow relative redirects when `raise_on_open_redirects` is enabled
2022-03-10 00:37:07 +00:00
* Allow relative redirects when `raise_on_open_redirects` is enabled
*Tom Hughes*
Generate content security policy for non-HTML responses One feature of the content security policy DSL, though undocumented, is that it will not generate headers for non-HTML responses, even if a configuration is explicitly provided. While it may not seem obvious that anyone would want to send this header in an API response, Mozilla Observatory, for instance, recommends the following for API responses: `Content-Security-Policy: default-src 'none'; frame-ancestors 'none'` (source: https://observatory.mozilla.org/faq/) The Secure Headers gem also makes recommendations about the content security policy for API responses: https://github.com/github/secure_headers#api-configurations As such, this removes the HTML guard clause from the `ContentSecurityPolicy` middleware.
2020-06-16 17:54:35 +00:00
* Allow Content Security Policy DSL to generate for API responses.
Update actionpack/CHANGELOG.md Co-authored-by: Alex Ghiculescu <alex@tanda.co>
2022-03-08 00:33:00 +00:00
Generate content security policy for non-HTML responses One feature of the content security policy DSL, though undocumented, is that it will not generate headers for non-HTML responses, even if a configuration is explicitly provided. While it may not seem obvious that anyone would want to send this header in an API response, Mozilla Observatory, for instance, recommends the following for API responses: `Content-Security-Policy: default-src 'none'; frame-ancestors 'none'` (source: https://observatory.mozilla.org/faq/) The Secure Headers gem also makes recommendations about the content security policy for API responses: https://github.com/github/secure_headers#api-configurations As such, this removes the HTML guard clause from the `ContentSecurityPolicy` middleware.
2020-06-16 17:54:35 +00:00
*Tim Wade*
Better handle basic authentication without a password https://github.com/rails/rails/pull/43209 immediately rejects the request if no password is passed, but there are legitimate uses for accepting authentication without a password.
2022-03-04 10:53:20 +00:00
* Fix `authenticate_with_http_basic` to allow for missing password.
Before Rails 7.0 it was possible to handle basic authentication with only a username.
Don't delegate ActionController::Parameters#values to hash Instead, cast any nested hashes into ActionController::Parameters.
2022-03-31 22:10:23 +00:00
Better handle basic authentication without a password https://github.com/rails/rails/pull/43209 immediately rejects the request if no password is passed, but there are legitimate uses for accepting authentication without a password.
2022-03-04 10:53:20 +00:00
```ruby
authenticate_with_http_basic do |token, _|
ApiClient.authenticate(token)
end
```
This ability is restored.
*Jean Boussier*
Apply content security policy mapping when generated dynamically: - Fix #44536
2022-02-28 18:12:45 +00:00
* Fix `content_security_policy` returning invalid directives.
Directives such as `self`, `unsafe-eval` and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
```ruby
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
```
With this fix the policy generated from above will now be valid.
*Edouard Chin*
Allow skip_forgery_protection if no protection set Calling `skip_forgery_protection` without first calling `protect_from_forgery`--either manually or through default settings--raises an `ArgumentError` because `verify_authenticity_token` has not been defined as a callback. Since Rails 7.0 adds `skip_forgery_protection` to the `Rails::WelcomeController` (PR #42864), this behavior means that setting `default_protect_from_forgery` to false and visiting the Rails Welcome page (`/`) raises an error. This behavior also created an issue for `ActionMailbox` that was previously fixed in the Mailbox controller by running `skip_forgery_protection` only if `default_protect_from_forgery` was true (PR #35935). This PR addresses the underlying issue by setting the `raise` option for `skip_before_action` to default to false inside `skip_forgery_protection`. The fix is implemented in `request_forgery_protection.rb`. The change to `ActionMailbox`'s `base_controller.rb` removes the now-unnecessary check of `default_protect_from_forgery`. The tests added in `request_forgery_protection_test.rb` and `routing_test.rb` both raise an error when run against the current codebase and pass with the changes noted above.
2022-02-28 02:58:42 +00:00
* Fix `skip_forgery_protection` to run without raising an error if forgery
protection has not been enabled / `verify_authenticity_token` is not a
defined callback.
This fix prevents the Rails 7.0 Welcome Page (`/`) from raising an
`ArgumentError` if `default_protect_from_forgery` is false.
*Brad Trick*
Remove body content from redirect responses Modern browsers don't render this HTML so it goes unused in practice. The delivered bytes are therefore a small waste (although very small) and unnecessary and could be optimized away. Additionally, the HTML fails validation. Using the W3C v.Nu, we see the following errors: Warning: Consider adding a lang attribute to the html start tag to declare the language of this document. Error: Start tag seen without seeing a doctype first. Expected <!DOCTYPE html>. Error: Element head is missing a required instance of child element title. These errors may surface in site-wide compliance tests (either internal tests or external contractual tests). Avoid the false positives by removing the HTML. While these warnings and errors could be resolved, it would be simpler on future maintenance to remove the body altogether (especially as it isn't rendered by the browser). As the same string is copied around a few places, this removes multiple touch points to resolve the current validation errors as well as new ones. Many other frameworks and web servers don't include an HTML body on redirect, so there isn't a reason for Rails to do so. By removing the custom Rails HTML, there are fewing "fingerprints" that a malicious bot could use to identify the backend technologies. Application controllers that wish to add a response body after calling redirect_to can continue to do so.
2022-02-25 14:11:56 +00:00
* Make `redirect_to` return an empty response body.
Application controllers that wish to add a response body after calling
`redirect_to` can continue to do so.
*Jon Dufresne*
Stop capturing subdomain in HostAuthorization This also extracts a constant, giving a name to a "magic regex".
2022-02-22 16:03:19 +00:00
* Use non-capturing group for subdomain matching in `ActionDispatch::HostAuthorization`
Since we do nothing with the captured subdomain group, we can use a non-capturing group instead.
*Sam Bostock*
Fix CHANGELOG typos
2022-02-22 17:53:52 +00:00
* Fix `ActionController::Live` to copy the IsolatedExecutionState in the ephemeral thread.
Copy over the IsolatedExecutionState in AC::Live Fix: https://github.com/rails/rails/issues/44496 It's really unfortunate, but since thread locals were copied since a decade and we moved most of them into IsolatedExecutionState we now need to copy it too to keep backward compatibility. However I think it's one more sign that AC::Live should be rethought.
2022-02-21 10:35:22 +00:00
Fix CHANGELOG typos
2022-02-22 17:53:52 +00:00
Since its inception `ActionController::Live` has been copying thread local variables
Copy over the IsolatedExecutionState in AC::Live Fix: https://github.com/rails/rails/issues/44496 It's really unfortunate, but since thread locals were copied since a decade and we moved most of them into IsolatedExecutionState we now need to copy it too to keep backward compatibility. However I think it's one more sign that AC::Live should be rethought.
2022-02-21 10:35:22 +00:00
to keep things such as `CurrentAttributes` set from middlewares working in the controller action.
With the introduction of `IsolatedExecutionState` in 7.0, some of that global state was lost in
Fix CHANGELOG typos
2022-02-22 17:53:52 +00:00
`ActionController::Live` controllers.
Copy over the IsolatedExecutionState in AC::Live Fix: https://github.com/rails/rails/issues/44496 It's really unfortunate, but since thread locals were copied since a decade and we moved most of them into IsolatedExecutionState we now need to copy it too to keep backward compatibility. However I think it's one more sign that AC::Live should be rethought.
2022-02-21 10:35:22 +00:00
*Jean Boussier*
Fix setting `trailing_slash: true` in route definition Ref: https://github.com/rails/rails/pull/43287 Fix: https://github.com/rails/rails/issues/44373 The `OptimizedUrlHelper` wasn't considering this option.
2022-02-15 09:41:42 +00:00
* Fix setting `trailing_slash: true` in route definition.
```ruby
get '/test' => "test#index", as: :test, trailing_slash: true
test_path() # => "/test/"
```
*Jean Boussier*
Stringify keys in session.merge!
2022-01-26 14:47:35 +00:00
* Make `Session#merge!` stringify keys.
Wrap ActionController::TestCase with Rails executor Update actionpack/lib/action_controller/test_case.rb Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2021-11-10 17:58:18 +00:00
Stringify keys in session.merge!
2022-01-26 14:47:35 +00:00
Previously `Session#update` would, but `merge!` wouldn't.
*Drew Bragg*
Wrap ActionController::TestCase with Rails executor Update actionpack/lib/action_controller/test_case.rb Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2021-11-10 17:58:18 +00:00
Start Rails 7.1 development
2021-12-07 15:52:30 +00:00
Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actionpack/CHANGELOG.md) for previous changes.
Reference in New Issue Copy Permalink