* before
```
people = Person.where(group: 'expert')
people.update(group: 'masters')
Note: Updating a large number of records will run a
UPDATE query for each record, which may cause a performance
issue. So if it is not needed to run callbacks for each update, it is
preferred to use <tt>update_all</tt> for updating all records using
a single query.
```
* after
```
people = Person.where(group: 'expert')
people.update(group: 'masters')
```
Note: Updating a large number of records will run an
UPDATE query for each record, which may cause a performance
issue. So if it is not needed to run callbacks for each update, it is
preferred to use <tt>update_all</tt> for updating all records using
a single query.
* Introduce `ActionDispatch::Http::Headers#add` to add a value to
a multivalued header.
* Move `Response#add_header` upstream: https://github.com/rack/rack/pull/957
* Match upstream `Response#have_header?` -> `#has_header?` name change.
This reverts commit 37423e4ff883ad5584bab983aceb4b2b759a1fd8.
Jeremy is right that we shouldn't remove this. The fact is that many
engines are depending on this middleware to be in the default stack.
This ties our hands and forces us to keep the middleware in the stack so
that engines will work. To be extremely clear, I think this is another
smell of "the rack stack" that we have in place. When manipulating
middleware, we should have meaningful names for places in the req / res
lifecycle **not** have engines depend on a particular constant be in a
particular place in the stack. This is a weakness of the API that we
have to figure out a way to address before removing the constant.
As far as timing attacks are concerned, we can reduce the granularity
such that it isn't useful information for hackers, but is still useful
for developers.
By [this commit](0b476de445)
`Journey::Route#verb` need not to return verb as regexp.
The returned value is used by inspector, so change it to be a string.
Add inspect_with_multiple_verbs test case to keep the behavior of
inspector correctly.
The runtime header is a potential target for timing attacks since it
returns the amount of time spent on the server (eliminating network
speed). Total time is also not accurate for streaming responses.
The middleware can be added back via:
```ruby
config.middleware.ues ::Rack::Runtime
```
We can skip the allocation of a full `AttributeSet` by changing the
semantics of how we structure things. Instead of comparing two separate
`AttributeSet` objects, and `Attribute` is now a singly linked list of
every change that has happened to it. Since the attribute objects are
immutable, to apply the changes we simply need to copy the head of the
list.
It's worth noting that this causes one subtle change in the behavior of
AR. When a record is saved successfully, the `before_type_cast` version
of everything will be what was sent to the database. I honestly think
these semantics make more sense, as we could have just as easily had the
DB do `RETURNING *` and updated the record with those if we had things
like timestamps implemented at the DB layer.
This brings our performance closer to 4.2, but we're still not quite
there.
This explanation was change by https://github.com/rails/rails/commit/7a27de2b.
This change reversed the including module (`ActiveModel::Serializers::JSON`)
and the included module (`ActiveModel::Serialization`) by mistake.
* first test is for `default_charset` i.e `ActionDispatch::Response.default_charset = “utf-8”`
* In below test we are passing `ActionDispatch::Response.default_charset = 'utf-16’` so name of the test is irrelevant — “read content type without charset”
