If the media attribute is omitted, the default for web browsers is "all", meaning that by default links apply to all media.
Before:
```ruby
> stylesheet_link_tag "style"
=> <link href="/assets/style.css" media="screen" rel="stylesheet" />
```
After:
```ruby
> stylesheet_link_tag "style"
=> <link href="/assets/style.css" rel="stylesheet" />
```
The current behavior is not going to change for existing applications.
For newly built applications, the media attribute is not going to be added by default. Which can be configured using the following:
```
Rails.application.config.action_view.stylesheet_media_default = false
```
This links the first mention of each method to its API documentation,
similar to a Wikipedia article. Some subsequent mentions are also
linked, when it suits the surrounding text.
In https://github.com/rails/rails/pull/37919, support
for rendering objects that respond_to render_in in
controllers was added. However, the implementation
did not support layouts.
This change updates the implementation from #37919
to more closely match the rest of the
ActionView::Template classes, enabling the use of layouts.
Co-authored-by: Felipe Sateler <fsateler@gmail.com>
Not having the comma changes the meaning of the word - from "any way" with no comma, to "but actually" with a comma. It is the latter meaning the guides are intending.
Convert examples to use `form_with` instead of `form_for` or `form_tag`,
which have been soft-deprecated. Also rename form variable in examples
from `f` to `form`, as exemplified by 8ff7ca5d11.
Most of this section was written from the time that render file: was the
default, before CVE-2016-0752.
This updates the guide to the Rails 6 `render file:` behaviour, moves it
to a more appropriate part of the file.
[ci skip]
Most of these examples no longer work. The ability to render an absolute
path was removed as part of CVE-2016-0752. In Rails 6 we changed `render
file:` to only take exact paths and always to render them as raw files.
Rendering a template with its extensions _is_ supported, but I don't
think should be recommended.
This also removes `render file:` from an example where it isn't
relevant.
[ci skip]
[ci skip] A regular expression was used to find a lot of missing Oxford
commas and add them. The regular expression was as follows.
", ([a-zA-Z0-9.\`:'\"]+ ){1,6}(or|and) "
- Remove mention about `ActionView::TemplateHandlers` since this
module was removed by c1304098cca8a9247a9ad1461a1a343354650843.
Change word `subclasses` to `nested classes`.
See c7408a0e40545558872efb4129fe4bf097c9ce2f
- Remove useless sentence "Beginning with Rails 2, the standard extensions
are `.erb` for ERB (HTML with embedded Ruby), and `.builder` for Builder (XML generator)."
While the code example was not unsafe, it
encourages the use of confusingly unsafe APIs
(specifically `html_safe`). We have a safe
alternative and we should encourage people to use
it under all circumstances.
* The example code on this page are similar to ones generated
by scaffold generator, but some points are different.
* Of course, it is no reason to be as same as scaffolding codes.
But this is the guide for beginners, I thought it's better
to be almost same as scaffolding codes.
The guide contains a typo in the "local_assigns" section, where
rendering a model named 'Article' via `render @articles` is shown to
render a partial called `_articles.html.erb`, when in fact the necessary
partial name is `_article.html.erb`
In the latest security releases render with a trailing slash no more call
render :file.
Also add a note about the security implications of using it with user
parameters.
Applications that use `redirect_to :back` can be forced to 500 by
clients that do not send the HTTP `Referer` (sic) header.
`redirect_back` requires the user to consider this possibility up front
and avoids this trivially-caused application error.
`redirect_to :back` is a somewhat common pattern in Rails apps, but it
is not completely safe. There are a number of circumstances where HTTP
referrer information is not available on the request. This happens often
with bot traffic and occasionally to user traffic depending on browser
security settings.
When there is no referrer available on the request, `redirect_to :back`
will raise `ActionController::RedirectBackError`, usually resulting in
an application error.
`redirect_back` takes a required `fallback_location` keyword argument
that specifies the redirect when the referrer information is not
available. This prevents 500 errors caused by
`ActionController::RedirectBackError`.
