We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.
In a forthcoming commit I am going to add a test that covers why we need
to cache by value.
Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.
I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.
This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
We are going to deprecate only on Rails 5 to make easier plugin
maintainers support different Rails versions. Right now we are only
discouraging their usage.
This reverts commit 6c5f43bab8206747a8591435b2aa0ff7051ad3de.
Conflicts:
actionpack/CHANGELOG.md
* master:
Update url to rake docs [ci skip]
Name#model_name doesn't return a String object
Result sets never override a model's column type
[ci skip] Make last note show up in postgresql guide.
Add missing `:param` option from the docs for Mapper#match [ci skip] Option discovered by @zackperdue in #14741, implemented in #5581.
Add @senny's changed from #14741, including code font for `resources` options, and wrapped to 80 chars. [ci skip]
Use github url for homepage of log4r [ci skip]
Remove TODO.
Ensure we always use instances of the adapter specific column class
Fix indentation from 1b4b26f [ci skip]
[ci skip] Improve form_helpers.md guide.
Clear inflections after test.
Remove unnecessary include for integration tests.
Added documentation for the :param option for resourceful routing
* constraints:
rm reset_parameters because we automatically do it from 9ca4839a
move path_parameter encoding check to the request object
dispatcher doesn't need `call` anymore
call `serve` with the request on dispatchers
constraints class does not need the request class anymore
give all endpoints a superclass
skip the build business if the stack is empty
stop hardcoding path_parameters and get it from the request
we do not need to cache rack_app
a redirect is not a dispatcher by definition, so eliminate test
push is_a check up to where the Constraints object is allocated
pass the request object to the application
pass a request to `matches?` so we can avoid creating excess requests
nothing is passed to `rack_app` anymore, so rm the params
one fewer is_a check
Constraints#app should never return another Constraints object, so switch to if statement
eliminate dispatcher is_a checks
push is_a?(Dispatcher) check in to one place
Always construct route objects with Constraint objects
Conflicts:
actionpack/lib/action_controller/metal.rb
Unlike the outer `rescue`, this one is much more precise about what we
want to handle: a connection failure (`Dalli::RingError`) is not
relevant to what we're testing here. But other Dalli errors may well be
indicating an actual problem.
this also changes the constructor. We don't need to pass more options
than "defaults" (whatever defaults are, ugh. probably another hash of
stupid stuff).
URL generation with trailing_slash: true was adding a trailing slash
after .:format
Routes.draw do
resources :bars
end
bars_url(trailing_slash: true, format: 'json')
# => /bars.json/
This commit removes that extra trailing slash
This reverts commit 5c224de9e110763ec7a0f01f5b604bcf81f40bfb.
Conflicts:
actionpack/lib/action_dispatch/journey/visitors.rb
5c224de9e110763ec7a0f01f5b604bcf81f40bfb introduced a bug in the
formatter. This commit includes a regression test.
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
`assert_redirected_to` would fail if there is no controller set on
a `ActionDispatch::IntegrationTest`, as _compute_redirect_to_location
would be called on the controller to build the url.
This regression was introduced after 1dacfbabf3bb1e0a9057dd2a016b1804e7fa38c0.
[fixes#14691]
Previously if you were looking for a given key, the header may incorrectly tell you that it did not exist even though it would return a valid value:
```ruby
env = { "CONTENT_TYPE" => "text/plain" }
headers = ActionDispatch::Http::Headers.new(env)
headers["Content-Type"]
# => "text/plain"
headers.key?("Content-Type")
# => false
```
This PR fixes that behavior by converting the key before checking for presence
assert_routing was not raising the message passed into the assertion
violation that it raised. This change propagates messages through
the on_fail error.
This fixes this error:
https://github.com/rails/rails/issues/14908
A test case for this issue is located here.
https://github.com/estsauver/test14908
To see that test case fail in the example app, just run
ruby -Itest test/controllers/guests_controller_test.rb
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes#14774.
*Godfrey Chan*
1. Escape '%' characters in URLs - only unescaped data
should be passed to URL helpers
2. Add an `escape_segment` helper to `Router::Utils`
that escapes '/' characters
3. Use `escape_segment` rather than `escape_fragment`
in optimized URL generation
4. Use `escape_segment` rather than `escape_path`
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard
segments (e.g. *foo) then we use `escape_path` as the value may contain '/'
characters. This means that wildcard routes can't be optimized. Secondly,
if a `:controller` segment is used in the path then this uses `escape_path`
as the controller may be namespaced.
Fixes#14629, #14636 and #14070.
Makes it clear that anything passed with the helper must not be percent encoded.
Fixes previous behavior which tricks people into believing passing
non-percent-encoded will generate a proper percent-encoded path while in
reality it doesn't ('%' isn't escaped).
The intention is nice but the heuristic is broken.
In some cases users may need to work with/manipulate more of the
Tempfile api than provided by Upload. Allow users to get at the
underlying io via the common to_io method of IO/IO-like objects
When requesting a controller with the following code with a unknown format:
def my_action
respond_to do |format|
format.json { head :ok }
format.any { render text: 'Default response' }
end
end
we should render the default response instead of raising ActionController::UnknownFormat
Fixes#14462
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/controller/mime/respond_with_test.rb
Conflicts:
actionpack/CHANGELOG.md
Adding flash types to a controller within any of the tests will result
in a global state change of the controller under test.
This patch will prevent state leaks and allow us to run the test in random order.
The method `shallow?` returns false if the parent resource is a singleton so
we need to check if we're not inside a nested scope before copying the :path
and :as options to their shallow equivalents.
Fixes#14388.
avoid freezing the headers until the web server has actually read data
from the body proxy. Once the webserver has read data, then we should
throw an error if someone tries to set a header
when streaming responses, we need to make sure the cookie jar is written
to the headers before returning up the stack. This commit introduces a
new method on the response object that writes the cookie jar to the
headers as the response is committed. The middleware and test framework
will not write the cookie headers if the response has already been
committed.
fixes#14352
Related to: #14242#14243 14293
Variants passed to LookupContext#find() seem to be ignored, so
I've used the setter instead: `finder.variants = [ variant ]`.
I've also added some more test cases for variants. Hopefully this
time passing tests will mean it actually works.
If the options :shallow_prefix and :shallow_path are not set in the
scope options then copy them from the normal :as and :path options
if they are set.
If a developer has specified either :path or :as in the options hash then
these should be used as the defaults for :shallow_path and :shallow_prefix.
Fixes#14241.
By tracking the depth of resource nesting we can push the need for nested
shallow scoping to only those routes that are nested more than one deep.
This allows us to keep the fix for #12498 and fix the regression in #14224.
Fixes#14224.
`render :body` should just not set the `Content-Type` header. By
removing the header, it breaks the compatibility with other parts.
After this commit, `render :body` will returns `text/html` content type,
sets by default from `ActionDispatch::Response`, and it will preserve
the overridden content type if you override it.
Fixes#14197, #14238
This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
Take variants into account when calculating template digests in
ActionView::Digest.
Digestor#digest now takes a hash as an argument to support variants and
allow more flexibility in the future. Old-style arguments have been
deprecated.
Fixes#14242
when an exception happens in an action before the response has been
committed, then we should re-raise the exception in the main thread.
This lets us reuse the existing exception handling.
detect the type of controller we're testing and return the right type of
response based on that controller. This allows us to stop doing the
weird sleep thing.
Commit 4f2cd3e9 introduced a bug by reordering the call to
`@controller.recycle!` above the call to `build_request_uri`. The
impact of this was that the `@_url_options` cache ends up not being
reset between building a request URI (occurring within the test
controller) and the firing of the actual request.
We encountered this bug because we had the following setup:
class MinimumReproducibleController < ActionController::Base
before_filter { @param = 'param' }
def index
render text: url_for(params)
end
def default_url_options
{ custom_opt: @param }
end
end
def test_index
get :index # builds url, then fires actual request
end
The first step in `get :index` in the test suite would populate the
@_url_options cache. The subsequent call to `url_for` inside of the
controller action would then utilize the uncleared cache, thus never
calling the now-updated default_url_options.
This commit fixes this bug calling recycle! twice, and removes a call
to set response_body, which should no longer be needed since we're
recycling the request object explicitly.
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)
Allow setting `request.variant` as an array - an order in which they will be
rendered.
For example:
request.variant = [:tablet, :phone]
respond_to do |format|
format.html.none
format.html.phone # this gets rendered
end
If we set :shallow_path when shallow is called it can result in incorrect
paths if the resource is inside a namespace because namespace itself sets
the :shallow_path option to the namespace path.
We fix this by removing the :shallow_path option from shallow as that should
only be turning shallow routes on and not otherwise affecting the scope.
To do this we need to treat the :shallow option to resources differently to
other scope options and move it to before the nested block is called.
This change also has the positive side effect of making the behavior of the
:shallow option consistent with the shallow method.
Fixes#12498.
Returning `self` from within the array returned by `to_ary`
caused this. Instead, we can just substitute another object.
It provides the `each` behavior required by the rack spec.
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
The request attributes filtered_parameters, filtered_env and filtered_path
are memoized for performance reasons. However this can cause unusual
behavior in tests where there are multiple calls to get, post, etc.
Fixes#13803.
The revert is needed because of a regression described in #13369, routes
with trailing slash are no longer recognized properly.
This reverts commit 50311f1391ddd8e0349d74eb57f04b7e0045a27d.
