Fixes MIME parsing raising errors on valid parameters #51594. Mime type lookups were updated to handle custom registered types as part of #48397. This fix the strips out custom media range parameters before falling back to the default type creation.
4.4 KiB
-
Fix
Mime::Type.parse
handling type parameters for HTTP Accept headers.Taylor Chaparro
-
Fix the error page that is displayed when a view template is missing to account for nested controller paths in the suggested correct location for the missing template.
Joshua Young
-
Add
save_and_open_page
helper to IntegrationTestsave_and_open_page
is a helpful helper to keep a short feedback loop when working on system tests. A similar helper with matching signature has been added to integration tests.Joé Dupuis
-
Fix a regression in 7.1.3 passing a
to:
option without a controller when the controller is already defined by a scope.Rails.application.routes.draw do controller :home do get "recent", to: "recent_posts" end end
Étienne Barrié
-
Request Forgery takes relative paths into account.
Stefan Wienert
-
Add ".test" as a default allowed host in development to ensure smooth golden-path setup with puma.dev.
DHH
-
Add
allow_browser
to set minimum browser versions for the application.A browser that's blocked will by default be served the file in
public/406-unsupported-browser.html
with a HTTP status code of "406 Not Acceptable".class ApplicationController < ActionController::Base # Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has allow_browser versions: :modern end class ApplicationController < ActionController::Base # All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+. allow_browser versions: { safari: 16.4, firefox: 121, ie: false } end class MessagesController < ApplicationController # In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action. allow_browser versions: { opera: 104, chrome: 119 }, only: :show end
DHH
-
Add rate limiting API.
class SessionsController < ApplicationController rate_limit to: 10, within: 3.minutes, only: :create end class SignupsController < ApplicationController rate_limit to: 1000, within: 10.seconds, by: -> { request.domain }, with: -> { redirect_to busy_controller_url, alert: "Too many signups!" }, only: :new end
DHH, Jean Boussier
-
Add
image/svg+xml
to the compressible content types of ActionDispatch::StaticGeorg Ledermann
-
Add instrumentation for ActionController::Live#send_stream
Allows subscribing to
send_stream
events. The event payload contains the filename, disposition, and type.Hannah Ramadan
-
Add support for
with_routing
test helper inActionDispatch::IntegrationTest
Gannon McGibbon
-
Remove deprecated support to set
Rails.application.config.action_dispatch.show_exceptions
totrue
andfalse
.Rafael Mendonça França
-
Remove deprecated
speaker
,vibrate
, andvr
permissions policy directives.Rafael Mendonça França
-
Remove deprecated
Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type
.Rafael Mendonça França
-
Deprecate
Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality
.Rafael Mendonça França
-
Remove deprecated comparison between
ActionController::Parameters
andHash
.Rafael Mendonça França
-
Remove deprecated constant
AbstractController::Helpers::MissingHelperError
.Rafael Mendonça França
-
Fix a race condition that could cause a
Text file busy - chromedriver
error with parallel system testsMatt Brictson
-
Add
racc
as a dependency since it will become a bundled gem in Ruby 3.4.0Hartley McGuire
-
Remove deprecated constant
ActionDispatch::IllegalStateError
.Rafael Mendonça França
-
Add parameter filter capability for redirect locations.
It uses the
config.filter_parameters
to match what needs to be filtered. The result would be like this:Redirected to http://secret.foo.bar?username=roque&password=[FILTERED]
Fixes #14055.
Roque Pinel, Trevor Turk, tonytonyjan
Please check 7-1-stable for previous changes.