Skip to content
Commits on May 6, 2016
  1. @tenderlove

    Merge pull request #1056 from maclover7/request-helpers

    tenderlove committed May 5, 2016
    Move Rack::Request convienence methods to Helpers
Commits on May 5, 2016
  1. @tenderlove

    use sha256 for ETag generation

    tenderlove committed May 5, 2016
    Make ETags great again. Switch for more secure etag generation.
Commits on May 4, 2016
  1. @maclover7
  2. @tenderlove

    Merge pull request #1065 from jkowens/fix-null-byte

    tenderlove committed May 4, 2016
    Return 400 if Rack::File or Rack::Directory path contains null byte
  3. @tenderlove

    Merge pull request #1066 from jkowens/head-aware

    tenderlove committed May 4, 2016
    Omit response body for HEAD requests to Rack::Directory
  4. @tenderlove

    Merge pull request #1069 from sgrif/sg-deprecate-params-accessors

    tenderlove committed May 4, 2016
    Move `Request#[]` and `Request#[]=` to `Helpers` and deprecate them
  5. @tenderlove

    Merge pull request #1068 from gearnode/bump-ruby-version-for-ci

    tenderlove committed May 4, 2016
    Use last version of MRI Ruby with CI (travis)
  6. @sgrif
  7. @gearnode
Commits on May 3, 2016
  1. @jkowens
  2. @jkowens

    Return 400 status if request for static file includes null byte

    jkowens committed Dec 1, 2015
    File paths cannot contain null byte characters and methods that do path
    operations such as Rack::Utils#clean_path_info will raise unwanted
    errors.
Commits on Apr 30, 2016
  1. @jeremy

    Tests: check exitstatus outside the conditional as a workaround

    Thomas Grindinger committed with jeremy Apr 28, 2016
    `$?` may be `nil` here, some quirk on 2.4.0-dev. Split it up to fix.
    
    Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
Commits on Apr 28, 2016
  1. @jeremy

    HEAD requests to Rack::File now omit the response body.

    Thomas Grindinger committed with jeremy Apr 23, 2016
    Fixes #945.
    
    Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
Commits on Apr 25, 2016
  1. @jeremy
Commits on Apr 24, 2016
  1. @jeremy

    Merge pull request #1063 from tgrindinger/fix-webrick-tests

    jeremy committed Apr 24, 2016
    improve fragile webrick test
    
    Awkward busy-wait loop, but sufficient to build on.
  2. improve fragile webrick test

    Thomas Grindinger committed Apr 24, 2016
Commits on Apr 18, 2016
  1. @jeremy

    Merge pull request #976 from prathamesh-sonpatki/fix-lighttpd-tests

    jeremy committed Apr 18, 2016
     Run lighttpd tests if it's present on the system
  2. @jeremy

    CI: bump up to modern Travis setup

    jeremy committed Apr 17, 2016
    * Lean on the default bundle install step.
    * Drop sudo. Switch to services+addons.
    * Cache our bundle and apt packages.
    
    Closes #1053
  3. @bobjflong @jeremy

    Validate the SameSite cookie option

    bobjflong committed with jeremy Apr 16, 2016
    The draft spec for the SameSite option mentions two configuration
    options: Strict & Lax. This commit introduces validation of the
    associated same_site attribute.
    
    The main motivation for validating this value is ensuring that awry
    option values don't cause unexpected behaviour. As this is a sensitive
    security option, I think validation is warranted.
    
    The main drawback of validating the option value is that Rack won't
    immediately support new options.
    
    Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
  4. @jeremy
Commits on Apr 12, 2016
  1. @spastorino

    Merge pull request #1042 from gioele/cmp-host-server-once

    spastorino committed Apr 11, 2016
    Compare host and server name only once per call
  2. @spastorino

    Merge pull request #1045 from shhavel/feature/use_string_interpolatio…

    spastorino committed Apr 11, 2016
    …n_instead_plus
    
    Use String interpolation or << instead plus which are faster
Commits on Apr 7, 2016
  1. @jeremy

    Merge pull request #1046 from shhavel/feature/micro_refactor_string_s…

    jeremy committed Apr 7, 2016
    …can_in_rack_auth_digest_params_split_header_value
    
    Micro refactor string scan in Rack::Auth::Digest::Params.split_header_value
  2. @shhavel
  3. @shhavel
Commits on Apr 5, 2016
  1. @gioele

    Compare host and server name only once per call

    gioele committed Apr 5, 2016
    The host name and the server name are not changed inside `#call(env)`,
    so there is no need to compare them every time a mapping is tested.
Commits on Mar 17, 2016
  1. @tenderlove

    Merge pull request #1033 from mastahyeti/same-site-cookies

    tenderlove committed Mar 17, 2016
    Update first-party-only cookie syntax
Commits on Mar 15, 2016
  1. @mastahyeti

    first-party cookies are now same-site cookies

    mastahyeti committed Mar 15, 2016
    remove use of `:first_party` option
    
    pass along provided value
    
    make the syntax more flexible
    
    s/strict/Strict/
Commits on Mar 13, 2016
  1. @raggi

    Merge pull request #1027 from rack/default-server

    raggi committed Mar 12, 2016
    Puma should be the default webserver for rackup
Commits on Mar 11, 2016
  1. @matthewd

    Merge pull request #1029 from rthbound/fixes-951-fixes-1015

    matthewd committed Mar 12, 2016
    Fixes 951 fixes 1015
Commits on Mar 8, 2016
  1. @rthbound

    Fixes #1015

    rthbound committed Mar 4, 2016
      - Handles the edge case
      - Adds a test for #1015
Commits on Mar 5, 2016
  1. @conzett @rthbound

    Add more failing specs for ararys

    conzett committed with rthbound Feb 12, 2016
  2. @conzett @rthbound

    Fix normalize_params parsing arrays of hashes

    conzett committed with rthbound Oct 19, 2015
    Account for child_key being a key representing a nested hash
    Closes rack/rack#951
  3. @eins78 @rthbound

    add failing test for rack/rack#951

    eins78 committed with rthbound Sep 21, 2015
Commits on Mar 3, 2016
  1. @raggi

    Merge pull request #1026 from geemus/secure-auth-examples

    raggi committed Mar 2, 2016
    use secure_compare in auth examples
Something went wrong with that request. Please try again.