Skip to content
Browse files

Fix various typos, add note about X-Sendfile to AC guide

  • Loading branch information...
1 parent 74569f3 commit e1e0c126176cd7d3537c42df10e1ea6622a9ea14 @toretore toretore committed Nov 17, 2008
View
2 railties/doc/guides/source/actioncontroller_basics/cookies.txt
@@ -31,4 +31,4 @@ class CommentsController < ApplicationController
end
-----------------------------------------
-Note that while for session values, you set the key to `nil`, to delete a cookie value, you should use `cookies.delete(:key)`.
+Note that while for session values you set the key to `nil`, to delete a cookie value you should use `cookies.delete(:key)`.
View
4 railties/doc/guides/source/actioncontroller_basics/filters.txt
@@ -38,7 +38,7 @@ class ApplicationController < ActionController::Base
end
---------------------------------
-In this example, the filter is added to ApplicationController and thus all controllers in the application. This will make everything in the application require the user to be logged in in order to use it. For obvious reasons (the user wouldn't be able to log in in the first place!), not all controllers or actions should require this. You can prevent this filter from running before particular actions with `skip_before_filter` :
+In this example, the filter is added to ApplicationController and thus all controllers in the application. This will make everything in the application require the user to be logged in in order to use it. For obvious reasons (the user wouldn't be able to log in in the first place!), not all controllers or actions should require this. You can prevent this filter from running before particular actions with `skip_before_filter`:
[source, ruby]
---------------------------------
@@ -49,7 +49,7 @@ class LoginsController < Application
end
---------------------------------
-Now, the +LoginsController+'s "new" and "create" actions will work as before without requiring the user to be logged in. The `:only` option is used to only skip this filter for these actions, and there is also an `:except` option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.
+Now, the LoginsController's `new` and `create` actions will work as before without requiring the user to be logged in. The `:only` option is used to only skip this filter for these actions, and there is also an `:except` option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.
=== After Filters and Around Filters ===
View
4 railties/doc/guides/source/actioncontroller_basics/parameter_filtering.txt
@@ -1,6 +1,6 @@
== Parameter Filtering ==
-Rails keeps a log file for each environment (development, test and production) in the "log" folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The `filter_parameter_logging` method can be used to filter out sensitive information from the log. It works by replacing certain values in the `params` hash with "[FILTERED]" as they are written to the log. As an example, let's see how to filter all parameters with keys that include "password":
+Rails keeps a log file for each environment (development, test and production) in the `log` folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The `filter_parameter_logging` method can be used to filter out sensitive information from the log. It works by replacing certain values in the `params` hash with "[FILTERED]" as they are written to the log. As an example, let's see how to filter all parameters with keys that include "password":
[source, ruby]
-------------------------
@@ -11,4 +11,4 @@ class ApplicationController < ActionController::Base
end
-------------------------
-The method works recursively through all levels of the params hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in return and replaces those for which the block returns true.
+The method works recursively through all levels of the params hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in turn and replaces those for which the block returns true.
View
6 railties/doc/guides/source/actioncontroller_basics/request_response_objects.txt
@@ -7,13 +7,13 @@ In every controller there are two accessor methods pointing to the request and t
The request object contains a lot of useful information about the request coming in from the client. To get a full list of the available methods, refer to the link:http://api.rubyonrails.org/classes/ActionController/AbstractRequest.html[API documentation]. Among the properties that you can access on this object are:
* host - The hostname used for this request.
- * domain - The hostname without the first segment (usually "www").
+ * domain(n=2) - The hostname's first `n` segments, starting from the right (the TLD)
* format - The content type requested by the client.
* method - The HTTP method used for the request.
- * get?, post?, put?, delete?, head? - Returns true if the HTTP method is get/post/put/delete/head.
+ * get?, post?, put?, delete?, head? - Returns true if the HTTP method is GET/POST/PUT/DELETE/HEAD.
* headers - Returns a hash containing the headers associated with the request.
* port - The port number (integer) used for the request.
- * protocol - The protocol used for the request.
+ * protocol - Returns a string containing the prototol used plus "://", for example "http://"
* query_string - The query string part of the URL - everything after "?".
* remote_ip - The IP address of the client.
* url - The entire URL used for the request.
View
2 railties/doc/guides/source/actioncontroller_basics/streaming.txt
@@ -52,7 +52,7 @@ This will read and stream the file 4Kb at the time, avoiding loading the entire
WARNING: Be careful when using (or just don't use) "outside" data (params, cookies, etc) to locate the file on disk, as this is a security risk that might allow someone to gain access to files they are not meant to see.
-TIP: It is not recommended that you stream static files through Rails if you can instead keep them in a public folder on your web server. It is much more efficient to let the user download the file directly using Apache or another web server, keeping the request from unnecessarily going through the whole Rails stack.
+TIP: It is not recommended that you stream static files through Rails if you can instead keep them in a public folder on your web server. It is much more efficient to let the user download the file directly using Apache or another web server, keeping the request from unnecessarily going through the whole Rails stack. Although if you do need the request to go through Rails for some reason, you can set the `:x_sendfile` option to true, and Rails will let the web server handle sending the file to the user, freeing up the Rails process to do other things. Note that your web server needs to support the `X-Sendfile` header for this to work, and you still have to be careful not to use user input in a way that lets someone retrieve arbitrary files.
=== RESTful Downloads ===
View
2 railties/doc/guides/source/actioncontroller_basics/verification.txt
@@ -25,7 +25,7 @@ class LoginsController < ApplicationController
end
---------------------------------------
-Now the `create` action won't run unless the "username" and "password" parameters are present, and if they're not, an error message will be added to the flash and the "new" action will be rendered. But there's something rather important missing from the verification above: It will be used for *every* action in LoginsController, which is not what we want. You can limit which actions it will be used for with the `:only` and `:except` options just like a filter:
+Now the `create` action won't run unless the "username" and "password" parameters are present, and if they're not, an error message will be added to the flash and the `new` action will be rendered. But there's something rather important missing from the verification above: It will be used for *every* action in LoginsController, which is not what we want. You can limit which actions it will be used for with the `:only` and `:except` options just like a filter:
[source, ruby]
---------------------------------------

0 comments on commit e1e0c12

Please sign in to comment.
Something went wrong with that request. Please try again.