Skip to content
Commits on Mar 29, 2011
  1. @tenderlove

    Revert "Improve testing of cookies in functional tests:"

    This reverts commit e2523ff.
    tenderlove committed Mar 29, 2011
Commits on Mar 6, 2011
  1. @pixeltrix

    Improve testing of cookies in functional tests:

    - cookies can be set using string or symbol keys
    - cookies are preserved across calls to get, post, etc.
    - cookie names and values are escaped
    - cookies can be cleared using @request.cookies.clear
    
    [#6272 state:resolved]
    pixeltrix committed Mar 6, 2011
Commits on Mar 2, 2011
  1. @chuyeow @spastorino

    Fix Action caching bug where an action that has a non-cacheable respo…

    …nse always renders a nil response body. It now correctly renders the response body.
    
    Note that only GET and HTTP 200 responses can be cached.
    
    [#6480 state:committed]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    chuyeow committed with spastorino Feb 27, 2011
Commits on Feb 22, 2011
  1. @NZKoz

    Prepend the CSRF filter to make it much more difficult to execute app…

    …lication code before it fires.
    NZKoz committed Feb 23, 2011
Commits on Jan 31, 2011
  1. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
    
     X-CSRF-Token: ...
    
    This fixes CVE-2011-0447
    NZKoz committed Jan 5, 2011
  2. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim committed with NZKoz Nov 28, 2010
Commits on Dec 9, 2010
  1. @josevalim

    Ensure that while caching a page rails takes into

    account the resolved mime type for the request
    
    This is a port of fix on master to 3-0-stable
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    Neeraj Singh committed with josevalim Dec 9, 2010
Commits on Dec 8, 2010
  1. @fxn
  2. @fxn

    Add to documentation that action caching does

    handle HTTP_ACCEPT attribute properly and might
    provide wrong result. Use params[:format] to
    avoid this issue.
    Neeraj Singh committed with fxn Dec 6, 2010
Commits on Nov 27, 2010
  1. @radar @fxn

    Add explicit statement that verify_authenticity_token can be turned o…

    …ff for actions.
    radar committed with fxn Nov 27, 2010
Commits on Nov 24, 2010
  1. @josevalim

    If a user wants json output then try best to render json output. In s…

    …uch cases prefer kind_of(String) over respond_to?(to_str)
    
    [#5841 state:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    Neeraj Singh committed with josevalim Nov 15, 2010
Commits on Nov 7, 2010
  1. @chriseppstein @spastorino

    Correctly handle the case of an API response that returns a hash by t…

    …reating a single hash argument as the resource instead of as options.
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    chriseppstein committed with spastorino Nov 5, 2010
Commits on Oct 18, 2010
  1. @pixeltrix
Commits on Oct 11, 2010
  1. @szimek @josevalim

    Return a valid empty JSON on successful PUT and DELETE requests. [#5199

    … state:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    szimek committed with josevalim Oct 11, 2010
Commits on Oct 10, 2010
  1. @wycats
Commits on Sep 27, 2010
  1. @dcrec1 @josevalim

    renderer calls object.to_json when rendering :json => object [#5655 s…

    …tate:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    dcrec1 committed with josevalim Sep 18, 2010
Commits on Sep 24, 2010
  1. @miloops @spastorino

    Refactor decode_credentials to avoid inject and use map instead.

    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    miloops committed with spastorino Sep 22, 2010
  2. @miloops @spastorino

    Refactor methods in html node to avoid injects.

    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    miloops committed with spastorino Sep 22, 2010
Commits on Sep 12, 2010
  1. @mikel

    Backport of: added block arguments to ActionController::Metal#use

    Commit: f0dbcc7a692bc375e3e52a9661af4037392ee52f
    Useful for cases such as warden, where a block configuration is taken.
    
        class SomeController < ApplicationController
          use RailsWarden::Manager do |manager|
            manager.default_strategies :facebook_oauth
            manager.failure_app = SomeController.action(:authorize)
          end
        end
    mikel committed Sep 12, 2010
Commits on Sep 9, 2010
  1. @mikel
Commits on Sep 1, 2010
  1. @thiagopradi @josevalim

    Use join instead of looping and calling to_s [#5492 state:resolved]

    Signed-off-by: José Valim <jose.valim@gmail.com>
    thiagopradi committed with josevalim Aug 29, 2010
Commits on Aug 26, 2010
  1. @josevalim
Commits on Aug 25, 2010
  1. @tilsammans @fxn

    Restored top-level documentation for ActionController::Base.

    This information was lost in commit bd6b61b.
    This might have been intentional, but this class does represent the starting
    point for all things related to actions, and as such should document it.
    
    I couldn't find any trace of this documentation, which seems like a waste.
    Updated parts here and there to conform to current best practices.
    tilsammans committed with fxn Aug 25, 2010
Commits on Aug 24, 2010
  1. @pixeltrix @josevalim

    Reset symbolized path parameters when a test request is recycled [#5437

    … state:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    pixeltrix committed with josevalim Aug 24, 2010
Commits on Aug 19, 2010
  1. @josevalim
Commits on Aug 14, 2010
  1. @spastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    …ec sed 's/[ \t]*$//' -i {} \;)
    spastorino committed Aug 14, 2010
Commits on Aug 4, 2010
  1. @wycats

    Add a fake UrlRewriter, since instantiating it in tests happens, but …

    …is basically crazysauce
    wycats committed Aug 4, 2010
Commits on Aug 3, 2010
  1. @wycats
  2. @wycats
  3. @wycats
  4. @wycats

    Even though exempt_from_layout is no longer needed, some people are s…

    …till using it. Deprecate it instead of removing.
    wycats committed Aug 3, 2010
Commits on Jul 30, 2010
  1. @rohit
Commits on Jul 26, 2010
  1. @wincent

    doc: cleanup respond_to documentation

    Signed-off-by: Wincent Colaiuta <win@wincent.com>
    wincent committed Jul 26, 2010
Commits on Jul 25, 2010
  1. @spastorino @josevalim

    Change returning with tap

    Signed-off-by: José Valim <jose.valim@gmail.com>
    spastorino committed with josevalim Jul 25, 2010
Commits on Jul 23, 2010
  1. @josevalim

    Clean up AM and AC railties.

    josevalim committed Jul 24, 2010
Something went wrong with that request. Please try again.