XSS attacks. Thanks Sascha Depold for the report.
…ns that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint.
…zer - use config object instead. Cuts about 15% off the load time. (#734)
set a particular value for it. This allows servers to set it through X-Sendfile-Type, read https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more info. Anyways you can force this value in your production.rb
…h English to American English(according to Weber) Conflicts: actionpack/lib/action_controller/metal/request_forgery_protection.rb railties/lib/rails/engine.rb
Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue so that status codes rendered from rescue_from blocks are logged properly.
This is because only template rendering works with streaming. Setting it at the class level was also changing the behavior of JSON and XML responses, closes #1337.
This makes "sprockets/railtie" explicit. This means that sprockets will be loaded when you require "rails/all". If you are not using requiring "rails/all", you need to manually load it with all other framework railties. In order to be complete, this commit also adds --skip-sprockets to the rails generator.
…e no controller object It would raise undefined method controller_name for nil
Fixed while traveling to heuruko
…dom, and require 'securerandom' from the stdlib when active support is required.
… :exclude to make it consistent with controller filters
…nstead of `.column_names`
Normally the table for abstract class won't be existed, so we should not trying to call `#column_names` on it.
Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt
…y raising NameError, closes #477.