This ensures that the protocol does not get carried over when there are two or more requests in functional tests. This was a problem when e.g. the first request was HTTP and the second request was HTTPS. Closes #2654. Signed-off-by: Andrew White <firstname.lastname@example.org> (cherry picked from commit 68a13ed)
XSS attacks. Thanks Sascha Depold for the report.
…ns that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint.
…zer - use config object instead. Cuts about 15% off the load time. (#734)
set a particular value for it. This allows servers to set it through X-Sendfile-Type, read https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more info. Anyways you can force this value in your production.rb
…h English to American English(according to Weber) Conflicts: actionpack/lib/action_controller/metal/request_forgery_protection.rb railties/lib/rails/engine.rb
This makes "sprockets/railtie" explicit. This means that sprockets will be loaded when you require "rails/all". If you are not using requiring "rails/all", you need to manually load it with all other framework railties. In order to be complete, this commit also adds --skip-sprockets to the rails generator.
…e no controller object It would raise undefined method controller_name for nil
Fixed while traveling to heuruko
…dom, and require 'securerandom' from the stdlib when active support is required.
… :exclude to make it consistent with controller filters
…nstead of `.column_names`
Normally the table for abstract class won't be existed, so we should not trying to call `#column_names` on it.