Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: master
Commits on Oct 6, 2015
  1. @tenderlove

    use methods for accessing the cache control headers

    tenderlove authored
    Use the methods rack provides so we don't have to worry about the exact
    header key.
  2. @tenderlove

    etag header is in Rack, so use it's response methods

    tenderlove authored
    Rack implements the Etag header manipulation methods, so we can use
    those instead of ours.
  3. @tenderlove
Commits on Oct 5, 2015
  1. @tenderlove

    move file sending to the response object

    tenderlove authored
    Just a slight refactor that delegates file sending to the response
    object.  This gives us the advantage that if a webserver (in the future)
    provides a response object that knows how to do accelerated file
    serving, it can implement this method.
Commits on Oct 3, 2015
  1. @tenderlove

    Revert "removing Rack::Runtime from the default stack."

    tenderlove authored
    This reverts commit 37423e4.
    Jeremy is right that we shouldn't remove this.  The fact is that many
    engines are depending on this middleware to be in the default stack.
    This ties our hands and forces us to keep the middleware in the stack so
    that engines will work.  To be extremely clear, I think this is another
    smell of "the rack stack" that we have in place.  When manipulating
    middleware, we should have meaningful names for places in the req / res
    lifecycle **not** have engines depend on a particular constant be in a
    particular place in the stack.  This is a weakness of the API that we
    have to figure out a way to address before removing the constant.
    As far as timing attacks are concerned, we can reduce the granularity
    such that it isn't useful information for hackers, but is still useful
    for developers.
Commits on Oct 2, 2015
  1. @tenderlove

    removing Rack::Runtime from the default stack.

    tenderlove authored
    The runtime header is a potential target for timing attacks since it
    returns the amount of time spent on the server (eliminating network
    speed).  Total time is also not accurate for streaming responses.
    The middleware can be added back via:
    config.middleware.ues ::Rack::Runtime
Commits on Oct 1, 2015
  1. @tenderlove

    make sure exceptions are marshalable when returning test results

    tenderlove authored
    this should fix the error where isolation tests raise an exception and
    we just get a marshal error
Commits on Sep 30, 2015
  1. @tenderlove
  2. @tenderlove
Commits on Sep 29, 2015
  1. @tenderlove

    call `default_middleware_stack` before merging stacks

    tenderlove authored
    `default_middleware_stack` seems to kick off the `on_load` calls that
    may mutate the middleware stack.  We have to call that method before
    merging middleware stacks, otherwise the middleware stacks get mutated
    *after* the app middleware stack is built.
  2. @tenderlove

    Engines get different middleware than apps

    tenderlove authored
    We shouldn't merge the app middleware in to the config middleware for
Commits on Sep 28, 2015
  1. @tenderlove

    remove useless method

    tenderlove authored
    the caller of `handle_conditional_get!` checks the committed state of
    the response, so we don't need to in the subclass.
Commits on Sep 26, 2015
  1. @tenderlove
Commits on Sep 25, 2015
  1. @tenderlove

    pull the flash methods in to their own module

    tenderlove authored
    We only want to activate flash when the user has enabled it.  Api
    servers don't use flash, so add an empty implementation to the base
    Request object.
  2. @tenderlove
  3. @tenderlove

    commit the flash after the controller finishes being serviced

    tenderlove authored
    Committing the flash needs to happen in order for the session to be
    written correctly, so lets guarantee that it actually does happen.
  4. @tenderlove

    move flash committing to the request object.

    tenderlove authored
    I'm doing this so that we can commit the flash to the session object Out
    of Band of the flash middleware
Commits on Sep 24, 2015
  1. @tenderlove

    build the Set-Cookie header functionally

    tenderlove authored
    Use the Rack utility methods for functional header manipulation.  This
    helps to eliminate coupling on the header hash
  2. @tenderlove

    move the Header hash to the super class

    tenderlove authored
    I want to move the header hash to the super request object in order to
    consolidate behavior.  We should be switching out buffering strategies
    rather than header strategies since things like "mutating headers after
    send" is an error in both cases (buffering vs streaming).
  3. @tenderlove

    mutate headers before committing the response

    tenderlove authored
    We should not mutate headers after the response has been committed.
Commits on Sep 23, 2015
  1. @tenderlove

    call `get` instead of controller.process

    tenderlove authored
    we want the request to go through the test harness, not directly call
    the methods on the controller
  2. @tenderlove

    remove controller construction

    tenderlove authored
    also remove req / res references
  3. @tenderlove
  4. @tenderlove
  5. @tenderlove
  6. @tenderlove
  7. @tenderlove

    stop directly setting headers on the controller

    tenderlove authored
    again, since we are going through the test harness, all this is done
    for us.
  8. @tenderlove

    stop constructing a request object in this setter

    tenderlove authored
    Since we just go through the normal test harness that sets up a request
    for us, we don't need to do this anymore.
  9. @tenderlove

    test against controller responses

    tenderlove authored
    rather than calling methods on the controller.  We should test the
    values returned by the controller rather than assuming that the
    internals are implemented in a certain way.
  10. @tenderlove

    stop applying default headers in ActionDispatch::Response

    tenderlove authored
    I'm making this change so that I can construct response objects that
    *don't* have the default headers applied.  For example, I would like to
    construct a response object from the return value of a controller.
    If you need to construct a response object with the default headers,
    then please use the alternate constructor:
  11. @tenderlove

    don't access the response object before a request was made

    tenderlove authored
    It doesn't make sense to access the response object before a request is
    made (how was a response object created without making a request?)  This
    commit splits testing default headers and default header mutation tests
    and removes access to the pre-request response object.
  12. @tenderlove

    split cookie tests

    tenderlove authored
    these should really be multiple tests.
  13. @tenderlove

    don't mutate a response object after to_a

    tenderlove authored
    When the response object is `to_a`'d, that means it's been written to
    the socket.  It doesn't make sense to mutate the response object after
    it's been written (and this may raise an exception in the future).
  14. @tenderlove

    ask the request object for the session

    tenderlove authored
    The flash middleware shouldn't know how to look up the session object.
    Just ask the request for that information.
Commits on Sep 22, 2015
  1. @tenderlove

    don't deal with `nil` values

    tenderlove authored
    We can know whether or not there is a content type object, and just exit
    early.  There is no need to `try` so hard.
Something went wrong with that request. Please try again.