- 22 9月, 2020 1 次提交
-
-
由 Adrianna Chang 提交于
* Add binary encoding logic into ActionDispatch::Request::Utils Moving the logic to set binary encoding into ActionDispatch::Request::Utils will allow us to encode from GET and POST in ActionDispatch::Request. * Refactor binary encoding logic - Move binary encoding calls into GET, POST and path_parameters - Remove binary encoding from ActionDispatch::Http::Request - This way, we only raise an invalid encoding exception if the controller is not requesting parameters in binary encoding * Check if encoding is valid in ActionDispatch::Request#POST and raise BadRequest if invalid * Fix multipart_params_test that has binary-encoded params containing invalid UTF-8 characters * Address PR comments * Pass action and controller to Request::Utils.set_binary_encoding [Rafael Mendonça França + Adrianna Chang]
-
- 06 9月, 2020 1 次提交
-
-
由 Petrik 提交于
Calling request in an action of a controller generates an endless stream of characters, including the Rack app and middlewares. This can be frustrating when using a debugger in a controller and accidentally calling `request` generates output for a couple of seconds. Inspect on ActionDispatch::Request is shortened to the most relevant attributes and uses the same format as used for request in the logs: "#<ActionDispatch::Request POST "https://example.com/path/of/some/uri?q=1" for 1.2.3.4>"
-
- 12 5月, 2020 1 次提交
-
-
由 George Claghorn 提交于
Depends on newer Rack API. This reverts commit fbf1d82e.
-
- 10 5月, 2020 1 次提交
-
-
由 Duncan Brown 提交于
Rack decided to tolerate proxies which choose to attach ports to X-Forwarded-For IPs by stripping the port: https://github.com/rack/rack/pull/1251. Attaching a port is rare in the wild but some proxies (notably Microsoft Azure's App Service) do it. Without this patch, remote_ip will ignore X-Forwarded-For IPs with ports attached and the return value is less likely to be useful. Rails should do the same thing. The stripping logic is already available in Rack::Request::Helpers, so change the X-Forwarded-For retrieval method from ActionDispatch::Request#x_forwarded_for (which returns the raw header) to #forwarded_for, which returns a stripped array of IP addresses, or nil. There may be other benefits hiding in Rack's implementation. We can't call ips_from with an array (and legislating for that inside ips_from doesn't appeal), so refactor out the bit we need to apply in both cases (verifying the IP is acceptable to IPAddr and that it's not a range) to a separate method called #sanitize_ips which reduces an array of maybe-ips to an array of acceptable ones.
-
- 10 2月, 2020 1 次提交
-
-
由 Kasper Timm Hansen 提交于
Rack updated the RFC they're adhering to when parsing cookies, now no longer including commas. There's still an open question as mentioned in: https://github.com/rails/rails/issues/38420 However, the resilience test is no longer as well needed as it once was and we can move forward separately. If not, this is easily revertible.
-
- 03 1月, 2020 1 次提交
-
-
由 Matthew Draper 提交于
Scenario: we have a REMOTE_ADDR of `127.0.0.1`, and X-Forwarded-For is `A, B, C`. Without any relevant trust, the `remote_ip` is `C`. If `C` is trusted, then the `remote_ip` is `B`. If `B` and `C` are trusted, then the `remote_ip` is `A`. If all of `A`, `B`, and `C` are trusted, then the `remote_ip` should still be `A`: if our trust was sufficient to get that far out before, trusting something else should not have us fall back to `127.0.0.1`. It is this last situation that we're correcting here: We trust `A` to give us accurate X-Forwarded-For information, yet it has chosen to leave it unset. Therefore, `A` is telling us that it is itself the client.
-
- 07 10月, 2019 1 次提交
-
-
由 norm 提交于
Updated the setter to clear the value in the `@remote_ip` instance variable before setting the header that the value is derived from in the getter.
-
- 27 7月, 2019 2 次提交
-
-
由 yuuji.yaginuma 提交于
-
由 Simone Carletti 提交于
Fix error 500 caused by ActionController::RoutingError (via fail-safe) when POST parameters are invalid (#29985) * Reproduce error caused by malformed parameters Error: RequestFormat#test_format_does_not_throw_exceptions_when_invalid_POST_parameters: ActionDispatch::Http::Parameters::ParseError: 765: unexpected token at '{record:{content:24.12.1.146}}' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:113:in `rescue in parse_formatted_parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:107:in `parse_formatted_parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:360:in `block in POST' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:359:in `POST' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:53:in `parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:62:in `block in formats' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:60:in `formats' /Users/weppos/Mirrors/rails/actionpack/test/dispatch/request_test.rb:891:in `block in <class:RequestFormat>' See GH-29983 * Capture parameter parsing error output and test it This change prevents the log to be displayed in the tests. Moreover, the assertion against the debug ensures that the test effectively triggers the parsing error as expected. * Use a generic value in the test * Switch to assert_match [Simone Carletti + Rafael Mendonça França]
-
- 06 6月, 2019 1 次提交
-
-
由 Abhay Nikam 提交于
-
- 02 4月, 2019 1 次提交
-
-
由 Sharang Dashputre 提交于
-
- 18 1月, 2019 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 08 10月, 2018 1 次提交
-
-
由 Yoshiyuki Kinjo 提交于
-
- 26 9月, 2018 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 23 8月, 2018 1 次提交
-
-
由 Peter Zhu 提交于
-
- 26 1月, 2018 2 次提交
-
-
由 Daniel Colson 提交于
-
由 Daniel Colson 提交于
-
- 30 12月, 2017 1 次提交
-
-
由 Yuki Nishijima 提交于
These assertions did matter due to the inconsistent behavior of [the #parameters method][1]. Today, it behaves consistently and they could be removed. Also, one of the methods was stubbed somewhat incorrectly, so it is better not to stub and instead, make them close to more realistic use cases. [1]: https://github.com/rails/rails/pull/13999#issuecomment-34601746
-
- 29 10月, 2017 1 次提交
-
-
由 Nick LaMuro 提交于
To be removed in Rails 6.0 (default for the deprecate helper). Code moved around as well for the ActiveSupport::Deprecation modules, since it was dependent on ActiveSupport::Inflector being loaded for it to work. By "lazy loading" the Inflector code from within the Deprecation code, we can require ActiveSupport::Deprecation from ActiveSupport::Inflector and not get a circular dependency issue.
-
- 24 10月, 2017 1 次提交
-
-
由 Nick LaMuro 提交于
The Problem ----------- The following line from `String#camelize`: string = string.sub(/^(?:#{inflections.acronym_regex}(?=\b|[A-Z_])|\w)/) { |match| match.downcase } and the following line from `String#camelize`: word.gsub!(/(?:(?<=([A-Za-z\d]))|\b)(#{inflections.acronym_regex})(?=\b|[^a-z])/) { "#{$1 && '_'.freeze }#{$2.downcase}" }#{$2.downcase}" } Both generate the same regexep in the first part of the `.sub`/`.gsub` method calls every time the function is called, creating an extra object allocation each time. The value of `acronym_regex` only changes if the user decides add an acronym to the current set of inflections and apends another string on the the regexp generated here, but beyond that it remains relatively static. This has been around since acronym support was introduced back in 2011 in PR#1648. Proposed Solution ----------------- To avoid re-generating these strings every time these methods are called, cache the values of these regular expressions in the `ActiveSupport::Inflector::Inflections` instance, making it so these regular expressions are only generated once, or when the acronym's are added to. Other notable changes is the attr_readers are nodoc'd, as they shouldn't really be public APIs for users. Also, the new method, define_acronym_regex_patterns, is the only method in charge of manipulating @acronym_regex, and initialize_dup also makes use of that new change. ** Note about fix for non-deterministic actionpack test ** With the introduction of `@acronym_underscore_regex` and `@acronym_camelize_regex`, tests that manipulated these for a short time, then reset them could caused test failures to happen. This happened because the previous way we reset the `@acronyms` and `@acronym_regex` was the set them using #instance_variable_set, which wouldn't run the #define_acronym_regex_patterns method. This has now been introduced into the actionpack tests to avoid this failure.
-
- 04 10月, 2017 1 次提交
-
-
由 eileencodes 提交于
When puma/puma#1403 is merged Puma will support the Early Hints status code for sending assets before a request has finished. While the Early Hints spec is still in draft, this PR prepares Rails to allowing this status code. If the proxy server supports Early Hints, it will send H2 pushes to the client. This PR adds a method for setting Early Hints Link headers via Rails, and also automatically sends Early Hints if supported from the `stylesheet_link_tag` and the `javascript_include_tag`. Once puma supports Early Hints the `--early-hints` argument can be passed to the server to enable this or set in the puma config with `early_hints(true)`. Note that for Early Hints to work in the browser the requirements are 1) a proxy that can handle H2, and 2) HTTPS. To start the server with Early Hints enabled pass `--early-hints` to `rails s`. This has been verified to work with h2o, Puma, and Rails with Chrome. The commit adds a new option to the rails server to enable early hints for Puma. Early Hints spec: https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04 [Eileen M. Uchitelle, Aaron Patterson]
-
- 29 7月, 2017 1 次提交
-
-
由 Kir Shatrov 提交于
-
- 18 7月, 2017 1 次提交
-
-
由 Arthur Neves 提交于
You should be able to safely use the String error message. So when finding the paramter has an invalid encoding we need to remove the invalid bytes before using it in the error. Otherwise the caller might get another Encoding error if they use the message.
-
- 02 7月, 2017 1 次提交
-
-
由 Matthew Draper 提交于
This reverts commit 3420a145, reversing changes made to afb66a5a.
-
- 01 7月, 2017 1 次提交
-
-
由 Kir Shatrov 提交于
-
- 07 5月, 2017 1 次提交
-
-
由 Ryuta Kamizono 提交于
-
- 14 2月, 2017 2 次提交
-
-
由 Leonel Galan 提交于
-
由 Leonel Galan 提交于
- Fixes issue described on #27944 - `filtered_query_string` used an Array representation of what semantically is a key value pair: better suited for a Hash. Without this change `filtered_params = original_params.class.new` returns an Array with unintended consequences.
-
- 14 1月, 2017 1 次提交
-
-
由 Lachlan Priest 提交于
existing_acrnoyms -> existing_acronyms
-
- 25 12月, 2016 1 次提交
-
-
由 Akira Matsuda 提交于
-
- 23 12月, 2016 1 次提交
-
-
由 Akira Matsuda 提交于
-
- 29 10月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 16 8月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
-
- 07 8月, 2016 3 次提交
-
-
由 Ryuta Kamizono 提交于
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
-
- 14 7月, 2016 1 次提交
-
-
由 Grey Baker 提交于
Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
-
- 13 5月, 2016 1 次提交
-
-
由 Tom Kadwill 提交于
-
- 12 5月, 2016 1 次提交
-
-
由 Tom Kadwill 提交于
-
- 01 4月, 2016 1 次提交
-
-
由 Jeremy Daer 提交于
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
-