- 29 9月, 2015 2 次提交
-
-
由 Rafael Mendonça França 提交于
This reverts commit 4147ab73.
-
由 Gaurav Sharma 提交于
-
- 28 9月, 2015 2 次提交
-
-
由 Ronak Jangir 提交于
-
由 yui-knk 提交于
* add `end` to end of class definition * add a blank line between explanation and example code
-
- 18 9月, 2015 1 次提交
-
-
由 Akira Matsuda 提交于
-
- 16 9月, 2015 1 次提交
-
-
由 Juanito Fatas 提交于
-
- 15 9月, 2015 8 次提交
-
-
由 Aaron Patterson 提交于
this commit removes some direct access to `env`.
-
由 Aaron Patterson 提交于
This commit is to abstract the code away from the env hash. It no longer needs to have the routes key hard coded.
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
This changes the renderer class to store the controller and defaults as an instance variable rather than allocating a new class. You can create a new renderer with an new env by calling `Renderer#new` or use new defaults by calling `Renderer#with_defaults` and saving the return value somewhere. Also I want to keep the `env` private since I would like to change the keys in the future. This commit only translates particular keys that the user requested.
-
由 Aaron Patterson 提交于
this means the reader doesn't need to lock, but does have the added cost of a new object created for every controller
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
The controller class is shared among threads, so we need to lock when allocating the Renderer.
-
由 Aaron Patterson 提交于
-
- 14 9月, 2015 1 次提交
-
-
由 Pedro Nascimento 提交于
-
- 11 9月, 2015 1 次提交
-
-
由 claudiob 提交于
AC::Parameters does not inherit from HashWithIndifferentAccess since #20868 by @sikachu
-
- 09 9月, 2015 23 次提交
-
-
由 eileencodes 提交于
`Rack::Session::Abstract::ID` is now deprecated and `Rack::Session::Abstract::Persisted` should be used instead.
-
由 eileencodes 提交于
In c546a2b0 this was changed to mimic how the browser behaves in a real situation but left out types that were registered. When this was changed it didn't take `text/plain` or `text/html` content types into account. This is a problem if you're manipulating the `Content-Type` headers in your controller tests, and expect a certain result. The reason I changed this to use `to_sym` is because if the `Content-Type` is not registered then the symbol will not exist. If it's one of the special types we handle that specifically (:json, :xml, or :url_encoded_form). If it's any registered type we handle it by setting the `path_parameters` and then the `request_parameters`. If the `to_sym` returns nil an error will be thrown. If the controller test sets a `Content-Type` on the request that `Content-Type` should remain in the header and pass along the filename. For example: If a test sets a content type on a post ``` @request.headers['CONTENT_TYPE'] = 'text/plain' post :create, params: { name: 'foo.txt' } ``` Then `foo.txt` should be in the `request_parameters` and params related to the path should be in the `path_parameters` and the `Content-Type` header should match the one set in the `@request`. When c546a2b0 was committed `text/plain` and `text/html` types were throwing a "Unknown Content-Type" error which is misleading and incorrect. Note: this does not affect how this is handled in the browser, just how the controller tests handle setting `Content-Type`.
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
This method is specifically about the content type so lets remove the parameter.
-
由 Aaron Patterson 提交于
create a singleton content type that just has nils, so that we don't have to allocate a content type object all the time.
-
由 Aaron Patterson 提交于
If someone sets just a charset, but depends on the implicit type from rendering, this will store a strange content type header that looks like this: `; charset=blah`. This is so that when the content type header is parsed again, it will return nil for the actual type.
-
由 Aaron Patterson 提交于
It turns out that the response object never really cares what the mime type object is, so just use the string.
-
由 Aaron Patterson 提交于
pull content-type setting to a private method to dry it up.
-
由 Aaron Patterson 提交于
Instead of storing content type information in an ivar and a header, lets move to just store the content type info in just the header.
-
由 Aaron Patterson 提交于
we'll use this method later to lazily parse content type headers.
-
由 Aaron Patterson 提交于
everything above metal really doesn't care about setting the content type, so lets rearrange these methods to be in metal.
-
由 Aaron Patterson 提交于
_set_content_type only does something when there is a request object, otherwise the return value of _get_content_type is always ignored. This commit moves everything to the module that has access to the request object so we'll never to_s unless there is a reason
-
由 Aaron Patterson 提交于
in the future I would like to make the header hash read only (or at least remove guarantees that mutations will do anything).
-
由 Kasper Timm Hansen 提交于
It's only used there.
-
由 Kasper Timm Hansen 提交于
`CookieJar` is only at the start of the chain and has its own request method, so we don't need it in the module.
-
由 Kasper Timm Hansen 提交于
It was the same in both legacy versions of the signed and encrypted cookie jars.
-
由 Kasper Timm Hansen 提交于
The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
-
由 Kasper Timm Hansen 提交于
`SignedCookieJar`'s parse method already attempts to verify the message, so we can just call super and try the old verifier if it fails.
-
由 Kasper Timm Hansen 提交于
Cuts down on the duplicated reading parts.
-
由 Kasper Timm Hansen 提交于
Gets rid of the option parsing and makes what the encryptor does stand out.
-
由 Kasper Timm Hansen 提交于
Lets us avoid worrying about parsing the options and doing just what we need.
-
由 Kasper Timm Hansen 提交于
Remove the clutter to make PermanentCookieJar's one change stand out.
-
由 Kasper Timm Hansen 提交于
Eventually this will be the superclass of all the chained jars.
-
- 08 9月, 2015 1 次提交
-
-
由 Jeremy Daer 提交于
SSL redirect: * Move `:host` and `:port` options within `redirect: { … }`. Deprecate. * Introduce `:status` and `:body` to customize the redirect response. The 301 permanent default makes it difficult to test the redirect and back out of it since browsers remember the 301. Test with a 302 or 307 instead, then switch to 301 once you're confident that all is well. HTTP Strict Transport Security (HSTS): * Shorter max-age. Shorten the default max-age from 1 year to 180 days, the low end for https://www.ssllabs.com/ssltest/ grading and greater than the 18-week minimum to qualify for browser preload lists. * Disabling HSTS. Setting `hsts: false` now sets `hsts: { expires: 0 }` instead of omitting the header. Omitting does nothing to disable HSTS since browsers hang on to your previous settings until they expire. Sending `{ hsts: { expires: 0 }}` flushes out old browser settings and actually disables HSTS: http://tools.ietf.org/html/rfc6797#section-6.1.1 * HSTS Preload. Introduce `preload: true` to set the `preload` flag, indicating that your site may be included in browser preload lists, including Chrome, Firefox, Safari, IE11, and Edge. Submit your site: https://hstspreload.appspot.com
-