## Rails 5.1.7 (March 27, 2019) ## * No changes. ## Rails 5.1.6.2 (March 11, 2019) ## * No changes. ## Rails 5.1.6.1 (November 27, 2018) ## * No changes. ## Rails 5.1.6 (March 29, 2018) ## * Check exclude before flagging cookies as secure. *Catherine Khuu* ## Rails 5.1.5 (February 14, 2018) ## * Fix optimized url helpers when using relative url root Fixes #31220. *Andrew White* * Ensure dev and prod puma configs do not clobber `ActionDispatch::SystemTesting` defaults. Adds workers: 0 and daemon: false *Max Schwenk* ## Rails 5.1.4 (September 07, 2017) ## * Make `take_failed_screenshot` work within engine. Fixes #30405. *Yuji Yaginuma* ## Rails 5.1.4.rc1 (August 24, 2017) ## * No changes. ## Rails 5.1.3 (August 03, 2017) ## * No changes. ## Rails 5.1.3.rc3 (July 31, 2017) ## * No changes. ## Rails 5.1.3.rc2 (July 25, 2017) ## * No changes. ## Rails 5.1.3.rc1 (July 19, 2017) ## * No changes. ## Rails 5.1.2 (June 26, 2017) ## * Fallback `ActionController::Parameters#to_s` to `Hash#to_s`. *Kir Shatrov* * `driven_by` now registers poltergeist and capybara-webkit If driver poltergeist or capybara-webkit is set for System Tests, `driven_by` will register the driver and set additional options passed via `:options` param. Refer to drivers documentation to learn what options can be passed. *Mario Chavez* ## Rails 5.1.1 (May 12, 2017) ## * No changes. ## Rails 5.1.0 (April 27, 2017) ## * Raise exception when calling `to_h` and `to_hash` in an unpermitted Parameters. Before we returned either an empty hash or only the always permitted parameters (`:controller` and `:action` by default). The previous behavior was dangerous because in order to get the attributes users usually fallback to use `to_unsafe_h that` could potentially introduce security issues. *Rafael Mendonça França* * Deprecate `config.action_controller.raise_on_unfiltered_parameters`. This option has no effect in Rails 5.1. *Rafael Mendonça França* * Use more specific check for :format in route path The current check for whether to add an optional format to the path is very lax and will match things like `:format_id` where there are nested resources, e.g: ``` ruby resources :formats do resources :items end ``` Fix this by using a more restrictive regex pattern that looks for the patterns `(.:format)`, `.:format` or `/` at the end of the path. Note that we need to allow for multiple closing parenthesis since the route may be of this form: ``` ruby get "/books(/:action(.:format))", controller: "books" ``` This probably isn't what's intended since it means that the default index action route doesn't support a format but we have a test for it so we need to allow it. Fixes #28517. *Andrew White* * Add `action_controller_api` and `action_controller_base` load hooks to be called in `ActiveSupport.on_load` `ActionController::Base` and `ActionController::API` have differing implementations. This means that the one umbrella hook `action_controller` is not able to address certain situations where a method may not exist in a certain implementation. This is fixed by adding two new hooks so you can target `ActionController::Base` vs `ActionController::API` Fixes #27013. *Julian Nadeau* * Don't include default headers in `ActionController::Metal` responses The commit e16afe6 introduced an unintentional change of behavior where the default headers were included in responses from `ActionController::Metal` based controllers. This is now reverted to the previous behavior of having no default headers. Fixes #25820. *Jon Moss* * Fix `NameError` raised in `ActionController::Renderer#with_defaults` *Hiroyuki Ishii* * Added `#reverse_merge` and `#reverse_merge!` methods to `ActionController::Parameters` *Edouard Chin*, *Mitsutaka Mimura* * Fix malformed URLS when using `ApplicationController.renderer` The Rack environment variable `rack.url_scheme` was not being set so `scheme` was returning `nil`. This caused URLs to be malformed with the default settings. Fix this by setting `rack.url_scheme` when the environment is normalized. Fixes #28151. *George Vrettos* * Commit flash changes when using a redirect route. Fixes #27992. *Andrew White* * Prefer `remove_method` over `undef_method` when reloading routes When `undef_method` is used it prevents access to other implementations of that url helper in the ancestor chain so use `remove_method` instead to restore access. *Andrew White* * Add the `resolve` method to the routing DSL This new method allows customization of the polymorphic mapping of models: ``` ruby resource :basket resolve("Basket") { [:basket] } ``` ``` erb <%= form_for @basket do |form| %> <% end %> ``` This generates the correct singular URL for the form instead of the default resources member url, e.g. `/basket` vs. `/basket/:id`. Fixes #1769. *Andrew White* * Add the `direct` method to the routing DSL This new method allows creation of custom url helpers, e.g: ``` ruby direct(:apple) { "http://www.apple.com" } >> apple_url => "http://www.apple.com" ``` This has the advantage of being available everywhere url helpers are available unlike custom url helpers defined in helper modules, etc. *Andrew White* * Add `ActionDispatch::SystemTestCase` to Action Pack Adds Capybara integration directly into Rails through Action Pack! See PR [#26703](https://github.com/rails/rails/pull/26703) *Eileen M. Uchitelle* * Remove deprecated `.to_prepare`, `.to_cleanup`, `.prepare!` and `.cleanup!` from `ActionDispatch::Reloader`. *Rafael Mendonça França* * Remove deprecated `ActionDispatch::Callbacks.to_prepare` and `ActionDispatch::Callbacks.to_cleanup`. *Rafael Mendonça França* * Remove deprecated `ActionController::Metal.call`. *Rafael Mendonça França* * Remove deprecated `ActionController::Metal#env`. *Rafael Mendonça França* * Make `with_routing` test helper work when testing controllers inheriting from `ActionController::API` *Julia López* * Use accept header in integration tests with `as: :json` Instead of appending the `format` to the request path, Rails will figure out the format from the header instead. This allows devs to use `:as` on routes that don't have a format. Fixes #27144. *Kasper Timm Hansen* * Reset a new session directly after its creation in `ActionDispatch::IntegrationTest#open_session`. Fixes #22742. *Tawan Sierek* * Fixes incorrect output from `rails routes` when using singular resources. Fixes #26606. *Erick Reyna* * Fixes multiple calls to `logger.fatal` instead of a single call, for every line in an exception backtrace, when printing trace from `DebugExceptions` middleware. Fixes #26134. *Vipul A M* * Add support for arbitrary hashes in strong parameters: ```ruby params.permit(preferences: {}) ``` *Xavier Noria* * Add `ActionController::Parameters#merge!`, which behaves the same as `Hash#merge!`. *Yuji Yaginuma* * Allow keys not found in `RACK_KEY_TRANSLATION` for setting the environment when rendering arbitrary templates. *Sammy Larbi* * Remove deprecated support to non-keyword arguments in `ActionDispatch::IntegrationTest#process`, `#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`. *Rafael Mendonça França* * Remove deprecated `ActionDispatch::IntegrationTest#*_via_redirect`. *Rafael Mendonça França* * Remove deprecated `ActionDispatch::IntegrationTest#xml_http_request`. *Rafael Mendonça França* * Remove deprecated support for passing `:path` and route path as strings in `ActionDispatch::Routing::Mapper#match`. *Rafael Mendonça França* * Remove deprecated support for passing path as `nil` in `ActionDispatch::Routing::Mapper#match`. *Rafael Mendonça França* * Remove deprecated `cache_control` argument from `ActionDispatch::Static#initialize`. *Rafael Mendonça França* * Remove deprecated support to passing strings or symbols to the middleware stack. *Rafael Mendonça França* * Change HSTS subdomain to true. *Rafael Mendonça França* * Remove deprecated `host` and `port` ssl options. *Rafael Mendonça França* * Remove deprecated `const_error` argument in `ActionDispatch::Session::SessionRestoreError#initialize`. *Rafael Mendonça França* * Remove deprecated `#original_exception` in `ActionDispatch::Session::SessionRestoreError`. *Rafael Mendonça França* * Deprecate `ActionDispatch::ParamsParser::ParseError` in favor of `ActionDispatch::Http::Parameters::ParseError`. *Rafael Mendonça França* * Remove deprecated `ActionDispatch::ParamsParser`. *Rafael Mendonça França* * Remove deprecated `original_exception` and `message` arguments in `ActionDispatch::ParamsParser::ParseError#initialize`. *Rafael Mendonça França* * Remove deprecated `#original_exception` in `ActionDispatch::ParamsParser::ParseError`. *Rafael Mendonça França* * Remove deprecated access to mime types through constants. *Rafael Mendonça França* * Remove deprecated support to non-keyword arguments in `ActionController::TestCase#process`, `#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`. *Rafael Mendonça França* * Remove deprecated `xml_http_request` and `xhr` methods in `ActionController::TestCase`. *Rafael Mendonça França* * Remove deprecated methods in `ActionController::Parameters`. *Rafael Mendonça França* * Remove deprecated support to comparing a `ActionController::Parameters` with a `Hash`. *Rafael Mendonça França* * Remove deprecated support to `:text` in `render`. *Rafael Mendonça França* * Remove deprecated support to `:nothing` in `render`. *Rafael Mendonça França* * Remove deprecated support to `:back` in `redirect_to`. *Rafael Mendonça França* * Remove deprecated support to passing status as option `head`. *Rafael Mendonça França* * Remove deprecated support to passing original exception to `ActionController::BadRequest` and the `ActionController::BadRequest#original_exception` method. *Rafael Mendonça França* * Remove deprecated methods `skip_action_callback`, `skip_filter`, `before_filter`, `prepend_before_filter`, `skip_before_filter`, `append_before_filter`, `around_filter` `prepend_around_filter`, `skip_around_filter`, `append_around_filter`, `after_filter`, `prepend_after_filter`, `skip_after_filter` and `append_after_filter`. *Rafael Mendonça França* * Show an "unmatched constraints" error when params fail to match constraints on a matched route, rather than a "missing keys" error. Fixes #26470. *Chris Carter* * Fix adding implicitly rendered template digests to ETags. Fixes a case when modifying an implicitly rendered template for a controller action using `fresh_when` or `stale?` would not result in a new `ETag` value. *Javan Makhmali* * Make `fixture_file_upload` work in integration tests. *Yuji Yaginuma* * Add `to_param` to `ActionController::Parameters` deprecations. In the future `ActionController::Parameters` are discouraged from being used in URLs without explicit whitelisting. Go through `to_h` to use `to_param`. *Kir Shatrov* * Fix nested multiple roots The PR #20940 enabled the use of multiple roots with different constraints at the top level but unfortunately didn't work when those roots were inside a namespace and also broke the use of root inside a namespace after a top level root was defined because the check for the existence of the named route used the global :root name and not the namespaced name. This is fixed by using the name_for_action method to expand the :root name to the full namespaced name. We can pass nil for the second argument as we're not dealing with resource definitions so don't need to handle the cases for edit and new routes. Fixes #26148. *Ryo Hashimoto*, *Andrew White* * Include the content of the flash in the auto-generated etag. This solves the following problem: 1. POST /messages 2. redirect_to messages_url, notice: 'Message was created' 3. GET /messages/1 4. GET /messages Step 4 would before still include the flash message, even though it's no longer relevant, because the etag cache was recorded with the flash in place and didn't change when it was gone. *DHH* * SSL: Changes redirect behavior for all non-GET and non-HEAD requests (like POST/PUT/PATCH etc) to `http://` resources to redirect to `https://` with a [307 status code](http://tools.ietf.org/html/rfc7231#section-6.4.7) instead of [301 status code](http://tools.ietf.org/html/rfc7231#section-6.4.2). 307 status code instructs the HTTP clients to preserve the original request method while redirecting. It has been part of HTTP RFC since 1999 and is implemented/recognized by most (if not all) user agents. # Before POST http://example.com/articles (i.e. ArticlesContoller#create) redirects to GET https://example.com/articles (i.e. ArticlesContoller#index) # After POST http://example.com/articles (i.e. ArticlesContoller#create) redirects to POST https://example.com/articles (i.e. ArticlesContoller#create) *Chirag Singhal* * Add `:as` option to `ActionController:TestCase#process` and related methods. Specifying `as: mime_type` allows the `CONTENT_TYPE` header to be specified in controller tests without manually doing this through `@request.headers['CONTENT_TYPE']`. *Everest Stefan Munro-Zeisberger* * Show cache hits and misses when rendering partials. Partials using the `cache` helper will show whether a render hit or missed the cache: ``` Rendered messages/_message.html.erb in 1.2 ms [cache hit] Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss] ``` This removes the need for the old fragment cache logging: ``` Read fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/d0bdf2974e1ef6d31685c3b392ad0b74 (0.6ms) Rendered messages/_message.html.erb in 1.2 ms [cache hit] Write fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/3b4e249ac9d168c617e32e84b99218b5 (1.1ms) Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss] ``` Though that full output can be reenabled with `config.action_controller.enable_fragment_cache_logging = true`. *Stan Lo* * Don't override the `Accept` header in integration tests when called with `xhr: true`. Fixes #25859. *David Chen* * Fix `defaults` option for root route. A regression from some refactoring for the 5.0 release, this change fixes the use of `defaults` (default parameters) in the `root` routing method. *Chris Arcand* * Check `request.path_parameters` encoding at the point they're set. Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves. *Grey Baker* * Don't raise `ActionController::UnknownHttpMethod` from `ActionDispatch::Static`. Pass `Rack::Request` objects to `ActionDispatch::FileHandler` to avoid it raising `ActionController::UnknownHttpMethod`. If an unknown method is passed, it should pass exception higher in the stack instead, once we've had a chance to define exception handling behaviour. *Grey Baker* * Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`. Updated `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespace for `ParameterTypeError` and `InvalidParameterError` errors. *Grey Baker* Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/actionpack/CHANGELOG.md) for previous changes.