549 lines
16 KiB
Markdown
549 lines
16 KiB
Markdown
## Rails 5.1.6.1 (November 27, 2018) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.6 (March 29, 2018) ##
|
|
|
|
* Check exclude before flagging cookies as secure.
|
|
|
|
*Catherine Khuu*
|
|
|
|
|
|
## Rails 5.1.5 (February 14, 2018) ##
|
|
|
|
* Fix optimized url helpers when using relative url root
|
|
|
|
Fixes #31220.
|
|
|
|
*Andrew White*
|
|
|
|
* Ensure dev and prod puma configs do not clobber `ActionDispatch::SystemTesting` defaults. Adds workers: 0 and daemon: false
|
|
|
|
*Max Schwenk*
|
|
|
|
## Rails 5.1.4 (September 07, 2017) ##
|
|
|
|
* Make `take_failed_screenshot` work within engine.
|
|
|
|
Fixes #30405.
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
## Rails 5.1.4.rc1 (August 24, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.3 (August 03, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.3.rc3 (July 31, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.3.rc2 (July 25, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.3.rc1 (July 19, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.2 (June 26, 2017) ##
|
|
|
|
* Fallback `ActionController::Parameters#to_s` to `Hash#to_s`.
|
|
|
|
*Kir Shatrov*
|
|
|
|
* `driven_by` now registers poltergeist and capybara-webkit
|
|
|
|
If driver poltergeist or capybara-webkit is set for System Tests,
|
|
`driven_by` will register the driver and set additional options passed via
|
|
`:options` param.
|
|
|
|
Refer to drivers documentation to learn what options can be passed.
|
|
|
|
*Mario Chavez*
|
|
|
|
## Rails 5.1.1 (May 12, 2017) ##
|
|
|
|
* No changes.
|
|
|
|
|
|
## Rails 5.1.0 (April 27, 2017) ##
|
|
|
|
* Raise exception when calling `to_h` and `to_hash` in an unpermitted Parameters.
|
|
|
|
Before we returned either an empty hash or only the always permitted parameters
|
|
(`:controller` and `:action` by default).
|
|
|
|
The previous behavior was dangerous because in order to get the attributes users
|
|
usually fallback to use `to_unsafe_h that` could potentially introduce security issues.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Deprecate `config.action_controller.raise_on_unfiltered_parameters`.
|
|
|
|
This option has no effect in Rails 5.1.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Use more specific check for :format in route path
|
|
|
|
The current check for whether to add an optional format to the path is very lax
|
|
and will match things like `:format_id` where there are nested resources, e.g:
|
|
|
|
``` ruby
|
|
resources :formats do
|
|
resources :items
|
|
end
|
|
```
|
|
|
|
Fix this by using a more restrictive regex pattern that looks for the patterns
|
|
`(.:format)`, `.:format` or `/` at the end of the path. Note that we need to
|
|
allow for multiple closing parenthesis since the route may be of this form:
|
|
|
|
``` ruby
|
|
get "/books(/:action(.:format))", controller: "books"
|
|
```
|
|
|
|
This probably isn't what's intended since it means that the default index action
|
|
route doesn't support a format but we have a test for it so we need to allow it.
|
|
|
|
Fixes #28517.
|
|
|
|
*Andrew White*
|
|
|
|
* Add `action_controller_api` and `action_controller_base` load hooks to be called in `ActiveSupport.on_load`
|
|
|
|
`ActionController::Base` and `ActionController::API` have differing implementations. This means that
|
|
the one umbrella hook `action_controller` is not able to address certain situations where a method
|
|
may not exist in a certain implementation.
|
|
|
|
This is fixed by adding two new hooks so you can target `ActionController::Base` vs `ActionController::API`
|
|
|
|
Fixes #27013.
|
|
|
|
*Julian Nadeau*
|
|
|
|
* Don't include default headers in `ActionController::Metal` responses
|
|
|
|
The commit e16afe6 introduced an unintentional change of behavior where the default
|
|
headers were included in responses from `ActionController::Metal` based controllers.
|
|
This is now reverted to the previous behavior of having no default headers.
|
|
|
|
Fixes #25820.
|
|
|
|
*Jon Moss*
|
|
|
|
* Fix `NameError` raised in `ActionController::Renderer#with_defaults`
|
|
|
|
*Hiroyuki Ishii*
|
|
|
|
* Added `#reverse_merge` and `#reverse_merge!` methods to `ActionController::Parameters`
|
|
|
|
*Edouard Chin*, *Mitsutaka Mimura*
|
|
|
|
* Fix malformed URLS when using `ApplicationController.renderer`
|
|
|
|
The Rack environment variable `rack.url_scheme` was not being set so `scheme` was
|
|
returning `nil`. This caused URLs to be malformed with the default settings.
|
|
Fix this by setting `rack.url_scheme` when the environment is normalized.
|
|
|
|
Fixes #28151.
|
|
|
|
*George Vrettos*
|
|
|
|
* Commit flash changes when using a redirect route.
|
|
|
|
Fixes #27992.
|
|
|
|
*Andrew White*
|
|
|
|
* Prefer `remove_method` over `undef_method` when reloading routes
|
|
|
|
When `undef_method` is used it prevents access to other implementations of that
|
|
url helper in the ancestor chain so use `remove_method` instead to restore access.
|
|
|
|
*Andrew White*
|
|
|
|
* Add the `resolve` method to the routing DSL
|
|
|
|
This new method allows customization of the polymorphic mapping of models:
|
|
|
|
``` ruby
|
|
resource :basket
|
|
resolve("Basket") { [:basket] }
|
|
```
|
|
|
|
``` erb
|
|
<%= form_for @basket do |form| %>
|
|
<!-- basket form -->
|
|
<% end %>
|
|
```
|
|
|
|
This generates the correct singular URL for the form instead of the default
|
|
resources member url, e.g. `/basket` vs. `/basket/:id`.
|
|
|
|
Fixes #1769.
|
|
|
|
*Andrew White*
|
|
|
|
* Add the `direct` method to the routing DSL
|
|
|
|
This new method allows creation of custom url helpers, e.g:
|
|
|
|
``` ruby
|
|
direct(:apple) { "http://www.apple.com" }
|
|
|
|
>> apple_url
|
|
=> "http://www.apple.com"
|
|
```
|
|
|
|
This has the advantage of being available everywhere url helpers are available
|
|
unlike custom url helpers defined in helper modules, etc.
|
|
|
|
*Andrew White*
|
|
|
|
* Add `ActionDispatch::SystemTestCase` to Action Pack
|
|
|
|
Adds Capybara integration directly into Rails through Action Pack!
|
|
|
|
See PR [#26703](https://github.com/rails/rails/pull/26703)
|
|
|
|
*Eileen M. Uchitelle*
|
|
|
|
* Remove deprecated `.to_prepare`, `.to_cleanup`, `.prepare!` and `.cleanup!` from `ActionDispatch::Reloader`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionDispatch::Callbacks.to_prepare` and `ActionDispatch::Callbacks.to_cleanup`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionController::Metal.call`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionController::Metal#env`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Make `with_routing` test helper work when testing controllers inheriting from `ActionController::API`
|
|
|
|
*Julia López*
|
|
|
|
* Use accept header in integration tests with `as: :json`
|
|
|
|
Instead of appending the `format` to the request path, Rails will figure
|
|
out the format from the header instead.
|
|
|
|
This allows devs to use `:as` on routes that don't have a format.
|
|
|
|
Fixes #27144.
|
|
|
|
*Kasper Timm Hansen*
|
|
|
|
* Reset a new session directly after its creation in `ActionDispatch::IntegrationTest#open_session`.
|
|
|
|
Fixes #22742.
|
|
|
|
*Tawan Sierek*
|
|
|
|
* Fixes incorrect output from `rails routes` when using singular resources.
|
|
|
|
Fixes #26606.
|
|
|
|
*Erick Reyna*
|
|
|
|
* Fixes multiple calls to `logger.fatal` instead of a single call,
|
|
for every line in an exception backtrace, when printing trace
|
|
from `DebugExceptions` middleware.
|
|
|
|
Fixes #26134.
|
|
|
|
*Vipul A M*
|
|
|
|
* Add support for arbitrary hashes in strong parameters:
|
|
|
|
```ruby
|
|
params.permit(preferences: {})
|
|
```
|
|
|
|
*Xavier Noria*
|
|
|
|
* Add `ActionController::Parameters#merge!`, which behaves the same as `Hash#merge!`.
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
* Allow keys not found in `RACK_KEY_TRANSLATION` for setting the environment when rendering
|
|
arbitrary templates.
|
|
|
|
*Sammy Larbi*
|
|
|
|
* Remove deprecated support to non-keyword arguments in `ActionDispatch::IntegrationTest#process`,
|
|
`#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionDispatch::IntegrationTest#*_via_redirect`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionDispatch::IntegrationTest#xml_http_request`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support for passing `:path` and route path as strings in `ActionDispatch::Routing::Mapper#match`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support for passing path as `nil` in `ActionDispatch::Routing::Mapper#match`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `cache_control` argument from `ActionDispatch::Static#initialize`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to passing strings or symbols to the middleware stack.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Change HSTS subdomain to true.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `host` and `port` ssl options.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `const_error` argument in
|
|
`ActionDispatch::Session::SessionRestoreError#initialize`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `#original_exception` in `ActionDispatch::Session::SessionRestoreError`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Deprecate `ActionDispatch::ParamsParser::ParseError` in favor of
|
|
`ActionDispatch::Http::Parameters::ParseError`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `ActionDispatch::ParamsParser`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `original_exception` and `message` arguments in
|
|
`ActionDispatch::ParamsParser::ParseError#initialize`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `#original_exception` in `ActionDispatch::ParamsParser::ParseError`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated access to mime types through constants.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to non-keyword arguments in `ActionController::TestCase#process`,
|
|
`#get`, `#post`, `#patch`, `#put`, `#delete`, and `#head`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated `xml_http_request` and `xhr` methods in `ActionController::TestCase`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated methods in `ActionController::Parameters`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to comparing a `ActionController::Parameters`
|
|
with a `Hash`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to `:text` in `render`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to `:nothing` in `render`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to `:back` in `redirect_to`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to passing status as option `head`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated support to passing original exception to `ActionController::BadRequest`
|
|
and the `ActionController::BadRequest#original_exception` method.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Remove deprecated methods `skip_action_callback`, `skip_filter`, `before_filter`,
|
|
`prepend_before_filter`, `skip_before_filter`, `append_before_filter`, `around_filter`
|
|
`prepend_around_filter`, `skip_around_filter`, `append_around_filter`, `after_filter`,
|
|
`prepend_after_filter`, `skip_after_filter` and `append_after_filter`.
|
|
|
|
*Rafael Mendonça França*
|
|
|
|
* Show an "unmatched constraints" error when params fail to match constraints
|
|
on a matched route, rather than a "missing keys" error.
|
|
|
|
Fixes #26470.
|
|
|
|
*Chris Carter*
|
|
|
|
* Fix adding implicitly rendered template digests to ETags.
|
|
|
|
Fixes a case when modifying an implicitly rendered template for a
|
|
controller action using `fresh_when` or `stale?` would not result in a new
|
|
`ETag` value.
|
|
|
|
*Javan Makhmali*
|
|
|
|
* Make `fixture_file_upload` work in integration tests.
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
* Add `to_param` to `ActionController::Parameters` deprecations.
|
|
|
|
In the future `ActionController::Parameters` are discouraged from being used
|
|
in URLs without explicit whitelisting. Go through `to_h` to use `to_param`.
|
|
|
|
*Kir Shatrov*
|
|
|
|
* Fix nested multiple roots
|
|
|
|
The PR #20940 enabled the use of multiple roots with different constraints
|
|
at the top level but unfortunately didn't work when those roots were inside
|
|
a namespace and also broke the use of root inside a namespace after a top
|
|
level root was defined because the check for the existence of the named route
|
|
used the global :root name and not the namespaced name.
|
|
|
|
This is fixed by using the name_for_action method to expand the :root name to
|
|
the full namespaced name. We can pass nil for the second argument as we're not
|
|
dealing with resource definitions so don't need to handle the cases for edit
|
|
and new routes.
|
|
|
|
Fixes #26148.
|
|
|
|
*Ryo Hashimoto*, *Andrew White*
|
|
|
|
* Include the content of the flash in the auto-generated etag. This solves the following problem:
|
|
|
|
1. POST /messages
|
|
2. redirect_to messages_url, notice: 'Message was created'
|
|
3. GET /messages/1
|
|
4. GET /messages
|
|
|
|
Step 4 would before still include the flash message, even though it's no longer relevant,
|
|
because the etag cache was recorded with the flash in place and didn't change when it was gone.
|
|
|
|
*DHH*
|
|
|
|
* SSL: Changes redirect behavior for all non-GET and non-HEAD requests
|
|
(like POST/PUT/PATCH etc) to `http://` resources to redirect to `https://`
|
|
with a [307 status code](http://tools.ietf.org/html/rfc7231#section-6.4.7) instead of [301 status code](http://tools.ietf.org/html/rfc7231#section-6.4.2).
|
|
|
|
307 status code instructs the HTTP clients to preserve the original
|
|
request method while redirecting. It has been part of HTTP RFC since
|
|
1999 and is implemented/recognized by most (if not all) user agents.
|
|
|
|
# Before
|
|
POST http://example.com/articles (i.e. ArticlesContoller#create)
|
|
redirects to
|
|
GET https://example.com/articles (i.e. ArticlesContoller#index)
|
|
|
|
# After
|
|
POST http://example.com/articles (i.e. ArticlesContoller#create)
|
|
redirects to
|
|
POST https://example.com/articles (i.e. ArticlesContoller#create)
|
|
|
|
*Chirag Singhal*
|
|
|
|
* Add `:as` option to `ActionController:TestCase#process` and related methods.
|
|
|
|
Specifying `as: mime_type` allows the `CONTENT_TYPE` header to be specified
|
|
in controller tests without manually doing this through `@request.headers['CONTENT_TYPE']`.
|
|
|
|
*Everest Stefan Munro-Zeisberger*
|
|
|
|
* Show cache hits and misses when rendering partials.
|
|
|
|
Partials using the `cache` helper will show whether a render hit or missed
|
|
the cache:
|
|
|
|
```
|
|
Rendered messages/_message.html.erb in 1.2 ms [cache hit]
|
|
Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]
|
|
```
|
|
|
|
This removes the need for the old fragment cache logging:
|
|
|
|
```
|
|
Read fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/d0bdf2974e1ef6d31685c3b392ad0b74 (0.6ms)
|
|
Rendered messages/_message.html.erb in 1.2 ms [cache hit]
|
|
Write fragment views/v1/2914079/v1/2914079/recordings/70182313-20160225015037000000/3b4e249ac9d168c617e32e84b99218b5 (1.1ms)
|
|
Rendered recordings/threads/_thread.html.erb in 1.5 ms [cache miss]
|
|
```
|
|
|
|
Though that full output can be reenabled with
|
|
`config.action_controller.enable_fragment_cache_logging = true`.
|
|
|
|
*Stan Lo*
|
|
|
|
* Don't override the `Accept` header in integration tests when called with `xhr: true`.
|
|
|
|
Fixes #25859.
|
|
|
|
*David Chen*
|
|
|
|
* Fix `defaults` option for root route.
|
|
|
|
A regression from some refactoring for the 5.0 release, this change
|
|
fixes the use of `defaults` (default parameters) in the `root` routing method.
|
|
|
|
*Chris Arcand*
|
|
|
|
* Check `request.path_parameters` encoding at the point they're set.
|
|
|
|
Check for any non-UTF8 characters in path parameters at the point they're
|
|
set in `env`. Previously they were checked for when used to get a controller
|
|
class, but this meant routes that went directly to a Rack app, or skipped
|
|
controller instantiation for some other reason, had to defend against
|
|
non-UTF8 characters themselves.
|
|
|
|
*Grey Baker*
|
|
|
|
* Don't raise `ActionController::UnknownHttpMethod` from `ActionDispatch::Static`.
|
|
|
|
Pass `Rack::Request` objects to `ActionDispatch::FileHandler` to avoid it
|
|
raising `ActionController::UnknownHttpMethod`. If an unknown method is
|
|
passed, it should pass exception higher in the stack instead, once we've had a
|
|
chance to define exception handling behaviour.
|
|
|
|
*Grey Baker*
|
|
|
|
* Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`.
|
|
|
|
Updated `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespace
|
|
for `ParameterTypeError` and `InvalidParameterError` errors.
|
|
|
|
*Grey Baker*
|
|
|
|
Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/actionpack/CHANGELOG.md) for previous changes.
|