Previous discussion: #38412, #38325, 37423e4, 24f9c03
- Rack::Runtime is replaced by FakeRuntime, which is a dummy middleware
that just passes requests on and cannot be used in middleware operations
- Using Rack::Runtime in middleware operations (relative inserts, moves,
etc.) throws a deprecation warning and uses FakeRuntime instead
- if an application adds Rack::Runtime explicitly (use, unshift, etc.),
then the deprecation warning does not happen and FakeRuntime is
ignored
- docs are updated to no longer reference Rack::Runtime
These are super basic issues that were flagged by the axe browser
extension.
I tried to change as few things as possible to avoid breaking anything
that might be making assumptions about the markup on this page.
Generally, there is a lot more work that would need to be done on these
pages to make them as friendly as possible to assistive technologies.
Relevant:
- https://dequeuniversity.com/rules/axe/4.1/landmark-one-main
- https://dequeuniversity.com/rules/axe/4.1/color-contrast
The toggle function relied on inline styles, but that method of toggle
an element is not necessary.
Relevant: classList is has ~99% browser support
- https://caniuse.com/?search=classlist
https://github.com/rails/rails/pull/39461 changed the `no-store`
directive for the `Cache-Control` header to be exclusive, i.e. when
setting `Cache-Control` to `private, no-store`, this is simplified to
just `no-store`. `private` should typically be superfluous there, but
it's not always.
For instance, Fastly "does not currently respect no-store or no-cache
directives" and says that "if you need to prevent caching by both Fastly
and web browsers, we recommend combining the private directive with
max-age=0 or no-store".
https://docs.fastly.com/en/guides/configuring-caching#do-not-cache
Since it's not possible to override this directive reduction behaviour,
the changes in #39461 prevent Fastly users from upgrading Rails.
This changes the behaviour to allow setting a 'private, no-store' header
when private is specified - similar to how 'public' can be specified
when 'no-cache' is, but not as a default.
Fixes https://github.com/rails/rails/issues/40798
Currently, the payload of the unpermitted_parameters.action_controller
events emitted by StrongParameters does not provide enough information for
developers to understand which controller and action received the
unpermitted parameters. This PR modifies ActionController::Parameters to
allow callers to specify a "context" which is included in the logging
payload.
*Implementation Strategy*
Since the ActionController::Parameters class is only loosely coupled
with controllers and can technically be used in any context, this PR
expects the caller to provide logging context.
Since StrongParameters is caller in Rails and has access to the
request object I chose to provide a payload similar to the
start_processing.action_controller event.
The way this test initializes `ActionDispatch::RemoteIp` has been
deprecated in #40789. This makes the test append to the existing
trusted proxy list instead of assigning a single value.
It regressed in #34894, which moved the rescue to the wrong method.
`_wrapper_enabled?` can access the parameters and the exception will
raise there before even entering `_perfomr_parameter_wrapping`.
Closes#38285.
I'm writing this patch for two purposes:
1. I want to reduce the number of times `object_id` is called. Calling
`object_id` can have negative impacts on performance in Ruby 2.7+, so
it would be nice to stop calling it.
2. I'm not sure why we're treating lambdas specially here. It looks
like we wanted to prevent people from skipping callbacks that were
defined with a lambda, but I think that is silly. If the user has a
reference to a lambda, and they want to skip it, we should let them.
I think this cleans up some code, helps with performance, and is a more
intuitive interface.
* Add ActionController::Live::Buffer#writeln to write a line to the stream with a newline included
* Don't add newlines to strings that already have them
This fixes an regression where _routes were set incorrectly when the
inheritance chain went from one route namespace (isolated engine or main
app) to another and then back to the original. Because the url_helpers
module was being cached and was being re-included this was not setting
_routes.
This commit solves the issue by detecting that case and redefining
_routes in that case. We could have always performed the redefinition,
but it's a pretty uncommon case, so we might as well only do it when
necessary.
RDoc Markup does not support backticks the way Markdown does to mark up
inline code. Additionally, `<tt>` must be used to mark up inline code
that includes spaces or certain punctuation characters (e.g. quotes).
John Bampton