Fix Mime::Type.parse handling type parameters for HTTP Accept headers.
Taylor Chaparro
Fix the error page that is displayed when a view template is missing to account for nested controller paths in the suggested correct location for the missing template.
Joshua Young
Add
save_and_open_page
helper to IntegrationTestsave_and_open_page
is a helpful helper to keep a short feedback loop when working on system tests. A similar helper with matching signature has been added to integration tests.Joé Dupuis
Fix a regression in 7.1.3 passing a
to:
option without a controller when the controller is already defined by a scope.Rails.application.routes.draw do controller :home do get "recent", to: "recent_posts" end end
Étienne Barrié
Request Forgery takes relative paths into account.
Stefan Wienert
Add ".test" as a default allowed host in development to ensure smooth golden-path setup with puma.dev.
DHH
Add
allow_browser
to set minimum browser versions for the application.A browser that's blocked will by default be served the file in
public/406-unsupported-browser.html
with a HTTP status code of "406 Not Acceptable".class ApplicationController < ActionController::Base # Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has allow_browser versions: :modern end class ApplicationController < ActionController::Base # All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+. allow_browser versions: { safari: 16.4, firefox: 121, ie: false } end class MessagesController < ApplicationController # In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action. allow_browser versions: { opera: 104, chrome: 119 }, only: :show end
DHH
Add rate limiting API.
class SessionsController < ApplicationController rate_limit to: 10, within: 3.minutes, only: :create end class SignupsController < ApplicationController rate_limit to: 1000, within: 10.seconds, by: -> { request.domain }, with: -> { redirect_to busy_controller_url, alert: "Too many signups!" }, only: :new end
DHH, Jean Boussier
Add
image/svg+xml
to the compressible content types of::ActionDispatch::Static
Georg Ledermann
Add instrumentation for ActionController::Live#send_stream
Allows subscribing to
send_stream
events. The event payload contains the filename, disposition, and type.Hannah Ramadan
Add support for
with_routing
test helper in::ActionDispatch::IntegrationTest
Gannon McGibbon
Remove deprecated support to set
Rails.application.config.action_dispatch.show_exceptions
totrue
andfalse
.Rafael Mendonça França
Remove deprecated
speaker
,vibrate
, andvr
permissions policy directives.Rafael Mendonça França
Remove deprecated
Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type
.Rafael Mendonça França
Deprecate
Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality
.Rafael Mendonça França
Remove deprecated comparison between
::ActionController::Parameters
andHash
.Rafael Mendonça França
Remove deprecated constant
AbstractController::Helpers::MissingHelperError
.Rafael Mendonça França
Fix a race condition that could cause a
Text file busy - chromedriver
error with parallel system testsMatt Brictson
Add
racc
as a dependency since it will become a bundled gem in Ruby 3.4.0Hartley McGuire
Remove deprecated constant
ActionDispatch::IllegalStateError
.Rafael Mendonça França
Add parameter filter capability for redirect locations.
It uses the
config.filter_parameters
to match what needs to be filtered. The result would be like this:Redirected to http://secret.foo.username=roque&password=[FILTERED]
Fixes #14055.
Roque Pinel, Trevor Turk, tonytonyjan
Please check [7-1-stable]) for previous changes.