| Date | Commit message (Collapse) |
|---|
|
|
|
handle failure to upcase invalid UTF8 strings for `_method` values
|
|
Some strings cannot be upper cased and raise an ArgumentError instead.
Let's capture this error and log its occurence to the environment via
rack.errors
|
|
Rubygems 2.7.5 has a bug with JRuby and Bundler is being unstable
latelly so it is better to stick with a version we know tests are going
to pass.
|
|
|
|
Backport pull request #1137 from unabridged/fix-eof-failure
|
|
Original commit message:
Fix MethodOverride EOFError failure
Converted changes from Rack 2.0 to work in Rack 1.6 which included
changing `RACK_ERRORS` to `rack.errors` and fixes to the tests (`it` to
`should` and `must_match` to `should =~`.
|
|
|
|
Ruby 1.8 doesn't know about encodings
|
|
Fix mistake in encoding change
|
|
|
|
1) I wasn't even testing my change on the branches I made changes on
because I accidentally used `unless` instead of `if`. This test should
only run IF encoding them to binary is supported. :flushed:
2) 1.9.3 does respond to `:encoding` but it doesn't respond to `:b` and
since it's `:b` we're calling on these env vars it's best to ask if it
responds to that method, not to `:encoding`.
Fixes #1168
|
|
|
|
When web servers read data from the socket it's encoded as ASCII_8BIT
because we don't know the encoding. This change makes the env closer to
what a real web server will return in production.
We don't want to run this if it's Ruby 1.8 because it doesn't support
encodings.
|
|
|
|
Handle NULL byte in multipart file name
|
|
Backport to 1.6: prevent exception caused by a race condition on multi-threaded server like Puma.
|
|
Prevent exception caused by a race condition on multi-threaded servers
|
|
|
|
Because Thread.exclusive is deprecated since Ruby 2.3.0:
* https://github.com/ruby/ruby/blob/v2_3_0/ChangeLog#L2398-L2400
* https://github.com/ruby/ruby/blob/v2_3_0/prelude.rb#L11
|
|
* Fix incompatible backported specs
* Pin to Rake < 11.0 for 1.8 compat
* Backport Travis bump: c9e313f
* Build on Ruby 2.3
* Allow failures on jruby-head and rbx-2
Closes #1052
|
|
The draft spec for the SameSite option mentions two configuration
options: Strict & Lax. This commit introduces validation of the
associated same_site attribute.
The main motivation for validating this value is ensuring that awry
option values don't cause unexpected behaviour. As this is a sensitive
security option, I think validation is warranted.
The main drawback of validating the option value is that Rack won't
immediately support new options.
Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
|
|
Backport SameSite cookie attribute
|
|
remove use of `:first_party` option
pass along provided value
make the syntax more flexible
s/strict/Strict/
|
|
Set `first_party: true` to set the First-Party attribute telling
browsers to only send the cookie with legit first-party requests.
* https://tools.ietf.org/html/draft-west-first-party-cookies-00
* https://www.chromestatus.com/feature/4672634709082112
|
|
|
|
|
|
[1-6-stable] Fix GET semicolons without breaking API compatibility
|
|
Well.. without breaking compatibility in a way that affects Rails.
|
|
This reverts commit 75c65fbb3b4a907ef3ebf5e97d0270918607a357.
|
|
|
|
|
|
Fix semicolons as separators for GET
|
|
johnnaegle/only_increment_open_file_count_for_fileparts
Only count files (not all form elements) against the Multipart File Limit
|
|
* 1-6-sec:
update history
bump to 1.6.2
raise an exception if the parameters are too deep
|
|
greysteil/handle-param-parsing-errors-in-method-override
Ignore param parsing errors in MethodOverride
|
|
|
|
|
|
CVE-2015-3225
|
|
|
|
Use the default HTTP output buffer, instead of 5
|
|
Add woff2 mime type (backport to 1-6-stable)
|
|
|
|
|
|
|
|
|
|
|
|
http://docs.travis-ci.com/user/languages/ruby/#Default-Test-Script.
|
|
|
|
|