Ruby On Rails in UA/Новости, баги, и прочее/Controllers (ActionPack) - rails 2.0

Controller
Added ActionController.filter_parameter_logging that makes it easy to remove sensitive information from logs
Added :add_headers option to verify
Modify routing so that you can say :require => { :method => :post } for a route ex. verify :only => :speak, :method => :post, :render => { :status => 405, :text => "Must be post" }, :add_headers => { "Allow" => "POST" }
Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered
Added of params[:format] to determine Accept type.
Add :status option to send_data and send_file. Defaults to '200 OK'
Added support for Mime objects in render :content_type option
Example: render :text => some_atom, :content_type => Mime::ATOM
Added Mime::Type.register(string, symbol, synonyms = []) for adding new custom mime types
Example: Mime::Type.register("image/gif", :gif)
Added Mime::TEXT (text/plain) and Mime::ICS (text/calendar) as new default types
Make controller_path available as an instance method
respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now
Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)"
Update UrlWriter to support :only_path
Skip params with empty names, such as the &=Save query string from
Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding)
Added proper getters and setters for content type and charset. Example:
response.headers["Content-Type"] = "application/atom+xml; charset=utf-8" ...now: response.content_type = Mime::ATOM response.charset = "utf-8"
Added that respond_to blocks will automatically set the content type to be the same as is requested. Examples:
respond_to do |format| format.html { render :text => "I'm being sent as text/html" } format.rss { render :text => "I'm being sent as application/rss+xml" } format.atom { render :text => "I'm being sent as application/xml", :content_type => Mime::XML } end
Add head(options = {}) for responses that have no body. Examples:
head :status => 404 # return an empty response with a 404 status
head :location => person_path(@person), :status => 201
Make the :status parameter expand to the default message for that status code if it is an integer. Also support symbol statuses. Examples:
head :status => 404 # expands to "404 Not Found"
head :status => :not_found # expands to "404 Not Found"
head :status => :created # expands to "201 Created"
Declare file extensions exempt from layouts:
Example: ActionController::Base.exempt_from_layout 'rpdf'
Cache parsed query parameters
render_text may optionally append to the response body. render_javascript appends by default. This allows you to chain multiple render :update calls by setting @performed_render = false between them (awaiting a better public API)
Always clear model associations from session
ActionView::Base.erb_variable accessor names the buffer variable used to render templates. Defaults to _erbout; use _buf for erubis
Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer
Added the option for extension aliases to mime type registration [DHH]. Example (already in the default routes):
Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
...will respond on both .html and .xhtml.
Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used.
This means you can stop using respond_to for anything else than responses. Examples:
GET /posts/5.xml | request.format => Mime::XML GET /posts/5.xhtml | request.format => Mime::HTML GET /posts/5 | request.format => request.accepts.first (usually Mime::HTML for browsers)
render :json => @person.to_json automatically sets the content type and takes a :callback option to specify a client-side function to call using the rendered JSON as an argument.
# application/json response with body 'Element.show({:name: "David"})'
respond_to do |format| format.json { render :json => { :name => "David" }.to_json, :callback => 'Element.show' } end
Unrescued ActiveRecord::RecordNotFound responds with 404 instead of 500.
Allow fields_for to be nested inside form_for, so that the name and id get properly constructed
RecordInvalid, RecordNotSaved => 422 Unprocessable Entity, StaleObjectError => 409 Conflict
Added X-Runtime to all responses with the request run time
Raise UnknownHttpMethod exception for unknown HTTP methods
Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string
Allow exempt_from_layout :rhtml
Set session to an empty hash if :new_session => false and no session cookie or param is present
Recognize the .txt extension as Mime::TEXT
Added default mime type for CSS (Mime::CSS)
Allow Controllers to have multiple view_paths instead of a single template_root
Work around the two connection per host browser limit: use asset%d.myapp.com to distribute asset requests among asset[0123].myapp.com. Use a DNS wildcard or CNAMEs to map these hosts to your asset server. See http://www.die.net/musings/page_load_time/ for background.
Added .erb and .builder as preferred aliases to the now deprecated .rhtml and .rxml extensions. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though.
Allow send_file/send_data to use a registered mime type as the :type parameter
Add a :url_based_filename => true option to ActionController::Streaming::send_file, which allows URL-based filenames
Add Mime::Type convenience methods to check the current mime type.
request.format.html? # => true if Mime::HTML request.format.jpg? # => true if Mime::JPG # ActionController sample usage: # the session will be disabled for non html/ajax requests session :off, :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
Added helper(:all) as a way to include all helpers from app/helpers/**/*.rb in ApplicationController
Cookie session store: raise ArgumentError when :session_key is blank
Added user/password options for url_for to add http authentication in a URL
Added Request#url that returns the complete URL used for the request
Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests using the cookie store's secret
Allow array and hash query parameters. Array route parameters are converted/to/a/path as before
Allow configuration of the default action cache path for #caches_action calls. [Rick Olson]
class ListsController < ApplicationController caches_action :index, :cache_path => Proc.new { |controller| controller.params[:user_id] ? controller.send(:user_lists_url, c.params[:user_id]) : controller.send(:lists_url) } end
Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash.
The default respond_to blocks don't set a specific extension anymore, so that both 'show.rjs' and 'show.js.rjs' will work
Tweak template format rules so that the ACCEPT header is only used if it's text/javascript. This is so ajax actions without a :format param get recognized as Mime::JS
Added :location option to render so that the common pattern of rendering a response after creating a new resource is now a 1-liner
render :xml => post.to_xml, :status => :created, :location => post_url(post)
Added that render :xml will try to call to_xml if it can. Makes these work:
render :xml => post
render :xml => comments
Added that render :json will automatically call .to_json unless it's being passed a string
Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder"
Change default respond_to templates for xml and rjs formats. [Rick]
* Default xml template goes from #{action_name}.rxml => #{action_name}.xml.builder.
* Default rjs template goes from #{action_name}.rjs => #{action_name}.js.rjs.
You can still specify your old templates:
respond_to do |format| format.xml do render :action => "#{action_name}.rxml" end end
Allow layouts with extension of .html.erb
Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for. Examples:
redirect_to(post) # => redirect_to(posts_url(post)) => Location: http://example.com/posts/1 link_to(post.title, post) # => link_to(post.title, posts_url(post)) => <a href="/posts/1">Hello world</a>
Included the HttpAuthentication plugin as part of core
Assume that rendered partials go by the HTML format by default
def my_partial render :update do |page| # in this order # _foo.html.erb # _foo.erb # _foo.rhtml page.replace :foo, :partial => 'foo' end end
Add some performance enhancements to ActionView.
* Cache base_paths in @@cached_base_paths
* Cache template extensions in @@cached_template_extension
* Remove unnecessary rescues
Introduce the request.body stream. Lazy-read to parse parameters rather than always setting RAW_POST_DATA. Reduces the memory footprint of large binary PUT requests.
Added url_for usage on render :location, which allows for record identification. Example:
render :xml => person, :status => :created, :location => person
...expands the location to person_url(person)
Added custom path cache_page/expire_page parameters in addition to the options hashes. Example:
def index caches_page(response.body, "/index.html") end
request.remote_ip understands X-Forwarded-For addresses with nonstandard whitespace
render :partial recognizes Active Record associations as Arrays
Remove RAILS_ROOT from backtrace paths.
Allow you to render views with periods in the name.
render :partial => 'show.html.erb'
Make :trailing_slash work with query parameters for url_for.
url_for now accepts a series of symbols representing the namespace of the record
Added partial layouts (see example in action_view/lib/partials.rb)
request.host works with IPv6 addresses
Make render :partial work with a :collection of Hashes, previously this wasn't possible due to backwards compatibility restrictions
Add option to force binary mode on tempfile used for fixture_file_upload
root_path returns '/' not ''.
Added Mime::Type.register_alias for dealing with different formats using the same mime type. Example:
class PostsController < ApplicationController before_filter :adjust_format_for_iphone def index @posts = Post.find(:all) respond_to do |format| format.html # => renders index.html.erb and uses "text/html" as the content type format.iphone # => renders index.iphone.erb and uses "text/html" as the content type end end private def adjust_format_for_iphone if request.env["HTTP_USER_AGENT"] && request.env["HTTP_USER_AGENT"][/iPhone/] request.format = :iphone end end end
Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks
Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks.
This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
Also applied updated versions of #strip_tags and #strip_links
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests
Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public.
Only accept session ids from cookies, prevents session fixation attacks.
Fix url_for, redirect_to, etc. with :controller => :symbol instead of 'string'
Add :status to redirect_to allowing users to choose their own response code without manually setting headers
Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config.
config.action_controller.optimise_named_routes = false
caches_page uses a single after_filter instead of one per action
Request profiler.
$ cat login_session.rb get_with_redirect '/' say "GET / => #{path}" post_with_redirect '/sessions', :username => 'john', :password => 'doe' say "POST /sessions => #{path}" $ ./script/performance/request -n 10 login_session.rb
Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods.