Notable changes since 3.2:
- Change the stylesheet of exception pages for development
mode. Additionally display also the line of code and fragment that
raised the exception in all exceptions pages.
- protect_from_forgery also prevents cross-origin <script>
tags. Update your tests to use xhr :get, :foo, format: :js instead
of get :foo, format: :js.
- #url_for takes a hash with options inside an array.
- Added session#fetch method fetch behaves similarly to Hash#fetch,
#with the exception that the returned value is always saved into the
#session.
- Separated Action View completely from Action Pack.
- Log which keys were affected by deep munge.
- New config option config.action_dispatch.perform_deep_munge to opt
out of params "deep munging" that was used to address security
vulnerability CVE-2013-0155.
- New config option config.action_dispatch.cookies_serializer for
specifying a serializer for the signed and encrypted cookie jars.
- Added render :plain, render :html and render :body.
- The *_filter family of methods have been removed from the
documentation. Their usage is discouraged in favor of the *_action
family of methods:
- render nothing: true or rendering a nil body no longer add a single
space padding to the response body.
- Rails now automatically includes the template's digest in ETags.
- Segments that are passed into URL helpers are now automatically
escaped.
- Introduced the always_permitted_parameters option to configure which
parameters are permitted globally. The default value of this
configuration is ['controller', 'action'].
- Added the HTTP method MKCALENDAR from RFC 4791.
- *_fragment.action_controller notifications now include the
controller and action name in the payload.
- Improved the Routing Error page with fuzzy matching for route
search.
- Added an option to disable logging of CSRF failures.
- When the Rails server is set to serve static assets, gzip assets
will now be served if the client supports it and a pre-generated
gzip file (.gz) is on disk. By default the asset pipeline generates
.gz files for all compressible assets. Serving gzip files minimizes
data transfer and speeds up asset requests. Always use a CDN if you
are serving assets from your Rails server in production.
- When calling the process helpers in an integration test the path
needs to have a leading slash. Previously you could omit it but that
was a byproduct of the implementation and not an intentional
feature.