I was taking another look at the guide upgrade Rails to 4.1:
"2.12 Rendering content from string
Rails 4.1 introduces :plain, :html, and :body options to render. Those
options are now the preferred way to render string-based content, as it
allows you to specify which content type you want the response sent as.
render :plain will set the content type to text/plain
render :html will set the content type to text/html
render :body will not set the content type header.
From the security standpoint, if you don't expect to have any markup in
your response body, you should be using render :plain as most browsers
will escape unsafe content in the response for you.
We will be deprecating the use of render :text in a future version. So
please start using the more precise :plain:, :html, and :body options
instead. Using render :text may pose a security risk, as the content is
sent as text/html"
So, I was replacing something like this in my controller:
render text: json_from_redis, content_type: 'application/json' if stale?
last_modified
with this:
render json: json_from_redis if stale? last_modified
and I noticed I must set the content_type even when using "render json"
as it won't set it automatically (at least if the string is already json
encoded).
Are there any reasons for that? The request format is :json and I'd
expect the content_type to be set for the above line without the need of
setting the content_type manually. Wouldn't you?
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/groups/opt_out.
