Please disregard, it's working now and I have no idea why it didn't work
for a few previous requests and I can't reproduce it any longer.
On 21-02-2014 09:16, Rodrigo Rosenfeld Rosas wrote:
I was taking another look at the guide upgrade Rails to 4.1:
"2.12 Rendering content from string
Rails 4.1 introduces :plain, :html, and :body options to render. Those
options are now the preferred way to render string-based content, as
it allows you to specify which content type you want the response sent
as.
render :plain will set the content type to text/plain
render :html will set the content type to text/html
render :body will not set the content type header.
From the security standpoint, if you don't expect to have any markup
in your response body, you should be using render :plain as most
browsers will escape unsafe content in the response for you.
We will be deprecating the use of render :text in a future version. So
please start using the more precise :plain:, :html, and :body options
instead. Using render :text may pose a security risk, as the content
is sent as text/html"
So, I was replacing something like this in my controller:
render text: json_from_redis, content_type: 'application/json' if
stale? last_modified
with this:
render json: json_from_redis if stale? last_modified
and I noticed I must set the content_type even when using "render
json" as it won't set it automatically (at least if the string is
already json encoded).
Are there any reasons for that? The request format is :json and I'd
expect the content_type to be set for the above line without the need
of setting the content_type manually. Wouldn't you?
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/groups/opt_out.
