actionpack 3.0.20 → 3.1.0.beta1

data/lib/action_controller/metal/renderers.rb

@@ -2,6 +2,7 @@ require 'active_support/core_ext/class/attribute'
 require 'active_support/core_ext/object/blank'
 
 module ActionController
+  # See <tt>Renderers.add</tt>
   def self.add_renderer(key, &block)
     Renderers.add(key, &block)
   end
@@ -15,30 +16,12 @@ module ActionController
     end
 
     module ClassMethods
-      def _write_render_options
-        renderers = _renderers.map do |name, value|
-          <<-RUBY_EVAL
-            if options.key?(:#{name})
-              _process_options(options)
-              return _render_option_#{name}(options.delete(:#{name}), options)
-            end
-          RUBY_EVAL
-        end
-
-        class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
-          def _handle_render_options(options)
-            #{renderers.join}
-          end
-        RUBY_EVAL
-      end
-
       def use_renderers(*args)
         new = _renderers.dup
         args.each do |key|
           new[key] = RENDERERS[key]
         end
         self._renderers = new.freeze
-        _write_render_options
       end
       alias use_renderer use_renderers
     end
@@ -47,26 +30,64 @@ module ActionController
       _handle_render_options(options) || super
     end
 
+    def _handle_render_options(options)
+      _renderers.each do |name, value|
+        if options.key?(name.to_sym)
+          _process_options(options)
+          return send("_render_option_#{name}", options.delete(name.to_sym), options)
+        end
+      end
+      nil
+    end
+
+    # Hash of available renderers, mapping a renderer name to its proc.
+    # Default keys are :json, :js, :xml.
     RENDERERS = {}
+
+    # Adds a new renderer to call within controller actions.
+    # A renderer is invoked by passing its name as an option to
+    # <tt>AbstractController::Rendering#render</tt>. To create a renderer
+    # pass it a name and a block. The block takes two arguments, the first
+    # is the value paired with its key and the second is the remaining
+    # hash of options passed to +render+.
+    #
+    # === Example
+    # Create a csv renderer:
+    #
+    #   ActionController::Renderers.add :csv do |obj, options|
+    #     filename = options[:filename] || 'data'
+    #     str = obj.respond_to?(:to_csv) ? obj.to_csv : obj.to_s
+    #     send_data str, :type => Mime::CSV,
+    #       :disposition => "attachment; filename=#{filename}.csv"
+    #   end
+    #
+    # Note that we used Mime::CSV for the csv mime type as it comes with Rails.
+    # For a custom renderer, you'll need to register a mime type with
+    # <tt>Mime::Type.register</tt>.
+    #
+    # To use the csv renderer in a controller action:
+    #
+    #   def show
+    #     @csvable = Csvable.find(params[:id])
+    #     respond_to do |format|
+    #       format.html
+    #       format.csv { render :csv => @csvable, :filename => @csvable.name }
+    #     }
+    #   end
+    # To use renderers and their mime types in more concise ways, see
+    # <tt>ActionController::MimeResponds::ClassMethods.respond_to</tt> and
+    # <tt>ActionController::MimeResponds#respond_with</tt>
     def self.add(key, &block)
       define_method("_render_option_#{key}", &block)
       RENDERERS[key] = block
-      All._write_render_options
     end
 
     module All
       extend ActiveSupport::Concern
       include Renderers
 
-      INCLUDED = []
       included do
         self._renderers = RENDERERS
-        _write_render_options
-        INCLUDED << self
-      end
-
-      def self._write_render_options
-        INCLUDED.each(&:_write_render_options)
       end
     end
 
@@ -74,24 +95,17 @@ module ActionController
       json = json.to_json(options) unless json.kind_of?(String)
       json = "#{options[:callback]}(#{json})" unless options[:callback].blank?
       self.content_type ||= Mime::JSON
-      self.response_body  = json
+      json
     end
 
     add :js do |js, options|
       self.content_type ||= Mime::JS
-      self.response_body  = js.respond_to?(:to_js) ? js.to_js(options) : js
+      js.respond_to?(:to_js) ? js.to_js(options) : js
     end
 
     add :xml do |xml, options|
       self.content_type ||= Mime::XML
-      self.response_body  = xml.respond_to?(:to_xml) ? xml.to_xml(options) : xml
-    end
-
-    add :update do |proc, options|
-      view_context = self.view_context
-      generator = ActionView::Helpers::PrototypeHelper::JavaScriptGenerator.new(view_context, &proc)
-      self.content_type  = Mime::JS
-      self.response_body = generator.to_s
+      xml.respond_to?(:to_xml) ? xml.to_xml(options) : xml
     end
   end
 end

data/lib/action_controller/metal/rendering.rb

@@ -2,7 +2,6 @@ module ActionController
   module Rendering
     extend ActiveSupport::Concern
 
-    include ActionController::RackDelegation
     include AbstractController::Rendering
 
     # Before processing, set the request formats in current controller formats.
@@ -19,38 +18,48 @@ module ActionController
       response_body
     end
 
-    private
-
-      # Normalize arguments by catching blocks and setting them on :update.
-      def _normalize_args(action=nil, options={}, &blk) #:nodoc:
-        options = super
-        options[:update] = blk if block_given?
-        options
+    # Overwrite render_to_string because body can now be set to a rack body.
+    def render_to_string(*)
+      if self.response_body = super
+        string = ""
+        response_body.each { |r| string << r }
+        string
       end
+    ensure
+      self.response_body = nil
+    end
 
-      # Normalize both text and status options.
-      def _normalize_options(options) #:nodoc:
-        if options.key?(:text) && options[:text].respond_to?(:to_text)
-          options[:text] = options[:text].to_text
-        end
+    private
+
+    # Normalize arguments by catching blocks and setting them on :update.
+    def _normalize_args(action=nil, options={}, &blk) #:nodoc:
+      options = super
+      options[:update] = blk if block_given?
+      options
+    end
 
-        if options[:status]
-          options[:status] = Rack::Utils.status_code(options[:status])
-        end
+    # Normalize both text and status options.
+    def _normalize_options(options) #:nodoc:
+      if options.key?(:text) && options[:text].respond_to?(:to_text)
+        options[:text] = options[:text].to_text
+      end
 
-        super
+      if options[:status]
+        options[:status] = Rack::Utils.status_code(options[:status])
       end
 
-      # Process controller specific options, as status, content-type and location.
-      def _process_options(options) #:nodoc:
-        status, content_type, location = options.values_at(:status, :content_type, :location)
+      super
+    end
 
-        self.status = status if status
-        self.content_type = content_type if content_type
-        self.headers["Location"] = url_for(location) if location
+    # Process controller specific options, as status, content-type and location.
+    def _process_options(options) #:nodoc:
+      status, content_type, location = options.values_at(:status, :content_type, :location)
 
-        super
-      end
+      self.status = status if status
+      self.content_type = content_type if content_type
+      self.headers["Location"] = url_for(location) if location
 
+      super
+    end
   end
 end

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -4,45 +4,27 @@ module ActionController #:nodoc:
   class InvalidAuthenticityToken < ActionControllerError #:nodoc:
   end
 
-  # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current
-  # web application, not a forged link from another site, is done by embedding a token based on a random
-  # string stored in the session (which an attacker wouldn't know) in all forms and Ajax requests generated
-  # by Rails and then verifying the authenticity of that token in the controller.  Only HTML/JavaScript
-  # requests are checked, so this will not protect your XML API (presumably you'll have a different
-  # authentication scheme there anyway).  Also, GET requests are not protected as these should be
-  # idempotent anyway.
+  # Controller actions are protected from Cross-Site Request Forgery (CSRF) attacks
+  # by including a token in the rendered html for your application. This token is
+  # stored as a random string in the session, to which an attacker does not have
+  # access. When a request reaches your application, \Rails then verifies the received
+  # token with the token in the session. Only HTML and javascript requests are checked,
+  # so this will not protect your XML API (presumably you'll have a different
+  # authentication scheme there anyway). Also, GET requests are not protected as these
+  # should be idempotent.
   #
-  # This is turned on with the <tt>protect_from_forgery</tt> method, which will check the token and raise an
-  # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the
-  # error message in production by editing public/422.html.  A call to this method in ApplicationController is
-  # generated by default in post-Rails 2.0 applications.
+  # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
+  # which will check the token and raise an ActionController::InvalidAuthenticityToken
+  # if it doesn't match what was expected. A call to this method is generated for new
+  # \Rails applications by default. You can customize the error message by editing
+  # public/422.html.
   #
-  # The token parameter is named <tt>authenticity_token</tt> by default. If you are generating an HTML form
-  # manually (without the use of Rails' <tt>form_for</tt>, <tt>form_tag</tt> or other helpers), you have to
-  # include a hidden field named like that and set its value to what is returned by
-  # <tt>form_authenticity_token</tt>.
-  #
-  # Request forgery protection is disabled by default in test environment. If you are upgrading from Rails
-  # 1.x, add this to config/environments/test.rb:
-  #
-  #   # Disable request forgery protection in test environment
-  #   config.action_controller.allow_forgery_protection = false
-  #
-  # == Learn more about CSRF (Cross-Site Request Forgery) attacks
-  #
-  # Here are some resources:
-  # * http://isc.sans.org/diary.html?storyid=1750
-  # * http://en.wikipedia.org/wiki/Cross-site_request_forgery
-  #
-  # Keep in mind, this is NOT a silver-bullet, plug 'n' play, warm security blanket for your rails application.
-  # There are a few guidelines you should follow:
-  #
-  # * Keep your GET requests safe and idempotent.  More reading material:
-  #   * http://www.xml.com/pub/a/2002/04/24/deviant.html
-  #   * http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1
-  #   * Make sure the session cookies that Rails creates are non-persistent.  Check in Firefox and look
-  #     for "Expires: at end of session"
+  # The token parameter is named <tt>authenticity_token</tt> by default. The name and
+  # value of this token must be added to every layout that renders forms by including
+  # <tt>csrf_meta_tags</tt> in the html +head+.
   #
+  # Learn more about CSRF attacks and securing your application in the
+  # {Ruby on Rails Security Guide}[http://guides.rubyonrails.org/security.html].
   module RequestForgeryProtection
     extend ActiveSupport::Concern
 

data/lib/action_controller/metal/responder.rb

@@ -1,7 +1,7 @@
 require 'active_support/json'
 
 module ActionController #:nodoc:
-  # Responder is responsible for exposing a resource to different mime requests,
+  # Responsible for exposing a resource to different mime requests,
   # usually depending on the HTTP verb. The responder is triggered when
   # <code>respond_with</code> is called. The simplest case to study is a GET request:
   #
@@ -24,10 +24,10 @@ module ActionController #:nodoc:
   #
   # === Builtin HTTP verb semantics
   #
-  # The default Rails responder holds semantics for each HTTP verb. Depending on the
+  # The default \Rails responder holds semantics for each HTTP verb. Depending on the
   # content type, verb and the resource status, it will behave differently.
   #
-  # Using Rails default responder, a POST request for creating an object could
+  # Using \Rails default responder, a POST request for creating an object could
   # be written as:
   #
   #   def create
@@ -77,8 +77,37 @@ module ActionController #:nodoc:
   #
   #   respond_with(@project, :manager, @task)
   #
-  # Check <code>polymorphic_url</code> documentation for more examples.
+  # === Custom options
   #
+  # <code>respond_with</code> also allow you to pass options that are forwarded
+  # to the underlying render call. Those options are only applied success
+  # scenarios. For instance, you can do the following in the create method above:
+  #
+  #   def create
+  #     @project = Project.find(params[:project_id])
+  #     @task = @project.comments.build(params[:task])
+  #     flash[:notice] = 'Task was successfully created.' if @task.save
+  #     respond_with(@project, @task, :status => 201)
+  #   end
+  #
+  # This will return status 201 if the task was saved with success. If not,
+  # it will simply ignore the given options and return status 422 and the
+  # resource errors. To customize the failure scenario, you can pass a
+  # a block to <code>respond_with</code>:
+  #
+  #   def create
+  #     @project = Project.find(params[:project_id])
+  #     @task = @project.comments.build(params[:task])
+  #     respond_with(@project, @task, :status => 201) do |format|
+  #       if @task.save
+  #         flash[:notice] = 'Task was successfully created.'
+  #       else
+  #         format.html { render "some_special_template" }
+  #       end
+  #     end
+  #   end
+  #
+  # Using <code>respond_with</code> with a block follows the same syntax as <code>respond_to</code>.
   class Responder
     attr_reader :controller, :request, :format, :resource, :resources, :options
 
@@ -115,7 +144,7 @@ module ActionController #:nodoc:
     # Main entry point for responder responsible to dispatch to the proper format.
     #
     def respond
-      method = :"to_#{format}"
+      method = "to_#{format}"
       respond_to?(method) ? send(method) : to_format
     end
 
@@ -133,14 +162,18 @@ module ActionController #:nodoc:
     # responds to :to_format and display it.
     #
     def to_format
-      default_render
+      if get? || !has_errors?
+        default_render
+      else
+        display_errors
+      end
     rescue ActionView::MissingTemplate => e
       api_behavior(e)
     end
 
   protected
 
-    # This is the common behavior for "navigation" requests, like :html, :iphone and so forth.
+    # This is the common behavior for formats associated with browsing, like :html, :iphone and so forth.
     def navigation_behavior(error)
       if get?
         raise error
@@ -151,14 +184,12 @@ module ActionController #:nodoc:
       end
     end
 
-    # This is the common behavior for "API" requests, like :xml and :json.
+    # This is the common behavior for formats associated with APIs, such as :xml and :json.
     def api_behavior(error)
       raise error unless resourceful?
 
       if get?
         display resource
-      elsif has_errors?
-        display resource.errors, :status => :unprocessable_entity
       elsif post?
         display resource, :status => :created, :location => api_location
       elsif has_empty_resource_definition?
@@ -171,7 +202,7 @@ module ActionController #:nodoc:
     # Checks whether the resource responds to the current format or not.
     #
     def resourceful?
-      resource.respond_to?(:"to_#{format}")
+      resource.respond_to?("to_#{format}")
     end
 
     # Returns the resource location by retrieving it from the options or
@@ -187,7 +218,7 @@ module ActionController #:nodoc:
     # controller.
     #
     def default_render
-      @default_response.call
+      @default_response.call(options)
     end
 
     # Display is just a shortcut to render a resource with the current format.
@@ -211,6 +242,10 @@ module ActionController #:nodoc:
       controller.render given_options.merge!(options).merge!(format => resource)
     end
 
+    def display_errors
+      controller.render format => resource.errors, :status => :unprocessable_entity
+    end
+
     # Check whether the resource has errors.
     #
     def has_errors?

data/lib/action_controller/metal/streaming.rb

@@ -1,157 +1,263 @@
 require 'active_support/core_ext/file/path'
+require 'rack/chunked'
 
 module ActionController #:nodoc:
-  # Methods for sending arbitrary data and for streaming files to the browser,
-  # instead of rendering.
+  # Allows views to be streamed back to the client as they are rendered.
+  #
+  # The default way Rails renders views is by first rendering the template
+  # and then the layout. The response is sent to the client after the whole
+  # template is rendered, all queries are made, and the layout is processed.
+  #
+  # Streaming inverts the rendering flow by rendering the layout first and
+  # streaming each part of the layout as they are processed. This allows the
+  # header of the HTML (which is usually in the layout) to be streamed back
+  # to client very quickly, allowing JavaScripts and stylesheets to be loaded
+  # earlier than usual.
+  #
+  # This approach was introduced in Rails 3.1 and is still improving. Several
+  # Rack middlewares may not work and you need to be careful when streaming.
+  # Those points are going to be addressed soon.
+  #
+  # In order to use streaming, you will need to use a Ruby version that
+  # supports fibers (fibers are supported since version 1.9.2 of the main
+  # Ruby implementation).
+  #
+  # == Examples
+  #
+  # Streaming can be added to a controller easily, all you need to do is
+  # call +stream+ in the controller class:
+  #
+  #   class PostsController
+  #     stream
+  #   end
+  #
+  # The +stream+ method accepts the same options as +before_filter+ and friends:
+  #
+  #   class PostsController
+  #     stream :only => :index
+  #   end
+  #
+  # You can also selectively turn on streaming for specific actions:
+  #
+  #   class PostsController
+  #     def index
+  #       @posts = Post.scoped
+  #       render :stream => true
+  #     end
+  #   end
+  #
+  # == When to use streaming
+  #
+  # Streaming may be considered to be overkill for lightweight actions like
+  # +new+ or +edit+. The real benefit of streaming is on expensive actions
+  # that, for example, do a lot of queries on the database.
+  #
+  # In such actions, you want to delay queries execution as much as you can.
+  # For example, imagine the following +dashboard+ action:
+  #
+  #   def dashboard
+  #     @posts = Post.all
+  #     @pages = Page.all
+  #     @articles = Article.all
+  #   end
+  #
+  # Most of the queries here are happening in the controller. In order to benefit
+  # from streaming you would want to rewrite it as:
+  #
+  #   def dashboard
+  #     # Allow lazy execution of the queries
+  #     @posts = Post.scoped
+  #     @pages = Page.scoped
+  #     @articles = Article.scoped
+  #     render :stream => true
+  #   end
+  #
+  # == Communication between layout and template
+  #
+  # When streaming, rendering happens top-down instead of inside-out.
+  # Rails starts with the layout, and the template is rendered later,
+  # when its +yield+ is reached.
+  #
+  # This means that, if your application currently relies on instance
+  # variables set in the template to be used in the layout, they won't
+  # work once you move to streaming. The proper way to communicate
+  # between layout and template, regardless of whether you use streaming
+  # or not, is by using +content_for+, +provide+ and +yield+.
+  #
+  # Take a simple example where the layout expects the template to tell
+  # which title to use:
+  #
+  #   <html>
+  #     <head><title><%= yield :title %></title></head>
+  #     <body><%= yield %></body>
+  #   </html>
+  #
+  # You would use +content_for+ in your template to specify the title:
+  #
+  #   <%= content_for :title, "Main" %>
+  #   Hello
+  #
+  # And the final result would be:
+  #
+  #   <html>
+  #     <head><title>Main</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # However, if +content_for+ is called several times, the final result
+  # would have all calls concatenated. For instance, if we have the following
+  # template:
+  #
+  #   <%= content_for :title, "Main" %>
+  #   Hello
+  #   <%= content_for :title, " page" %>
+  #
+  # The final result would be:
+  #
+  #   <html>
+  #     <head><title>Main page</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # This means that, if you have <code>yield :title</code> in your layout
+  # and you want to use streaming, you would have to render the whole template
+  # (and eventually trigger all queries) before streaming the title and all
+  # assets, which kills the purpose of streaming. For this reason Rails 3.1
+  # introduces a new helper called +provide+ that does the same as +content_for+
+  # but tells the layout to stop searching for other entries and continue rendering.
+  #
+  # For instance, the template above using +provide+ would be:
+  #
+  #   <%= provide :title, "Main" %>
+  #   Hello
+  #   <%= content_for :title, " page" %>
+  #
+  # Giving:
+  #
+  #   <html>
+  #     <head><title>Main</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # That said, when streaming, you need to properly check your templates
+  # and choose when to use +provide+ and +content_for+.
+  #
+  # == Headers, cookies, session and flash
+  #
+  # When streaming, the HTTP headers are sent to the client right before
+  # it renders the first line. This means that, modifying headers, cookies,
+  # session or flash after the template starts rendering will not propagate
+  # to the client.
+  #
+  # If you try to modify cookies, session or flash, an +ActionDispatch::ClosedError+
+  # will be raised, showing those objects are closed for modification.
+  #
+  # == Middlewares
+  #
+  # Middlewares that need to manipulate the body won't work with streaming.
+  # You should disable those middlewares whenever streaming in development
+  # or production. For instance, +Rack::Bug+ won't work when streaming as it
+  # needs to inject contents in the HTML body.
+  #
+  # Also +Rack::Cache+ won't work with streaming as it does not support
+  # streaming bodies yet. Whenever streaming Cache-Control is automatically
+  # set to "no-cache".
+  #
+  # == Errors
+  #
+  # When it comes to streaming, exceptions get a bit more complicated. This
+  # happens because part of the template was already rendered and streamed to
+  # the client, making it impossible to render a whole exception page.
+  #
+  # Currently, when an exception happens in development or production, Rails
+  # will automatically stream to the client:
+  #
+  #   "><script type="text/javascript">window.location = "/500.html"</script></html>
+  #
+  # The first two characters (">) are required in case the exception happens
+  # while rendering attributes for a given tag. You can check the real cause
+  # for the exception in your logger.
+  #
+  # == Web server support
+  #
+  # Not all web servers support streaming out-of-the-box. You need to check
+  # the instructions for each of them.
+  #
+  # ==== Unicorn
+  #
+  # Unicorn supports streaming but it needs to be configured. For this, you
+  # need to create a config file as follow:
+  #
+  #   # unicorn.config.rb
+  #   listen 3000, :tcp_nopush => false
+  #
+  # And use it on initialization:
+  #
+  #   unicorn_rails --config-file unicorn.config.rb
+  #
+  # You may also want to configure other parameters like <tt>:tcp_nodelay</tt>.
+  # Please check its documentation for more information: http://unicorn.bogomips.org/Unicorn/Configurator.html#method-i-listen
+  #
+  # If you are using Unicorn with Nginx, you may need to tweak Nginx.
+  # Streaming should work out of the box on Rainbows.
+  #
+  # ==== Passenger
+  #
+  # To be described.
+  # 
   module Streaming
     extend ActiveSupport::Concern
 
-    include ActionController::Rendering
+    include AbstractController::Rendering
+    attr_internal :stream
 
-    DEFAULT_SEND_FILE_OPTIONS = {
-      :type         => 'application/octet-stream'.freeze,
-      :disposition  => 'attachment'.freeze,
-    }.freeze
-
-    protected
-      # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
-      # via the Rack::Sendfile middleware. The header to use is set via
-      # config.action_dispatch.x_sendfile_header, and defaults to "X-Sendfile".
-      # Your server can also configure this for you by setting the X-Sendfile-Type header.
-      #
-      # Be careful to sanitize the path parameter if it is coming from a web
-      # page. <tt>send_file(params[:path])</tt> allows a malicious user to
-      # download any file on your server.
-      #
-      # Options:
-      # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      #   Defaults to <tt>File.basename(path)</tt>.
-      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
-      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
-      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
-      #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
-      # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
-      #   the URL, which is necessary for i18n filenames on certain browsers
-      #   (setting <tt>:filename</tt> overrides this option).
-      #
-      # The default Content-Type and Content-Disposition headers are
-      # set to download arbitrary binary files in as many browsers as
-      # possible.  IE versions 4, 5, 5.5, and 6 are all known to have
-      # a variety of quirks (especially when downloading over SSL).
-      #
-      # Simple download:
-      #
-      #   send_file '/path/to.zip'
-      #
-      # Show a JPEG in the browser:
-      #
-      #   send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
-      #
-      # Show a 404 page in the browser:
-      #
-      #   send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
-      #
-      # Read about the other Content-* HTTP headers if you'd like to
-      # provide the user with more information (such as Content-Description) in
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
-      #
-      # Also be aware that the document may be cached by proxies and browsers.
-      # The Pragma and Cache-Control headers declare how the file may be cached
-      # by intermediaries.  They default to require clients to validate with
-      # the server before releasing cached responses.  See
-      # http://www.mnot.net/cache_docs/ for an overview of web caching and
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
-      # for the Cache-Control header spec.
-      def send_file(path, options = {}) #:doc:
-        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path)
-
-        options[:filename] ||= File.basename(path) unless options[:url_based_filename]
-        send_file_headers! options
-
-        if options[:x_sendfile]
-          ActiveSupport::Deprecation.warn(":x_sendfile is no longer needed in send_file", caller)
+    module ClassMethods
+      # Render streaming templates. It accepts :only, :except, :if and :unless as options
+      # to specify when to stream, as in ActionController filters.
+      def stream(options={})
+        if defined?(Fiber)
+          before_filter :_stream_filter, options
+        else
+          raise "You cannot use streaming if Fiber is not available."
         end
-
-        self.status = options[:status] || 200
-        self.content_type = options[:content_type] if options.key?(:content_type)
-        self.response_body = File.open(path, "rb")
-      end
-
-      # Sends the given binary data to the browser. This method is similar to
-      # <tt>render :text => data</tt>, but also allows you to specify whether
-      # the browser should display the response as a file attachment (i.e. in a
-      # download dialog) or as inline data. You may also set the content type,
-      # the apparent file name, and other things.
-      #
-      # Options:
-      # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
-      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
-      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
-      #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
-      #
-      # Generic data download:
-      #
-      #   send_data buffer
-      #
-      # Download a dynamically-generated tarball:
-      #
-      #   send_data generate_tgz('dir'), :filename => 'dir.tgz'
-      #
-      # Display an image Active Record in the browser:
-      #
-      #   send_data image.data, :type => image.content_type, :disposition => 'inline'
-      #
-      # See +send_file+ for more information on HTTP Content-* headers and caching.
-      #
-      # <b>Tip:</b> if you want to stream large amounts of on-the-fly generated
-      # data to the browser, then use <tt>render :text => proc { ... }</tt>
-      # instead. See ActionController::Base#render for more information.
-      def send_data(data, options = {}) #:doc:
-        send_file_headers! options.dup
-        render options.slice(:status, :content_type).merge(:text => data)
       end
+    end
 
-    private
-      def send_file_headers!(options)
-        options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options))
-        [:type, :disposition].each do |arg|
-          raise ArgumentError, ":#{arg} option required" if options[arg].nil?
-        end
-
-        if options.key?(:length)
-          ActiveSupport::Deprecation.warn("You do not need to provide the file's length", caller)
-        end
+    protected
 
-        disposition = options[:disposition]
-        disposition += %(; filename="#{options[:filename]}") if options[:filename]
+    # Mark following render calls as streaming.
+    def _stream_filter #:nodoc:
+      self.stream = true
+    end
 
-        content_type = options[:type]
+    # Consider the stream option when normalazing options.
+    def _normalize_options(options) #:nodoc:
+      super
+      options[:stream] = self.stream unless options.key?(:stream)
+    end
 
-        if content_type.is_a?(Symbol)
-          extension = Mime[content_type]
-          raise ArgumentError, "Unknown MIME type #{options[:type]}" unless extension
-          self.content_type = extension
+    # Set proper cache control and transfer encoding when streaming
+    def _process_options(options) #:nodoc:
+      super
+      if options[:stream]
+        if env["HTTP_VERSION"] == "HTTP/1.0"
+          options.delete(:stream)
         else
-          self.content_type = content_type
+          headers["Cache-Control"] ||= "no-cache"
+          headers["Transfer-Encoding"] = "chunked"
+          headers.delete("Content-Length")
         end
+      end
+    end
 
-        headers.merge!(
-          'Content-Disposition'       => disposition,
-          'Content-Transfer-Encoding' => 'binary'
-        )
-
-        response.sending_file = true
-
-        # Fix a problem with IE 6.0 on opening downloaded files:
-        # If Cache-Control: no-cache is set (which Rails does by default),
-        # IE removes the file it just downloaded from its cache immediately
-        # after it displays the "open/save" dialog, which means that if you
-        # hit "open" the file isn't there anymore when the application that
-        # is called for handling the download is run, so let's workaround that
-        response.cache_control[:public] ||= false
+    # Call render_to_body if we are streaming instead of usual +render+.
+    def _render_template(options) #:nodoc:
+      if options.delete(:stream)
+        Rack::Chunked::Body.new view_renderer.render_body(view_context, options)
+      else
+        super
       end
+    end
   end
 end
+