actionpack 3.2.22.5 → 5.2.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +279 -603
- data/MIT-LICENSE +1 -1
- data/README.rdoc +13 -297
- data/lib/abstract_controller/asset_paths.rb +4 -2
- data/lib/abstract_controller/base.rb +82 -52
- data/lib/abstract_controller/caching/fragments.rb +166 -0
- data/lib/abstract_controller/caching.rb +66 -0
- data/lib/abstract_controller/callbacks.rb +117 -103
- data/lib/abstract_controller/collector.rb +18 -7
- data/lib/abstract_controller/error.rb +6 -0
- data/lib/abstract_controller/helpers.rb +65 -38
- data/lib/abstract_controller/logger.rb +3 -2
- data/lib/abstract_controller/railties/routes_helpers.rb +5 -3
- data/lib/abstract_controller/rendering.rb +77 -129
- data/lib/abstract_controller/translation.rb +21 -3
- data/lib/abstract_controller/url_for.rb +9 -7
- data/lib/abstract_controller.rb +12 -13
- data/lib/action_controller/api/api_rendering.rb +16 -0
- data/lib/action_controller/api.rb +149 -0
- data/lib/action_controller/base.rb +81 -40
- data/lib/action_controller/caching.rb +22 -62
- data/lib/action_controller/form_builder.rb +50 -0
- data/lib/action_controller/log_subscriber.rb +30 -18
- data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
- data/lib/action_controller/metal/conditional_get.rb +190 -47
- data/lib/action_controller/metal/content_security_policy.rb +52 -0
- data/lib/action_controller/metal/cookies.rb +3 -3
- data/lib/action_controller/metal/data_streaming.rb +40 -65
- data/lib/action_controller/metal/etag_with_flash.rb +18 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +57 -0
- data/lib/action_controller/metal/exceptions.rb +19 -12
- data/lib/action_controller/metal/flash.rb +42 -9
- data/lib/action_controller/metal/force_ssl.rb +79 -19
- data/lib/action_controller/metal/head.rb +35 -10
- data/lib/action_controller/metal/helpers.rb +31 -21
- data/lib/action_controller/metal/http_authentication.rb +182 -134
- data/lib/action_controller/metal/implicit_render.rb +62 -8
- data/lib/action_controller/metal/instrumentation.rb +28 -26
- data/lib/action_controller/metal/live.rb +312 -0
- data/lib/action_controller/metal/mime_responds.rb +159 -163
- data/lib/action_controller/metal/parameter_encoding.rb +51 -0
- data/lib/action_controller/metal/params_wrapper.rb +146 -93
- data/lib/action_controller/metal/redirecting.rb +80 -56
- data/lib/action_controller/metal/renderers.rb +119 -47
- data/lib/action_controller/metal/rendering.rb +89 -32
- data/lib/action_controller/metal/request_forgery_protection.rb +373 -41
- data/lib/action_controller/metal/rescue.rb +9 -16
- data/lib/action_controller/metal/streaming.rb +39 -45
- data/lib/action_controller/metal/strong_parameters.rb +1086 -0
- data/lib/action_controller/metal/testing.rb +8 -29
- data/lib/action_controller/metal/url_for.rb +43 -32
- data/lib/action_controller/metal.rb +112 -106
- data/lib/action_controller/railtie.rb +56 -18
- data/lib/action_controller/railties/helpers.rb +24 -0
- data/lib/action_controller/renderer.rb +117 -0
- data/lib/action_controller/template_assertions.rb +11 -0
- data/lib/action_controller/test_case.rb +402 -347
- data/lib/action_controller.rb +31 -30
- data/lib/action_dispatch/http/cache.rb +133 -34
- data/lib/action_dispatch/http/content_security_policy.rb +272 -0
- data/lib/action_dispatch/http/filter_parameters.rb +40 -24
- data/lib/action_dispatch/http/filter_redirect.rb +37 -0
- data/lib/action_dispatch/http/headers.rb +117 -16
- data/lib/action_dispatch/http/mime_negotiation.rb +98 -33
- data/lib/action_dispatch/http/mime_type.rb +198 -146
- data/lib/action_dispatch/http/mime_types.rb +22 -7
- data/lib/action_dispatch/http/parameter_filter.rb +61 -49
- data/lib/action_dispatch/http/parameters.rb +94 -51
- data/lib/action_dispatch/http/rack_cache.rb +4 -3
- data/lib/action_dispatch/http/request.rb +262 -117
- data/lib/action_dispatch/http/response.rb +400 -86
- data/lib/action_dispatch/http/upload.rb +66 -29
- data/lib/action_dispatch/http/url.rb +232 -60
- data/lib/action_dispatch/journey/formatter.rb +189 -0
- data/lib/action_dispatch/journey/gtg/builder.rb +164 -0
- data/lib/action_dispatch/journey/gtg/simulator.rb +41 -0
- data/lib/action_dispatch/journey/gtg/transition_table.rb +158 -0
- data/lib/action_dispatch/journey/nfa/builder.rb +78 -0
- data/lib/action_dispatch/journey/nfa/dot.rb +36 -0
- data/lib/action_dispatch/journey/nfa/simulator.rb +49 -0
- data/lib/action_dispatch/journey/nfa/transition_table.rb +120 -0
- data/lib/action_dispatch/journey/nodes/node.rb +140 -0
- data/lib/action_dispatch/journey/parser.rb +199 -0
- data/lib/action_dispatch/journey/parser.y +50 -0
- data/lib/action_dispatch/journey/parser_extras.rb +31 -0
- data/lib/action_dispatch/journey/path/pattern.rb +199 -0
- data/lib/action_dispatch/journey/route.rb +203 -0
- data/lib/action_dispatch/journey/router/utils.rb +102 -0
- data/lib/action_dispatch/journey/router.rb +156 -0
- data/lib/action_dispatch/journey/routes.rb +82 -0
- data/lib/action_dispatch/journey/scanner.rb +64 -0
- data/lib/action_dispatch/journey/visitors.rb +268 -0
- data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
- data/lib/action_dispatch/journey/visualizer/fsm.js +134 -0
- data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
- data/lib/action_dispatch/journey.rb +7 -0
- data/lib/action_dispatch/middleware/callbacks.rb +17 -13
- data/lib/action_dispatch/middleware/cookies.rb +494 -162
- data/lib/action_dispatch/middleware/debug_exceptions.rb +176 -53
- data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +103 -38
- data/lib/action_dispatch/middleware/executor.rb +21 -0
- data/lib/action_dispatch/middleware/flash.rb +128 -91
- data/lib/action_dispatch/middleware/public_exceptions.rb +43 -16
- data/lib/action_dispatch/middleware/reloader.rb +6 -83
- data/lib/action_dispatch/middleware/remote_ip.rb +151 -49
- data/lib/action_dispatch/middleware/request_id.rb +19 -15
- data/lib/action_dispatch/middleware/session/abstract_store.rb +38 -34
- data/lib/action_dispatch/middleware/session/cache_store.rb +14 -9
- data/lib/action_dispatch/middleware/session/cookie_store.rb +94 -44
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +15 -4
- data/lib/action_dispatch/middleware/show_exceptions.rb +36 -61
- data/lib/action_dispatch/middleware/ssl.rb +150 -0
- data/lib/action_dispatch/middleware/stack.rb +33 -41
- data/lib/action_dispatch/middleware/static.rb +92 -48
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +22 -0
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +27 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +52 -0
- data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +16 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +134 -5
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +16 -0
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +200 -0
- data/lib/action_dispatch/railtie.rb +29 -8
- data/lib/action_dispatch/request/session.rb +234 -0
- data/lib/action_dispatch/request/utils.rb +78 -0
- data/lib/action_dispatch/routing/endpoint.rb +17 -0
- data/lib/action_dispatch/routing/inspector.rb +225 -0
- data/lib/action_dispatch/routing/mapper.rb +1329 -582
- data/lib/action_dispatch/routing/polymorphic_routes.rb +237 -94
- data/lib/action_dispatch/routing/redirection.rb +120 -50
- data/lib/action_dispatch/routing/route_set.rb +545 -322
- data/lib/action_dispatch/routing/routes_proxy.rb +37 -7
- data/lib/action_dispatch/routing/url_for.rb +103 -34
- data/lib/action_dispatch/routing.rb +66 -99
- data/lib/action_dispatch/system_test_case.rb +147 -0
- data/lib/action_dispatch/system_testing/browser.rb +49 -0
- data/lib/action_dispatch/system_testing/driver.rb +59 -0
- data/lib/action_dispatch/system_testing/server.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +96 -0
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
- data/lib/action_dispatch/testing/assertion_response.rb +47 -0
- data/lib/action_dispatch/testing/assertions/response.rb +53 -42
- data/lib/action_dispatch/testing/assertions/routing.rb +79 -74
- data/lib/action_dispatch/testing/assertions.rb +15 -9
- data/lib/action_dispatch/testing/integration.rb +361 -207
- data/lib/action_dispatch/testing/request_encoder.rb +55 -0
- data/lib/action_dispatch/testing/test_process.rb +28 -19
- data/lib/action_dispatch/testing/test_request.rb +30 -33
- data/lib/action_dispatch/testing/test_response.rb +35 -11
- data/lib/action_dispatch.rb +42 -32
- data/lib/action_pack/gem_version.rb +17 -0
- data/lib/action_pack/version.rb +7 -7
- data/lib/action_pack.rb +4 -2
- metadata +116 -175
- data/lib/abstract_controller/layouts.rb +0 -423
- data/lib/abstract_controller/view_paths.rb +0 -96
- data/lib/action_controller/caching/actions.rb +0 -185
- data/lib/action_controller/caching/fragments.rb +0 -127
- data/lib/action_controller/caching/pages.rb +0 -187
- data/lib/action_controller/caching/sweeping.rb +0 -97
- data/lib/action_controller/deprecated/integration_test.rb +0 -2
- data/lib/action_controller/deprecated/performance_test.rb +0 -1
- data/lib/action_controller/deprecated.rb +0 -3
- data/lib/action_controller/metal/compatibility.rb +0 -65
- data/lib/action_controller/metal/hide_actions.rb +0 -41
- data/lib/action_controller/metal/rack_delegation.rb +0 -26
- data/lib/action_controller/metal/responder.rb +0 -286
- data/lib/action_controller/metal/session_management.rb +0 -14
- data/lib/action_controller/middleware.rb +0 -39
- data/lib/action_controller/railties/paths.rb +0 -25
- data/lib/action_controller/record_identifier.rb +0 -85
- data/lib/action_controller/vendor/html-scanner/html/document.rb +0 -68
- data/lib/action_controller/vendor/html-scanner/html/node.rb +0 -532
- data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +0 -177
- data/lib/action_controller/vendor/html-scanner/html/selector.rb +0 -830
- data/lib/action_controller/vendor/html-scanner/html/tokenizer.rb +0 -107
- data/lib/action_controller/vendor/html-scanner/html/version.rb +0 -11
- data/lib/action_controller/vendor/html-scanner.rb +0 -20
- data/lib/action_dispatch/middleware/best_standards_support.rb +0 -30
- data/lib/action_dispatch/middleware/body_proxy.rb +0 -30
- data/lib/action_dispatch/middleware/head.rb +0 -18
- data/lib/action_dispatch/middleware/params_parser.rb +0 -75
- data/lib/action_dispatch/middleware/rescue.rb +0 -26
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb +0 -31
- data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +0 -26
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +0 -10
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb +0 -2
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.erb +0 -15
- data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +0 -17
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb +0 -2
- data/lib/action_dispatch/testing/assertions/dom.rb +0 -37
- data/lib/action_dispatch/testing/assertions/selector.rb +0 -435
- data/lib/action_dispatch/testing/assertions/tag.rb +0 -138
- data/lib/action_dispatch/testing/performance_test.rb +0 -10
- data/lib/action_view/asset_paths.rb +0 -142
- data/lib/action_view/base.rb +0 -220
- data/lib/action_view/buffers.rb +0 -43
- data/lib/action_view/context.rb +0 -36
- data/lib/action_view/flows.rb +0 -79
- data/lib/action_view/helpers/active_model_helper.rb +0 -50
- data/lib/action_view/helpers/asset_paths.rb +0 -7
- data/lib/action_view/helpers/asset_tag_helper.rb +0 -457
- data/lib/action_view/helpers/asset_tag_helpers/asset_include_tag.rb +0 -146
- data/lib/action_view/helpers/asset_tag_helpers/asset_paths.rb +0 -93
- data/lib/action_view/helpers/asset_tag_helpers/javascript_tag_helpers.rb +0 -193
- data/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb +0 -148
- data/lib/action_view/helpers/atom_feed_helper.rb +0 -200
- data/lib/action_view/helpers/cache_helper.rb +0 -64
- data/lib/action_view/helpers/capture_helper.rb +0 -203
- data/lib/action_view/helpers/controller_helper.rb +0 -25
- data/lib/action_view/helpers/csrf_helper.rb +0 -32
- data/lib/action_view/helpers/date_helper.rb +0 -1062
- data/lib/action_view/helpers/debug_helper.rb +0 -40
- data/lib/action_view/helpers/form_helper.rb +0 -1486
- data/lib/action_view/helpers/form_options_helper.rb +0 -658
- data/lib/action_view/helpers/form_tag_helper.rb +0 -685
- data/lib/action_view/helpers/javascript_helper.rb +0 -110
- data/lib/action_view/helpers/number_helper.rb +0 -622
- data/lib/action_view/helpers/output_safety_helper.rb +0 -38
- data/lib/action_view/helpers/record_tag_helper.rb +0 -111
- data/lib/action_view/helpers/rendering_helper.rb +0 -92
- data/lib/action_view/helpers/sanitize_helper.rb +0 -259
- data/lib/action_view/helpers/tag_helper.rb +0 -167
- data/lib/action_view/helpers/text_helper.rb +0 -426
- data/lib/action_view/helpers/translation_helper.rb +0 -91
- data/lib/action_view/helpers/url_helper.rb +0 -693
- data/lib/action_view/helpers.rb +0 -60
- data/lib/action_view/locale/en.yml +0 -160
- data/lib/action_view/log_subscriber.rb +0 -28
- data/lib/action_view/lookup_context.rb +0 -258
- data/lib/action_view/path_set.rb +0 -101
- data/lib/action_view/railtie.rb +0 -55
- data/lib/action_view/renderer/abstract_renderer.rb +0 -41
- data/lib/action_view/renderer/partial_renderer.rb +0 -415
- data/lib/action_view/renderer/renderer.rb +0 -61
- data/lib/action_view/renderer/streaming_template_renderer.rb +0 -106
- data/lib/action_view/renderer/template_renderer.rb +0 -95
- data/lib/action_view/template/error.rb +0 -128
- data/lib/action_view/template/handlers/builder.rb +0 -26
- data/lib/action_view/template/handlers/erb.rb +0 -125
- data/lib/action_view/template/handlers.rb +0 -50
- data/lib/action_view/template/resolver.rb +0 -298
- data/lib/action_view/template/text.rb +0 -30
- data/lib/action_view/template.rb +0 -337
- data/lib/action_view/test_case.rb +0 -246
- data/lib/action_view/testing/resolvers.rb +0 -49
- data/lib/action_view.rb +0 -84
- data/lib/sprockets/assets.rake +0 -99
- data/lib/sprockets/bootstrap.rb +0 -37
- data/lib/sprockets/compressors.rb +0 -83
- data/lib/sprockets/helpers/isolated_helper.rb +0 -13
- data/lib/sprockets/helpers/rails_helper.rb +0 -182
- data/lib/sprockets/helpers.rb +0 -6
- data/lib/sprockets/railtie.rb +0 -62
- data/lib/sprockets/static_compiler.rb +0 -56
@@ -1,67 +1,129 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "stringio"
|
4
|
+
|
5
|
+
require "active_support/inflector"
|
6
|
+
require "action_dispatch/http/headers"
|
7
|
+
require "action_controller/metal/exceptions"
|
8
|
+
require "rack/request"
|
9
|
+
require "action_dispatch/http/cache"
|
10
|
+
require "action_dispatch/http/mime_negotiation"
|
11
|
+
require "action_dispatch/http/parameters"
|
12
|
+
require "action_dispatch/http/filter_parameters"
|
13
|
+
require "action_dispatch/http/upload"
|
14
|
+
require "action_dispatch/http/url"
|
15
|
+
require "active_support/core_ext/array/conversions"
|
10
16
|
|
11
17
|
module ActionDispatch
|
12
|
-
class Request
|
18
|
+
class Request
|
19
|
+
include Rack::Request::Helpers
|
13
20
|
include ActionDispatch::Http::Cache::Request
|
14
21
|
include ActionDispatch::Http::MimeNegotiation
|
15
22
|
include ActionDispatch::Http::Parameters
|
16
23
|
include ActionDispatch::Http::FilterParameters
|
17
|
-
include ActionDispatch::Http::Upload
|
18
24
|
include ActionDispatch::Http::URL
|
25
|
+
include ActionDispatch::ContentSecurityPolicy::Request
|
26
|
+
include Rack::Request::Env
|
27
|
+
|
28
|
+
autoload :Session, "action_dispatch/request/session"
|
29
|
+
autoload :Utils, "action_dispatch/request/utils"
|
30
|
+
|
31
|
+
LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
|
19
32
|
|
20
|
-
LOCALHOST = [/^127\.0\.0\.\d{1,3}$/, "::1", /^0:0:0:0:0:0:0:1(%.*)?$/].freeze
|
21
33
|
ENV_METHODS = %w[ AUTH_TYPE GATEWAY_INTERFACE
|
22
34
|
PATH_TRANSLATED REMOTE_HOST
|
23
35
|
REMOTE_IDENT REMOTE_USER REMOTE_ADDR
|
24
36
|
SERVER_NAME SERVER_PROTOCOL
|
37
|
+
ORIGINAL_SCRIPT_NAME
|
25
38
|
|
26
39
|
HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
|
27
40
|
HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
|
28
|
-
HTTP_NEGOTIATE HTTP_PRAGMA
|
41
|
+
HTTP_NEGOTIATE HTTP_PRAGMA HTTP_CLIENT_IP
|
42
|
+
HTTP_X_FORWARDED_FOR HTTP_ORIGIN HTTP_VERSION
|
43
|
+
HTTP_X_CSRF_TOKEN HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
|
44
|
+
SERVER_ADDR
|
45
|
+
].freeze
|
29
46
|
|
30
47
|
ENV_METHODS.each do |env|
|
31
48
|
class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
32
49
|
def #{env.sub(/^HTTP_/n, '').downcase} # def accept_charset
|
33
|
-
|
50
|
+
get_header "#{env}".freeze # get_header "HTTP_ACCEPT_CHARSET".freeze
|
34
51
|
end # end
|
35
52
|
METHOD
|
36
53
|
end
|
37
54
|
|
55
|
+
def self.empty
|
56
|
+
new({})
|
57
|
+
end
|
58
|
+
|
59
|
+
def initialize(env)
|
60
|
+
super
|
61
|
+
@method = nil
|
62
|
+
@request_method = nil
|
63
|
+
@remote_ip = nil
|
64
|
+
@original_fullpath = nil
|
65
|
+
@fullpath = nil
|
66
|
+
@ip = nil
|
67
|
+
end
|
68
|
+
|
69
|
+
def commit_cookie_jar! # :nodoc:
|
70
|
+
end
|
71
|
+
|
72
|
+
PASS_NOT_FOUND = Class.new { # :nodoc:
|
73
|
+
def self.action(_); self; end
|
74
|
+
def self.call(_); [404, { "X-Cascade" => "pass" }, []]; end
|
75
|
+
def self.binary_params_for?(action); false; end
|
76
|
+
}
|
77
|
+
|
78
|
+
def controller_class
|
79
|
+
params = path_parameters
|
80
|
+
params[:action] ||= "index"
|
81
|
+
controller_class_for(params[:controller])
|
82
|
+
end
|
83
|
+
|
84
|
+
def controller_class_for(name)
|
85
|
+
if name
|
86
|
+
controller_param = name.underscore
|
87
|
+
const_name = "#{controller_param.camelize}Controller"
|
88
|
+
ActiveSupport::Dependencies.constantize(const_name)
|
89
|
+
else
|
90
|
+
PASS_NOT_FOUND
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
# Returns true if the request has a header matching the given key parameter.
|
95
|
+
#
|
96
|
+
# request.key? :ip_spoofing_check # => true
|
38
97
|
def key?(key)
|
39
|
-
|
98
|
+
has_header? key
|
40
99
|
end
|
41
100
|
|
42
101
|
# List of HTTP request methods from the following RFCs:
|
43
|
-
# Hypertext Transfer Protocol -- HTTP/1.1 (
|
44
|
-
# HTTP Extensions for Distributed Authoring -- WEBDAV (
|
45
|
-
# Versioning Extensions to WebDAV (
|
46
|
-
# Ordered Collections Protocol (WebDAV) (
|
47
|
-
# Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (
|
48
|
-
# Web Distributed Authoring and Versioning (WebDAV) SEARCH (
|
49
|
-
#
|
102
|
+
# Hypertext Transfer Protocol -- HTTP/1.1 (https://www.ietf.org/rfc/rfc2616.txt)
|
103
|
+
# HTTP Extensions for Distributed Authoring -- WEBDAV (https://www.ietf.org/rfc/rfc2518.txt)
|
104
|
+
# Versioning Extensions to WebDAV (https://www.ietf.org/rfc/rfc3253.txt)
|
105
|
+
# Ordered Collections Protocol (WebDAV) (https://www.ietf.org/rfc/rfc3648.txt)
|
106
|
+
# Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (https://www.ietf.org/rfc/rfc3744.txt)
|
107
|
+
# Web Distributed Authoring and Versioning (WebDAV) SEARCH (https://www.ietf.org/rfc/rfc5323.txt)
|
108
|
+
# Calendar Extensions to WebDAV (https://www.ietf.org/rfc/rfc4791.txt)
|
109
|
+
# PATCH Method for HTTP (https://www.ietf.org/rfc/rfc5789.txt)
|
50
110
|
RFC2616 = %w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)
|
51
111
|
RFC2518 = %w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)
|
52
112
|
RFC3253 = %w(VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY)
|
53
113
|
RFC3648 = %w(ORDERPATCH)
|
54
114
|
RFC3744 = %w(ACL)
|
55
115
|
RFC5323 = %w(SEARCH)
|
116
|
+
RFC4791 = %w(MKCALENDAR)
|
56
117
|
RFC5789 = %w(PATCH)
|
57
118
|
|
58
|
-
HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC5789
|
119
|
+
HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC4791 + RFC5789
|
120
|
+
|
59
121
|
HTTP_METHOD_LOOKUP = {}
|
60
122
|
|
61
|
-
# Populate the HTTP method lookup cache
|
62
|
-
HTTP_METHODS.each
|
123
|
+
# Populate the HTTP method lookup cache.
|
124
|
+
HTTP_METHODS.each { |method|
|
63
125
|
HTTP_METHOD_LOOKUP[method] = method.underscore.to_sym
|
64
|
-
|
126
|
+
}
|
65
127
|
|
66
128
|
# Returns the HTTP \method that the application should see.
|
67
129
|
# In the case where the \method was overridden by a middleware
|
@@ -70,75 +132,125 @@ module ActionDispatch
|
|
70
132
|
# the application should use), this \method returns the overridden
|
71
133
|
# value, not the original.
|
72
134
|
def request_method
|
73
|
-
@request_method ||= check_method(
|
135
|
+
@request_method ||= check_method(super)
|
74
136
|
end
|
75
137
|
|
76
|
-
|
77
|
-
|
78
|
-
HTTP_METHOD_LOOKUP[request_method]
|
138
|
+
def routes # :nodoc:
|
139
|
+
get_header("action_dispatch.routes".freeze)
|
79
140
|
end
|
80
141
|
|
81
|
-
|
82
|
-
|
83
|
-
# more information.
|
84
|
-
def method
|
85
|
-
@method ||= check_method(env["rack.methodoverride.original_method"] || env['REQUEST_METHOD'])
|
142
|
+
def routes=(routes) # :nodoc:
|
143
|
+
set_header("action_dispatch.routes".freeze, routes)
|
86
144
|
end
|
87
145
|
|
88
|
-
|
89
|
-
|
90
|
-
|
146
|
+
def engine_script_name(_routes) # :nodoc:
|
147
|
+
get_header(_routes.env_key)
|
148
|
+
end
|
149
|
+
|
150
|
+
def engine_script_name=(name) # :nodoc:
|
151
|
+
set_header(routes.env_key, name.dup)
|
152
|
+
end
|
153
|
+
|
154
|
+
def request_method=(request_method) #:nodoc:
|
155
|
+
if check_method(request_method)
|
156
|
+
@request_method = set_header("REQUEST_METHOD", request_method)
|
157
|
+
end
|
91
158
|
end
|
92
159
|
|
93
|
-
|
94
|
-
|
95
|
-
def get?
|
96
|
-
HTTP_METHOD_LOOKUP[request_method] == :get
|
160
|
+
def controller_instance # :nodoc:
|
161
|
+
get_header("action_controller.instance".freeze)
|
97
162
|
end
|
98
163
|
|
99
|
-
|
100
|
-
|
101
|
-
def post?
|
102
|
-
HTTP_METHOD_LOOKUP[request_method] == :post
|
164
|
+
def controller_instance=(controller) # :nodoc:
|
165
|
+
set_header("action_controller.instance".freeze, controller)
|
103
166
|
end
|
104
167
|
|
105
|
-
|
106
|
-
|
107
|
-
def put?
|
108
|
-
HTTP_METHOD_LOOKUP[request_method] == :put
|
168
|
+
def http_auth_salt
|
169
|
+
get_header "action_dispatch.http_auth_salt"
|
109
170
|
end
|
110
171
|
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
172
|
+
def show_exceptions? # :nodoc:
|
173
|
+
# We're treating `nil` as "unset", and we want the default setting to be
|
174
|
+
# `true`. This logic should be extracted to `env_config` and calculated
|
175
|
+
# once.
|
176
|
+
!(get_header("action_dispatch.show_exceptions".freeze) == false)
|
177
|
+
end
|
178
|
+
|
179
|
+
# Returns a symbol form of the #request_method.
|
180
|
+
def request_method_symbol
|
181
|
+
HTTP_METHOD_LOOKUP[request_method]
|
115
182
|
end
|
116
183
|
|
117
|
-
#
|
118
|
-
#
|
119
|
-
|
120
|
-
|
184
|
+
# Returns the original value of the environment's REQUEST_METHOD,
|
185
|
+
# even if it was overridden by middleware. See #request_method for
|
186
|
+
# more information.
|
187
|
+
def method
|
188
|
+
@method ||= check_method(get_header("rack.methodoverride.original_method") || get_header("REQUEST_METHOD"))
|
189
|
+
end
|
190
|
+
|
191
|
+
# Returns a symbol form of the #method.
|
192
|
+
def method_symbol
|
193
|
+
HTTP_METHOD_LOOKUP[method]
|
121
194
|
end
|
122
195
|
|
123
196
|
# Provides access to the request's HTTP headers, for example:
|
124
197
|
#
|
125
198
|
# request.headers["Content-Type"] # => "text/plain"
|
126
199
|
def headers
|
127
|
-
Http::Headers.new(
|
200
|
+
@headers ||= Http::Headers.new(self)
|
201
|
+
end
|
202
|
+
|
203
|
+
# Early Hints is an HTTP/2 status code that indicates hints to help a client start
|
204
|
+
# making preparations for processing the final response.
|
205
|
+
#
|
206
|
+
# If the env contains +rack.early_hints+ then the server accepts HTTP2 push for Link headers.
|
207
|
+
#
|
208
|
+
# The +send_early_hints+ method accepts a hash of links as follows:
|
209
|
+
#
|
210
|
+
# send_early_hints("Link" => "</style.css>; rel=preload; as=style\n</script.js>; rel=preload")
|
211
|
+
#
|
212
|
+
# If you are using +javascript_include_tag+ or +stylesheet_link_tag+ the
|
213
|
+
# Early Hints headers are included by default if supported.
|
214
|
+
def send_early_hints(links)
|
215
|
+
return unless env["rack.early_hints"]
|
216
|
+
|
217
|
+
env["rack.early_hints"].call(links)
|
128
218
|
end
|
129
219
|
|
220
|
+
# Returns a +String+ with the last requested path including their params.
|
221
|
+
#
|
222
|
+
# # get '/foo'
|
223
|
+
# request.original_fullpath # => '/foo'
|
224
|
+
#
|
225
|
+
# # get '/foo?bar'
|
226
|
+
# request.original_fullpath # => '/foo?bar'
|
130
227
|
def original_fullpath
|
131
|
-
@original_fullpath ||= (
|
228
|
+
@original_fullpath ||= (get_header("ORIGINAL_FULLPATH") || fullpath)
|
132
229
|
end
|
133
230
|
|
231
|
+
# Returns the +String+ full path including params of the last URL requested.
|
232
|
+
#
|
233
|
+
# # get "/articles"
|
234
|
+
# request.fullpath # => "/articles"
|
235
|
+
#
|
236
|
+
# # get "/articles?page=2"
|
237
|
+
# request.fullpath # => "/articles?page=2"
|
134
238
|
def fullpath
|
135
239
|
@fullpath ||= super
|
136
240
|
end
|
137
241
|
|
242
|
+
# Returns the original request URL as a +String+.
|
243
|
+
#
|
244
|
+
# # get "/articles?page=2"
|
245
|
+
# request.original_url # => "http://www.example.com/articles?page=2"
|
138
246
|
def original_url
|
139
247
|
base_url + original_fullpath
|
140
248
|
end
|
141
249
|
|
250
|
+
# The +String+ MIME type of the request.
|
251
|
+
#
|
252
|
+
# # get "/articles"
|
253
|
+
# request.media_type # => "application/x-www-form-urlencoded"
|
142
254
|
def media_type
|
143
255
|
content_mime_type.to_s
|
144
256
|
end
|
@@ -149,137 +261,170 @@ module ActionDispatch
|
|
149
261
|
end
|
150
262
|
|
151
263
|
# Returns true if the "X-Requested-With" header contains "XMLHttpRequest"
|
152
|
-
# (case-insensitive)
|
153
|
-
#
|
264
|
+
# (case-insensitive), which may need to be manually added depending on the
|
265
|
+
# choice of JavaScript libraries and frameworks.
|
154
266
|
def xml_http_request?
|
155
|
-
|
267
|
+
get_header("HTTP_X_REQUESTED_WITH") =~ /XMLHttpRequest/i
|
156
268
|
end
|
157
269
|
alias :xhr? :xml_http_request?
|
158
270
|
|
271
|
+
# Returns the IP address of client as a +String+.
|
159
272
|
def ip
|
160
273
|
@ip ||= super
|
161
274
|
end
|
162
275
|
|
163
|
-
#
|
276
|
+
# Returns the IP address of client as a +String+,
|
277
|
+
# usually set by the RemoteIp middleware.
|
164
278
|
def remote_ip
|
165
|
-
@remote_ip ||= (
|
279
|
+
@remote_ip ||= (get_header("action_dispatch.remote_ip") || ip).to_s
|
166
280
|
end
|
167
281
|
|
168
|
-
|
282
|
+
def remote_ip=(remote_ip)
|
283
|
+
set_header "action_dispatch.remote_ip".freeze, remote_ip
|
284
|
+
end
|
285
|
+
|
286
|
+
ACTION_DISPATCH_REQUEST_ID = "action_dispatch.request_id".freeze # :nodoc:
|
287
|
+
|
288
|
+
# Returns the unique request id, which is based on either the X-Request-Id header that can
|
169
289
|
# be generated by a firewall, load balancer, or web server or by the RequestId middleware
|
170
290
|
# (which sets the action_dispatch.request_id environment variable).
|
171
291
|
#
|
172
292
|
# This unique ID is useful for tracing a request from end-to-end as part of logging or debugging.
|
173
|
-
# This relies on the
|
174
|
-
def
|
175
|
-
|
293
|
+
# This relies on the Rack variable set by the ActionDispatch::RequestId middleware.
|
294
|
+
def request_id
|
295
|
+
get_header ACTION_DISPATCH_REQUEST_ID
|
176
296
|
end
|
177
297
|
|
298
|
+
def request_id=(id) # :nodoc:
|
299
|
+
set_header ACTION_DISPATCH_REQUEST_ID, id
|
300
|
+
end
|
301
|
+
|
302
|
+
alias_method :uuid, :request_id
|
303
|
+
|
178
304
|
# Returns the lowercase name of the HTTP server software.
|
179
305
|
def server_software
|
180
|
-
(
|
306
|
+
(get_header("SERVER_SOFTWARE") && /^([a-zA-Z]+)/ =~ get_header("SERVER_SOFTWARE")) ? $1.downcase : nil
|
181
307
|
end
|
182
308
|
|
183
309
|
# Read the request \body. This is useful for web services that need to
|
184
310
|
# work with raw requests directly.
|
185
311
|
def raw_post
|
186
|
-
unless
|
312
|
+
unless has_header? "RAW_POST_DATA"
|
187
313
|
raw_post_body = body
|
188
|
-
|
314
|
+
set_header("RAW_POST_DATA", raw_post_body.read(content_length))
|
189
315
|
raw_post_body.rewind if raw_post_body.respond_to?(:rewind)
|
190
316
|
end
|
191
|
-
|
317
|
+
get_header "RAW_POST_DATA"
|
192
318
|
end
|
193
319
|
|
194
320
|
# The request body is an IO input stream. If the RAW_POST_DATA environment
|
195
321
|
# variable is already set, wrap it in a StringIO.
|
196
322
|
def body
|
197
|
-
if raw_post =
|
198
|
-
raw_post.force_encoding(Encoding::BINARY)
|
323
|
+
if raw_post = get_header("RAW_POST_DATA")
|
324
|
+
raw_post = raw_post.dup.force_encoding(Encoding::BINARY)
|
199
325
|
StringIO.new(raw_post)
|
200
326
|
else
|
201
|
-
|
327
|
+
body_stream
|
202
328
|
end
|
203
329
|
end
|
204
330
|
|
331
|
+
# Determine whether the request body contains form-data by checking
|
332
|
+
# the request Content-Type for one of the media-types:
|
333
|
+
# "application/x-www-form-urlencoded" or "multipart/form-data". The
|
334
|
+
# list of form-data media types can be modified through the
|
335
|
+
# +FORM_DATA_MEDIA_TYPES+ array.
|
336
|
+
#
|
337
|
+
# A request body is not assumed to contain form-data when no
|
338
|
+
# Content-Type header is provided and the request_method is POST.
|
205
339
|
def form_data?
|
206
|
-
FORM_DATA_MEDIA_TYPES.include?(
|
340
|
+
FORM_DATA_MEDIA_TYPES.include?(media_type)
|
207
341
|
end
|
208
342
|
|
209
343
|
def body_stream #:nodoc:
|
210
|
-
|
344
|
+
get_header("rack.input")
|
211
345
|
end
|
212
346
|
|
213
347
|
# TODO This should be broken apart into AD::Request::Session and probably
|
214
348
|
# be included by the session middleware.
|
215
349
|
def reset_session
|
216
|
-
|
217
|
-
|
218
|
-
|
350
|
+
if session && session.respond_to?(:destroy)
|
351
|
+
session.destroy
|
352
|
+
else
|
353
|
+
self.session = {}
|
354
|
+
end
|
219
355
|
end
|
220
356
|
|
221
357
|
def session=(session) #:nodoc:
|
222
|
-
|
358
|
+
Session.set self, session
|
223
359
|
end
|
224
360
|
|
225
361
|
def session_options=(options)
|
226
|
-
|
362
|
+
Session::Options.set self, options
|
227
363
|
end
|
228
364
|
|
229
|
-
# Override Rack's GET method to support indifferent access
|
365
|
+
# Override Rack's GET method to support indifferent access.
|
230
366
|
def GET
|
231
|
-
|
367
|
+
fetch_header("action_dispatch.request.query_parameters") do |k|
|
368
|
+
rack_query_params = super || {}
|
369
|
+
# Check for non UTF-8 parameter values, which would cause errors later
|
370
|
+
Request::Utils.check_param_encoding(rack_query_params)
|
371
|
+
set_header k, Request::Utils.normalize_encode_params(rack_query_params)
|
372
|
+
end
|
373
|
+
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
|
374
|
+
raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}")
|
232
375
|
end
|
233
376
|
alias :query_parameters :GET
|
234
377
|
|
235
|
-
# Override Rack's POST method to support indifferent access
|
378
|
+
# Override Rack's POST method to support indifferent access.
|
236
379
|
def POST
|
237
|
-
|
380
|
+
fetch_header("action_dispatch.request.request_parameters") do
|
381
|
+
pr = parse_formatted_parameters(params_parsers) do |params|
|
382
|
+
super || {}
|
383
|
+
end
|
384
|
+
self.request_parameters = Request::Utils.normalize_encode_params(pr)
|
385
|
+
end
|
386
|
+
rescue Http::Parameters::ParseError # one of the parse strategies blew up
|
387
|
+
self.request_parameters = Request::Utils.normalize_encode_params(super || {})
|
388
|
+
raise
|
389
|
+
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
|
390
|
+
raise ActionController::BadRequest.new("Invalid request parameters: #{e.message}")
|
238
391
|
end
|
239
392
|
alias :request_parameters :POST
|
240
393
|
|
241
|
-
|
242
394
|
# Returns the authorization header regardless of whether it was specified directly or through one of the
|
243
395
|
# proxy alternatives.
|
244
396
|
def authorization
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
397
|
+
get_header("HTTP_AUTHORIZATION") ||
|
398
|
+
get_header("X-HTTP_AUTHORIZATION") ||
|
399
|
+
get_header("X_HTTP_AUTHORIZATION") ||
|
400
|
+
get_header("REDIRECT_X_HTTP_AUTHORIZATION")
|
249
401
|
end
|
250
402
|
|
251
|
-
# True if the request came from localhost, 127.0.0.1.
|
403
|
+
# True if the request came from localhost, 127.0.0.1, or ::1.
|
252
404
|
def local?
|
253
|
-
LOCALHOST
|
254
|
-
end
|
255
|
-
|
256
|
-
# Remove nils from the params hash
|
257
|
-
def deep_munge(hash)
|
258
|
-
hash.each do |k, v|
|
259
|
-
case v
|
260
|
-
when Array
|
261
|
-
v.grep(Hash) { |x| deep_munge(x) }
|
262
|
-
v.compact!
|
263
|
-
hash[k] = nil if v.empty?
|
264
|
-
when Hash
|
265
|
-
deep_munge(v)
|
266
|
-
end
|
267
|
-
end
|
268
|
-
|
269
|
-
hash
|
405
|
+
LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip
|
270
406
|
end
|
271
407
|
|
272
|
-
|
408
|
+
def request_parameters=(params)
|
409
|
+
raise if params.nil?
|
410
|
+
set_header("action_dispatch.request.request_parameters".freeze, params)
|
411
|
+
end
|
273
412
|
|
274
|
-
def
|
275
|
-
|
413
|
+
def logger
|
414
|
+
get_header("action_dispatch.logger".freeze)
|
276
415
|
end
|
277
416
|
|
278
|
-
|
417
|
+
def commit_flash
|
418
|
+
end
|
279
419
|
|
280
|
-
def
|
281
|
-
|
282
|
-
name
|
420
|
+
def ssl?
|
421
|
+
super || scheme == "wss".freeze
|
283
422
|
end
|
423
|
+
|
424
|
+
private
|
425
|
+
def check_method(name)
|
426
|
+
HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS[0...-1].join(', ')}, and #{HTTP_METHODS[-1]}")
|
427
|
+
name
|
428
|
+
end
|
284
429
|
end
|
285
430
|
end
|