actionpack 3.2.22.5 → 5.2.4

data/lib/action_controller/metal/conditional_get.rb

@@ -1,73 +1,163 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/keys"
+
 module ActionController
   module ConditionalGet
     extend ActiveSupport::Concern
 
-    include RackDelegation
     include Head
 
-    # Sets the etag, last_modified, or both on the response and renders a
+    included do
+      class_attribute :etaggers, default: []
+    end
+
+    module ClassMethods
+      # Allows you to consider additional controller-wide information when generating an ETag.
+      # For example, if you serve pages tailored depending on who's logged in at the moment, you
+      # may want to add the current user id to be part of the ETag to prevent unauthorized displaying
+      # of cached pages.
+      #
+      #   class InvoicesController < ApplicationController
+      #     etag { current_user.try :id }
+      #
+      #     def show
+      #       # Etag will differ even for the same invoice when it's viewed by a different current_user
+      #       @invoice = Invoice.find(params[:id])
+      #       fresh_when(@invoice)
+      #     end
+      #   end
+      def etag(&etagger)
+        self.etaggers += [etagger]
+      end
+    end
+
+    # Sets the +etag+, +last_modified+, or both on the response and renders a
     # <tt>304 Not Modified</tt> response if the request is already fresh.
     #
-    # Parameters:
-    # * <tt>:etag</tt>
-    # * <tt>:last_modified</tt>
-    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    # === Parameters:
+    #
+    # * <tt>:etag</tt> Sets a "weak" ETag validator on the response. See the
+    #   +:weak_etag+ option.
+    # * <tt>:weak_etag</tt> Sets a "weak" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A weak ETag indicates semantic
+    #   equivalence, not byte-for-byte equality, so they're good for caching
+    #   HTML pages in browser caches. They can't be used for responses that
+    #   must be byte-identical, like serving Range requests within a PDF file.
+    # * <tt>:strong_etag</tt> Sets a "strong" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A strong ETag implies exact
+    #   equality: the response must match byte for byte. This is necessary for
+    #   doing Range requests within a large video or PDF file, for example, or
+    #   for compatibility with some CDNs that don't support weak ETags.
+    # * <tt>:last_modified</tt> Sets a "weak" last-update validator on the
+    #   response. Subsequent requests that set If-Modified-Since may return a
+    #   304 Not Modified response if last_modified <= If-Modified-Since.
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to
+    #   +true+ if you want your application to be cacheable by other devices (proxy caches).
+    # * <tt>:template</tt> By default, the template digest for the current
+    #   controller/action is included in ETags. If the action renders a
+    #   different template, you can include its digest instead. If the action
+    #   doesn't render a template at all, you can pass <tt>template: false</tt>
+    #   to skip any attempt to check for a template digest.
     #
-    # Example:
+    # === Example:
     #
     #   def show
     #     @article = Article.find(params[:id])
-    #     fresh_when(:etag => @article, :last_modified => @article.created_at, :public => true)
+    #     fresh_when(etag: @article, last_modified: @article.updated_at, public: true)
     #   end
     #
-    # This will render the show template if the request isn't sending a matching etag or
+    # This will render the show template if the request isn't sending a matching ETag or
     # If-Modified-Since header and just a <tt>304 Not Modified</tt> response if there's a match.
     #
-    # You can also just pass a record where last_modified will be set by calling updated_at and the etag by passing the object itself. Example:
+    # You can also just pass a record. In this case +last_modified+ will be set
+    # by calling +updated_at+ and +etag+ by passing the object itself.
     #
     #   def show
     #     @article = Article.find(params[:id])
     #     fresh_when(@article)
     #   end
     #
-    # When passing a record, you can still set whether the public header:
+    # You can also pass an object that responds to +maximum+, such as a
+    # collection of active records. In this case +last_modified+ will be set by
+    # calling <tt>maximum(:updated_at)</tt> on the collection (the timestamp of the
+    # most recently updated record) and the +etag+ by passing the object itself.
+    #
+    #   def index
+    #     @articles = Article.all
+    #     fresh_when(@articles)
+    #   end
+    #
+    # When passing a record or a collection, you can still set the public header:
     #
     #   def show
     #     @article = Article.find(params[:id])
-    #     fresh_when(@article, :public => true)
+    #     fresh_when(@article, public: true)
     #   end
-    def fresh_when(record_or_options, additional_options = {})
-      if record_or_options.is_a? Hash
-        options = record_or_options
-        options.assert_valid_keys(:etag, :last_modified, :public)
-      else
-        record  = record_or_options
-        options = { :etag => record, :last_modified => record.try(:updated_at) }.merge(additional_options)
+    #
+    # When rendering a different template than the default controller/action
+    # style, you can indicate which digest to include in the ETag:
+    #
+    #   before_action { fresh_when @article, template: 'widgets/show' }
+    #
+    def fresh_when(object = nil, etag: nil, weak_etag: nil, strong_etag: nil, last_modified: nil, public: false, template: nil)
+      weak_etag ||= etag || object unless strong_etag
+      last_modified ||= object.try(:updated_at) || object.try(:maximum, :updated_at)
+
+      if strong_etag
+        response.strong_etag = combine_etags strong_etag,
+          last_modified: last_modified, public: public, template: template
+      elsif weak_etag || template
+        response.weak_etag = combine_etags weak_etag,
+          last_modified: last_modified, public: public, template: template
       end
 
-      response.etag          = options[:etag]          if options[:etag]
-      response.last_modified = options[:last_modified] if options[:last_modified]
-      response.cache_control[:public] = true if options[:public]
+      response.last_modified = last_modified if last_modified
+      response.cache_control[:public] = true if public
 
       head :not_modified if request.fresh?(response)
     end
 
-    # Sets the etag and/or last_modified on the response and checks it against
+    # Sets the +etag+ and/or +last_modified+ on the response and checks it against
     # the client request. If the request doesn't match the options provided, the
     # request is considered stale and should be generated from scratch. Otherwise,
     # it's fresh and we don't need to generate anything and a reply of <tt>304 Not Modified</tt> is sent.
     #
-    # Parameters:
-    # * <tt>:etag</tt>
-    # * <tt>:last_modified</tt>
-    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    # === Parameters:
     #
-    # Example:
+    # * <tt>:etag</tt> Sets a "weak" ETag validator on the response. See the
+    #   +:weak_etag+ option.
+    # * <tt>:weak_etag</tt> Sets a "weak" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A weak ETag indicates semantic
+    #   equivalence, not byte-for-byte equality, so they're good for caching
+    #   HTML pages in browser caches. They can't be used for responses that
+    #   must be byte-identical, like serving Range requests within a PDF file.
+    # * <tt>:strong_etag</tt> Sets a "strong" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A strong ETag implies exact
+    #   equality: the response must match byte for byte. This is necessary for
+    #   doing Range requests within a large video or PDF file, for example, or
+    #   for compatibility with some CDNs that don't support weak ETags.
+    # * <tt>:last_modified</tt> Sets a "weak" last-update validator on the
+    #   response. Subsequent requests that set If-Modified-Since may return a
+    #   304 Not Modified response if last_modified <= If-Modified-Since.
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to
+    #   +true+ if you want your application to be cacheable by other devices (proxy caches).
+    # * <tt>:template</tt> By default, the template digest for the current
+    #   controller/action is included in ETags. If the action renders a
+    #   different template, you can include its digest instead. If the action
+    #   doesn't render a template at all, you can pass <tt>template: false</tt>
+    #   to skip any attempt to check for a template digest.
+    #
+    # === Example:
     #
     #   def show
     #     @article = Article.find(params[:id])
     #
-    #     if stale?(:etag => @article, :last_modified => @article.created_at)
+    #     if stale?(etag: @article, last_modified: @article.updated_at)
     #       @statistics = @article.really_expensive_call
     #       respond_to do |format|
     #         # all the supported formats
@@ -75,7 +165,8 @@ module ActionController
     #     end
     #   end
     #
-    # You can also just pass a record where last_modified will be set by calling updated_at and the etag by passing the object itself. Example:
+    # You can also just pass a record. In this case +last_modified+ will be set
+    # by calling +updated_at+ and +etag+ by passing the object itself.
     #
     #   def show
     #     @article = Article.find(params[:id])
@@ -88,44 +179,96 @@ module ActionController
     #     end
     #   end
     #
-    # When passing a record, you can still set whether the public header:
+    # You can also pass an object that responds to +maximum+, such as a
+    # collection of active records. In this case +last_modified+ will be set by
+    # calling +maximum(:updated_at)+ on the collection (the timestamp of the
+    # most recently updated record) and the +etag+ by passing the object itself.
+    #
+    #   def index
+    #     @articles = Article.all
+    #
+    #     if stale?(@articles)
+    #       @statistics = @articles.really_expensive_call
+    #       respond_to do |format|
+    #         # all the supported formats
+    #       end
+    #     end
+    #   end
+    #
+    # When passing a record or a collection, you can still set the public header:
     #
     #   def show
     #     @article = Article.find(params[:id])
     #
-    #     if stale?(@article, :public => true)
+    #     if stale?(@article, public: true)
     #       @statistics = @article.really_expensive_call
     #       respond_to do |format|
     #         # all the supported formats
     #       end
     #     end
     #   end
-    def stale?(record_or_options, additional_options = {})
-      fresh_when(record_or_options, additional_options)
+    #
+    # When rendering a different template than the default controller/action
+    # style, you can indicate which digest to include in the ETag:
+    #
+    #   def show
+    #     super if stale? @article, template: 'widgets/show'
+    #   end
+    #
+    def stale?(object = nil, **freshness_kwargs)
+      fresh_when(object, **freshness_kwargs)
       !request.fresh?(response)
     end
 
-    # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a <tt>private</tt> instruction, so that
-    # intermediate caches must not cache the response.
+    # Sets an HTTP 1.1 Cache-Control header. Defaults to issuing a +private+
+    # instruction, so that intermediate caches must not cache the response.
     #
-    # Examples:
     #   expires_in 20.minutes
-    #   expires_in 3.hours, :public => true
-    #   expires_in 3.hours, 'max-stale' => 5.hours, :public => true
+    #   expires_in 3.hours, public: true
+    #   expires_in 3.hours, public: true, must_revalidate: true
     #
     # This method will overwrite an existing Cache-Control header.
-    # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
-    def expires_in(seconds, options = {}) #:doc:
-      response.cache_control.merge!(:max_age => seconds, :public => options.delete(:public))
+    # See https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
+    #
+    # The method will also ensure an HTTP Date header for client compatibility.
+    def expires_in(seconds, options = {})
+      response.cache_control.merge!(
+        max_age: seconds,
+        public: options.delete(:public),
+        must_revalidate: options.delete(:must_revalidate)
+      )
       options.delete(:private)
 
-      response.cache_control[:extras] = options.map {|k,v| "#{k}=#{v}"}
+      response.cache_control[:extras] = options.map { |k, v| "#{k}=#{v}" }
+      response.date = Time.now unless response.date?
     end
 
-    # Sets a HTTP 1.1 Cache-Control header of <tt>no-cache</tt> so no caching should occur by the browser or
-    # intermediate caches (like caching proxy servers).
-    def expires_now #:doc:
-      response.cache_control.replace(:no_cache => true)
+    # Sets an HTTP 1.1 Cache-Control header of <tt>no-cache</tt>. This means the
+    # resource will be marked as stale, so clients must always revalidate.
+    # Intermediate/browser caches may still store the asset.
+    def expires_now
+      response.cache_control.replace(no_cache: true)
     end
+
+    # Cache or yield the block. The cache is supposed to never expire.
+    #
+    # You can use this method when you have an HTTP response that never changes,
+    # and the browser and proxies should cache it indefinitely.
+    #
+    # * +public+: By default, HTTP responses are private, cached only on the
+    #   user's web browser. To allow proxies to cache the response, set +true+ to
+    #   indicate that they can serve the cached response to all users.
+    def http_cache_forever(public: false)
+      expires_in 100.years, public: public
+
+      yield if stale?(etag: request.fullpath,
+                      last_modified: Time.new(2011, 1, 1).utc,
+                      public: public)
+    end
+
+    private
+      def combine_etags(validator, options)
+        [validator, *etaggers.map { |etagger| instance_exec(options, &etagger) }].compact
+      end
   end
 end

data/lib/action_controller/metal/content_security_policy.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module ActionController #:nodoc:
+  module ContentSecurityPolicy
+    # TODO: Documentation
+    extend ActiveSupport::Concern
+
+    include AbstractController::Helpers
+    include AbstractController::Callbacks
+
+    included do
+      helper_method :content_security_policy?
+      helper_method :content_security_policy_nonce
+    end
+
+    module ClassMethods
+      def content_security_policy(enabled = true, **options, &block)
+        before_action(options) do
+          if block_given?
+            policy = current_content_security_policy
+            yield policy
+            request.content_security_policy = policy
+          end
+
+          unless enabled
+            request.content_security_policy = nil
+          end
+        end
+      end
+
+      def content_security_policy_report_only(report_only = true, **options)
+        before_action(options) do
+          request.content_security_policy_report_only = report_only
+        end
+      end
+    end
+
+    private
+
+      def content_security_policy?
+        request.content_security_policy
+      end
+
+      def content_security_policy_nonce
+        request.content_security_policy_nonce
+      end
+
+      def current_content_security_policy
+        request.content_security_policy.try(:clone) || ActionDispatch::ContentSecurityPolicy.new
+      end
+  end
+end

data/lib/action_controller/metal/cookies.rb

@@ -1,11 +1,11 @@
+# frozen_string_literal: true
+
 module ActionController #:nodoc:
   module Cookies
     extend ActiveSupport::Concern
 
-    include RackDelegation
-
     included do
-      helper_method :cookies
+      helper_method :cookies if defined?(helper_method)
     end
 
     private

data/lib/action_controller/metal/data_streaming.rb

@@ -1,5 +1,6 @@
-require 'active_support/core_ext/file/path'
-require 'action_controller/metal/exceptions'
+# frozen_string_literal: true
+
+require "action_controller/metal/exceptions"
 
 module ActionController #:nodoc:
   # Methods for sending arbitrary data and for streaming files to the browser,
@@ -9,15 +10,13 @@ module ActionController #:nodoc:
 
     include ActionController::Rendering
 
-    DEFAULT_SEND_FILE_OPTIONS = {
-      :type         => 'application/octet-stream'.freeze,
-      :disposition  => 'attachment'.freeze,
-    }.freeze
+    DEFAULT_SEND_FILE_TYPE        = "application/octet-stream".freeze #:nodoc:
+    DEFAULT_SEND_FILE_DISPOSITION = "attachment".freeze #:nodoc:
 
-    protected
+    private
       # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
       # via the Rack::Sendfile middleware. The header to use is set via
-      # config.action_dispatch.x_sendfile_header.
+      # +config.action_dispatch.x_sendfile_header+.
       # Your server can also configure this for you by setting the X-Sendfile-Type header.
       #
       # Be careful to sanitize the path parameter if it is coming from a web
@@ -28,14 +27,13 @@ module ActionController #:nodoc:
       # * <tt>:filename</tt> - suggests a filename for the browser to use.
       #   Defaults to <tt>File.basename(path)</tt>.
       # * <tt>:type</tt> - specifies an HTTP content type.
-      #   You can specify either a string or a symbol for a registered type register with
-      #   <tt>Mime::Type.register</tt>, for example :json
-      #   If omitted, type will be guessed from the file extension specified in <tt>:filename</tt>.
-      #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
+      #   You can specify either a string or a symbol for a registered type with <tt>Mime::Type.register</tt>, for example :json.
+      #   If omitted, the type will be inferred from the file extension specified in <tt>:filename</tt>.
+      #   If no content type is registered for the extension, the default type 'application/octet-stream' will be used.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
       # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
-      # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
+      # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser to guess the filename from
       #   the URL, which is necessary for i18n filenames on certain browsers
       #   (setting <tt>:filename</tt> overrides this option).
       #
@@ -50,66 +48,46 @@ module ActionController #:nodoc:
       #
       # Show a JPEG in the browser:
       #
-      #   send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
+      #   send_file '/path/to.jpeg', type: 'image/jpeg', disposition: 'inline'
       #
       # Show a 404 page in the browser:
       #
-      #   send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
+      #   send_file '/path/to/404.html', type: 'text/html; charset=utf-8', status: 404
       #
       # Read about the other Content-* HTTP headers if you'd like to
       # provide the user with more information (such as Content-Description) in
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
+      # https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
       #
       # Also be aware that the document may be cached by proxies and browsers.
       # The Pragma and Cache-Control headers declare how the file may be cached
       # by intermediaries. They default to require clients to validate with
       # the server before releasing cached responses. See
-      # http://www.mnot.net/cache_docs/ for an overview of web caching and
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
+      # https://www.mnot.net/cache_docs/ for an overview of web caching and
+      # https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
       # for the Cache-Control header spec.
       def send_file(path, options = {}) #:doc:
-        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path)
+        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) && File.readable?(path)
 
         options[:filename] ||= File.basename(path) unless options[:url_based_filename]
         send_file_headers! options
 
         self.status = options[:status] || 200
         self.content_type = options[:content_type] if options.key?(:content_type)
-        self.response_body = FileBody.new(path)
-      end
-
-      # Avoid having to pass an open file handle as the response body.
-      # Rack::Sendfile will usually intercept the response and uses
-      # the path directly, so there is no reason to open the file.
-      class FileBody #:nodoc:
-        attr_reader :to_path
-
-        def initialize(path)
-          @to_path = path
-        end
-
-        # Stream the file's contents if Rack::Sendfile isn't present.
-        def each
-          File.open(to_path, 'rb') do |file|
-            while chunk = file.read(16384)
-              yield chunk
-            end
-          end
-        end
+        response.send_file path
       end
 
       # Sends the given binary data to the browser. This method is similar to
-      # <tt>render :text => data</tt>, but also allows you to specify whether
+      # <tt>render plain: data</tt>, but also allows you to specify whether
       # the browser should display the response as a file attachment (i.e. in a
       # download dialog) or as inline data. You may also set the content type,
-      # the apparent file name, and other things.
+      # the file name, and other things.
       #
       # Options:
       # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
-      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
-      #   If omitted, type will be guessed from the file extension specified in <tt>:filename</tt>.
-      #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
+      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'.
+      #   You can specify either a string or a symbol for a registered type with <tt>Mime::Type.register</tt>, for example :json.
+      #   If omitted, type will be inferred from the file extension specified in <tt>:filename</tt>.
+      #   If no content type is registered for the extension, the default type 'application/octet-stream' will be used.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
       # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
@@ -120,31 +98,26 @@ module ActionController #:nodoc:
       #
       # Download a dynamically-generated tarball:
       #
-      #   send_data generate_tgz('dir'), :filename => 'dir.tgz'
+      #   send_data generate_tgz('dir'), filename: 'dir.tgz'
       #
       # Display an image Active Record in the browser:
       #
-      #   send_data image.data, :type => image.content_type, :disposition => 'inline'
+      #   send_data image.data, type: image.content_type, disposition: 'inline'
       #
       # See +send_file+ for more information on HTTP Content-* headers and caching.
       def send_data(data, options = {}) #:doc:
-        send_file_headers! options.dup
-        render options.slice(:status, :content_type).merge(:text => data)
+        send_file_headers! options
+        render options.slice(:status, :content_type).merge(body: data)
       end
 
-    private
       def send_file_headers!(options)
         type_provided = options.has_key?(:type)
 
-        options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options))
-        [:type, :disposition].each do |arg|
-          raise ArgumentError, ":#{arg} option required" if options[arg].nil?
-        end
-
-        disposition = options[:disposition].to_s
-        disposition += %(; filename="#{options[:filename]}") if options[:filename]
+        content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
+        self.content_type = content_type
+        response.sending_file = true
 
-        content_type = options[:type]
+        raise ArgumentError, ":type option required" if content_type.nil?
 
         if content_type.is_a?(Symbol)
           extension = Mime[content_type]
@@ -153,17 +126,19 @@ module ActionController #:nodoc:
         else
           if !type_provided && options[:filename]
             # If type wasn't provided, try guessing from file extension.
-            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.tr('.','')) || content_type
+            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete(".")) || content_type
           end
           self.content_type = content_type
         end
 
-        headers.merge!(
-          'Content-Disposition'       => disposition,
-          'Content-Transfer-Encoding' => 'binary'
-        )
+        disposition = options.fetch(:disposition, DEFAULT_SEND_FILE_DISPOSITION)
+        unless disposition.nil?
+          disposition  = disposition.to_s
+          disposition += %(; filename="#{options[:filename]}") if options[:filename]
+          headers["Content-Disposition"] = disposition
+        end
 
-        response.sending_file = true
+        headers["Content-Transfer-Encoding"] = "binary"
 
         # Fix a problem with IE 6.0 on opening downloaded files:
         # If Cache-Control: no-cache is set (which Rails does by default),

data/lib/action_controller/metal/etag_with_flash.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module ActionController
+  # When you're using the flash, it's generally used as a conditional on the view.
+  # This means the content of the view depends on the flash. Which in turn means
+  # that the ETag for a response should be computed with the content of the flash
+  # in mind. This does that by including the content of the flash as a component
+  # in the ETag that's generated for a response.
+  module EtagWithFlash
+    extend ActiveSupport::Concern
+
+    include ActionController::ConditionalGet
+
+    included do
+      etag { flash unless flash.empty? }
+    end
+  end
+end

data/lib/action_controller/metal/etag_with_template_digest.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module ActionController
+  # When our views change, they should bubble up into HTTP cache freshness
+  # and bust browser caches. So the template digest for the current action
+  # is automatically included in the ETag.
+  #
+  # Enabled by default for apps that use Action View. Disable by setting
+  #
+  #   config.action_controller.etag_with_template_digest = false
+  #
+  # Override the template to digest by passing +:template+ to +fresh_when+
+  # and +stale?+ calls. For example:
+  #
+  #   # We're going to render widgets/show, not posts/show
+  #   fresh_when @post, template: 'widgets/show'
+  #
+  #   # We're not going to render a template, so omit it from the ETag.
+  #   fresh_when @post, template: false
+  #
+  module EtagWithTemplateDigest
+    extend ActiveSupport::Concern
+
+    include ActionController::ConditionalGet
+
+    included do
+      class_attribute :etag_with_template_digest, default: true
+
+      ActiveSupport.on_load :action_view, yield: true do
+        etag do |options|
+          determine_template_etag(options) if etag_with_template_digest
+        end
+      end
+    end
+
+    private
+      def determine_template_etag(options)
+        if template = pick_template_for_etag(options)
+          lookup_and_digest_template(template)
+        end
+      end
+
+      # Pick the template digest to include in the ETag. If the +:template+ option
+      # is present, use the named template. If +:template+ is +nil+ or absent, use
+      # the default controller/action template. If +:template+ is false, omit the
+      # template digest from the ETag.
+      def pick_template_for_etag(options)
+        unless options[:template] == false
+          options[:template] || "#{controller_path}/#{action_name}"
+        end
+      end
+
+      def lookup_and_digest_template(template)
+        ActionView::Digestor.digest name: template, finder: lookup_context
+      end
+  end
+end