actionpack 4.0.13 → 4.1.0.beta1

data/lib/action_dispatch/middleware/show_exceptions.rb

@@ -29,8 +29,11 @@ module ActionDispatch
     def call(env)
       @app.call(env)
     rescue Exception => exception
-      raise exception if env['action_dispatch.show_exceptions'] == false
-      render_exception(env, exception)
+      if env['action_dispatch.show_exceptions'] == false
+        raise exception
+      else
+        render_exception(env, exception)
+      end
     end
 
     private

data/lib/action_dispatch/middleware/ssl.rb

@@ -57,7 +57,7 @@ module ActionDispatch
           cookies = cookies.split("\n")
 
           headers['Set-Cookie'] = cookies.map { |cookie|
-            if cookie !~ /;\s+secure(;|$)/i
+            if cookie !~ /;\s*secure\s*(;|$)/i
               "#{cookie}; secure"
             else
               cookie

data/lib/action_dispatch/middleware/static.rb

@@ -11,15 +11,13 @@ module ActionDispatch
     end
 
     def match?(path)
-      path = unescape_path(path)
-      return false unless path.valid_encoding?
+      path = path.dup
 
-      full_path = path.empty? ? @root : File.join(@root,
-        clean_path_info(escape_glob_chars(path)))
+      full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(unescape_path(path)))
       paths = "#{full_path}#{ext}"
 
       matches = Dir[paths]
-      match = matches.detect { |m| File.file?(m) && File.readable?(m) }
+      match = matches.detect { |m| File.file?(m) }
       if match
         match.sub!(@compiled_root, '')
         ::Rack::Utils.escape(match)
@@ -42,26 +40,8 @@ module ActionDispatch
     end
 
     def escape_glob_chars(path)
-      path.gsub(/[*?{}\[\]\\]/, "\\\\\\&")
-    end
-
-    private
-
-    PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
-
-    def clean_path_info(path_info)
-      parts = path_info.split PATH_SEPS
-
-      clean = []
-
-      parts.each do |part|
-        next if part.empty? || part == '.'
-        part == '..' ? clean.pop : clean << part
-      end
-
-      clean.unshift '/' if parts.empty? || parts.first.empty?
-
-      ::File.join(*clean)
+      path.force_encoding('binary') if path.respond_to? :force_encoding
+      path.gsub(/[*?{}\[\]]/, "\\\\\\&")
     end
   end
 

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb

@@ -0,0 +1,23 @@
+<%
+  clean_params = @request.filtered_parameters.clone
+  clean_params.delete("action")
+  clean_params.delete("controller")
+
+  request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n")
+
+  def debug_hash(object)
+    object.to_hash.sort_by { |k, _| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
+  end unless self.class.method_defined?(:debug_hash)
+%>
+
+Request parameters
+<%= request_dump %>
+
+Session dump
+<%= debug_hash @request.session %>
+
+Env dump
+<%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %>
+
+Response headers
+<%= defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %>

data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb

@@ -0,0 +1,15 @@
+<%
+  traces = { "Application Trace" => @application_trace,
+             "Framework Trace"   => @framework_trace,
+             "Full Trace"        => @full_trace }
+%>
+
+Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %>
+
+<% traces.each do |name, trace| %>
+<% if trace.any? %>
+<%= name %>
+<%= trace.join("\n") %>
+
+<% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb

@@ -8,7 +8,7 @@
 </header>
 
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 
   <%= render template: "rescues/_source" %>
   <%= render template: "rescues/_trace" %>

data/lib/action_dispatch/middleware/templates/rescues/{missing_template.erb → missing_template.html.erb}

@@ -3,5 +3,5 @@
 </header>
 
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb

@@ -0,0 +1,3 @@
+Template is missing
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/rescues/{routing_error.erb → routing_error.html.erb}

@@ -2,7 +2,7 @@
   <h1>Routing Error</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
   <% unless @exception.failures.empty? %>
     <p>
       <h2>Failure reasons:</h2>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb

@@ -0,0 +1,11 @@
+Routing Error
+
+<%= @exception.message %>
+<% unless @exception.failures.empty? %>
+Failure reasons:
+<% @exception.failures.each do |route, reason| %>
+  - <%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %>
+<% end %>
+<% end %>
+
+<%= render template: "rescues/_trace", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/{template_error.erb → template_error.html.erb}

@@ -10,7 +10,7 @@
   <p>
     Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
   </p>
-  <pre><code><%= @exception.message %></code></pre>
+  <pre><code><%= h @exception.message %></code></pre>
 
   <div class="source">
     <div class="info">

data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb

@@ -0,0 +1,8 @@
+<% @source_extract = @exception.source_extract(0, :html) %>
+<%= @exception.original_exception.class.to_s %> in <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+
+Showing <%= @exception.file_name %> where line #<%= @exception.line_number %> raised:
+<%= @exception.message %>
+<%= @exception.sub_template_message %>
+<%= render template: "rescues/_trace", format: :text %>
+<%= render template: "rescues/_request_and_response", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/{unknown_action.erb → unknown_action.html.erb}

@@ -2,5 +2,5 @@
   <h1>Unknown action</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb

@@ -0,0 +1,3 @@
+Unknown action
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -89,8 +89,8 @@
   }
 
   // takes an array of elements with a data-regexp attribute and
-  // passes their their parent <tr> into the callback function
-  // if the regexp matchs a given path
+  // passes their parent <tr> into the callback function
+  // if the regexp matches a given path
   function eachElemsForPath(elems, path, func) {
     each(elems, function(e){
       var reg = e.getAttribute("data-regexp");
@@ -122,7 +122,7 @@
     // On key press perform a search for matching paths
     pathElem.onkeyup = function(e){
       var path        = sanitizePath(pathElem.value),
-          defaultText = '<tr><th colspan="4">Paths Matching (' + escape(path) + '):</th></tr>';
+          defaultText = '<tr><th colspan="4">Paths Matching (' + path + '):</th></tr>';
 
       // Clear out results section
       selectedSection.innerHTML= defaultText;

data/lib/action_dispatch/railtie.rb

@@ -20,8 +20,7 @@ module ActionDispatch
     config.action_dispatch.default_headers = {
       'X-Frame-Options' => 'SAMEORIGIN',
       'X-XSS-Protection' => '1; mode=block',
-      'X-Content-Type-Options' => 'nosniff',
-      'X-UA-Compatible' => 'chrome=1'
+      'X-Content-Type-Options' => 'nosniff'
     }
 
     config.eager_load_namespaces << ActionDispatch

data/lib/action_dispatch/request/session.rb

@@ -7,6 +7,9 @@ module ActionDispatch
       ENV_SESSION_KEY         = Rack::Session::Abstract::ENV_SESSION_KEY # :nodoc:
       ENV_SESSION_OPTIONS_KEY = Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY # :nodoc:
 
+      # Singleton object used to determine if an optional param wasn't specified
+      Unspecified = Object.new
+
       def self.create(store, env, default_options)
         session_was = find env
         session     = Request::Session.new(store, env)
@@ -127,6 +130,15 @@ module ActionDispatch
         @delegate.delete key.to_s
       end
 
+      def fetch(key, default=Unspecified, &block)
+        load_for_read!
+        if default == Unspecified
+          @delegate.fetch(key.to_s, &block)
+        else
+          @delegate.fetch(key.to_s, default, &block)
+        end
+      end
+
       def inspect
         if loaded?
           super

data/lib/action_dispatch/request/utils.rb

@@ -0,0 +1,24 @@
+module ActionDispatch
+  class Request < Rack::Request
+    class Utils # :nodoc:
+      class << self
+        # Remove nils from the params hash
+        def deep_munge(hash)
+          hash.each do |k, v|
+            case v
+            when Array
+              v.grep(Hash) { |x| deep_munge(x) }
+              v.compact!
+              hash[k] = nil if v.empty?
+            when Hash
+              deep_munge(v)
+            end
+          end
+
+          hash
+        end
+      end
+    end
+  end
+end
+

data/lib/action_dispatch/routing.rb

@@ -1,7 +1,6 @@
 # encoding: UTF-8
 require 'active_support/core_ext/object/to_param'
 require 'active_support/core_ext/regexp'
-require 'active_support/dependencies/autoload'
 
 module ActionDispatch
   # The routing module provides URL rewriting in native Ruby. It's a way to
@@ -247,11 +246,13 @@ module ActionDispatch
   # Target specific controllers by prefixing the command with <tt>CONTROLLER=x</tt>.
   #
   module Routing
-    autoload :Mapper, 'action_dispatch/routing/mapper'
-    autoload :RouteSet, 'action_dispatch/routing/route_set'
-    autoload :RoutesProxy, 'action_dispatch/routing/routes_proxy'
-    autoload :UrlFor, 'action_dispatch/routing/url_for'
-    autoload :PolymorphicRoutes, 'action_dispatch/routing/polymorphic_routes'
+    extend ActiveSupport::Autoload
+
+    autoload :Mapper
+    autoload :RouteSet
+    autoload :RoutesProxy
+    autoload :UrlFor
+    autoload :PolymorphicRoutes
 
     SEPARATORS = %w( / . ? ) #:nodoc:
     HTTP_METHODS = [:get, :head, :post, :patch, :put, :delete, :options] #:nodoc:

data/lib/action_dispatch/routing/inspector.rb

@@ -69,7 +69,7 @@ module ActionDispatch
       end
 
       def internal?
-        controller.to_s =~ %r{\Arails/(info|welcome)} || path =~ %r{\A#{Rails.application.config.assets.prefix}\z}
+        controller.to_s =~ %r{\Arails/(info|mailers|welcome)} || path =~ %r{\A#{Rails.application.config.assets.prefix}}
       end
 
       def engine?
@@ -194,9 +194,9 @@ module ActionDispatch
         end
 
         def widths(routes)
-          [routes.map { |r| r[:name].length }.max || 0,
-           routes.map { |r| r[:verb].length }.max || 0,
-           routes.map { |r| r[:path].length }.max || 0]
+          [routes.map { |r| r[:name].length }.max,
+           routes.map { |r| r[:verb].length }.max,
+           routes.map { |r| r[:path].length }.max]
         end
     end
 

data/lib/action_dispatch/routing/mapper.rb

@@ -147,14 +147,16 @@ module ActionDispatch
             @defaults.merge!(options[:defaults]) if options[:defaults]
 
             options.each do |key, default|
-              next if Regexp === default || IGNORE_OPTIONS.include?(key)
-              @defaults[key] = default
+              unless Regexp === default || IGNORE_OPTIONS.include?(key)
+                @defaults[key] = default
+              end
             end
 
             if options[:constraints].is_a?(Hash)
               options[:constraints].each do |key, default|
-                next unless URL_OPTIONS.include?(key) && (String === default || Fixnum === default)
-                @defaults[key] ||= default
+                if URL_OPTIONS.include?(key) && (String === default || Fixnum === default)
+                  @defaults[key] ||= default
+                end
               end
             end
 
@@ -166,19 +168,21 @@ module ActionDispatch
           end
 
           def normalize_conditions!
-            @conditions.merge!(:path_info => path)
+            @conditions[:path_info] = path
 
             constraints.each do |key, condition|
-              next if segment_keys.include?(key) || key == :controller
-              @conditions[key] = condition
+              unless segment_keys.include?(key) || key == :controller
+                @conditions[key] = condition
+              end
             end
 
-            @conditions[:required_defaults] = []
+            required_defaults = []
             options.each do |key, required_default|
-              next if segment_keys.include?(key) || IGNORE_OPTIONS.include?(key)
-              next if Regexp === required_default
-              @conditions[:required_defaults] << key
+              unless segment_keys.include?(key) || IGNORE_OPTIONS.include?(key) || Regexp === required_default
+                required_defaults << key
+              end
             end
+            @conditions[:required_defaults] = required_defaults
 
             via_all = options.delete(:via) if options[:via] == :all
 
@@ -192,8 +196,7 @@ module ActionDispatch
             end
 
             if via = options[:via]
-              list = Array(via).map { |m| m.to_s.dasherize.upcase }
-              @conditions.merge!(:request_method => list)
+              @conditions[:request_method] = Array(via).map { |m| m.to_s.dasherize.upcase }
             end
           end
 
@@ -332,35 +335,18 @@ module ActionDispatch
           match '/', { :as => :root, :via => :get }.merge!(options)
         end
 
-        # Matches a url pattern to one or more routes.
+        # Matches a url pattern to one or more routes. Any symbols in a pattern
+        # are interpreted as url query parameters and thus available as +params+
+        # in an action:
         #
-        # You should not use the `match` method in your router
-        # without specifying an HTTP method.
-        #
-        # If you want to expose your action to both GET and POST, use:
-        # 
         #   # sets :controller, :action and :id in params
-        #   match ':controller/:action/:id', via: [:get, :post]
-        #
-        # Note that +:controller+, +:action+, +:id+  are interpreted as url query 
-        # parameters and thus available as +params+
-        # in an action.
-        #
-        # If you want to expose your action to GET, use `get` in the router:
-        #
-        # Instead of:
-        #
-        #   match ":controller/:action/:id"
-        #
-        # Do:
-        #
-        #   get ":controller/:action/:id"
+        #   match ':controller/:action/:id'
         #
         # Two of these symbols are special, +:controller+ maps to the controller
         # and +:action+ to the controller's action. A pattern can also map
         # wildcard segments (globs) to params:
         #
-        #   get 'songs/*category/:title', to: 'songs#show'
+        #   match 'songs/*category/:title', to: 'songs#show'
         #
         #   # 'songs/rock/classic/stairway-to-heaven' sets
         #   #  params[:category] = 'rock/classic'
@@ -369,20 +355,21 @@ module ActionDispatch
         # When a pattern points to an internal route, the route's +:action+ and
         # +:controller+ should be set in options or hash shorthand. Examples:
         #
-        #   match 'photos/:id' => 'photos#show', via: [:get]
-        #   match 'photos/:id', to: 'photos#show', via: [:get]
-        #   match 'photos/:id', controller: 'photos', action: 'show', via: [:get]
+        #   match 'photos/:id' => 'photos#show'
+        #   match 'photos/:id', to: 'photos#show'
+        #   match 'photos/:id', controller: 'photos', action: 'show'
         #
         # A pattern can also point to a +Rack+ endpoint i.e. anything that
         # responds to +call+:
         #
-        #   match 'photos/:id', to: lambda {|hash| [200, {}, ["Coming soon"]] }, via: [:get]
-        #   match 'photos/:id', to: PhotoRackApp, via: [:get]
+        #   match 'photos/:id', to: lambda {|hash| [200, {}, ["Coming soon"]] }
+        #   match 'photos/:id', to: PhotoRackApp
         #   # Yes, controller actions are just rack endpoints
-        #   match 'photos/:id', to: PhotosController.action(:show), via: [:get]
+        #   match 'photos/:id', to: PhotosController.action(:show)
         #
-        # Because request various HTTP verbs with a single action has security
-        # implications, is recommendable use HttpHelpers[rdoc-ref:HttpHelpers]
+        # Because requesting various HTTP verbs with a single action has security
+        # implications, you must either specify the actions in
+        # the via options or use one of the HtttpHelpers[rdoc-ref:HttpHelpers]
         # instead +match+
         #
         # === Options
@@ -395,19 +382,13 @@ module ActionDispatch
         # [:action]
         #   The route's action.
         #
-        # [:param]
-        #   Overrides the default resource identifier `:id` (name of the
-        #   dynamic segment used to generate the routes).
-        #   You can access that segment from your controller using
-        #   <tt>params[<:param>]</tt>.
-        #
         # [:path]
         #   The path prefix for the routes.
         #
         # [:module]
         #   The namespace for :controller.
         #
-        #     match 'path', to: 'c#a', module: 'sekret', controller: 'posts', via: [:get]
+        #     match 'path', to: 'c#a', module: 'sekret', controller: 'posts'
         #     # => Sekret::PostsController
         #
         #   See <tt>Scoping#namespace</tt> for its scope equivalent.
@@ -426,9 +407,9 @@ module ActionDispatch
         #   Points to a +Rack+ endpoint. Can be an object that responds to
         #   +call+ or a string representing a controller's action.
         #
-        #      match 'path', to: 'controller#action', via: [:get]
-        #      match 'path', to: lambda { |env| [200, {}, ["Success!"]] }, via: [:get]
-        #      match 'path', to: RackApp, via: [:get]
+        #      match 'path', to: 'controller#action'
+        #      match 'path', to: lambda { |env| [200, {}, ["Success!"]] }
+        #      match 'path', to: RackApp
         #
         # [:on]
         #   Shorthand for wrapping routes in a specific RESTful context. Valid
@@ -453,14 +434,14 @@ module ActionDispatch
         #   other than path can also be specified with any object
         #   that responds to <tt>===</tt> (eg. String, Array, Range, etc.).
         #
-        #     match 'path/:id', constraints: { id: /[A-Z]\d{5}/ }, via: [:get]
+        #     match 'path/:id', constraints: { id: /[A-Z]\d{5}/ }
         #
-        #     match 'json_only', constraints: { format: 'json' }, via: [:get]
+        #     match 'json_only', constraints: { format: 'json' }
         #
-        #     class Blacklist
+        #     class Whitelist
         #       def matches?(request) request.remote_ip == '1.2.3.4' end
         #     end
-        #     match 'path', to: 'c#a', constraints: Blacklist.new, via: [:get]
+        #     match 'path', to: 'c#a', constraints: Whitelist.new
         #
         #   See <tt>Scoping#constraints</tt> for more examples with its scope
         #   equivalent.
@@ -469,7 +450,7 @@ module ActionDispatch
         #   Sets defaults for parameters
         #
         #     # Sets params[:format] to 'jpg' by default
-        #     match 'path', to: 'c#a', defaults: { format: 'jpg' }, via: [:get]
+        #     match 'path', to: 'c#a', defaults: { format: 'jpg' }
         #
         #   See <tt>Scoping#defaults</tt> for its scope equivalent.
         #
@@ -478,7 +459,7 @@ module ActionDispatch
         #   false, the pattern matches any request prefixed with the given path.
         #
         #     # Matches any request starting with 'path'
-        #     match 'path', to: 'c#a', anchor: false, via: [:get]
+        #     match 'path', to: 'c#a', anchor: false
         #
         # [:format]
         #   Allows you to specify the default value for optional +format+
@@ -521,11 +502,12 @@ module ActionDispatch
           raise "A rack application must be specified" unless path
 
           options[:as]  ||= app_name(app)
+          target_as       = name_for_action(options[:as], path)
           options[:via] ||= :all
 
           match(path, options.merge(:to => app, :anchor => false, :format => false))
 
-          define_generate_prefix(app, options[:as])
+          define_generate_prefix(app, target_as)
           self
         end
 
@@ -720,11 +702,6 @@ module ActionDispatch
           options[:path] = args.flatten.join('/') if args.any?
           options[:constraints] ||= {}
 
-          unless nested_scope?
-            options[:shallow_path] ||= options[:path] if options.key?(:path)
-            options[:shallow_prefix] ||= options[:as] if options.key?(:as)
-          end
-
           if options[:constraints].is_a?(Hash)
             defaults = options[:constraints].select do
               |k, v| URL_OPTIONS.include?(k) && (v.is_a?(String) || v.is_a?(Fixnum))
@@ -806,16 +783,9 @@ module ActionDispatch
         #   end
         def namespace(path, options = {})
           path = path.to_s
-
-          defaults = {
-            module:         path,
-            path:           options.fetch(:path, path),
-            as:             options.fetch(:as, path),
-            shallow_path:   options.fetch(:path, path),
-            shallow_prefix: options.fetch(:as, path)
-          }
-
-          scope(defaults.merge!(options)) { yield }
+          options = { :path => path, :as => path, :module => path,
+                      :shallow_path => path, :shallow_prefix => path }.merge!(options)
+          scope(options) { yield }
         end
 
         # === Parameter Restriction
@@ -1004,7 +974,6 @@ module ActionDispatch
             @as         = options[:as]
             @param      = (options[:param] || :id).to_sym
             @options    = options
-            @shallow    = false
           end
 
           def default_actions
@@ -1065,13 +1034,6 @@ module ActionDispatch
             "#{path}/:#{nested_param}"
           end
 
-          def shallow=(value)
-            @shallow = value
-          end
-
-          def shallow?
-            @shallow
-          end
         end
 
         class SingletonResource < Resource #:nodoc:
@@ -1111,18 +1073,18 @@ module ActionDispatch
         # a singular resource to map /profile (rather than /profile/:id) to
         # the show action:
         #
-        #   resource :geocoder
+        #   resource :profile
         #
         # creates six different routes in your application, all mapping to
-        # the +GeoCoders+ controller (note that the controller is named after
+        # the +Profiles+ controller (note that the controller is named after
         # the plural):
         #
-        #   GET       /geocoder/new
-        #   POST      /geocoder
-        #   GET       /geocoder
-        #   GET       /geocoder/edit
-        #   PATCH/PUT /geocoder
-        #   DELETE    /geocoder
+        #   GET       /profile/new
+        #   POST      /profile
+        #   GET       /profile
+        #   GET       /profile/edit
+        #   PATCH/PUT /profile
+        #   DELETE    /profile
         #
         # === Options
         # Takes same options as +resources+.
@@ -1352,10 +1314,8 @@ module ActionDispatch
           end
 
           with_scope_level(:member) do
-            if shallow?
-              shallow_scope(parent_resource.member_scope) { yield }
-            else
-              scope(parent_resource.member_scope) { yield }
+            scope(parent_resource.member_scope) do
+              yield
             end
           end
         end
@@ -1378,8 +1338,16 @@ module ActionDispatch
           end
 
           with_scope_level(:nested) do
-            if shallow? && shallow_nesting_depth >= 1
-              shallow_scope(parent_resource.nested_scope, nested_options) { yield }
+            if shallow?
+              with_exclusive_scope do
+                if @scope[:shallow_path].blank?
+                  scope(parent_resource.nested_scope, nested_options) { yield }
+                else
+                  scope(@scope[:shallow_path], :as => @scope[:shallow_prefix]) do
+                    scope(parent_resource.nested_scope, nested_options) { yield }
+                  end
+                end
+              end
             else
               scope(parent_resource.nested_scope, nested_options) { yield }
             end
@@ -1396,7 +1364,7 @@ module ActionDispatch
         end
 
         def shallow
-          scope(:shallow => true) do
+          scope(:shallow => true, :shallow_path => @scope[:path]) do
             yield
           end
         end
@@ -1516,13 +1484,6 @@ module ActionDispatch
               return true
             end
 
-            if options.delete(:shallow)
-              shallow do
-                send(method, resources.pop, options, &block)
-              end
-              return true
-            end
-
             if resource_scope?
               nested { send(method, resources.pop, options, &block) }
               return true
@@ -1567,10 +1528,6 @@ module ActionDispatch
             RESOURCE_METHOD_SCOPES.include? @scope[:scope_level]
           end
 
-          def nested_scope? #:nodoc:
-            @scope[:scope_level] == :nested
-          end
-
           def with_exclusive_scope
             begin
               old_name_prefix, old_path = @scope[:as], @scope[:path]
@@ -1584,24 +1541,21 @@ module ActionDispatch
             end
           end
 
-          def with_scope_level(kind)
+          def with_scope_level(kind, resource = parent_resource)
             old, @scope[:scope_level] = @scope[:scope_level], kind
+            old_resource, @scope[:scope_level_resource] = @scope[:scope_level_resource], resource
             yield
           ensure
             @scope[:scope_level] = old
+            @scope[:scope_level_resource] = old_resource
           end
 
           def resource_scope(kind, resource) #:nodoc:
-            resource.shallow = @scope[:shallow]
-            old_resource, @scope[:scope_level_resource] = @scope[:scope_level_resource], resource
-            @nesting.push(resource)
-
-            with_scope_level(kind) do
-              scope(parent_resource.resource_scope) { yield }
+            with_scope_level(kind, resource) do
+              scope(parent_resource.resource_scope) do
+                yield
+              end
             end
-          ensure
-            @nesting.pop
-            @scope[:scope_level_resource] = old_resource
           end
 
           def nested_options #:nodoc:
@@ -1613,14 +1567,6 @@ module ActionDispatch
             options
           end
 
-          def nesting_depth #:nodoc:
-            @nesting.size
-          end
-
-          def shallow_nesting_depth #:nodoc:
-            @nesting.select(&:shallow?).size
-          end
-
           def param_constraint? #:nodoc:
             @scope[:constraints] && @scope[:constraints][parent_resource.param].is_a?(Regexp)
           end
@@ -1633,20 +1579,18 @@ module ActionDispatch
             flag && resource_method_scope? && CANONICAL_ACTIONS.include?(action.to_s)
           end
 
-          def shallow_scope(path, options = {}) #:nodoc:
-            old_name_prefix, old_path = @scope[:as], @scope[:path]
-            @scope[:as], @scope[:path] = @scope[:shallow_prefix], @scope[:shallow_path]
-
-            scope(path, options) { yield }
-          ensure
-            @scope[:as], @scope[:path] = old_name_prefix, old_path
+          def shallow_scoping? #:nodoc:
+            shallow? && @scope[:scope_level] == :member
           end
 
           def path_for_action(action, path) #:nodoc:
+            prefix = shallow_scoping? ?
+              "#{@scope[:shallow_path]}/#{parent_resource.shallow_scope}" : @scope[:path]
+
             if canonical_action?(action, path.blank?)
-              @scope[:path].to_s
+              prefix.to_s
             else
-              "#{@scope[:path]}/#{action_path(action, path)}"
+              "#{prefix}/#{action_path(action, path)}"
             end
           end
 
@@ -1683,7 +1627,7 @@ module ActionDispatch
             when :new
               [prefix, :new, name_prefix, member_name]
             when :member
-              [prefix, name_prefix, member_name]
+              [prefix, shallow_scoping? ? @scope[:shallow_prefix] : name_prefix, member_name]
             when :root
               [name_prefix, collection_name, prefix]
             else
@@ -1824,7 +1768,6 @@ module ActionDispatch
         @set = set
         @scope = { :path_names => @set.resources_path_names }
         @concerns = {}
-        @nesting = []
       end
 
       include Base