RubyGems - actionpack - Versions diffs - 4.2.10 → 7.2.0.rc1 - Mend

actionpack 4.2.10 → 7.2.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (202) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +86 -600
data/MIT-LICENSE +1 -1
data/README.rdoc +13 -14
data/lib/abstract_controller/asset_paths.rb +5 -1
data/lib/abstract_controller/base.rb +166 -136
data/lib/abstract_controller/caching/fragments.rb +149 -0
data/lib/abstract_controller/caching.rb +68 -0
data/lib/abstract_controller/callbacks.rb +126 -57
data/lib/abstract_controller/collector.rb +13 -15
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +8 -0
data/lib/abstract_controller/helpers.rb +181 -132
data/lib/abstract_controller/logger.rb +5 -1
data/lib/abstract_controller/railties/routes_helpers.rb +10 -3
data/lib/abstract_controller/rendering.rb +56 -56
data/lib/abstract_controller/translation.rb +29 -15
data/lib/abstract_controller/url_for.rb +15 -11
data/lib/abstract_controller.rb +21 -5
data/lib/action_controller/api/api_rendering.rb +18 -0
data/lib/action_controller/api.rb +154 -0
data/lib/action_controller/base.rb +219 -155
data/lib/action_controller/caching.rb +28 -68
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +55 -0
data/lib/action_controller/log_subscriber.rb +35 -22
data/lib/action_controller/metal/allow_browser.rb +119 -0
data/lib/action_controller/metal/basic_implicit_render.rb +17 -0
data/lib/action_controller/metal/conditional_get.rb +259 -122
data/lib/action_controller/metal/content_security_policy.rb +86 -0
data/lib/action_controller/metal/cookies.rb +9 -5
data/lib/action_controller/metal/data_streaming.rb +87 -104
data/lib/action_controller/metal/default_headers.rb +21 -0
data/lib/action_controller/metal/etag_with_flash.rb +22 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +35 -26
data/lib/action_controller/metal/exceptions.rb +71 -24
data/lib/action_controller/metal/flash.rb +26 -19
data/lib/action_controller/metal/head.rb +45 -36
data/lib/action_controller/metal/helpers.rb +80 -64
data/lib/action_controller/metal/http_authentication.rb +297 -244
data/lib/action_controller/metal/implicit_render.rb +57 -9
data/lib/action_controller/metal/instrumentation.rb +76 -64
data/lib/action_controller/metal/live.rb +238 -176
data/lib/action_controller/metal/logging.rb +22 -0
data/lib/action_controller/metal/mime_responds.rb +177 -166
data/lib/action_controller/metal/parameter_encoding.rb +84 -0
data/lib/action_controller/metal/params_wrapper.rb +145 -118
data/lib/action_controller/metal/permissions_policy.rb +38 -0
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +203 -64
data/lib/action_controller/metal/renderers.rb +108 -65
data/lib/action_controller/metal/rendering.rb +216 -56
data/lib/action_controller/metal/request_forgery_protection.rb +496 -163
data/lib/action_controller/metal/rescue.rb +19 -21
data/lib/action_controller/metal/streaming.rb +179 -138
data/lib/action_controller/metal/strong_parameters.rb +1058 -382
data/lib/action_controller/metal/testing.rb +11 -17
data/lib/action_controller/metal/url_for.rb +37 -21
data/lib/action_controller/metal.rb +236 -138
data/lib/action_controller/railtie.rb +89 -11
data/lib/action_controller/railties/helpers.rb +5 -1
data/lib/action_controller/renderer.rb +161 -0
data/lib/action_controller/template_assertions.rb +13 -0
data/lib/action_controller/test_case.rb +425 -497
data/lib/action_controller.rb +44 -22
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +119 -63
data/lib/action_dispatch/http/content_disposition.rb +47 -0
data/lib/action_dispatch/http/content_security_policy.rb +364 -0
data/lib/action_dispatch/http/filter_parameters.rb +36 -34
data/lib/action_dispatch/http/filter_redirect.rb +24 -12
data/lib/action_dispatch/http/headers.rb +66 -31
data/lib/action_dispatch/http/mime_negotiation.rb +106 -75
data/lib/action_dispatch/http/mime_type.rb +196 -136
data/lib/action_dispatch/http/mime_types.rb +25 -7
data/lib/action_dispatch/http/parameters.rb +97 -45
data/lib/action_dispatch/http/permissions_policy.rb +187 -0
data/lib/action_dispatch/http/rack_cache.rb +6 -0
data/lib/action_dispatch/http/request.rb +299 -170
data/lib/action_dispatch/http/response.rb +311 -160
data/lib/action_dispatch/http/upload.rb +52 -23
data/lib/action_dispatch/http/url.rb +201 -125
data/lib/action_dispatch/journey/formatter.rb +110 -50
data/lib/action_dispatch/journey/gtg/builder.rb +37 -50
data/lib/action_dispatch/journey/gtg/simulator.rb +20 -17
data/lib/action_dispatch/journey/gtg/transition_table.rb +96 -36
data/lib/action_dispatch/journey/nfa/dot.rb +5 -14
data/lib/action_dispatch/journey/nodes/node.rb +100 -20
data/lib/action_dispatch/journey/parser.rb +19 -17
data/lib/action_dispatch/journey/parser.y +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +14 -4
data/lib/action_dispatch/journey/path/pattern.rb +79 -63
data/lib/action_dispatch/journey/route.rb +108 -44
data/lib/action_dispatch/journey/router/utils.rb +41 -29
data/lib/action_dispatch/journey/router.rb +64 -57
data/lib/action_dispatch/journey/routes.rb +23 -21
data/lib/action_dispatch/journey/scanner.rb +28 -17
data/lib/action_dispatch/journey/visitors.rb +100 -54
data/lib/action_dispatch/journey/visualizer/fsm.js +49 -24
data/lib/action_dispatch/journey/visualizer/index.html.erb +1 -1
data/lib/action_dispatch/journey.rb +7 -5
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +7 -6
data/lib/action_dispatch/middleware/cookies.rb +471 -328
data/lib/action_dispatch/middleware/debug_exceptions.rb +149 -66
data/lib/action_dispatch/middleware/debug_locks.rb +129 -0
data/lib/action_dispatch/middleware/debug_view.rb +73 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +275 -73
data/lib/action_dispatch/middleware/executor.rb +32 -0
data/lib/action_dispatch/middleware/flash.rb +143 -101
data/lib/action_dispatch/middleware/host_authorization.rb +171 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +36 -27
data/lib/action_dispatch/middleware/reloader.rb +10 -92
data/lib/action_dispatch/middleware/remote_ip.rb +133 -107
data/lib/action_dispatch/middleware/request_id.rb +29 -15
data/lib/action_dispatch/middleware/server_timing.rb +78 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +49 -27
data/lib/action_dispatch/middleware/session/cache_store.rb +33 -16
data/lib/action_dispatch/middleware/session/cookie_store.rb +86 -80
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +15 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +66 -36
data/lib/action_dispatch/middleware/ssl.rb +134 -36
data/lib/action_dispatch/middleware/stack.rb +109 -44
data/lib/action_dispatch/middleware/static.rb +159 -90
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +7 -24
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +36 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +46 -36
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +12 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +26 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +139 -15
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +6 -6
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +9 -9
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +7 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +125 -93
data/lib/action_dispatch/railtie.rb +44 -16
data/lib/action_dispatch/request/session.rb +159 -69
data/lib/action_dispatch/request/utils.rb +97 -23
data/lib/action_dispatch/routing/endpoint.rb +11 -2
data/lib/action_dispatch/routing/inspector.rb +195 -106
data/lib/action_dispatch/routing/mapper.rb +1338 -955
data/lib/action_dispatch/routing/polymorphic_routes.rb +234 -201
data/lib/action_dispatch/routing/redirection.rb +78 -51
data/lib/action_dispatch/routing/route_set.rb +460 -374
data/lib/action_dispatch/routing/routes_proxy.rb +36 -12
data/lib/action_dispatch/routing/url_for.rb +172 -124
data/lib/action_dispatch/routing.rb +159 -158
data/lib/action_dispatch/system_test_case.rb +206 -0
data/lib/action_dispatch/system_testing/browser.rb +84 -0
data/lib/action_dispatch/system_testing/driver.rb +85 -0
data/lib/action_dispatch/system_testing/server.rb +33 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +164 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +23 -0
data/lib/action_dispatch/testing/assertion_response.rb +48 -0
data/lib/action_dispatch/testing/assertions/response.rb +71 -39
data/lib/action_dispatch/testing/assertions/routing.rb +228 -103
data/lib/action_dispatch/testing/assertions.rb +9 -6
data/lib/action_dispatch/testing/integration.rb +486 -306
data/lib/action_dispatch/testing/request_encoder.rb +60 -0
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +35 -22
data/lib/action_dispatch/testing/test_request.rb +29 -34
data/lib/action_dispatch/testing/test_response.rb +48 -15
data/lib/action_dispatch.rb +82 -40
data/lib/action_pack/gem_version.rb +8 -4
data/lib/action_pack/version.rb +6 -2
data/lib/action_pack.rb +21 -18
metadata +146 -56
data/lib/action_controller/caching/fragments.rb +0 -103
data/lib/action_controller/metal/force_ssl.rb +0 -97
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/http/parameter_filter.rb +0 -72
data/lib/action_dispatch/journey/backwards.rb +0 -5
data/lib/action_dispatch/journey/nfa/builder.rb +0 -76
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -163
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/middleware/params_parser.rb +0 -60
data/lib/action_dispatch/middleware/templates/rescues/_source.erb +0 -27
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb CHANGED Viewed

@@ -1,22 +1,47 @@
 <% content_for :style do %>
+  h2, p {
+    padding-left: 30px;
+  }
   #route_table {
     margin: 0;
     border-collapse: collapse;
+    word-wrap:break-word;
+    table-layout: fixed;
+    width:100%;
   }
   #route_table thead tr {
     border-bottom: 2px solid #ddd;
   }
+  #route_table th {
+    padding-left: 30px;
+    text-align: left;
+  }
   #route_table thead tr.bottom {
     border-bottom: none;
   }
   #route_table thead tr.bottom th {
-    padding: 10px 0;
+    padding: 10px 30px;
     line-height: 15px;
   }
+  #route_table #search_container {
+    padding: 7px 30px;
+  }
+  #route_table thead tr th input#search {
+    -webkit-appearance: textfield;
+    width:100%;
+  }
+  #route_table thead th.http-verb {
+    width: 10%;
+  }
   #route_table tbody tr {
     border-bottom: 1px solid #ddd;
   }
@@ -41,34 +66,34 @@
     padding: 4px 30px;
   }
-  #path_search {
-    width: 80%;
-    font-size: inherit;
+  @media (prefers-color-scheme: dark) {
+    #route_table tbody tr:nth-child(odd) {
+      background: #282828;
+    }
+    #route_table tbody.exact_matches tr,
+    #route_table tbody.fuzzy_matches tr {
+      background: DarkSlateGrey;
+    }
   }
 <% end %>
-<table id='route_table' class='route_table'>
+<table id='route_table'>
   <thead>
     <tr>
-      <th>Helper</th>
-      <th>HTTP Verb</th>
-      <th>Path</th>
-      <th>Controller#Action</th>
-    </tr>
-    <tr class='bottom'>
-      <th><%# Helper %>
-        <%= link_to "Path", "#", 'data-route-helper' => '_path',
+      <th>Helper
+        (<%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute url (with the http and domain)"   %>
-      </th>
-      <th><%# HTTP Verb %>
-      </th>
-      <th><%# Path %>
-        <%= search_field(:path, nil, id: 'search', placeholder: "Path Match") %>
-      </th>
-      <th><%# Controller#action %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>)
       </th>
+      <th class="http-verb">HTTP Verb</th>
+      <th>Path</th>
+      <th>Controller#Action</th>
+      <th>Source Location</th>
+    </tr>
+    <tr>
+      <th colspan="5" id="search_container"><%= search_field(:query, nil, id: 'search', placeholder: "Search") %></th>
     </tr>
   </thead>
   <tbody class='exact_matches' id='exact_matches'>
@@ -80,93 +105,96 @@
   </tbody>
 </table>
-<script type='text/javascript'>
-  // Iterates each element through a function
-  function each(elems, func) {
-    if (!elems instanceof Array) { elems = [elems]; }
-    for (var i = 0, len = elems.length; i < len; i++) {
-      func(elems[i]);
-    }
-  }
-  // Sets innerHTML for an element
-  function setContent(elem, text) {
-    elem.innerHTML = text;
-  }
-  // Enables path search functionality
-  function setupMatchPaths() {
-    // Check if the user input (sanitized as a path) matches the regexp data attribute
-    function checkExactMatch(section, elem, value) {
-      var string = sanitizePath(value),
-          regexp = elem.getAttribute("data-regexp");
-      showMatch(string, regexp, section, elem);
-    }
-    // Check if the route path data attribute contains the user input
-    function checkFuzzyMatch(section, elem, value) {
-      var string = elem.getAttribute("data-route-path"),
-          regexp = value;
+<script>
+  // support forEach iterator on NodeList
+  NodeList.prototype.forEach = Array.prototype.forEach;
-      showMatch(string, regexp, section, elem);
+  // Enables query search functionality
+  function setupMatchingRoutes() {
+    // Check if there are any matched results in a section
+    function checkNoMatch(section, trElement) {
+      if (section.children.length <= 1) {
+        section.appendChild(trElement);
+      }
     }
-    // Display the parent <tr> element in the appropriate section when there's a match
-    function showMatch(string, regexp, section, elem) {
-      if(string.match(RegExp(regexp))) {
-        section.appendChild(elem.parentNode.cloneNode(true));
-      }
+    // get JSON from URL and invoke callback with result
+    function getJSON(url, success) {
+      var xhr = new XMLHttpRequest();
+      xhr.open('GET', url);
+      xhr.onload = function() {
+        if (this.status == 200)
+          success(JSON.parse(this.response));
+      };
+      xhr.send();
     }
-    // Check if there are any matched results in a section
-    function checkNoMatch(section, defaultText, noMatchText) {
-      if (section.innerHTML === defaultText) {
-        setContent(section, defaultText + noMatchText);
+    function delayedKeyup(input, callback) {
+      var timeout;
+      input.onkeyup = function(){
+        if (timeout) clearTimeout(timeout);
+        timeout = setTimeout(callback, 300);
       }
     }
-    // Ensure path always starts with a slash "/" and remove params or fragments
-    function sanitizePath(path) {
-      var path = path.charAt(0) == '/' ? path : "/" + path;
-      return path.replace(/\#.*|\?.*/, '');
+    // remove params or fragments
+    function sanitizeQuery(query) {
+      return query.replace(/[#?].*/, '');
     }
-    var regexpElems     = document.querySelectorAll('#route_table [data-regexp]'),
-        searchElem      = document.querySelector('#search'),
-        exactMatches    = document.querySelector('#exact_matches'),
-        fuzzyMatches    = document.querySelector('#fuzzy_matches');
+    var pathElements = document.querySelectorAll('#route_table [data-route-path]'),
+        searchElem   = document.querySelector('#search'),
+        exactSection = document.querySelector('#exact_matches'),
+        fuzzySection = document.querySelector('#fuzzy_matches');
     // Remove matches when no search value is present
     searchElem.onblur = function(e) {
       if (searchElem.value === "") {
-        setContent(exactMatches, "");
-        setContent(fuzzyMatches, "");
+        exactSection.innerHTML = "";
+        fuzzySection.innerHTML = "";
       }
     }
+    function buildTr(string) {
+      var tr = document.createElement('tr');
+      var th = document.createElement('th');
+      th.setAttribute('colspan', 5);
+      tr.appendChild(th);
+      th.innerText = string;
+      return tr;
+    }
     // On key press perform a search for matching paths
-    searchElem.onkeyup = function(e){
-      var userInput         = searchElem.value,
-          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + escape(sanitizePath(userInput)) +'):</th></tr>',
-          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + escape(userInput) +'):</th></tr>',
-          noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
-          noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
-      // Clear out results section
-      setContent(exactMatches, defaultExactMatch);
-      setContent(fuzzyMatches, defaultFuzzyMatch);
-      // Display exact matches and fuzzy matches
-      each(regexpElems, function(elem) {
-        checkExactMatch(exactMatches, elem, userInput);
-        checkFuzzyMatch(fuzzyMatches, elem, userInput);
+    delayedKeyup(searchElem, function() {
+      var query = sanitizeQuery(searchElem.value),
+          defaultExactMatch = buildTr("Routes matching '" + query + "':"),
+          defaultFuzzyMatch = buildTr("Routes containing '" + query + "':"),
+          noExactMatch      = buildTr('No exact matches found'),
+          noFuzzyMatch      = buildTr('No fuzzy matches found');
+      if (!query)
+        return searchElem.onblur();
+      getJSON('/rails/info/routes?query=' + query, function(matches){
+        // Clear out results section
+        exactSection.replaceChildren(defaultExactMatch);
+        fuzzySection.replaceChildren(defaultFuzzyMatch);
+        // Display exact matches and fuzzy matches
+        pathElements.forEach(function(elem) {
+          var elemPath = elem.getAttribute('data-route-path');
+          if (matches['exact'].indexOf(elemPath) != -1)
+            exactSection.appendChild(elem.parentNode.cloneNode(true));
+          if (matches['fuzzy'].indexOf(elemPath) != -1)
+            fuzzySection.appendChild(elem.parentNode.cloneNode(true));
+        })
+        // Display 'No Matches' message when no matches are found
+        checkNoMatch(exactSection, noExactMatch);
+        checkNoMatch(fuzzySection, noFuzzyMatch);
       })
-      // Display 'No Matches' message when no matches are found
-      checkNoMatch(exactMatches, defaultExactMatch, noExactMatch);
-      checkNoMatch(fuzzyMatches, defaultFuzzyMatch, noFuzzyMatch);
-    }
+    })
   }
   // Enables functionality to toggle between `_path` and `_url` helper suffixes
@@ -174,19 +202,20 @@
     // Sets content for each element
     function setValOn(elems, val) {
-      each(elems, function(elem) {
-        setContent(elem, val);
+      elems.forEach(function(elem) {
+        elem.innerHTML = val;
       });
     }
     // Sets onClick event for each element
     function onClick(elems, func) {
-      each(elems, function(elem) {
+      elems.forEach(function(elem) {
         elem.onclick = func;
       });
     }
     var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
     onClick(toggleLinks, function(){
       var helperTxt   = this.getAttribute("data-route-helper"),
           helperElems = document.querySelectorAll('[data-route-name] span.helper');
@@ -195,6 +224,9 @@
     });
   }
-  setupMatchPaths();
+  setupMatchingRoutes();
   setupRouteToggleHelperLinks();
+  // Focus the search input after page has loaded
+  document.getElementById('search').focus();
 </script>

data/lib/action_dispatch/railtie.rb CHANGED Viewed

@@ -1,37 +1,65 @@
+# frozen_string_literal: true
+# :markup: markdown
 require "action_dispatch"
+require "action_dispatch/log_subscriber"
+require "active_support/messages/rotation_configuration"
 module ActionDispatch
   class Railtie < Rails::Railtie # :nodoc:
     config.action_dispatch = ActiveSupport::OrderedOptions.new
     config.action_dispatch.x_sendfile_header = nil
     config.action_dispatch.ip_spoofing_check = true
-    config.action_dispatch.show_exceptions = true
+    config.action_dispatch.show_exceptions = :all
     config.action_dispatch.tld_length = 1
     config.action_dispatch.ignore_accept_header = false
-    config.action_dispatch.rescue_templates = { }
-    config.action_dispatch.rescue_responses = { }
+    config.action_dispatch.rescue_templates = {}
+    config.action_dispatch.rescue_responses = {}
     config.action_dispatch.default_charset = nil
     config.action_dispatch.rack_cache = false
-    config.action_dispatch.http_auth_salt = 'http authentication'
-    config.action_dispatch.signed_cookie_salt = 'signed cookie'
-    config.action_dispatch.encrypted_cookie_salt = 'encrypted cookie'
-    config.action_dispatch.encrypted_signed_cookie_salt = 'signed encrypted cookie'
+    config.action_dispatch.http_auth_salt = "http authentication"
+    config.action_dispatch.signed_cookie_salt = "signed cookie"
+    config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
+    config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
+    config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
+    config.action_dispatch.use_authenticated_cookie_encryption = false
+    config.action_dispatch.use_cookies_with_metadata = false
     config.action_dispatch.perform_deep_munge = true
+    config.action_dispatch.request_id_header = ActionDispatch::Constants::X_REQUEST_ID
+    config.action_dispatch.log_rescued_responses = true
+    config.action_dispatch.debug_exception_log_level = :fatal
     config.action_dispatch.default_headers = {
-      'X-Frame-Options' => 'SAMEORIGIN',
-      'X-XSS-Protection' => '1; mode=block',
-      'X-Content-Type-Options' => 'nosniff'
+      "X-Frame-Options" => "SAMEORIGIN",
+      "X-XSS-Protection" => "1; mode=block",
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
     }
+    config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
     config.eager_load_namespaces << ActionDispatch
+    initializer "action_dispatch.deprecator", before: :load_environment_config do |app|
+      app.deprecators[:action_dispatch] = ActionDispatch.deprecator
+    end
     initializer "action_dispatch.configure" do |app|
+      ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
-      ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
-      ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
-      ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
-      ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers
+      ActiveSupport.on_load(:action_dispatch_request) do
+        self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
+        ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
+      end
+      ActiveSupport.on_load(:action_dispatch_response) do
+        self.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
+        self.default_headers = app.config.action_dispatch.default_headers
+      end
       ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses)
       ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates)
@@ -39,9 +67,9 @@ module ActionDispatch
       config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
-      ActionDispatch.test_app = app
+      ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
-      ActionDispatch::Routing::RouteSet.relative_url_root = app.config.relative_url_root
+      ActionDispatch.test_app = app
     end
   end
 end