actionpack 4.2.8 → 5.2.4.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +285 -444
- data/MIT-LICENSE +1 -1
- data/README.rdoc +6 -7
- data/lib/abstract_controller.rb +12 -5
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +45 -49
- data/lib/abstract_controller/caching.rb +66 -0
- data/lib/{action_controller → abstract_controller}/caching/fragments.rb +78 -15
- data/lib/abstract_controller/callbacks.rb +47 -31
- data/lib/abstract_controller/collector.rb +8 -11
- data/lib/abstract_controller/error.rb +6 -0
- data/lib/abstract_controller/helpers.rb +25 -25
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +4 -2
- data/lib/abstract_controller/rendering.rb +42 -41
- data/lib/abstract_controller/translation.rb +10 -7
- data/lib/abstract_controller/url_for.rb +2 -0
- data/lib/action_controller.rb +29 -21
- data/lib/action_controller/api.rb +149 -0
- data/lib/action_controller/api/api_rendering.rb +16 -0
- data/lib/action_controller/base.rb +27 -19
- data/lib/action_controller/caching.rb +14 -57
- data/lib/action_controller/form_builder.rb +50 -0
- data/lib/action_controller/log_subscriber.rb +10 -15
- data/lib/action_controller/metal.rb +98 -83
- data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
- data/lib/action_controller/metal/conditional_get.rb +118 -44
- data/lib/action_controller/metal/content_security_policy.rb +52 -0
- data/lib/action_controller/metal/cookies.rb +3 -3
- data/lib/action_controller/metal/data_streaming.rb +27 -46
- data/lib/action_controller/metal/etag_with_flash.rb +18 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +20 -13
- data/lib/action_controller/metal/exceptions.rb +8 -14
- data/lib/action_controller/metal/flash.rb +4 -3
- data/lib/action_controller/metal/force_ssl.rb +23 -21
- data/lib/action_controller/metal/head.rb +21 -19
- data/lib/action_controller/metal/helpers.rb +24 -14
- data/lib/action_controller/metal/http_authentication.rb +64 -57
- data/lib/action_controller/metal/implicit_render.rb +62 -8
- data/lib/action_controller/metal/instrumentation.rb +19 -21
- data/lib/action_controller/metal/live.rb +90 -106
- data/lib/action_controller/metal/mime_responds.rb +33 -46
- data/lib/action_controller/metal/parameter_encoding.rb +51 -0
- data/lib/action_controller/metal/params_wrapper.rb +61 -53
- data/lib/action_controller/metal/redirecting.rb +49 -28
- data/lib/action_controller/metal/renderers.rb +87 -44
- data/lib/action_controller/metal/rendering.rb +72 -50
- data/lib/action_controller/metal/request_forgery_protection.rb +203 -92
- data/lib/action_controller/metal/rescue.rb +9 -16
- data/lib/action_controller/metal/streaming.rb +12 -10
- data/lib/action_controller/metal/strong_parameters.rb +582 -165
- data/lib/action_controller/metal/testing.rb +2 -17
- data/lib/action_controller/metal/url_for.rb +19 -10
- data/lib/action_controller/railtie.rb +28 -10
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +117 -0
- data/lib/action_controller/template_assertions.rb +11 -0
- data/lib/action_controller/test_case.rb +280 -411
- data/lib/action_dispatch.rb +27 -19
- data/lib/action_dispatch/http/cache.rb +93 -47
- data/lib/action_dispatch/http/content_security_policy.rb +272 -0
- data/lib/action_dispatch/http/filter_parameters.rb +26 -20
- data/lib/action_dispatch/http/filter_redirect.rb +10 -11
- data/lib/action_dispatch/http/headers.rb +55 -22
- data/lib/action_dispatch/http/mime_negotiation.rb +60 -41
- data/lib/action_dispatch/http/mime_type.rb +134 -121
- data/lib/action_dispatch/http/mime_types.rb +20 -6
- data/lib/action_dispatch/http/parameter_filter.rb +25 -11
- data/lib/action_dispatch/http/parameters.rb +98 -39
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +200 -118
- data/lib/action_dispatch/http/response.rb +225 -110
- data/lib/action_dispatch/http/upload.rb +12 -6
- data/lib/action_dispatch/http/url.rb +110 -28
- data/lib/action_dispatch/journey.rb +7 -5
- data/lib/action_dispatch/journey/formatter.rb +55 -32
- data/lib/action_dispatch/journey/gtg/builder.rb +7 -5
- data/lib/action_dispatch/journey/gtg/simulator.rb +3 -9
- data/lib/action_dispatch/journey/gtg/transition_table.rb +17 -16
- data/lib/action_dispatch/journey/nfa/builder.rb +5 -3
- data/lib/action_dispatch/journey/nfa/dot.rb +13 -13
- data/lib/action_dispatch/journey/nfa/simulator.rb +3 -1
- data/lib/action_dispatch/journey/nfa/transition_table.rb +5 -48
- data/lib/action_dispatch/journey/nodes/node.rb +18 -6
- data/lib/action_dispatch/journey/parser.rb +23 -22
- data/lib/action_dispatch/journey/parser.y +3 -2
- data/lib/action_dispatch/journey/parser_extras.rb +12 -4
- data/lib/action_dispatch/journey/path/pattern.rb +50 -44
- data/lib/action_dispatch/journey/route.rb +106 -28
- data/lib/action_dispatch/journey/router.rb +35 -23
- data/lib/action_dispatch/journey/router/utils.rb +20 -11
- data/lib/action_dispatch/journey/routes.rb +18 -16
- data/lib/action_dispatch/journey/scanner.rb +18 -15
- data/lib/action_dispatch/journey/visitors.rb +99 -52
- data/lib/action_dispatch/middleware/callbacks.rb +1 -2
- data/lib/action_dispatch/middleware/cookies.rb +304 -193
- data/lib/action_dispatch/middleware/debug_exceptions.rb +152 -57
- data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +68 -69
- data/lib/action_dispatch/middleware/executor.rb +21 -0
- data/lib/action_dispatch/middleware/flash.rb +78 -54
- data/lib/action_dispatch/middleware/public_exceptions.rb +27 -25
- data/lib/action_dispatch/middleware/reloader.rb +5 -91
- data/lib/action_dispatch/middleware/remote_ip.rb +41 -31
- data/lib/action_dispatch/middleware/request_id.rb +17 -9
- data/lib/action_dispatch/middleware/session/abstract_store.rb +41 -25
- data/lib/action_dispatch/middleware/session/cache_store.rb +24 -14
- data/lib/action_dispatch/middleware/session/cookie_store.rb +72 -67
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -2
- data/lib/action_dispatch/middleware/show_exceptions.rb +26 -22
- data/lib/action_dispatch/middleware/ssl.rb +114 -36
- data/lib/action_dispatch/middleware/stack.rb +31 -44
- data/lib/action_dispatch/middleware/static.rb +57 -50
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +2 -14
- data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +1 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +64 -64
- data/lib/action_dispatch/railtie.rb +19 -11
- data/lib/action_dispatch/request/session.rb +106 -59
- data/lib/action_dispatch/request/utils.rb +67 -24
- data/lib/action_dispatch/routing.rb +17 -18
- data/lib/action_dispatch/routing/endpoint.rb +9 -2
- data/lib/action_dispatch/routing/inspector.rb +58 -67
- data/lib/action_dispatch/routing/mapper.rb +734 -447
- data/lib/action_dispatch/routing/polymorphic_routes.rb +161 -139
- data/lib/action_dispatch/routing/redirection.rb +36 -26
- data/lib/action_dispatch/routing/route_set.rb +321 -291
- data/lib/action_dispatch/routing/routes_proxy.rb +32 -5
- data/lib/action_dispatch/routing/url_for.rb +65 -25
- data/lib/action_dispatch/system_test_case.rb +147 -0
- data/lib/action_dispatch/system_testing/browser.rb +49 -0
- data/lib/action_dispatch/system_testing/driver.rb +59 -0
- data/lib/action_dispatch/system_testing/server.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +96 -0
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
- data/lib/action_dispatch/testing/assertion_response.rb +47 -0
- data/lib/action_dispatch/testing/assertions.rb +6 -4
- data/lib/action_dispatch/testing/assertions/response.rb +45 -20
- data/lib/action_dispatch/testing/assertions/routing.rb +30 -26
- data/lib/action_dispatch/testing/integration.rb +347 -209
- data/lib/action_dispatch/testing/request_encoder.rb +55 -0
- data/lib/action_dispatch/testing/test_process.rb +28 -22
- data/lib/action_dispatch/testing/test_request.rb +27 -34
- data/lib/action_dispatch/testing/test_response.rb +35 -7
- data/lib/action_pack.rb +4 -2
- data/lib/action_pack/gem_version.rb +5 -3
- data/lib/action_pack/version.rb +3 -1
- metadata +56 -39
- data/lib/action_controller/metal/hide_actions.rb +0 -40
- data/lib/action_controller/metal/rack_delegation.rb +0 -32
- data/lib/action_controller/middleware.rb +0 -39
- data/lib/action_controller/model_naming.rb +0 -12
- data/lib/action_dispatch/journey/backwards.rb +0 -5
- data/lib/action_dispatch/journey/router/strexp.rb +0 -27
- data/lib/action_dispatch/middleware/params_parser.rb +0 -60
- data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
- data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
- data/lib/action_dispatch/testing/assertions/tag.rb +0 -3
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionController #:nodoc:
|
4
|
+
module ContentSecurityPolicy
|
5
|
+
# TODO: Documentation
|
6
|
+
extend ActiveSupport::Concern
|
7
|
+
|
8
|
+
include AbstractController::Helpers
|
9
|
+
include AbstractController::Callbacks
|
10
|
+
|
11
|
+
included do
|
12
|
+
helper_method :content_security_policy?
|
13
|
+
helper_method :content_security_policy_nonce
|
14
|
+
end
|
15
|
+
|
16
|
+
module ClassMethods
|
17
|
+
def content_security_policy(enabled = true, **options, &block)
|
18
|
+
before_action(options) do
|
19
|
+
if block_given?
|
20
|
+
policy = current_content_security_policy
|
21
|
+
yield policy
|
22
|
+
request.content_security_policy = policy
|
23
|
+
end
|
24
|
+
|
25
|
+
unless enabled
|
26
|
+
request.content_security_policy = nil
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def content_security_policy_report_only(report_only = true, **options)
|
32
|
+
before_action(options) do
|
33
|
+
request.content_security_policy_report_only = report_only
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def content_security_policy?
|
41
|
+
request.content_security_policy
|
42
|
+
end
|
43
|
+
|
44
|
+
def content_security_policy_nonce
|
45
|
+
request.content_security_policy_nonce
|
46
|
+
end
|
47
|
+
|
48
|
+
def current_content_security_policy
|
49
|
+
request.content_security_policy.try(:clone) || ActionDispatch::ContentSecurityPolicy.new
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -1,11 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController #:nodoc:
|
2
4
|
module Cookies
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
|
-
include RackDelegation
|
6
|
-
|
7
7
|
included do
|
8
|
-
helper_method :cookies
|
8
|
+
helper_method :cookies if defined?(helper_method)
|
9
9
|
end
|
10
10
|
|
11
11
|
private
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "action_controller/metal/exceptions"
|
2
4
|
|
3
5
|
module ActionController #:nodoc:
|
4
6
|
# Methods for sending arbitrary data and for streaming files to the browser,
|
@@ -8,10 +10,10 @@ module ActionController #:nodoc:
|
|
8
10
|
|
9
11
|
include ActionController::Rendering
|
10
12
|
|
11
|
-
DEFAULT_SEND_FILE_TYPE =
|
12
|
-
DEFAULT_SEND_FILE_DISPOSITION =
|
13
|
+
DEFAULT_SEND_FILE_TYPE = "application/octet-stream".freeze #:nodoc:
|
14
|
+
DEFAULT_SEND_FILE_DISPOSITION = "attachment".freeze #:nodoc:
|
13
15
|
|
14
|
-
|
16
|
+
private
|
15
17
|
# Sends the file. This uses a server-appropriate method (such as X-Sendfile)
|
16
18
|
# via the Rack::Sendfile middleware. The header to use is set via
|
17
19
|
# +config.action_dispatch.x_sendfile_header+.
|
@@ -25,14 +27,13 @@ module ActionController #:nodoc:
|
|
25
27
|
# * <tt>:filename</tt> - suggests a filename for the browser to use.
|
26
28
|
# Defaults to <tt>File.basename(path)</tt>.
|
27
29
|
# * <tt>:type</tt> - specifies an HTTP content type.
|
28
|
-
# You can specify either a string or a symbol for a registered type register
|
29
|
-
# <tt
|
30
|
-
# If
|
31
|
-
# If no content type is registered for the extension, default type 'application/octet-stream' will be used.
|
30
|
+
# You can specify either a string or a symbol for a registered type with <tt>Mime::Type.register</tt>, for example :json.
|
31
|
+
# If omitted, the type will be inferred from the file extension specified in <tt>:filename</tt>.
|
32
|
+
# If no content type is registered for the extension, the default type 'application/octet-stream' will be used.
|
32
33
|
# * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
|
33
34
|
# Valid values are 'inline' and 'attachment' (default).
|
34
35
|
# * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
|
35
|
-
# * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
|
36
|
+
# * <tt>:url_based_filename</tt> - set to +true+ if you want the browser to guess the filename from
|
36
37
|
# the URL, which is necessary for i18n filenames on certain browsers
|
37
38
|
# (setting <tt>:filename</tt> overrides this option).
|
38
39
|
#
|
@@ -55,58 +56,38 @@ module ActionController #:nodoc:
|
|
55
56
|
#
|
56
57
|
# Read about the other Content-* HTTP headers if you'd like to
|
57
58
|
# provide the user with more information (such as Content-Description) in
|
58
|
-
#
|
59
|
+
# https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
|
59
60
|
#
|
60
61
|
# Also be aware that the document may be cached by proxies and browsers.
|
61
62
|
# The Pragma and Cache-Control headers declare how the file may be cached
|
62
63
|
# by intermediaries. They default to require clients to validate with
|
63
64
|
# the server before releasing cached responses. See
|
64
|
-
#
|
65
|
-
#
|
65
|
+
# https://www.mnot.net/cache_docs/ for an overview of web caching and
|
66
|
+
# https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
|
66
67
|
# for the Cache-Control header spec.
|
67
68
|
def send_file(path, options = {}) #:doc:
|
68
|
-
raise MissingFile, "Cannot read file #{path}" unless File.file?(path)
|
69
|
+
raise MissingFile, "Cannot read file #{path}" unless File.file?(path) && File.readable?(path)
|
69
70
|
|
70
71
|
options[:filename] ||= File.basename(path) unless options[:url_based_filename]
|
71
72
|
send_file_headers! options
|
72
73
|
|
73
74
|
self.status = options[:status] || 200
|
74
75
|
self.content_type = options[:content_type] if options.key?(:content_type)
|
75
|
-
|
76
|
-
end
|
77
|
-
|
78
|
-
# Avoid having to pass an open file handle as the response body.
|
79
|
-
# Rack::Sendfile will usually intercept the response and uses
|
80
|
-
# the path directly, so there is no reason to open the file.
|
81
|
-
class FileBody #:nodoc:
|
82
|
-
attr_reader :to_path
|
83
|
-
|
84
|
-
def initialize(path)
|
85
|
-
@to_path = path
|
86
|
-
end
|
87
|
-
|
88
|
-
# Stream the file's contents if Rack::Sendfile isn't present.
|
89
|
-
def each
|
90
|
-
File.open(to_path, 'rb') do |file|
|
91
|
-
while chunk = file.read(16384)
|
92
|
-
yield chunk
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|
76
|
+
response.send_file path
|
96
77
|
end
|
97
78
|
|
98
79
|
# Sends the given binary data to the browser. This method is similar to
|
99
80
|
# <tt>render plain: data</tt>, but also allows you to specify whether
|
100
81
|
# the browser should display the response as a file attachment (i.e. in a
|
101
82
|
# download dialog) or as inline data. You may also set the content type,
|
102
|
-
# the
|
83
|
+
# the file name, and other things.
|
103
84
|
#
|
104
85
|
# Options:
|
105
86
|
# * <tt>:filename</tt> - suggests a filename for the browser to use.
|
106
|
-
# * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'.
|
107
|
-
# either a string or a symbol for a registered type
|
108
|
-
# If omitted, type will be
|
109
|
-
# If no content type is registered for the extension, default type 'application/octet-stream' will be used.
|
87
|
+
# * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'.
|
88
|
+
# You can specify either a string or a symbol for a registered type with <tt>Mime::Type.register</tt>, for example :json.
|
89
|
+
# If omitted, type will be inferred from the file extension specified in <tt>:filename</tt>.
|
90
|
+
# If no content type is registered for the extension, the default type 'application/octet-stream' will be used.
|
110
91
|
# * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
|
111
92
|
# Valid values are 'inline' and 'attachment' (default).
|
112
93
|
# * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
|
@@ -126,14 +107,16 @@ module ActionController #:nodoc:
|
|
126
107
|
# See +send_file+ for more information on HTTP Content-* headers and caching.
|
127
108
|
def send_data(data, options = {}) #:doc:
|
128
109
|
send_file_headers! options
|
129
|
-
render options.slice(:status, :content_type).merge(:
|
110
|
+
render options.slice(:status, :content_type).merge(body: data)
|
130
111
|
end
|
131
112
|
|
132
|
-
private
|
133
113
|
def send_file_headers!(options)
|
134
114
|
type_provided = options.has_key?(:type)
|
135
115
|
|
136
116
|
content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
|
117
|
+
self.content_type = content_type
|
118
|
+
response.sending_file = true
|
119
|
+
|
137
120
|
raise ArgumentError, ":type option required" if content_type.nil?
|
138
121
|
|
139
122
|
if content_type.is_a?(Symbol)
|
@@ -143,7 +126,7 @@ module ActionController #:nodoc:
|
|
143
126
|
else
|
144
127
|
if !type_provided && options[:filename]
|
145
128
|
# If type wasn't provided, try guessing from file extension.
|
146
|
-
content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete(
|
129
|
+
content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete(".")) || content_type
|
147
130
|
end
|
148
131
|
self.content_type = content_type
|
149
132
|
end
|
@@ -152,12 +135,10 @@ module ActionController #:nodoc:
|
|
152
135
|
unless disposition.nil?
|
153
136
|
disposition = disposition.to_s
|
154
137
|
disposition += %(; filename="#{options[:filename]}") if options[:filename]
|
155
|
-
headers[
|
138
|
+
headers["Content-Disposition"] = disposition
|
156
139
|
end
|
157
140
|
|
158
|
-
headers[
|
159
|
-
|
160
|
-
response.sending_file = true
|
141
|
+
headers["Content-Transfer-Encoding"] = "binary"
|
161
142
|
|
162
143
|
# Fix a problem with IE 6.0 on opening downloaded files:
|
163
144
|
# If Cache-Control: no-cache is set (which Rails does by default),
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionController
|
4
|
+
# When you're using the flash, it's generally used as a conditional on the view.
|
5
|
+
# This means the content of the view depends on the flash. Which in turn means
|
6
|
+
# that the ETag for a response should be computed with the content of the flash
|
7
|
+
# in mind. This does that by including the content of the flash as a component
|
8
|
+
# in the ETag that's generated for a response.
|
9
|
+
module EtagWithFlash
|
10
|
+
extend ActiveSupport::Concern
|
11
|
+
|
12
|
+
include ActionController::ConditionalGet
|
13
|
+
|
14
|
+
included do
|
15
|
+
etag { flash unless flash.empty? }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
# When our views change, they should bubble up into HTTP cache freshness
|
3
5
|
# and bust browser caches. So the template digest for the current action
|
@@ -22,10 +24,9 @@ module ActionController
|
|
22
24
|
include ActionController::ConditionalGet
|
23
25
|
|
24
26
|
included do
|
25
|
-
class_attribute :etag_with_template_digest
|
26
|
-
self.etag_with_template_digest = true
|
27
|
+
class_attribute :etag_with_template_digest, default: true
|
27
28
|
|
28
|
-
ActiveSupport.on_load :action_view, yield: true do
|
29
|
+
ActiveSupport.on_load :action_view, yield: true do
|
29
30
|
etag do |options|
|
30
31
|
determine_template_etag(options) if etag_with_template_digest
|
31
32
|
end
|
@@ -33,18 +34,24 @@ module ActionController
|
|
33
34
|
end
|
34
35
|
|
35
36
|
private
|
36
|
-
|
37
|
-
|
38
|
-
|
37
|
+
def determine_template_etag(options)
|
38
|
+
if template = pick_template_for_etag(options)
|
39
|
+
lookup_and_digest_template(template)
|
40
|
+
end
|
39
41
|
end
|
40
|
-
end
|
41
42
|
|
42
|
-
|
43
|
-
|
44
|
-
|
43
|
+
# Pick the template digest to include in the ETag. If the +:template+ option
|
44
|
+
# is present, use the named template. If +:template+ is +nil+ or absent, use
|
45
|
+
# the default controller/action template. If +:template+ is false, omit the
|
46
|
+
# template digest from the ETag.
|
47
|
+
def pick_template_for_etag(options)
|
48
|
+
unless options[:template] == false
|
49
|
+
options[:template] || "#{controller_path}/#{action_name}"
|
50
|
+
end
|
51
|
+
end
|
45
52
|
|
46
|
-
|
47
|
-
|
48
|
-
|
53
|
+
def lookup_and_digest_template(template)
|
54
|
+
ActionView::Digestor.digest name: template, finder: lookup_context
|
55
|
+
end
|
49
56
|
end
|
50
57
|
end
|
@@ -1,16 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
class ActionControllerError < StandardError #:nodoc:
|
3
5
|
end
|
4
6
|
|
5
7
|
class BadRequest < ActionControllerError #:nodoc:
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
return super() unless type && e
|
10
|
-
|
11
|
-
super("Invalid #{type} parameters: #{e.message}")
|
12
|
-
@original_exception = e
|
13
|
-
set_backtrace e.backtrace
|
8
|
+
def initialize(msg = nil)
|
9
|
+
super(msg)
|
10
|
+
set_backtrace $!.backtrace if $!
|
14
11
|
end
|
15
12
|
end
|
16
13
|
|
@@ -19,7 +16,7 @@ module ActionController
|
|
19
16
|
|
20
17
|
class RoutingError < ActionControllerError #:nodoc:
|
21
18
|
attr_reader :failures
|
22
|
-
def initialize(message, failures=[])
|
19
|
+
def initialize(message, failures = [])
|
23
20
|
super(message)
|
24
21
|
@failures = failures
|
25
22
|
end
|
@@ -30,21 +27,18 @@ module ActionController
|
|
30
27
|
|
31
28
|
class MethodNotAllowed < ActionControllerError #:nodoc:
|
32
29
|
def initialize(*allowed_methods)
|
33
|
-
super("Only #{allowed_methods.to_sentence(:
|
30
|
+
super("Only #{allowed_methods.to_sentence(locale: :en)} requests are allowed.")
|
34
31
|
end
|
35
32
|
end
|
36
33
|
|
37
34
|
class NotImplemented < MethodNotAllowed #:nodoc:
|
38
35
|
end
|
39
36
|
|
40
|
-
class UnknownController < ActionControllerError #:nodoc:
|
41
|
-
end
|
42
|
-
|
43
37
|
class MissingFile < ActionControllerError #:nodoc:
|
44
38
|
end
|
45
39
|
|
46
40
|
class SessionOverflowError < ActionControllerError #:nodoc:
|
47
|
-
DEFAULT_MESSAGE =
|
41
|
+
DEFAULT_MESSAGE = "Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data."
|
48
42
|
|
49
43
|
def initialize(message = nil)
|
50
44
|
super(message || DEFAULT_MESSAGE)
|
@@ -1,10 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController #:nodoc:
|
2
4
|
module Flash
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
7
|
included do
|
6
|
-
class_attribute :_flash_types, instance_accessor: false
|
7
|
-
self._flash_types = []
|
8
|
+
class_attribute :_flash_types, instance_accessor: false, default: []
|
8
9
|
|
9
10
|
delegate :flash, to: :request
|
10
11
|
add_flash_types(:alert, :notice)
|
@@ -42,7 +43,7 @@ module ActionController #:nodoc:
|
|
42
43
|
end
|
43
44
|
end
|
44
45
|
|
45
|
-
|
46
|
+
private
|
46
47
|
def redirect_to(options = {}, response_status_and_flash = {}) #:doc:
|
47
48
|
self.class._flash_types.each do |flash_type|
|
48
49
|
if type = response_status_and_flash.delete(flash_type)
|
@@ -1,18 +1,20 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/core_ext/hash/except"
|
4
|
+
require "active_support/core_ext/hash/slice"
|
3
5
|
|
4
6
|
module ActionController
|
5
|
-
# This module provides a method which will redirect browser to use HTTPS
|
6
|
-
# protocol. This will ensure that
|
7
|
-
# transferred safely over the internet. You _should_ always force browser
|
7
|
+
# This module provides a method which will redirect the browser to use the secured HTTPS
|
8
|
+
# protocol. This will ensure that users' sensitive information will be
|
9
|
+
# transferred safely over the internet. You _should_ always force the browser
|
8
10
|
# to use HTTPS when you're transferring sensitive information such as
|
9
11
|
# user authentication, account information, or credit card information.
|
10
12
|
#
|
11
13
|
# Note that if you are really concerned about your application security,
|
12
14
|
# you might consider using +config.force_ssl+ in your config file instead.
|
13
|
-
# That will ensure all the data transferred via HTTPS
|
14
|
-
# user from getting session hijacked when accessing the
|
15
|
-
# HTTP protocol.
|
15
|
+
# That will ensure all the data is transferred via HTTPS, and will
|
16
|
+
# prevent the user from getting their session hijacked when accessing the
|
17
|
+
# site over unsecured HTTP protocol.
|
16
18
|
module ForceSSL
|
17
19
|
extend ActiveSupport::Concern
|
18
20
|
include AbstractController::Callbacks
|
@@ -23,7 +25,7 @@ module ActionController
|
|
23
25
|
|
24
26
|
module ClassMethods
|
25
27
|
# Force the request to this particular controller or specified actions to be
|
26
|
-
#
|
28
|
+
# through the HTTPS protocol.
|
27
29
|
#
|
28
30
|
# If you need to disable this for any reason (e.g. development) then you can use
|
29
31
|
# an +:if+ or +:unless+ condition.
|
@@ -37,7 +39,7 @@ module ActionController
|
|
37
39
|
# end
|
38
40
|
#
|
39
41
|
# ==== URL Options
|
40
|
-
# You can pass any of the following options to affect the redirect
|
42
|
+
# You can pass any of the following options to affect the redirect URL
|
41
43
|
# * <tt>host</tt> - Redirect to a different host name
|
42
44
|
# * <tt>subdomain</tt> - Redirect to a different subdomain
|
43
45
|
# * <tt>domain</tt> - Redirect to a different domain
|
@@ -55,10 +57,10 @@ module ActionController
|
|
55
57
|
# You can pass any of the following options to affect the before_action callback
|
56
58
|
# * <tt>only</tt> - The callback should be run only for this action
|
57
59
|
# * <tt>except</tt> - The callback should be run for all actions except this action
|
58
|
-
# * <tt>if</tt> - A symbol naming an instance method or a proc; the
|
59
|
-
#
|
60
|
-
# * <tt>unless</tt> - A symbol naming an instance method or a proc; the
|
61
|
-
#
|
60
|
+
# * <tt>if</tt> - A symbol naming an instance method or a proc; the
|
61
|
+
# callback will be called only when it returns a true value.
|
62
|
+
# * <tt>unless</tt> - A symbol naming an instance method or a proc; the
|
63
|
+
# callback will be called only when it returns a false value.
|
62
64
|
def force_ssl(options = {})
|
63
65
|
action_options = options.slice(*ACTION_OPTIONS)
|
64
66
|
redirect_options = options.except(*ACTION_OPTIONS)
|
@@ -71,15 +73,15 @@ module ActionController
|
|
71
73
|
# Redirect the existing request to use the HTTPS protocol.
|
72
74
|
#
|
73
75
|
# ==== Parameters
|
74
|
-
# * <tt>host_or_options</tt> - Either a host name or any of the
|
75
|
-
#
|
76
|
+
# * <tt>host_or_options</tt> - Either a host name or any of the URL and
|
77
|
+
# redirect options available to the <tt>force_ssl</tt> method.
|
76
78
|
def force_ssl_redirect(host_or_options = nil)
|
77
79
|
unless request.ssl?
|
78
80
|
options = {
|
79
|
-
:
|
80
|
-
:
|
81
|
-
:
|
82
|
-
:
|
81
|
+
protocol: "https://",
|
82
|
+
host: request.host,
|
83
|
+
path: request.fullpath,
|
84
|
+
status: :moved_permanently
|
83
85
|
}
|
84
86
|
|
85
87
|
if host_or_options.is_a?(Hash)
|
@@ -89,7 +91,7 @@ module ActionController
|
|
89
91
|
end
|
90
92
|
|
91
93
|
secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
|
92
|
-
flash.keep if respond_to?(:flash)
|
94
|
+
flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
|
93
95
|
redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
|
94
96
|
end
|
95
97
|
end
|