actionpack 5.0.0.beta3 → 5.0.0.beta4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c2847271b11f9c0787c4d0468c83fac6b307cbce
-  data.tar.gz: b8df093bb286c2d9160a70cfd9d22a8343affcad
+  metadata.gz: 9f74fd0c4a1304d3b6de560815456c08e23b5e05
+  data.tar.gz: 58e4de5b07483d0062d052c853e8e2aa348134de
 SHA512:
-  metadata.gz: 9d456ad1bbbd96908af0c0febd7922af482d88e315b83e3debba4aafe603fa3d531481c63b4e88a973b7a1910d93462e181a1cb780715aadc6d7e2677594a411
-  data.tar.gz: 27395600e033a142f00a7550bd97d96003af16a9c81e5c1e128759e50cc5c6ca21be046f5fa7e6c77234778eb670e810c3ee9d40c7d2d22e022b5e032a2a9a19
+  metadata.gz: 1daf9219be0739e3ea92b59e285f4c0cba24684b97df0cc5bc0790f7a3d0947f46c22867b65b0d8392e7c3eebf7b5bb1edaffea298c9754fa3bde070c0baac88
+  data.tar.gz: 21f2abb512096ebc192e1d0f1c5e869f4b7c9032bed2d069ef2ed2bc400852bb85e3395cd1d92147b7227c2d222124bdad6f119f21142ec18d6a128508322dc6

data/CHANGELOG.md

@@ -1,15 +1,104 @@
-## Rails 5.0.0.beta3 (February 24, 2016) ##
+## Rails 5.0.0.beta4 (April 27, 2016) ##
+
+*   Routing: Refactor `:action` default handling to ensure that path
+    parameters are not mutated during route generation.
+
+    *Andrew White*
+
+*   Add extension synonyms `yml` and `yaml` for MIME type `application/x-yaml`.
+
+    *bogdanvlviv*
 
-*   Update session to have indifferent access across multiple requests.
+*   Adds support for including ActionController::Cookies in API controllers.
+    Previously, including the module would raise when trying to define
+    a `cookies` helper method. Skip calling #helper_method if it is not
+    defined -- if we don't have helpers, we needn't define one.
 
-        session[:deep][:hash] = "Magic"
+    Fixes #24304
+
+    *Ryan T. Hosford*
+
+*   ETags: Introduce `Response#strong_etag=` and `#weak_etag=` and analogous
+    options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag.
+
+    Strong ETags are desirable when you're serving byte-for-byte identical
+    responses that support Range requests, like PDFs or videos (typically
+    done by reproxying the response from a backend storage service).
+    Also desirable when fronted by some CDNs that support strong ETags
+    only, like Akamai.
+
+    *Jeremy Daer*
 
-        session[:deep][:hash] == "Magic"
-        session[:deep]["hash"] == "Magic"
+*   ETags: No longer strips quotes (") from ETag values before comparing them.
+    Quotes are significant, part of the ETag. A quoted ETag and an unquoted
+    one are not the same entity.
 
-    *Tom Prats*
+    *Jeremy Daer*
+
+*   ETags: Support `If-None-Match: *`. Rarely useful for GET requests; meant
+    to provide some optimistic concurrency control for PUT requests.
+
+    *Jeremy Daer*
+
+*   `ActionDispatch::ParamsParser` is deprecated and was removed from the middleware
+    stack. To configure the parameter parsers use `ActionDispatch::Request.parameter_parsers=`.
+
+    *tenderlove*
+
+*   When a `respond_to` collector with a block doesn't have a response, then
+    a `:no_content` response should be rendered.  This brings the default
+    rendering behavior introduced by https://github.com/rails/rails/issues/19036
+    to controller methods employing `respond_to`.
+
+    *Justin Coyne*
 
-*   Add application/gzip as a default mime type.
+*   Add `ActionController::Parameters#dig` on Ruby 2.3 and greater, which
+    behaves the same as `Hash#dig`.
+
+    *Sean Griffin*
+
+*   Add request headers in the payload of the `start_processing.action_controller`
+    and `process_action.action_controller` notifications.
+
+    *Gareth du Plooy*
+
+*   Add `action_dispatch_integration_test` load hook. The hook can be used to
+    extend `ActionDispatch::IntegrationTest` once it has been loaded.
+
+    *Yuichiro Kaneko*
+
+*   Update default rendering policies when the controller action did
+    not explicitly indicate a response.
+
+    For API controllers, the implicit render always renders "204 No Content"
+    and does not account for any templates.
+
+    For other controllers, the following conditions are checked:
+
+    First, if a template exists for the controller action, it is rendered.
+    This template lookup takes into account the action name, locales, format,
+    variant, template handlers, etc. (see `render` for details).
+
+    Second, if other templates exist for the controller action but is not in
+    the right format (or variant, etc.), an `ActionController::UnknownFormat`
+    is raised. The list of available templates is assumed to be a complete
+    enumeration of all the possible formats (or variants, etc.); that is,
+    having only HTML and JSON templates indicate that the controller action is
+    not meant to handle XML requests.
+
+    Third, if the current request is an "interactive" browser request (the user
+    navigated here by entering the URL in the address bar, submitting a form,
+    clicking on a link, etc. as opposed to an XHR or non-browser API request),
+    `ActionView::UnknownFormat` is raised to display a helpful error
+    message.
+
+    Finally, it falls back to the same "204 No Content" behavior as API controllers.
+
+    *Godfrey Chan*, *Jon Moss*, *Kasper Timm Hansen*, *Mike Clark*, *Matthew Draper*
+
+## Rails 5.0.0.beta3 (February 24, 2016) ##
+
+*   Add "application/gzip" as a default mime type.
 
     *Mehmet Emin İNAÇ*
 
@@ -60,7 +149,7 @@
 
     *Kasper Timm Hansen*
 
-*   Add image/svg+xml as a default mime type.
+*   Add "image/svg+xml" as a default mime type.
 
     *DHH*
 
@@ -73,7 +162,7 @@
 
     See #18902.
 
-    *Anton Davydov* & *Vipul A M*
+    *Anton Davydov*, *Vipul A M*
 
 *   Response etags to always be weak: Prefixes 'W/' to value returned by
    `ActionDispatch::Http::Cache::Response#etag=`, such that etags set in
@@ -105,11 +194,7 @@
 
 *   Add option for per-form CSRF tokens.
 
-    *Greg Ose & Ben Toews*
-
-*   Add tests and documentation for `ActionController::Renderers::use_renderers`.
-
-    *Benjamin Fleischer*
+    *Greg Ose*, *Ben Toews*
 
 *   Fix `ActionController::Parameters#convert_parameters_to_hashes` to return filtered
     or unfiltered values based on from where it is called, `to_h` or `to_unsafe_h`
@@ -137,14 +222,14 @@
 
     *Derek Prior*
 
-*   `ActionController::TestCase` will be moved to it's own gem in Rails 5.1
+*   `ActionController::TestCase` will be moved to its own gem in Rails 5.1.
 
     With the speed improvements made to `ActionDispatch::IntegrationTest` we no
     longer need to keep two separate code bases for testing controllers. In
     Rails 5.1 `ActionController::TestCase` will be deprecated and moved into a
     gem outside of Rails source.
 
-    This is a documentation deprecation so that going forward so new tests will use
+    This is a documentation deprecation so that going forward new tests will use
     `ActionDispatch::IntegrationTest` instead of `ActionController::TestCase`.
 
     *Eileen M. Uchitelle*

data/lib/abstract_controller/base.rb

@@ -1,13 +1,11 @@
 require 'erubis'
+require 'abstract_controller/error'
 require 'active_support/configurable'
 require 'active_support/descendants_tracker'
 require 'active_support/core_ext/module/anonymous'
 require 'active_support/core_ext/module/attr_internal'
 
 module AbstractController
-  class Error < StandardError #:nodoc:
-  end
-
   # Raised when a non-existing controller action is triggered.
   class ActionNotFound < StandardError
   end
@@ -78,7 +76,7 @@ module AbstractController
         end
       end
 
-      # action_methods are cached and there is sometimes need to refresh
+      # action_methods are cached and there is sometimes a need to refresh
       # them. ::clear_action_methods! allows you to do that, so next time
       # you run action_methods, they will be recalculated.
       def clear_action_methods!

data/lib/abstract_controller/error.rb

@@ -0,0 +1,4 @@
+module AbstractController
+  class Error < StandardError #:nodoc:
+  end
+end

data/lib/abstract_controller/helpers.rb

@@ -38,7 +38,8 @@ module AbstractController
       end
 
       # Declare a controller method as a helper. For example, the following
-      # makes the +current_user+ controller method available to the view:
+      # makes the +current_user+ and +logged_in?+ controller methods available
+      # to the view:
       #   class ApplicationController < ActionController::Base
       #     helper_method :current_user, :logged_in?
       #

data/lib/abstract_controller/rendering.rb

@@ -1,3 +1,4 @@
+require 'abstract_controller/error'
 require 'active_support/concern'
 require 'active_support/core_ext/class/attribute'
 require 'action_view'

data/lib/action_controller/api.rb

@@ -14,22 +14,22 @@ module ActionController
   # flash, assets, and so on. This makes the entire controller stack thinner,
   # suitable for API applications. It doesn't mean you won't have such
   # features if you need them: they're all available for you to include in
-  # your application, they're just not part of the default API Controller stack.
+  # your application, they're just not part of the default API controller stack.
   #
-  # By default, only the ApplicationController in a \Rails application inherits
-  # from <tt>ActionController::API</tt>. All other controllers in turn inherit
-  # from ApplicationController.
+  # Normally, +ApplicationController+ is the only controller that inherits from
+  # <tt>ActionController::API</tt>. All other controllers in turn inherit from
+  # +ApplicationController+.
   #
   # A sample controller could look like this:
   #
   #   class PostsController < ApplicationController
   #     def index
-  #       @posts = Post.all
-  #       render json: @posts
+  #       posts = Post.all
+  #       render json: posts
   #     end
   #   end
   #
-  # Request, response and parameters objects all work the exact same way as
+  # Request, response, and parameters objects all work the exact same way as
   # <tt>ActionController::Base</tt>.
   #
   # == Renders
@@ -37,18 +37,18 @@ module ActionController
   # The default API Controller stack includes all renderers, which means you
   # can use <tt>render :json</tt> and brothers freely in your controllers. Keep
   # in mind that templates are not going to be rendered, so you need to ensure
-  # your controller is calling either <tt>render</tt> or <tt>redirect</tt> in
-  # all actions, otherwise it will return 204 No Content response.
+  # your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
+  # all actions, otherwise it will return 204 No Content.
   #
   #   def show
-  #     @post = Post.find(params[:id])
-  #     render json: @post
+  #     post = Post.find(params[:id])
+  #     render json: post
   #   end
   #
   # == Redirects
   #
   # Redirects are used to move from one action to another. You can use the
-  # <tt>redirect</tt> method in your controllers in the same way as
+  # <tt>redirect_to</tt> method in your controllers in the same way as in
   # <tt>ActionController::Base</tt>. For example:
   #
   #   def create
@@ -56,7 +56,7 @@ module ActionController
   #     # do stuff here
   #   end
   #
-  # == Adding new behavior
+  # == Adding New Behavior
   #
   # In some scenarios you may want to add back some functionality provided by
   # <tt>ActionController::Base</tt> that is not present by default in
@@ -72,18 +72,19 @@ module ActionController
   #
   #   class PostsController < ApplicationController
   #     def index
-  #       @posts = Post.all
+  #       posts = Post.all
   #
   #       respond_to do |format|
-  #         format.json { render json: @posts }
-  #         format.xml  { render xml: @posts }
+  #         format.json { render json: posts }
+  #         format.xml  { render xml: posts }
   #       end
   #     end
   #   end
   #
-  # Quite straightforward. Make sure to check <tt>ActionController::Base</tt>
-  # available modules if you want to include any other functionality that is
-  # not provided by <tt>ActionController::API</tt> out of the box.
+  # Quite straightforward. Make sure to check the modules included in
+  # <tt>ActionController::Base</tt> if you want to use any other
+  # functionality that is not provided by <tt>ActionController::API</tt>
+  # out of the box.
   class API < Metal
     abstract!
 

data/lib/action_controller/metal/basic_implicit_render.rb

@@ -1,5 +1,5 @@
 module ActionController
-  module BasicImplicitRender
+  module BasicImplicitRender # :nodoc:
     def send_action(method, *args)
       super.tap { default_render unless performed? }
     end

data/lib/action_controller/metal/conditional_get.rb

@@ -36,8 +36,23 @@ module ActionController
     #
     # === Parameters:
     #
-    # * <tt>:etag</tt>.
-    # * <tt>:last_modified</tt>.
+    # * <tt>:etag</tt> Sets a "weak" ETag validator on the response. See the
+    #   +:weak_etag+ option.
+    # * <tt>:weak_etag</tt> Sets a "weak" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A weak ETag indicates semantic
+    #   equivalence, not byte-for-byte equality, so they're good for caching
+    #   HTML pages in browser caches. They can't be used for responses that
+    #   must be byte-identical, like serving Range requests within a PDF file.
+    # * <tt>:strong_etag</tt> Sets a "strong" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A strong ETag implies exact
+    #   equality: the response must match byte for byte. This is necessary for
+    #   doing Range requests within a large video or PDF file, for example, or
+    #   for compatibility with some CDNs that don't support weak ETags.
+    # * <tt>:last_modified</tt> Sets a "weak" last-update validator on the
+    #   response. Subsequent requests that set If-Modified-Since may return a
+    #   304 Not Modified response if last_modified <= If-Modified-Since.
     # * <tt>:public</tt> By default the Cache-Control header is private, set this to
     #   +true+ if you want your application to be cacheable by other devices (proxy caches).
     # * <tt>:template</tt> By default, the template digest for the current
@@ -86,12 +101,16 @@ module ActionController
     #
     #   before_action { fresh_when @article, template: 'widgets/show' }
     #
-    def fresh_when(object = nil, etag: object, last_modified: nil, public: false, template: nil)
+    def fresh_when(object = nil, etag: nil, weak_etag: nil, strong_etag: nil, last_modified: nil, public: false, template: nil)
+      weak_etag ||= etag || object unless strong_etag
       last_modified ||= object.try(:updated_at) || object.try(:maximum, :updated_at)
 
-      if etag || template
-        response.etag = combine_etags(etag: etag, last_modified: last_modified,
-          public: public, template: template)
+      if strong_etag
+        response.strong_etag = combine_etags strong_etag,
+          last_modified: last_modified, public: public, template: template
+      elsif weak_etag || template
+        response.weak_etag = combine_etags weak_etag,
+          last_modified: last_modified, public: public, template: template
       end
 
       response.last_modified = last_modified if last_modified
@@ -107,8 +126,23 @@ module ActionController
     #
     # === Parameters:
     #
-    # * <tt>:etag</tt>.
-    # * <tt>:last_modified</tt>.
+    # * <tt>:etag</tt> Sets a "weak" ETag validator on the response. See the
+    #   +:weak_etag+ option.
+    # * <tt>:weak_etag</tt> Sets a "weak" ETag validator on the response.
+    #   requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A weak ETag indicates semantic
+    #   equivalence, not byte-for-byte equality, so they're good for caching
+    #   HTML pages in browser caches. They can't be used for responses that
+    #   must be byte-identical, like serving Range requests within a PDF file.
+    # * <tt>:strong_etag</tt> Sets a "strong" ETag validator on the response.
+    #   Requests that set If-None-Match header may return a 304 Not Modified
+    #   response if it matches the ETag exactly. A strong ETag implies exact
+    #   equality: the response must match byte for byte. This is necessary for
+    #   doing Range requests within a large video or PDF file, for example, or
+    #   for compatibility with some CDNs that don't support weak ETags.
+    # * <tt>:last_modified</tt> Sets a "weak" last-update validator on the
+    #   response. Subsequent requests that set If-Modified-Since may return a
+    #   304 Not Modified response if last_modified <= If-Modified-Since.
     # * <tt>:public</tt> By default the Cache-Control header is private, set this to
     #   +true+ if you want your application to be cacheable by other devices (proxy caches).
     # * <tt>:template</tt> By default, the template digest for the current
@@ -180,12 +214,12 @@ module ActionController
     #     super if stale? @article, template: 'widgets/show'
     #   end
     #
-    def stale?(object = nil, etag: object, last_modified: nil, public: nil, template: nil)
-      fresh_when(object, etag: etag, last_modified: last_modified, public: public, template: template)
+    def stale?(object = nil, **freshness_kwargs)
+      fresh_when(object, **freshness_kwargs)
       !request.fresh?(response)
     end
 
-    # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a +private+
+    # Sets an HTTP 1.1 Cache-Control header. Defaults to issuing a +private+
     # instruction, so that intermediate caches must not cache the response.
     #
     #   expires_in 20.minutes
@@ -195,7 +229,7 @@ module ActionController
     # This method will overwrite an existing Cache-Control header.
     # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
     #
-    # The method will also ensure a HTTP Date header for client compatibility.
+    # The method will also ensure an HTTP Date header for client compatibility.
     def expires_in(seconds, options = {})
       response.cache_control.merge!(
         :max_age         => seconds,
@@ -208,7 +242,7 @@ module ActionController
       response.date = Time.now unless response.date?
     end
 
-    # Sets a HTTP 1.1 Cache-Control header of <tt>no-cache</tt> so no caching should
+    # Sets an HTTP 1.1 Cache-Control header of <tt>no-cache</tt> so no caching should
     # occur by the browser or intermediate caches (like caching proxy servers).
     def expires_now
       response.cache_control.replace(:no_cache => true)
@@ -216,26 +250,23 @@ module ActionController
 
     # Cache or yield the block. The cache is supposed to never expire.
     #
-    # You can use this method when you have a HTTP response that never changes,
+    # You can use this method when you have an HTTP response that never changes,
     # and the browser and proxies should cache it indefinitely.
     #
     # * +public+: By default, HTTP responses are private, cached only on the
     #   user's web browser. To allow proxies to cache the response, set +true+ to
     #   indicate that they can serve the cached response to all users.
-    #
-    # * +version+: the version passed as a key for the cache.
-    def http_cache_forever(public: false, version: 'v1')
+    def http_cache_forever(public: false)
       expires_in 100.years, public: public
 
-      yield if stale?(etag: "#{version}-#{request.fullpath}",
+      yield if stale?(etag: request.fullpath,
                       last_modified: Time.new(2011, 1, 1).utc,
                       public: public)
     end
 
     private
-      def combine_etags(options)
-        etags = etaggers.map { |etagger| instance_exec(options, &etagger) }.compact
-        etags.unshift options[:etag]
+      def combine_etags(validator, options)
+        [validator, *etaggers.map { |etagger| instance_exec(options, &etagger) }].compact
       end
   end
 end

data/lib/action_controller/metal/cookies.rb

@@ -3,7 +3,7 @@ module ActionController #:nodoc:
     extend ActiveSupport::Concern
 
     included do
-      helper_method :cookies
+      helper_method :cookies if defined?(helper_method)
     end
 
     private