actionpack 5.1.7 → 5.2.4.3

data/lib/action_dispatch/http/filter_parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "action_dispatch/http/parameter_filter"
 
 module ActionDispatch
@@ -7,7 +9,7 @@ module ActionDispatch
     # sub-hashes of the params hash to filter. Filtering only certain sub-keys
     # from a hash is possible by using the dot notation: 'credit_card.number'.
     # If a block is given, each key and value of the params hash and all
-    # sub-hashes is passed to it, the value or key can be replaced using
+    # sub-hashes is passed to it, where the value or the key can be replaced using
     # String#replace or similar method.
     #
     #   env["action_dispatch.parameter_filter"] = [:password]
@@ -46,7 +48,7 @@ module ActionDispatch
         @filtered_env ||= env_filter.filter(@env)
       end
 
-      # Reconstructed a path with all sensitive GET parameters replaced.
+      # Reconstructs a path with all sensitive GET parameters replaced.
       def filtered_path
         @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
       end

data/lib/action_dispatch/http/filter_redirect.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Http
     module FilterRedirect

data/lib/action_dispatch/http/headers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Http
     # Provides access to the request's HTTP headers from the environment.

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/module/attribute_accessors"
 
 module ActionDispatch
@@ -6,14 +8,10 @@ module ActionDispatch
       extend ActiveSupport::Concern
 
       included do
-        mattr_accessor :ignore_accept_header
-        self.ignore_accept_header = false
+        mattr_accessor :ignore_accept_header, default: false
       end
 
       # The MIME type of the HTTP request, such as Mime[:xml].
-      #
-      # For backward compatibility, the post \format is extracted from the
-      # X-Post-Data-Format HTTP header if present.
       def content_mime_type
         fetch_header("action_dispatch.request.content_type") do |k|
           v = if get_header("CONTENT_TYPE") =~ /^([^,\;]*)/
@@ -140,9 +138,7 @@ module ActionDispatch
         }
       end
 
-      # Receives an array of mimes and return the first user sent mime that
-      # matches the order array.
-      #
+      # Returns the first MIME type that matches the provided array of MIME types.
       def negotiate_mime(order)
         formats.each do |priority|
           if priority == Mime::ALL

data/lib/action_dispatch/http/mime_type.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # -*- frozen-string-literal: true -*-
 
 require "singleton"
@@ -46,7 +48,7 @@ module Mime
     end
   end
 
-  # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
+  # Encapsulates the notion of a MIME type. Can be used at render time, for example, with:
   #
   #   class PostsController < ActionController::Base
   #     def show
@@ -64,7 +66,7 @@ module Mime
 
     @register_callbacks = []
 
-    # A simple helper class used in parsing the accept header
+    # A simple helper class used in parsing the accept header.
     class AcceptItem #:nodoc:
       attr_accessor :index, :name, :q
       alias :to_s :name
@@ -72,7 +74,7 @@ module Mime
       def initialize(index, name, q = nil)
         @index = index
         @name = name
-        q ||= 0.0 if @name == "*/*".freeze # default wildcard match to end of list
+        q ||= 0.0 if @name == "*/*".freeze # Default wildcard match to end of list.
         @q = ((q || 1.0).to_f * 100).to_i
       end
 
@@ -90,22 +92,22 @@ module Mime
         text_xml_idx = find_item_by_name list, "text/xml"
         app_xml_idx = find_item_by_name list, Mime[:xml].to_s
 
-        # Take care of the broken text/xml entry by renaming or deleting it
+        # Take care of the broken text/xml entry by renaming or deleting it.
         if text_xml_idx && app_xml_idx
           app_xml = list[app_xml_idx]
           text_xml = list[text_xml_idx]
 
-          app_xml.q = [text_xml.q, app_xml.q].max # set the q value to the max of the two
-          if app_xml_idx > text_xml_idx  # make sure app_xml is ahead of text_xml in the list
+          app_xml.q = [text_xml.q, app_xml.q].max # Set the q value to the max of the two.
+          if app_xml_idx > text_xml_idx  # Make sure app_xml is ahead of text_xml in the list.
             list[app_xml_idx], list[text_xml_idx] = text_xml, app_xml
             app_xml_idx, text_xml_idx = text_xml_idx, app_xml_idx
           end
-          list.delete_at(text_xml_idx)                 # delete text_xml from the list
+          list.delete_at(text_xml_idx)  # Delete text_xml from the list.
         elsif text_xml_idx
           list[text_xml_idx].name = Mime[:xml].to_s
         end
 
-        # Look for more specific XML-based types and sort them ahead of app/xml
+        # Look for more specific XML-based types and sort them ahead of app/xml.
         if app_xml_idx
           app_xml = list[app_xml_idx]
           idx = app_xml_idx
@@ -147,7 +149,7 @@ module Mime
         EXTENSION_LOOKUP[extension.to_s]
       end
 
-      # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for
+      # Registers an alias that's not used on MIME type lookup, but can be referenced directly. Especially useful for
       # rendering different HTML versions depending on the user agent, like an iPhone.
       def register_alias(string, symbol, extension_synonyms = [])
         register(string, symbol, [], extension_synonyms, true)
@@ -326,11 +328,11 @@ module Mime
 
     def ref; end
 
-    def respond_to_missing?(method, include_private = false)
-      method.to_s.ends_with? "?"
-    end
-
     private
+      def respond_to_missing?(method, _)
+        method.to_s.ends_with? "?"
+      end
+
       def method_missing(method, *args)
         false if method.to_s.ends_with? "?"
       end

data/lib/action_dispatch/http/mime_types.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Build list of Mime types for HTTP responses
-# http://www.iana.org/assignments/media-types/
+# https://www.iana.org/assignments/media-types/
 
 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
 Mime::Type.register "text/plain", :text, [], %w(txt)
@@ -8,6 +10,7 @@ Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
 Mime::Type.register "text/vcard", :vcf
+Mime::Type.register "text/vtt", :vtt, %w(vtt)
 
 Mime::Type.register "image/png", :png, [], %w(png)
 Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)
@@ -18,6 +21,18 @@ Mime::Type.register "image/svg+xml", :svg
 
 Mime::Type.register "video/mpeg", :mpeg, [], %w(mpg mpeg mpe)
 
+Mime::Type.register "audio/mpeg", :mp3, [], %w(mp1 mp2 mp3)
+Mime::Type.register "audio/ogg", :ogg, [], %w(oga ogg spx opus)
+Mime::Type.register "audio/aac", :m4a, %w( audio/mp4 ), %w(m4a mpg4 aac)
+
+Mime::Type.register "video/webm", :webm, [], %w(webm)
+Mime::Type.register "video/mp4", :mp4, [], %w(mp4 m4v)
+
+Mime::Type.register "font/otf", :otf, [], %w(otf)
+Mime::Type.register "font/ttf", :ttf, [], %w(ttf)
+Mime::Type.register "font/woff", :woff, [], %w(woff)
+Mime::Type.register "font/woff2", :woff2, [], %w(woff2)
+
 Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml )
 Mime::Type.register "application/rss+xml", :rss
 Mime::Type.register "application/atom+xml", :atom
@@ -26,7 +41,7 @@ Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml ), %w(yml yaml)
 Mime::Type.register "multipart/form-data", :multipart_form
 Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 
-# http://www.ietf.org/rfc/rfc4627.txt
+# https://www.ietf.org/rfc/rfc4627.txt
 # http://www.json.org/JSONRequest.html
 Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
 

data/lib/action_dispatch/http/parameter_filter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/object/duplicable"
 
 module ActionDispatch

data/lib/action_dispatch/http/parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Http
     module Parameters
@@ -13,7 +15,7 @@ module ActionDispatch
       }
 
       # Raised when raw data from the request cannot be parsed by the parser
-      # defined for request's content mime type.
+      # defined for request's content MIME type.
       class ParseError < StandardError
         def initialize
           super($!.message)
@@ -30,9 +32,9 @@ module ActionDispatch
       end
 
       module ClassMethods
-        # Configure the parameter parser for a given mime type.
+        # Configure the parameter parser for a given MIME type.
         #
-        # It accepts a hash where the key is the symbol of the mime type
+        # It accepts a hash where the key is the symbol of the MIME type
         # and the value is a proc.
         #
         #     original_parsers = ActionDispatch::Request.parameter_parsers
@@ -108,7 +110,7 @@ module ActionDispatch
 
           begin
             strategy.call(raw_post)
-          rescue # JSON or Ruby code block errors
+          rescue # JSON or Ruby code block errors.
             my_logger = logger || ActiveSupport::Logger.new($stderr)
             my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
 
@@ -121,9 +123,4 @@ module ActionDispatch
         end
     end
   end
-
-  module ParamsParser
-    include ActiveSupport::Deprecation::DeprecatedConstantAccessor
-    deprecate_constant "ParseError", "ActionDispatch::Http::Parameters::ParseError"
-  end
 end

data/lib/action_dispatch/http/rack_cache.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rack/cache"
 require "rack/cache/context"
 require "active_support/cache"

data/lib/action_dispatch/http/request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "stringio"
 
 require "active_support/inflector"
@@ -20,6 +22,7 @@ module ActionDispatch
     include ActionDispatch::Http::Parameters
     include ActionDispatch::Http::FilterParameters
     include ActionDispatch::Http::URL
+    include ActionDispatch::ContentSecurityPolicy::Request
     include Rack::Request::Env
 
     autoload :Session, "action_dispatch/request/session"
@@ -96,14 +99,14 @@ module ActionDispatch
     end
 
     # List of HTTP request methods from the following RFCs:
-    # Hypertext Transfer Protocol -- HTTP/1.1 (http://www.ietf.org/rfc/rfc2616.txt)
-    # HTTP Extensions for Distributed Authoring -- WEBDAV (http://www.ietf.org/rfc/rfc2518.txt)
-    # Versioning Extensions to WebDAV (http://www.ietf.org/rfc/rfc3253.txt)
-    # Ordered Collections Protocol (WebDAV) (http://www.ietf.org/rfc/rfc3648.txt)
-    # Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (http://www.ietf.org/rfc/rfc3744.txt)
-    # Web Distributed Authoring and Versioning (WebDAV) SEARCH (http://www.ietf.org/rfc/rfc5323.txt)
-    # Calendar Extensions to WebDAV (http://www.ietf.org/rfc/rfc4791.txt)
-    # PATCH Method for HTTP (http://www.ietf.org/rfc/rfc5789.txt)
+    # Hypertext Transfer Protocol -- HTTP/1.1 (https://www.ietf.org/rfc/rfc2616.txt)
+    # HTTP Extensions for Distributed Authoring -- WEBDAV (https://www.ietf.org/rfc/rfc2518.txt)
+    # Versioning Extensions to WebDAV (https://www.ietf.org/rfc/rfc3253.txt)
+    # Ordered Collections Protocol (WebDAV) (https://www.ietf.org/rfc/rfc3648.txt)
+    # Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (https://www.ietf.org/rfc/rfc3744.txt)
+    # Web Distributed Authoring and Versioning (WebDAV) SEARCH (https://www.ietf.org/rfc/rfc5323.txt)
+    # Calendar Extensions to WebDAV (https://www.ietf.org/rfc/rfc4791.txt)
+    # PATCH Method for HTTP (https://www.ietf.org/rfc/rfc5789.txt)
     RFC2616 = %w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)
     RFC2518 = %w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)
     RFC3253 = %w(VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY)
@@ -117,7 +120,7 @@ module ActionDispatch
 
     HTTP_METHOD_LOOKUP = {}
 
-    # Populate the HTTP method lookup cache
+    # Populate the HTTP method lookup cache.
     HTTP_METHODS.each { |method|
       HTTP_METHOD_LOOKUP[method] = method.underscore.to_sym
     }
@@ -168,12 +171,12 @@ module ActionDispatch
 
     def show_exceptions? # :nodoc:
       # We're treating `nil` as "unset", and we want the default setting to be
-      # `true`.  This logic should be extracted to `env_config` and calculated
+      # `true`. This logic should be extracted to `env_config` and calculated
       # once.
       !(get_header("action_dispatch.show_exceptions".freeze) == false)
     end
 
-    # Returns a symbol form of the #request_method
+    # Returns a symbol form of the #request_method.
     def request_method_symbol
       HTTP_METHOD_LOOKUP[request_method]
     end
@@ -185,7 +188,7 @@ module ActionDispatch
       @method ||= check_method(get_header("rack.methodoverride.original_method") || get_header("REQUEST_METHOD"))
     end
 
-    # Returns a symbol form of the #method
+    # Returns a symbol form of the #method.
     def method_symbol
       HTTP_METHOD_LOOKUP[method]
     end
@@ -197,6 +200,23 @@ module ActionDispatch
       @headers ||= Http::Headers.new(self)
     end
 
+    # Early Hints is an HTTP/2 status code that indicates hints to help a client start
+    # making preparations for processing the final response.
+    #
+    # If the env contains +rack.early_hints+ then the server accepts HTTP2 push for Link headers.
+    #
+    # The +send_early_hints+ method accepts a hash of links as follows:
+    #
+    #   send_early_hints("Link" => "</style.css>; rel=preload; as=style\n</script.js>; rel=preload")
+    #
+    # If you are using +javascript_include_tag+ or +stylesheet_link_tag+ the
+    # Early Hints headers are included by default if supported.
+    def send_early_hints(links)
+      return unless env["rack.early_hints"]
+
+      env["rack.early_hints"].call(links)
+    end
+
     # Returns a +String+ with the last requested path including their params.
     #
     #    # get '/foo'
@@ -270,7 +290,7 @@ module ActionDispatch
     # (which sets the action_dispatch.request_id environment variable).
     #
     # This unique ID is useful for tracing a request from end-to-end as part of logging or debugging.
-    # This relies on the rack variable set by the ActionDispatch::RequestId middleware.
+    # This relies on the Rack variable set by the ActionDispatch::RequestId middleware.
     def request_id
       get_header ACTION_DISPATCH_REQUEST_ID
     end
@@ -301,7 +321,7 @@ module ActionDispatch
     # variable is already set, wrap it in a StringIO.
     def body
       if raw_post = get_header("RAW_POST_DATA")
-        raw_post.force_encoding(Encoding::BINARY)
+        raw_post = raw_post.dup.force_encoding(Encoding::BINARY)
         StringIO.new(raw_post)
       else
         body_stream
@@ -342,7 +362,7 @@ module ActionDispatch
       Session::Options.set self, options
     end
 
-    # Override Rack's GET method to support indifferent access
+    # Override Rack's GET method to support indifferent access.
     def GET
       fetch_header("action_dispatch.request.query_parameters") do |k|
         rack_query_params = super || {}
@@ -355,7 +375,7 @@ module ActionDispatch
     end
     alias :query_parameters :GET
 
-    # Override Rack's POST method to support indifferent access
+    # Override Rack's POST method to support indifferent access.
     def POST
       fetch_header("action_dispatch.request.request_parameters") do
         pr = parse_formatted_parameters(params_parsers) do |params|

data/lib/action_dispatch/http/response.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/module/attribute_accessors"
 require "action_dispatch/http/filter_redirect"
 require "action_dispatch/http/cache"
@@ -81,11 +83,11 @@ module ActionDispatch # :nodoc:
     LOCATION     = "Location".freeze
     NO_CONTENT_CODES = [100, 101, 102, 204, 205, 304]
 
-    cattr_accessor(:default_charset) { "utf-8" }
-    cattr_accessor(:default_headers)
+    cattr_accessor :default_charset, default: "utf-8"
+    cattr_accessor :default_headers
 
     include Rack::Response::Helpers
-    # Aliasing these off because AD::Http::Cache::Response defines them
+    # Aliasing these off because AD::Http::Cache::Response defines them.
     alias :_cache_control :cache_control
     alias :_cache_control= :cache_control=
 
@@ -103,7 +105,7 @@ module ActionDispatch # :nodoc:
 
       def body
         @str_body ||= begin
-          buf = ""
+          buf = "".dup
           each { |chunk| buf << chunk }
           buf
         end
@@ -142,7 +144,7 @@ module ActionDispatch # :nodoc:
       private
 
         def each_chunk(&block)
-          @buf.each(&block) # extract into own method
+          @buf.each(&block)
         end
     end
 
@@ -252,16 +254,15 @@ module ActionDispatch # :nodoc:
     end
 
     # Sets the HTTP character set. In case of +nil+ parameter
-    # it sets the charset to utf-8.
+    # it sets the charset to +default_charset+.
     #
     #   response.charset = 'utf-16' # => 'utf-16'
     #   response.charset = nil      # => 'utf-8'
     def charset=(charset)
-      header_info = parsed_content_type_header
+      content_type = parsed_content_type_header.mime_type
       if false == charset
-        set_header CONTENT_TYPE, header_info.mime_type
+        set_content_type content_type, nil
       else
-        content_type = header_info.mime_type
         set_content_type content_type, charset || self.class.default_charset
       end
     end
@@ -432,6 +433,7 @@ module ActionDispatch # :nodoc:
     def before_committed
       return if committed?
       assign_default_content_type_and_charset!
+      merge_and_normalize_cache_control!(@cache_control)
       handle_conditional_get!
       handle_no_content!
     end

data/lib/action_dispatch/http/upload.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Http
     # Models uploaded files.