actionpack 5.1.7 → 5.2.4.3

data/lib/action_dispatch/middleware/stack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/inflector/methods"
 require "active_support/dependencies"
 
@@ -95,8 +97,8 @@ module ActionDispatch
       middlewares.push(build_middleware(klass, args, block))
     end
 
-    def build(app = Proc.new)
-      middlewares.freeze.reverse.inject(app) { |a, e| e.build(a) }
+    def build(app = nil, &block)
+      middlewares.freeze.reverse.inject(app || block) { |a, e| e.build(a) }
     end
 
     private

data/lib/action_dispatch/middleware/static.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rack/utils"
 require "active_support/core_ext/uri"
 
@@ -6,15 +8,15 @@ module ActionDispatch
   # When initialized, it can accept optional HTTP headers, which will be set
   # when a response containing a file's contents is delivered.
   #
-  # This middleware will render the file specified in `env["PATH_INFO"]`
+  # This middleware will render the file specified in <tt>env["PATH_INFO"]</tt>
   # where the base path is in the +root+ directory. For example, if the +root+
-  # is set to `public/`, then a request with `env["PATH_INFO"]` of
-  # `assets/application.js` will return a response with the contents of a file
-  # located at `public/assets/application.js` if the file exists. If the file
+  # is set to +public/+, then a request with <tt>env["PATH_INFO"]</tt> of
+  # +assets/application.js+ will return a response with the contents of a file
+  # located at +public/assets/application.js+ if the file exists. If the file
   # does not exist, a 404 "File not Found" response will be returned.
   class FileHandler
     def initialize(root, index: "index", headers: {})
-      @root          = root.chomp("/")
+      @root          = root.chomp("/").b
       @file_server   = ::Rack::File.new(@root, headers)
       @index         = index
     end
@@ -23,8 +25,8 @@ module ActionDispatch
     # correct read permissions, the return value is a URI-escaped string
     # representing the filename. Otherwise, false is returned.
     #
-    # Used by the `Static` class to check the existence of a valid file
-    # in the server's `public/` directory (see Static#call).
+    # Used by the +Static+ class to check the existence of a valid file
+    # in the server's +public/+ directory (see Static#call).
     def match?(path)
       path = ::Rack::Utils.unescape_path path
       return false unless ::Rack::Utils.valid_path? path
@@ -33,7 +35,7 @@ module ActionDispatch
       paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
 
       if match = paths.detect { |p|
-        path = File.join(@root, p.force_encoding(Encoding::UTF_8))
+        path = File.join(@root, p.b)
         begin
           File.file?(path) && File.readable?(path)
         rescue SystemCallError
@@ -41,7 +43,7 @@ module ActionDispatch
         end
 
       }
-        return ::Rack::Utils.escape_path(match)
+        return ::Rack::Utils.escape_path(match).b
       end
     end
 
@@ -88,8 +90,8 @@ module ActionDispatch
       def gzip_file_path(path)
         can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
         gzip_path     = "#{path}.gz"
-        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path)))
-          gzip_path
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path).b))
+          gzip_path.b
         else
           false
         end
@@ -99,7 +101,7 @@ module ActionDispatch
   # This middleware will attempt to return the contents of a file's body from
   # disk in the response. If a file is not found on disk, the request will be
   # delegated to the application stack. This middleware is commonly initialized
-  # to serve assets from a server's `public/` directory.
+  # to serve assets from a server's +public/+ directory.
   #
   # This middleware verifies the path to ensure that only files
   # living in the root directory can be rendered. A request cannot

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -0,0 +1,21 @@
+<header>
+  <h1>
+    <%= @exception.class.to_s %>
+    <% if @request.parameters['controller'] %>
+      in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+    <% end %>
+  </h1>
+</header>
+
+<div id="container">
+  <h2>
+    <%= h @exception.message %>
+    <% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
+      <br />To resolve this issue run: bin/rails active_storage:install
+    <% end %>
+  </h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb

@@ -0,0 +1,13 @@
+<%= @exception.class.to_s %><%
+  if @request.parameters['controller']
+%> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+<% end %>
+
+<%= @exception.message %>
+<% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
+To resolve this issue run: bin/rails active_storage:install
+<% end %>
+
+<%= render template: "rescues/_source" %>
+<%= render template: "rescues/_trace" %>
+<%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -106,6 +106,7 @@
 
     .line {
       padding-left: 10px;
+      white-space: pre;
     }
 
     .line:hover {

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -17,6 +17,10 @@
     line-height: 15px;
   }
 
+  #route_table thead tr.bottom th input#search {
+    -webkit-appearance: textfield;
+  }
+
   #route_table tbody tr {
     border-bottom: 1px solid #ddd;
   }
@@ -60,7 +64,7 @@
         <%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute url (with the http and domain)"   %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>
       </th>
       <th><%# HTTP Verb %>
       </th>
@@ -93,7 +97,7 @@
       }
     }
 
-    // get JSON from url and invoke callback with result
+    // get JSON from URL and invoke callback with result
     function getJSON(url, success) {
       var xhr = new XMLHttpRequest();
       xhr.open('GET', url);

data/lib/action_dispatch/railtie.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require "action_dispatch"
+require "active_support/messages/rotation_configuration"
 
 module ActionDispatch
   class Railtie < Rails::Railtie # :nodoc:
@@ -16,14 +19,21 @@ module ActionDispatch
     config.action_dispatch.signed_cookie_salt = "signed cookie"
     config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
     config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
+    config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
+    config.action_dispatch.use_authenticated_cookie_encryption = false
     config.action_dispatch.perform_deep_munge = true
 
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
       "X-XSS-Protection" => "1; mode=block",
-      "X-Content-Type-Options" => "nosniff"
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
     }
 
+    config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
+
     config.eager_load_namespaces << ActionDispatch
 
     initializer "action_dispatch.configure" do |app|

data/lib/action_dispatch/request/session.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rack/session/abstract/id"
 
 module ActionDispatch
@@ -7,10 +9,10 @@ module ActionDispatch
       ENV_SESSION_KEY         = Rack::RACK_SESSION # :nodoc:
       ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS # :nodoc:
 
-      # Singleton object used to determine if an optional param wasn't specified
+      # Singleton object used to determine if an optional param wasn't specified.
       Unspecified = Object.new
 
-      # Creates a session hash, merging the properties of the previous session if any
+      # Creates a session hash, merging the properties of the previous session if any.
       def self.create(store, req, default_options)
         session_was = find req
         session     = Request::Session.new(store, req)
@@ -63,7 +65,7 @@ module ActionDispatch
         @req      = req
         @delegate = {}
         @loaded   = false
-        @exists   = nil # we haven't checked yet
+        @exists   = nil # We haven't checked yet.
       end
 
       def id
@@ -79,7 +81,7 @@ module ActionDispatch
         options = self.options || {}
         @by.send(:delete_session, @req, options.id(@req), options)
 
-        # Load the new sid to be written with the response
+        # Load the new sid to be written with the response.
         @loaded = false
         load_for_write!
       end
@@ -88,7 +90,13 @@ module ActionDispatch
       # +nil+ if the given key is not found in the session.
       def [](key)
         load_for_read!
-        @delegate[key.to_s]
+        key = key.to_s
+
+        if key == "session_id"
+          id&.public_id
+        else
+          @delegate[key]
+        end
       end
 
       # Returns true if the session has the given key or false.
@@ -101,11 +109,13 @@ module ActionDispatch
 
       # Returns keys of the session as Array.
       def keys
+        load_for_read!
         @delegate.keys
       end
 
       # Returns values of the session as Array.
       def values
+        load_for_read!
         @delegate.values
       end
 
@@ -126,6 +136,7 @@ module ActionDispatch
         load_for_read!
         @delegate.dup.delete_if { |_, v| v.nil? }
       end
+      alias :to_h :to_hash
 
       # Updates the session with given Hash.
       #

data/lib/action_dispatch/request/utils.rb

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/indifferent_access"
+
 module ActionDispatch
   class Request
     class Utils # :nodoc:
-      mattr_accessor :perform_deep_munge
-      self.perform_deep_munge = true
+      mattr_accessor :perform_deep_munge, default: true
 
       def self.each_param_value(params, &block)
         case params
@@ -40,7 +43,6 @@ module ActionDispatch
 
       class ParamEncoder # :nodoc:
         # Convert nested Hash to HashWithIndifferentAccess.
-        #
         def self.normalize_encode_params(params)
           case params
           when Array
@@ -63,7 +65,7 @@ module ActionDispatch
         end
       end
 
-      # Remove nils from the params hash
+      # Remove nils from the params hash.
       class NoNilParamEncoder < ParamEncoder # :nodoc:
         def self.handle_array(params)
           list = super

data/lib/action_dispatch/routing.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/string/filters"
 
 module ActionDispatch
@@ -120,7 +122,7 @@ module ActionDispatch
   #   controller :blog do
   #     get 'blog/show'     => :list
   #     get 'blog/delete'   => :delete
-  #     get 'blog/edit' => :edit
+  #     get 'blog/edit'     => :edit
   #   end
   #
   #   # provides named routes for show, delete, and edit

data/lib/action_dispatch/routing/endpoint.rb

@@ -1,10 +1,17 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Routing
     class Endpoint # :nodoc:
       def dispatcher?;   false; end
       def redirect?;     false; end
-      def matches?(req); true;  end
-      def app;           self;  end
+      def matches?(req);  true; end
+      def app;            self; end
+      def rack_app;        app; end
+
+      def engine?
+        rack_app.is_a?(Class) && rack_app < Rails::Engine
+      end
     end
   end
 end

data/lib/action_dispatch/routing/inspector.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "delegate"
 require "active_support/core_ext/string/strip"
 
@@ -13,7 +15,7 @@ module ActionDispatch
       end
 
       def rack_app
-        app.app
+        app.rack_app
       end
 
       def path
@@ -45,7 +47,7 @@ module ActionDispatch
       end
 
       def engine?
-        rack_app.respond_to?(:routes)
+        app.engine?
       end
     end
 
@@ -82,7 +84,7 @@ module ActionDispatch
 
         def normalize_filter(filter)
           if filter.is_a?(Hash) && filter[:controller]
-            { controller: /#{filter[:controller].downcase.sub(/_?controller\z/, '').sub('::', '/')}/ }
+            { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
           elsif filter
             { controller: /#{filter}/, action: /#{filter}/, verb: /#{filter}/, name: /#{filter}/, path: /#{filter}/ }
           end
@@ -196,7 +198,7 @@ module ActionDispatch
         @buffer << @view.render(partial: "routes/route", collection: routes)
       end
 
-      # the header is part of the HTML page, so we don't construct it here.
+      # The header is part of the HTML page, so we don't construct it here.
       def header(routes)
       end
 

data/lib/action_dispatch/routing/mapper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/hash/slice"
 require "active_support/core_ext/enumerable"
 require "active_support/core_ext/array/extract_options"
@@ -17,9 +19,9 @@ module ActionDispatch
         CALL  = ->(app, req) { app.call req.env }
 
         def initialize(app, constraints, strategy)
-          # Unwrap Constraints objects.  I don't actually think it's possible
+          # Unwrap Constraints objects. I don't actually think it's possible
           # to pass a Constraints object to this constructor, but there were
-          # multiple places that kept testing children of this object.  I
+          # multiple places that kept testing children of this object. I
           # *think* they were just being defensive, but I have no idea.
           if app.is_a?(self.class)
             constraints += app.constraints
@@ -219,7 +221,7 @@ module ActionDispatch
         private
           def add_wildcard_options(options, formatted, path_ast)
             # Add a constraint for wildcard route to make it non-greedy and match the
-            # optional format part of the route by default
+            # optional format part of the route by default.
             if formatted != false
               path_ast.grep(Journey::Nodes::Star).each_with_object({}) { |node, hash|
                 hash[node.name.to_sym] ||= /.+?/
@@ -306,7 +308,7 @@ module ActionDispatch
           def check_controller_and_action(path_params, controller, action)
             hash = check_part(:controller, controller, path_params, {}) do |part|
               translate_controller(part) {
-                message = "'#{part}' is not a supported controller name. This can lead to potential routing problems."
+                message = "'#{part}' is not a supported controller name. This can lead to potential routing problems.".dup
                 message << " See http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use"
 
                 raise ArgumentError, message
@@ -388,7 +390,7 @@ module ActionDispatch
       # for root cases, where the latter is the correct one.
       def self.normalize_path(path)
         path = Journey::Router::Utils.normalize_path(path)
-        path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/\(+[^)]+\)$}
+        path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/(\(+[^)]+\)){1,}$}
         path
       end
 
@@ -397,7 +399,7 @@ module ActionDispatch
       end
 
       module Base
-        # Matches a url pattern to one or more routes.
+        # Matches a URL pattern to one or more routes.
         #
         # You should not use the +match+ method in your router
         # without specifying an HTTP method.
@@ -407,7 +409,7 @@ module ActionDispatch
         #   # sets :controller, :action and :id in params
         #   match ':controller/:action/:id', via: [:get, :post]
         #
-        # Note that +:controller+, +:action+ and +:id+ are interpreted as url
+        # Note that +:controller+, +:action+ and +:id+ are interpreted as URL
         # query parameters and thus available through +params+ in an action.
         #
         # If you want to expose your action to GET, use +get+ in the router:
@@ -456,7 +458,7 @@ module ActionDispatch
         #
         # === Options
         #
-        # Any options not seen here are passed on as params with the url.
+        # Any options not seen here are passed on as params with the URL.
         #
         # [:controller]
         #   The route's controller.
@@ -471,7 +473,17 @@ module ActionDispatch
         #   <tt>params[<:param>]</tt>.
         #   In your router:
         #
-        #      resources :user, param: :name
+        #      resources :users, param: :name
+        #
+        #   The +users+ resource here will have the following routes generated for it:
+        #
+        #      GET       /users(.:format)
+        #      POST      /users(.:format)
+        #      GET       /users/new(.:format)
+        #      GET       /users/:name/edit(.:format)
+        #      GET       /users/:name(.:format)
+        #      PATCH/PUT /users/:name(.:format)
+        #      DELETE    /users/:name(.:format)
         #
         #   You can override <tt>ActiveRecord::Base#to_param</tt> of a related
         #   model to construct a URL:
@@ -482,8 +494,8 @@ module ActionDispatch
         #        end
         #      end
         #
-        #   user = User.find_by(name: 'Phusion')
-        #   user_path(user)  # => "/users/Phusion"
+        #      user = User.find_by(name: 'Phusion')
+        #      user_path(user)  # => "/users/Phusion"
         #
         # [:path]
         #   The path prefix for the routes.
@@ -1252,7 +1264,7 @@ module ActionDispatch
         #
         #   resource :profile
         #
-        # creates six different routes in your application, all mapping to
+        # This creates six different routes in your application, all mapping to
         # the +Profiles+ controller (note that the controller is named after
         # the plural):
         #
@@ -1264,7 +1276,7 @@ module ActionDispatch
         #   POST      /profile
         #
         # === Options
-        # Takes same options as +resources+.
+        # Takes same options as resources[rdoc-ref:#resources]
         def resource(*resources, &block)
           options = resources.extract_options!.dup
 
@@ -1329,7 +1341,7 @@ module ActionDispatch
         #   DELETE    /photos/:photo_id/comments/:id
         #
         # === Options
-        # Takes same options as <tt>Base#match</tt> as well as:
+        # Takes same options as match[rdoc-ref:Base#match] as well as:
         #
         # [:path_names]
         #   Allows you to change the segment component of the +edit+ and +new+ actions.
@@ -1337,14 +1349,14 @@ module ActionDispatch
         #
         #     resources :posts, path_names: { new: "brand_new" }
         #
-        #   The above example will now change /posts/new to /posts/brand_new
+        #   The above example will now change /posts/new to /posts/brand_new.
         #
         # [:path]
         #   Allows you to change the path prefix for the resource.
         #
         #     resources :posts, path: 'postings'
         #
-        #   The resource and all segments will now route to /postings instead of /posts
+        #   The resource and all segments will now route to /postings instead of /posts.
         #
         # [:only]
         #   Only generate routes for the given actions.
@@ -1539,7 +1551,7 @@ module ActionDispatch
           end
         end
 
-        # See ActionDispatch::Routing::Mapper::Scoping#namespace
+        # See ActionDispatch::Routing::Mapper::Scoping#namespace.
         def namespace(path, options = {})
           if resource_scope?
             nested { super }
@@ -1559,10 +1571,10 @@ module ActionDispatch
           !parent_resource.singleton? && @scope[:shallow]
         end
 
-        # Matches a url pattern to one or more routes.
+        # Matches a URL pattern to one or more routes.
         # For more information, see match[rdoc-ref:Base#match].
         #
-        #   match 'path' => 'controller#action', via: patch
+        #   match 'path' => 'controller#action', via: :patch
         #   match 'path', to: 'controller#action', via: :post
         #   match 'path', 'otherpath', on: :member, via: :get
         def match(path, *rest, &block)
@@ -1850,7 +1862,7 @@ module ActionDispatch
             path_types.fetch(String, []).each do |_path|
               route_options = options.dup
               if _path && option_path
-                raise ArgumentError, "Ambigous route definition. Both :path and the route path where specified as strings."
+                raise ArgumentError, "Ambiguous route definition. Both :path and the route path were specified as strings."
               end
               to = get_to_from_path(_path, to, route_options[:action])
               decomposed_match(_path, controller, route_options, _path, to, via, formatted, anchor, options_constraints)
@@ -2017,7 +2029,7 @@ module ActionDispatch
         #     concerns :commentable
         #   end
         #
-        # concerns also work in any routes helper that you want to use:
+        # Concerns also work in any routes helper that you want to use:
         #
         #   namespace :posts do
         #     concerns :commentable
@@ -2035,7 +2047,7 @@ module ActionDispatch
       end
 
       module CustomUrls
-        # Define custom url helpers that will be added to the application's
+        # Define custom URL helpers that will be added to the application's
         # routes. This allows you to override and/or replace the default behavior
         # of routing helpers, e.g:
         #
@@ -2051,37 +2063,37 @@ module ActionDispatch
         #     { controller: "pages", action: "index", subdomain: "www" }
         #   end
         #
-        # The return value from the block passed to `direct` must be a valid set of
-        # arguments for `url_for` which will actually build the url string. This can
+        # The return value from the block passed to +direct+ must be a valid set of
+        # arguments for +url_for+ which will actually build the URL string. This can
         # be one of the following:
         #
-        #   * A string, which is treated as a generated url
-        #   * A hash, e.g. { controller: "pages", action: "index" }
-        #   * An array, which is passed to `polymorphic_url`
-        #   * An Active Model instance
-        #   * An Active Model class
+        # * A string, which is treated as a generated URL
+        # * A hash, e.g. <tt>{ controller: "pages", action: "index" }</tt>
+        # * An array, which is passed to +polymorphic_url+
+        # * An Active Model instance
+        # * An Active Model class
         #
-        # NOTE: Other url helpers can be called in the block but be careful not to invoke
-        # your custom url helper again otherwise it will result in a stack overflow error
+        # NOTE: Other URL helpers can be called in the block but be careful not to invoke
+        # your custom URL helper again otherwise it will result in a stack overflow error.
         #
         # You can also specify default options that will be passed through to
-        # your url helper definition, e.g:
+        # your URL helper definition, e.g:
         #
         #   direct :browse, page: 1, size: 10 do |options|
         #     [ :products, options.merge(params.permit(:page, :size).to_h.symbolize_keys) ]
         #   end
         #
-        # In this instance the `params` object comes from the context in which the the
-        # block is executed, e.g. generating a url inside a controller action or a view.
-        # If the block is executed where there isn't a params object such as this:
+        # In this instance the +params+ object comes from the context in which the
+        # block is executed, e.g. generating a URL inside a controller action or a view.
+        # If the block is executed where there isn't a +params+ object such as this:
         #
         #   Rails.application.routes.url_helpers.browse_path
         #
-        # then it will raise a `NameError`. Because of this you need to be aware of the
-        # context in which you will use your custom url helper when defining it.
+        # then it will raise a +NameError+. Because of this you need to be aware of the
+        # context in which you will use your custom URL helper when defining it.
         #
-        # NOTE: The `direct` method can't be used inside of a scope block such as
-        # `namespace` or `scope` and will raise an error if it detects that it is.
+        # NOTE: The +direct+ method can't be used inside of a scope block such as
+        # +namespace+ or +scope+ and will raise an error if it detects that it is.
         def direct(name, options = {}, &block)
           unless @scope.root?
             raise RuntimeError, "The direct method can't be used inside a routes scope block"
@@ -2090,9 +2102,9 @@ module ActionDispatch
           @set.add_url_helper(name, options, &block)
         end
 
-        # Define custom polymorphic mappings of models to urls. This alters the
-        # behavior of `polymorphic_url` and consequently the behavior of
-        # `link_to` and `form_for` when passed a model instance, e.g:
+        # Define custom polymorphic mappings of models to URLs. This alters the
+        # behavior of +polymorphic_url+ and consequently the behavior of
+        # +link_to+ and +form_for+ when passed a model instance, e.g:
         #
         #   resource :basket
         #
@@ -2100,10 +2112,10 @@ module ActionDispatch
         #     [:basket]
         #   end
         #
-        # This will now generate "/basket" when a `Basket` instance is passed to
-        # `link_to` or `form_for` instead of the standard "/baskets/:id".
+        # This will now generate "/basket" when a +Basket+ instance is passed to
+        # +link_to+ or +form_for+ instead of the standard "/baskets/:id".
         #
-        # NOTE: This custom behavior only applies to simple polymorphic urls where
+        # NOTE: This custom behavior only applies to simple polymorphic URLs where
         # a single model instance is passed and not more complicated forms, e.g:
         #
         #   # config/routes.rb
@@ -2118,8 +2130,8 @@ module ActionDispatch
         #   link_to "Profile", @current_user
         #   link_to "Profile", [:admin, @current_user]
         #
-        # The first `link_to` will generate "/profile" but the second will generate
-        # the standard polymorphic url of "/admin/users/1".
+        # The first +link_to+ will generate "/profile" but the second will generate
+        # the standard polymorphic URL of "/admin/users/1".
         #
         # You can pass options to a polymorphic mapping - the arity for the block
         # needs to be two as the instance is passed as the first argument, e.g:
@@ -2128,12 +2140,12 @@ module ActionDispatch
         #     [:basket, options]
         #   end
         #
-        # This generates the url "/basket#items" because when the last item in an
-        # array passed to `polymorphic_url` is a hash then it's treated as options
-        # to the url helper that gets called.
+        # This generates the URL "/basket#items" because when the last item in an
+        # array passed to +polymorphic_url+ is a hash then it's treated as options
+        # to the URL helper that gets called.
         #
-        # NOTE: The `resolve` method can't be used inside of a scope block such as
-        # `namespace` or `scope` and will raise an error if it detects that it is.
+        # NOTE: The +resolve+ method can't be used inside of a scope block such as
+        # +namespace+ or +scope+ and will raise an error if it detects that it is.
         def resolve(*args, &block)
           unless @scope.root?
             raise RuntimeError, "The resolve method can't be used inside a routes scope block"