actionpack 5.2.8.1 → 6.1.6.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +383 -346
- data/MIT-LICENSE +1 -2
- data/README.rdoc +4 -3
- data/lib/abstract_controller/base.rb +38 -4
- data/lib/abstract_controller/caching/fragments.rb +6 -22
- data/lib/abstract_controller/caching.rb +1 -1
- data/lib/abstract_controller/callbacks.rb +14 -2
- data/lib/abstract_controller/collector.rb +5 -4
- data/lib/abstract_controller/helpers.rb +106 -90
- data/lib/abstract_controller/railties/routes_helpers.rb +17 -1
- data/lib/abstract_controller/rendering.rb +9 -9
- data/lib/abstract_controller/translation.rb +11 -5
- data/lib/abstract_controller.rb +1 -0
- data/lib/action_controller/api.rb +4 -3
- data/lib/action_controller/base.rb +6 -9
- data/lib/action_controller/caching.rb +1 -3
- data/lib/action_controller/log_subscriber.rb +10 -7
- data/lib/action_controller/metal/basic_implicit_render.rb +1 -1
- data/lib/action_controller/metal/conditional_get.rb +19 -5
- data/lib/action_controller/metal/content_security_policy.rb +1 -2
- data/lib/action_controller/metal/cookies.rb +3 -1
- data/lib/action_controller/metal/data_streaming.rb +6 -7
- data/lib/action_controller/metal/default_headers.rb +17 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +4 -6
- data/lib/action_controller/metal/exceptions.rb +56 -2
- data/lib/action_controller/metal/flash.rb +5 -5
- data/lib/action_controller/metal/head.rb +7 -4
- data/lib/action_controller/metal/helpers.rb +14 -5
- data/lib/action_controller/metal/http_authentication.rb +25 -23
- data/lib/action_controller/metal/implicit_render.rb +5 -15
- data/lib/action_controller/metal/instrumentation.rb +13 -14
- data/lib/action_controller/metal/live.rb +39 -32
- data/lib/action_controller/metal/logging.rb +20 -0
- data/lib/action_controller/metal/mime_responds.rb +19 -4
- data/lib/action_controller/metal/parameter_encoding.rb +35 -4
- data/lib/action_controller/metal/params_wrapper.rb +32 -22
- data/lib/action_controller/metal/permissions_policy.rb +46 -0
- data/lib/action_controller/metal/redirecting.rb +6 -6
- data/lib/action_controller/metal/renderers.rb +4 -4
- data/lib/action_controller/metal/rendering.rb +8 -3
- data/lib/action_controller/metal/request_forgery_protection.rb +26 -49
- data/lib/action_controller/metal/rescue.rb +1 -1
- data/lib/action_controller/metal/streaming.rb +0 -1
- data/lib/action_controller/metal/strong_parameters.rb +168 -59
- data/lib/action_controller/metal/url_for.rb +1 -1
- data/lib/action_controller/metal.rb +10 -8
- data/lib/action_controller/railties/helpers.rb +1 -1
- data/lib/action_controller/renderer.rb +37 -13
- data/lib/action_controller/template_assertions.rb +1 -1
- data/lib/action_controller/test_case.rb +71 -63
- data/lib/action_controller.rb +7 -4
- data/lib/action_dispatch/http/cache.rb +31 -27
- data/lib/action_dispatch/http/content_disposition.rb +45 -0
- data/lib/action_dispatch/http/content_security_policy.rb +34 -18
- data/lib/action_dispatch/http/filter_parameters.rb +9 -8
- data/lib/action_dispatch/http/filter_redirect.rb +2 -3
- data/lib/action_dispatch/http/headers.rb +4 -4
- data/lib/action_dispatch/http/mime_negotiation.rb +26 -13
- data/lib/action_dispatch/http/mime_type.rb +43 -24
- data/lib/action_dispatch/http/parameters.rb +14 -23
- data/lib/action_dispatch/http/permissions_policy.rb +173 -0
- data/lib/action_dispatch/http/request.rb +45 -22
- data/lib/action_dispatch/http/response.rb +45 -25
- data/lib/action_dispatch/http/upload.rb +9 -1
- data/lib/action_dispatch/http/url.rb +82 -82
- data/lib/action_dispatch/journey/formatter.rb +55 -31
- data/lib/action_dispatch/journey/gtg/builder.rb +22 -37
- data/lib/action_dispatch/journey/gtg/simulator.rb +8 -7
- data/lib/action_dispatch/journey/gtg/transition_table.rb +6 -5
- data/lib/action_dispatch/journey/nfa/dot.rb +0 -11
- data/lib/action_dispatch/journey/nodes/node.rb +13 -11
- data/lib/action_dispatch/journey/parser.rb +13 -13
- data/lib/action_dispatch/journey/parser.y +1 -1
- data/lib/action_dispatch/journey/path/pattern.rb +19 -21
- data/lib/action_dispatch/journey/route.rb +10 -20
- data/lib/action_dispatch/journey/router/utils.rb +14 -12
- data/lib/action_dispatch/journey/router.rb +26 -34
- data/lib/action_dispatch/journey/routes.rb +0 -2
- data/lib/action_dispatch/journey/scanner.rb +10 -4
- data/lib/action_dispatch/journey/visitors.rb +1 -4
- data/lib/action_dispatch/journey.rb +0 -2
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
- data/lib/action_dispatch/middleware/callbacks.rb +2 -4
- data/lib/action_dispatch/middleware/cookies.rb +128 -109
- data/lib/action_dispatch/middleware/debug_exceptions.rb +43 -66
- data/lib/action_dispatch/middleware/debug_locks.rb +5 -5
- data/lib/action_dispatch/middleware/debug_view.rb +66 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +75 -30
- data/lib/action_dispatch/middleware/flash.rb +1 -1
- data/lib/action_dispatch/middleware/host_authorization.rb +170 -0
- data/lib/action_dispatch/middleware/public_exceptions.rb +6 -3
- data/lib/action_dispatch/middleware/remote_ip.rb +14 -16
- data/lib/action_dispatch/middleware/request_id.rb +5 -6
- data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -3
- data/lib/action_dispatch/middleware/session/cookie_store.rb +3 -9
- data/lib/action_dispatch/middleware/show_exceptions.rb +13 -2
- data/lib/action_dispatch/middleware/ssl.rb +20 -15
- data/lib/action_dispatch/middleware/stack.rb +56 -2
- data/lib/action_dispatch/middleware/static.rb +153 -93
- data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +3 -1
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +4 -2
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +45 -35
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -0
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +23 -4
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +6 -3
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +4 -1
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +104 -8
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +2 -2
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +2 -2
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +24 -1
- data/lib/action_dispatch/railtie.rb +8 -2
- data/lib/action_dispatch/request/session.rb +11 -10
- data/lib/action_dispatch/request/utils.rb +26 -2
- data/lib/action_dispatch/routing/inspector.rb +100 -52
- data/lib/action_dispatch/routing/mapper.rb +155 -103
- data/lib/action_dispatch/routing/polymorphic_routes.rb +13 -15
- data/lib/action_dispatch/routing/redirection.rb +4 -4
- data/lib/action_dispatch/routing/route_set.rb +71 -69
- data/lib/action_dispatch/routing/url_for.rb +2 -2
- data/lib/action_dispatch/routing.rb +21 -20
- data/lib/action_dispatch/system_test_case.rb +60 -11
- data/lib/action_dispatch/system_testing/browser.rb +53 -16
- data/lib/action_dispatch/system_testing/driver.rb +11 -3
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +49 -7
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +8 -10
- data/lib/action_dispatch/testing/assertion_response.rb +0 -1
- data/lib/action_dispatch/testing/assertions/response.rb +4 -7
- data/lib/action_dispatch/testing/assertions/routing.rb +20 -8
- data/lib/action_dispatch/testing/assertions.rb +1 -1
- data/lib/action_dispatch/testing/integration.rb +60 -28
- data/lib/action_dispatch/testing/request_encoder.rb +2 -2
- data/lib/action_dispatch/testing/test_process.rb +32 -4
- data/lib/action_dispatch/testing/test_request.rb +3 -3
- data/lib/action_dispatch/testing/test_response.rb +4 -32
- data/lib/action_dispatch.rb +9 -3
- data/lib/action_pack/gem_version.rb +3 -3
- data/lib/action_pack.rb +1 -1
- metadata +34 -21
- data/lib/action_controller/metal/force_ssl.rb +0 -99
- data/lib/action_dispatch/http/parameter_filter.rb +0 -86
- data/lib/action_dispatch/journey/nfa/builder.rb +0 -78
- data/lib/action_dispatch/journey/nfa/simulator.rb +0 -49
- data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -120
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +0 -26
@@ -14,40 +14,12 @@ module ActionDispatch
|
|
14
14
|
new response.status, response.headers, response.body
|
15
15
|
end
|
16
16
|
|
17
|
-
def
|
18
|
-
|
19
|
-
@response_parser = RequestEncoder.parser(content_type)
|
20
|
-
end
|
21
|
-
|
22
|
-
# Was the response successful?
|
23
|
-
def success?
|
24
|
-
ActiveSupport::Deprecation.warn(<<-MSG.squish)
|
25
|
-
The success? predicate is deprecated and will be removed in Rails 6.0.
|
26
|
-
Please use successful? as provided by Rack::Response::Helpers.
|
27
|
-
MSG
|
28
|
-
successful?
|
29
|
-
end
|
30
|
-
|
31
|
-
# Was the URL not found?
|
32
|
-
def missing?
|
33
|
-
ActiveSupport::Deprecation.warn(<<-MSG.squish)
|
34
|
-
The missing? predicate is deprecated and will be removed in Rails 6.0.
|
35
|
-
Please use not_found? as provided by Rack::Response::Helpers.
|
36
|
-
MSG
|
37
|
-
not_found?
|
38
|
-
end
|
39
|
-
|
40
|
-
# Was there a server-side error?
|
41
|
-
def error?
|
42
|
-
ActiveSupport::Deprecation.warn(<<-MSG.squish)
|
43
|
-
The error? predicate is deprecated and will be removed in Rails 6.0.
|
44
|
-
Please use server_error? as provided by Rack::Response::Helpers.
|
45
|
-
MSG
|
46
|
-
server_error?
|
17
|
+
def parsed_body
|
18
|
+
@parsed_body ||= response_parser.call(body)
|
47
19
|
end
|
48
20
|
|
49
|
-
def
|
50
|
-
@
|
21
|
+
def response_parser
|
22
|
+
@response_parser ||= RequestEncoder.parser(media_type)
|
51
23
|
end
|
52
24
|
end
|
53
25
|
end
|
data/lib/action_dispatch.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
#--
|
4
|
-
# Copyright (c) 2004-
|
4
|
+
# Copyright (c) 2004-2022 David Heinemeier Hansson
|
5
5
|
#
|
6
6
|
# Permission is hereby granted, free of charge, to any person obtaining
|
7
7
|
# a copy of this software and associated documentation files (the
|
@@ -40,20 +40,27 @@ module ActionDispatch
|
|
40
40
|
class IllegalStateError < StandardError
|
41
41
|
end
|
42
42
|
|
43
|
+
class MissingController < NameError
|
44
|
+
end
|
45
|
+
|
43
46
|
eager_autoload do
|
44
47
|
autoload_under "http" do
|
45
48
|
autoload :ContentSecurityPolicy
|
49
|
+
autoload :PermissionsPolicy
|
46
50
|
autoload :Request
|
47
51
|
autoload :Response
|
48
52
|
end
|
49
53
|
end
|
50
54
|
|
51
55
|
autoload_under "middleware" do
|
56
|
+
autoload :HostAuthorization
|
52
57
|
autoload :RequestId
|
53
58
|
autoload :Callbacks
|
54
59
|
autoload :Cookies
|
60
|
+
autoload :ActionableExceptions
|
55
61
|
autoload :DebugExceptions
|
56
62
|
autoload :DebugLocks
|
63
|
+
autoload :DebugView
|
57
64
|
autoload :ExceptionWrapper
|
58
65
|
autoload :Executor
|
59
66
|
autoload :Flash
|
@@ -76,8 +83,6 @@ module ActionDispatch
|
|
76
83
|
autoload :Headers
|
77
84
|
autoload :MimeNegotiation
|
78
85
|
autoload :Parameters
|
79
|
-
autoload :ParameterFilter
|
80
|
-
autoload :Upload
|
81
86
|
autoload :UploadedFile, "action_dispatch/http/upload"
|
82
87
|
autoload :URL
|
83
88
|
end
|
@@ -110,4 +115,5 @@ autoload :Mime, "action_dispatch/http/mime_type"
|
|
110
115
|
ActiveSupport.on_load(:action_view) do
|
111
116
|
ActionView::Base.default_formats ||= Mime::SET.symbols
|
112
117
|
ActionView::Template::Types.delegate_to Mime
|
118
|
+
ActionView::LookupContext::DetailsKey.clear
|
113
119
|
end
|
data/lib/action_pack.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
#--
|
4
|
-
# Copyright (c) 2004-
|
4
|
+
# Copyright (c) 2004-2022 David Heinemeier Hansson
|
5
5
|
#
|
6
6
|
# Permission is hereby granted, free of charge, to any person obtaining
|
7
7
|
# a copy of this software and associated documentation files (the
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.1.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 6.1.6.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 6.1.6.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rack
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -33,7 +33,7 @@ dependencies:
|
|
33
33
|
version: '2.0'
|
34
34
|
- - ">="
|
35
35
|
- !ruby/object:Gem::Version
|
36
|
-
version: 2.0.
|
36
|
+
version: 2.0.9
|
37
37
|
type: :runtime
|
38
38
|
prerelease: false
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: '2.0'
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: 2.0.
|
46
|
+
version: 2.0.9
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: rack-test
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -67,7 +67,7 @@ dependencies:
|
|
67
67
|
version: '1.0'
|
68
68
|
- - ">="
|
69
69
|
- !ruby/object:Gem::Version
|
70
|
-
version: 1.0
|
70
|
+
version: 1.2.0
|
71
71
|
type: :runtime
|
72
72
|
prerelease: false
|
73
73
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -77,7 +77,7 @@ dependencies:
|
|
77
77
|
version: '1.0'
|
78
78
|
- - ">="
|
79
79
|
- !ruby/object:Gem::Version
|
80
|
-
version: 1.0
|
80
|
+
version: 1.2.0
|
81
81
|
- !ruby/object:Gem::Dependency
|
82
82
|
name: rails-dom-testing
|
83
83
|
requirement: !ruby/object:Gem::Requirement
|
@@ -98,28 +98,28 @@ dependencies:
|
|
98
98
|
requirements:
|
99
99
|
- - '='
|
100
100
|
- !ruby/object:Gem::Version
|
101
|
-
version:
|
101
|
+
version: 6.1.6.1
|
102
102
|
type: :runtime
|
103
103
|
prerelease: false
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
105
105
|
requirements:
|
106
106
|
- - '='
|
107
107
|
- !ruby/object:Gem::Version
|
108
|
-
version:
|
108
|
+
version: 6.1.6.1
|
109
109
|
- !ruby/object:Gem::Dependency
|
110
110
|
name: activemodel
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
112
112
|
requirements:
|
113
113
|
- - '='
|
114
114
|
- !ruby/object:Gem::Version
|
115
|
-
version:
|
115
|
+
version: 6.1.6.1
|
116
116
|
type: :development
|
117
117
|
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - '='
|
121
121
|
- !ruby/object:Gem::Version
|
122
|
-
version:
|
122
|
+
version: 6.1.6.1
|
123
123
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
124
124
|
testing MVC web applications. Works with any Rack-compatible server.
|
125
125
|
email: david@loudthinking.com
|
@@ -157,20 +157,22 @@ files:
|
|
157
157
|
- lib/action_controller/metal/content_security_policy.rb
|
158
158
|
- lib/action_controller/metal/cookies.rb
|
159
159
|
- lib/action_controller/metal/data_streaming.rb
|
160
|
+
- lib/action_controller/metal/default_headers.rb
|
160
161
|
- lib/action_controller/metal/etag_with_flash.rb
|
161
162
|
- lib/action_controller/metal/etag_with_template_digest.rb
|
162
163
|
- lib/action_controller/metal/exceptions.rb
|
163
164
|
- lib/action_controller/metal/flash.rb
|
164
|
-
- lib/action_controller/metal/force_ssl.rb
|
165
165
|
- lib/action_controller/metal/head.rb
|
166
166
|
- lib/action_controller/metal/helpers.rb
|
167
167
|
- lib/action_controller/metal/http_authentication.rb
|
168
168
|
- lib/action_controller/metal/implicit_render.rb
|
169
169
|
- lib/action_controller/metal/instrumentation.rb
|
170
170
|
- lib/action_controller/metal/live.rb
|
171
|
+
- lib/action_controller/metal/logging.rb
|
171
172
|
- lib/action_controller/metal/mime_responds.rb
|
172
173
|
- lib/action_controller/metal/parameter_encoding.rb
|
173
174
|
- lib/action_controller/metal/params_wrapper.rb
|
175
|
+
- lib/action_controller/metal/permissions_policy.rb
|
174
176
|
- lib/action_controller/metal/redirecting.rb
|
175
177
|
- lib/action_controller/metal/renderers.rb
|
176
178
|
- lib/action_controller/metal/rendering.rb
|
@@ -187,6 +189,7 @@ files:
|
|
187
189
|
- lib/action_controller/test_case.rb
|
188
190
|
- lib/action_dispatch.rb
|
189
191
|
- lib/action_dispatch/http/cache.rb
|
192
|
+
- lib/action_dispatch/http/content_disposition.rb
|
190
193
|
- lib/action_dispatch/http/content_security_policy.rb
|
191
194
|
- lib/action_dispatch/http/filter_parameters.rb
|
192
195
|
- lib/action_dispatch/http/filter_redirect.rb
|
@@ -194,8 +197,8 @@ files:
|
|
194
197
|
- lib/action_dispatch/http/mime_negotiation.rb
|
195
198
|
- lib/action_dispatch/http/mime_type.rb
|
196
199
|
- lib/action_dispatch/http/mime_types.rb
|
197
|
-
- lib/action_dispatch/http/parameter_filter.rb
|
198
200
|
- lib/action_dispatch/http/parameters.rb
|
201
|
+
- lib/action_dispatch/http/permissions_policy.rb
|
199
202
|
- lib/action_dispatch/http/rack_cache.rb
|
200
203
|
- lib/action_dispatch/http/request.rb
|
201
204
|
- lib/action_dispatch/http/response.rb
|
@@ -206,10 +209,7 @@ files:
|
|
206
209
|
- lib/action_dispatch/journey/gtg/builder.rb
|
207
210
|
- lib/action_dispatch/journey/gtg/simulator.rb
|
208
211
|
- lib/action_dispatch/journey/gtg/transition_table.rb
|
209
|
-
- lib/action_dispatch/journey/nfa/builder.rb
|
210
212
|
- lib/action_dispatch/journey/nfa/dot.rb
|
211
|
-
- lib/action_dispatch/journey/nfa/simulator.rb
|
212
|
-
- lib/action_dispatch/journey/nfa/transition_table.rb
|
213
213
|
- lib/action_dispatch/journey/nodes/node.rb
|
214
214
|
- lib/action_dispatch/journey/parser.rb
|
215
215
|
- lib/action_dispatch/journey/parser.y
|
@@ -224,13 +224,16 @@ files:
|
|
224
224
|
- lib/action_dispatch/journey/visualizer/fsm.css
|
225
225
|
- lib/action_dispatch/journey/visualizer/fsm.js
|
226
226
|
- lib/action_dispatch/journey/visualizer/index.html.erb
|
227
|
+
- lib/action_dispatch/middleware/actionable_exceptions.rb
|
227
228
|
- lib/action_dispatch/middleware/callbacks.rb
|
228
229
|
- lib/action_dispatch/middleware/cookies.rb
|
229
230
|
- lib/action_dispatch/middleware/debug_exceptions.rb
|
230
231
|
- lib/action_dispatch/middleware/debug_locks.rb
|
232
|
+
- lib/action_dispatch/middleware/debug_view.rb
|
231
233
|
- lib/action_dispatch/middleware/exception_wrapper.rb
|
232
234
|
- lib/action_dispatch/middleware/executor.rb
|
233
235
|
- lib/action_dispatch/middleware/flash.rb
|
236
|
+
- lib/action_dispatch/middleware/host_authorization.rb
|
234
237
|
- lib/action_dispatch/middleware/public_exceptions.rb
|
235
238
|
- lib/action_dispatch/middleware/reloader.rb
|
236
239
|
- lib/action_dispatch/middleware/remote_ip.rb
|
@@ -243,17 +246,24 @@ files:
|
|
243
246
|
- lib/action_dispatch/middleware/ssl.rb
|
244
247
|
- lib/action_dispatch/middleware/stack.rb
|
245
248
|
- lib/action_dispatch/middleware/static.rb
|
249
|
+
- lib/action_dispatch/middleware/templates/rescues/_actions.html.erb
|
250
|
+
- lib/action_dispatch/middleware/templates/rescues/_actions.text.erb
|
251
|
+
- lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb
|
246
252
|
- lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
|
247
253
|
- lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb
|
248
254
|
- lib/action_dispatch/middleware/templates/rescues/_source.html.erb
|
249
255
|
- lib/action_dispatch/middleware/templates/rescues/_source.text.erb
|
250
256
|
- lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
|
251
257
|
- lib/action_dispatch/middleware/templates/rescues/_trace.text.erb
|
258
|
+
- lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
|
259
|
+
- lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
|
252
260
|
- lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb
|
253
261
|
- lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb
|
254
262
|
- lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb
|
255
263
|
- lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb
|
256
264
|
- lib/action_dispatch/middleware/templates/rescues/layout.erb
|
265
|
+
- lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb
|
266
|
+
- lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb
|
257
267
|
- lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb
|
258
268
|
- lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb
|
259
269
|
- lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb
|
@@ -282,7 +292,6 @@ files:
|
|
282
292
|
- lib/action_dispatch/system_testing/server.rb
|
283
293
|
- lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb
|
284
294
|
- lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb
|
285
|
-
- lib/action_dispatch/system_testing/test_helpers/undef_methods.rb
|
286
295
|
- lib/action_dispatch/testing/assertion_response.rb
|
287
296
|
- lib/action_dispatch/testing/assertions.rb
|
288
297
|
- lib/action_dispatch/testing/assertions/response.rb
|
@@ -295,12 +304,16 @@ files:
|
|
295
304
|
- lib/action_pack.rb
|
296
305
|
- lib/action_pack/gem_version.rb
|
297
306
|
- lib/action_pack/version.rb
|
298
|
-
homepage:
|
307
|
+
homepage: https://rubyonrails.org
|
299
308
|
licenses:
|
300
309
|
- MIT
|
301
310
|
metadata:
|
302
|
-
|
303
|
-
changelog_uri: https://github.com/rails/rails/blob/
|
311
|
+
bug_tracker_uri: https://github.com/rails/rails/issues
|
312
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.1.6.1/actionpack/CHANGELOG.md
|
313
|
+
documentation_uri: https://api.rubyonrails.org/v6.1.6.1/
|
314
|
+
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
315
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.1.6.1/actionpack
|
316
|
+
rubygems_mfa_required: 'true'
|
304
317
|
post_install_message:
|
305
318
|
rdoc_options: []
|
306
319
|
require_paths:
|
@@ -309,7 +322,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
309
322
|
requirements:
|
310
323
|
- - ">="
|
311
324
|
- !ruby/object:Gem::Version
|
312
|
-
version: 2.
|
325
|
+
version: 2.5.0
|
313
326
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
314
327
|
requirements:
|
315
328
|
- - ">="
|
@@ -1,99 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "active_support/core_ext/hash/except"
|
4
|
-
require "active_support/core_ext/hash/slice"
|
5
|
-
|
6
|
-
module ActionController
|
7
|
-
# This module provides a method which will redirect the browser to use the secured HTTPS
|
8
|
-
# protocol. This will ensure that users' sensitive information will be
|
9
|
-
# transferred safely over the internet. You _should_ always force the browser
|
10
|
-
# to use HTTPS when you're transferring sensitive information such as
|
11
|
-
# user authentication, account information, or credit card information.
|
12
|
-
#
|
13
|
-
# Note that if you are really concerned about your application security,
|
14
|
-
# you might consider using +config.force_ssl+ in your config file instead.
|
15
|
-
# That will ensure all the data is transferred via HTTPS, and will
|
16
|
-
# prevent the user from getting their session hijacked when accessing the
|
17
|
-
# site over unsecured HTTP protocol.
|
18
|
-
module ForceSSL
|
19
|
-
extend ActiveSupport::Concern
|
20
|
-
include AbstractController::Callbacks
|
21
|
-
|
22
|
-
ACTION_OPTIONS = [:only, :except, :if, :unless]
|
23
|
-
URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
|
24
|
-
REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
|
25
|
-
|
26
|
-
module ClassMethods
|
27
|
-
# Force the request to this particular controller or specified actions to be
|
28
|
-
# through the HTTPS protocol.
|
29
|
-
#
|
30
|
-
# If you need to disable this for any reason (e.g. development) then you can use
|
31
|
-
# an +:if+ or +:unless+ condition.
|
32
|
-
#
|
33
|
-
# class AccountsController < ApplicationController
|
34
|
-
# force_ssl if: :ssl_configured?
|
35
|
-
#
|
36
|
-
# def ssl_configured?
|
37
|
-
# !Rails.env.development?
|
38
|
-
# end
|
39
|
-
# end
|
40
|
-
#
|
41
|
-
# ==== URL Options
|
42
|
-
# You can pass any of the following options to affect the redirect URL
|
43
|
-
# * <tt>host</tt> - Redirect to a different host name
|
44
|
-
# * <tt>subdomain</tt> - Redirect to a different subdomain
|
45
|
-
# * <tt>domain</tt> - Redirect to a different domain
|
46
|
-
# * <tt>port</tt> - Redirect to a non-standard port
|
47
|
-
# * <tt>path</tt> - Redirect to a different path
|
48
|
-
#
|
49
|
-
# ==== Redirect Options
|
50
|
-
# You can pass any of the following options to affect the redirect status and response
|
51
|
-
# * <tt>status</tt> - Redirect with a custom status (default is 301 Moved Permanently)
|
52
|
-
# * <tt>flash</tt> - Set a flash message when redirecting
|
53
|
-
# * <tt>alert</tt> - Set an alert message when redirecting
|
54
|
-
# * <tt>notice</tt> - Set a notice message when redirecting
|
55
|
-
#
|
56
|
-
# ==== Action Options
|
57
|
-
# You can pass any of the following options to affect the before_action callback
|
58
|
-
# * <tt>only</tt> - The callback should be run only for this action
|
59
|
-
# * <tt>except</tt> - The callback should be run for all actions except this action
|
60
|
-
# * <tt>if</tt> - A symbol naming an instance method or a proc; the
|
61
|
-
# callback will be called only when it returns a true value.
|
62
|
-
# * <tt>unless</tt> - A symbol naming an instance method or a proc; the
|
63
|
-
# callback will be called only when it returns a false value.
|
64
|
-
def force_ssl(options = {})
|
65
|
-
action_options = options.slice(*ACTION_OPTIONS)
|
66
|
-
redirect_options = options.except(*ACTION_OPTIONS)
|
67
|
-
before_action(action_options) do
|
68
|
-
force_ssl_redirect(redirect_options)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
# Redirect the existing request to use the HTTPS protocol.
|
74
|
-
#
|
75
|
-
# ==== Parameters
|
76
|
-
# * <tt>host_or_options</tt> - Either a host name or any of the URL and
|
77
|
-
# redirect options available to the <tt>force_ssl</tt> method.
|
78
|
-
def force_ssl_redirect(host_or_options = nil)
|
79
|
-
unless request.ssl?
|
80
|
-
options = {
|
81
|
-
protocol: "https://",
|
82
|
-
host: request.host,
|
83
|
-
path: request.fullpath,
|
84
|
-
status: :moved_permanently
|
85
|
-
}
|
86
|
-
|
87
|
-
if host_or_options.is_a?(Hash)
|
88
|
-
options.merge!(host_or_options)
|
89
|
-
elsif host_or_options
|
90
|
-
options[:host] = host_or_options
|
91
|
-
end
|
92
|
-
|
93
|
-
secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
|
94
|
-
flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
|
95
|
-
redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
@@ -1,86 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "active_support/core_ext/object/duplicable"
|
4
|
-
|
5
|
-
module ActionDispatch
|
6
|
-
module Http
|
7
|
-
class ParameterFilter
|
8
|
-
FILTERED = "[FILTERED]".freeze # :nodoc:
|
9
|
-
|
10
|
-
def initialize(filters = [])
|
11
|
-
@filters = filters
|
12
|
-
end
|
13
|
-
|
14
|
-
def filter(params)
|
15
|
-
compiled_filter.call(params)
|
16
|
-
end
|
17
|
-
|
18
|
-
private
|
19
|
-
|
20
|
-
def compiled_filter
|
21
|
-
@compiled_filter ||= CompiledFilter.compile(@filters)
|
22
|
-
end
|
23
|
-
|
24
|
-
class CompiledFilter # :nodoc:
|
25
|
-
def self.compile(filters)
|
26
|
-
return lambda { |params| params.dup } if filters.empty?
|
27
|
-
|
28
|
-
strings, regexps, blocks = [], [], []
|
29
|
-
|
30
|
-
filters.each do |item|
|
31
|
-
case item
|
32
|
-
when Proc
|
33
|
-
blocks << item
|
34
|
-
when Regexp
|
35
|
-
regexps << item
|
36
|
-
else
|
37
|
-
strings << Regexp.escape(item.to_s)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
|
42
|
-
deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
|
43
|
-
|
44
|
-
regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
|
45
|
-
deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
|
46
|
-
|
47
|
-
new regexps, deep_regexps, blocks
|
48
|
-
end
|
49
|
-
|
50
|
-
attr_reader :regexps, :deep_regexps, :blocks
|
51
|
-
|
52
|
-
def initialize(regexps, deep_regexps, blocks)
|
53
|
-
@regexps = regexps
|
54
|
-
@deep_regexps = deep_regexps.any? ? deep_regexps : nil
|
55
|
-
@blocks = blocks
|
56
|
-
end
|
57
|
-
|
58
|
-
def call(original_params, parents = [])
|
59
|
-
filtered_params = original_params.class.new
|
60
|
-
|
61
|
-
original_params.each do |key, value|
|
62
|
-
parents.push(key) if deep_regexps
|
63
|
-
if regexps.any? { |r| key =~ r }
|
64
|
-
value = FILTERED
|
65
|
-
elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
|
66
|
-
value = FILTERED
|
67
|
-
elsif value.is_a?(Hash)
|
68
|
-
value = call(value, parents)
|
69
|
-
elsif value.is_a?(Array)
|
70
|
-
value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
|
71
|
-
elsif blocks.any?
|
72
|
-
key = key.dup if key.duplicable?
|
73
|
-
value = value.dup if value.duplicable?
|
74
|
-
blocks.each { |b| b.call(key, value) }
|
75
|
-
end
|
76
|
-
parents.pop if deep_regexps
|
77
|
-
|
78
|
-
filtered_params[key] = value
|
79
|
-
end
|
80
|
-
|
81
|
-
filtered_params
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "action_dispatch/journey/nfa/transition_table"
|
4
|
-
require "action_dispatch/journey/gtg/transition_table"
|
5
|
-
|
6
|
-
module ActionDispatch
|
7
|
-
module Journey # :nodoc:
|
8
|
-
module NFA # :nodoc:
|
9
|
-
class Visitor < Visitors::Visitor # :nodoc:
|
10
|
-
def initialize(tt)
|
11
|
-
@tt = tt
|
12
|
-
@i = -1
|
13
|
-
end
|
14
|
-
|
15
|
-
def visit_CAT(node)
|
16
|
-
left = visit(node.left)
|
17
|
-
right = visit(node.right)
|
18
|
-
|
19
|
-
@tt.merge(left.last, right.first)
|
20
|
-
|
21
|
-
[left.first, right.last]
|
22
|
-
end
|
23
|
-
|
24
|
-
def visit_GROUP(node)
|
25
|
-
from = @i += 1
|
26
|
-
left = visit(node.left)
|
27
|
-
to = @i += 1
|
28
|
-
|
29
|
-
@tt.accepting = to
|
30
|
-
|
31
|
-
@tt[from, left.first] = nil
|
32
|
-
@tt[left.last, to] = nil
|
33
|
-
@tt[from, to] = nil
|
34
|
-
|
35
|
-
[from, to]
|
36
|
-
end
|
37
|
-
|
38
|
-
def visit_OR(node)
|
39
|
-
from = @i += 1
|
40
|
-
children = node.children.map { |c| visit(c) }
|
41
|
-
to = @i += 1
|
42
|
-
|
43
|
-
children.each do |child|
|
44
|
-
@tt[from, child.first] = nil
|
45
|
-
@tt[child.last, to] = nil
|
46
|
-
end
|
47
|
-
|
48
|
-
@tt.accepting = to
|
49
|
-
|
50
|
-
[from, to]
|
51
|
-
end
|
52
|
-
|
53
|
-
def terminal(node)
|
54
|
-
from_i = @i += 1 # new state
|
55
|
-
to_i = @i += 1 # new state
|
56
|
-
|
57
|
-
@tt[from_i, to_i] = node
|
58
|
-
@tt.accepting = to_i
|
59
|
-
@tt.add_memo(to_i, node.memo)
|
60
|
-
|
61
|
-
[from_i, to_i]
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
class Builder # :nodoc:
|
66
|
-
def initialize(ast)
|
67
|
-
@ast = ast
|
68
|
-
end
|
69
|
-
|
70
|
-
def transition_table
|
71
|
-
tt = TransitionTable.new
|
72
|
-
Visitor.new(tt).accept(@ast)
|
73
|
-
tt
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
@@ -1,49 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "strscan"
|
4
|
-
|
5
|
-
module ActionDispatch
|
6
|
-
module Journey # :nodoc:
|
7
|
-
module NFA # :nodoc:
|
8
|
-
class MatchData # :nodoc:
|
9
|
-
attr_reader :memos
|
10
|
-
|
11
|
-
def initialize(memos)
|
12
|
-
@memos = memos
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
class Simulator # :nodoc:
|
17
|
-
attr_reader :tt
|
18
|
-
|
19
|
-
def initialize(transition_table)
|
20
|
-
@tt = transition_table
|
21
|
-
end
|
22
|
-
|
23
|
-
def simulate(string)
|
24
|
-
input = StringScanner.new(string)
|
25
|
-
state = tt.eclosure(0)
|
26
|
-
until input.eos?
|
27
|
-
sym = input.scan(%r([/.?]|[^/.?]+))
|
28
|
-
|
29
|
-
# FIXME: tt.eclosure is not needed for the GTG
|
30
|
-
state = tt.eclosure(tt.move(state, sym))
|
31
|
-
end
|
32
|
-
|
33
|
-
acceptance_states = state.find_all { |s|
|
34
|
-
tt.accepting?(tt.eclosure(s).sort.last)
|
35
|
-
}
|
36
|
-
|
37
|
-
return if acceptance_states.empty?
|
38
|
-
|
39
|
-
memos = acceptance_states.flat_map { |x| tt.memo(x) }.compact
|
40
|
-
|
41
|
-
MatchData.new(memos)
|
42
|
-
end
|
43
|
-
|
44
|
-
alias :=~ :simulate
|
45
|
-
alias :match :simulate
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|