actionpack 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/CHANGELOG.md +311 -0
- data/MIT-LICENSE +21 -0
- data/README.rdoc +58 -0
- data/lib/abstract_controller.rb +27 -0
- data/lib/abstract_controller/asset_paths.rb +12 -0
- data/lib/abstract_controller/base.rb +267 -0
- data/lib/abstract_controller/caching.rb +66 -0
- data/lib/abstract_controller/caching/fragments.rb +150 -0
- data/lib/abstract_controller/callbacks.rb +224 -0
- data/lib/abstract_controller/collector.rb +43 -0
- data/lib/abstract_controller/error.rb +6 -0
- data/lib/abstract_controller/helpers.rb +194 -0
- data/lib/abstract_controller/logger.rb +14 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +20 -0
- data/lib/abstract_controller/rendering.rb +127 -0
- data/lib/abstract_controller/translation.rb +32 -0
- data/lib/abstract_controller/url_for.rb +35 -0
- data/lib/action_controller.rb +67 -0
- data/lib/action_controller/api.rb +150 -0
- data/lib/action_controller/api/api_rendering.rb +16 -0
- data/lib/action_controller/base.rb +271 -0
- data/lib/action_controller/caching.rb +46 -0
- data/lib/action_controller/form_builder.rb +50 -0
- data/lib/action_controller/log_subscriber.rb +81 -0
- data/lib/action_controller/metal.rb +256 -0
- data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
- data/lib/action_controller/metal/conditional_get.rb +280 -0
- data/lib/action_controller/metal/content_security_policy.rb +52 -0
- data/lib/action_controller/metal/cookies.rb +16 -0
- data/lib/action_controller/metal/data_streaming.rb +151 -0
- data/lib/action_controller/metal/default_headers.rb +17 -0
- data/lib/action_controller/metal/etag_with_flash.rb +18 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +57 -0
- data/lib/action_controller/metal/exceptions.rb +74 -0
- data/lib/action_controller/metal/flash.rb +61 -0
- data/lib/action_controller/metal/force_ssl.rb +58 -0
- data/lib/action_controller/metal/head.rb +60 -0
- data/lib/action_controller/metal/helpers.rb +122 -0
- data/lib/action_controller/metal/http_authentication.rb +518 -0
- data/lib/action_controller/metal/implicit_render.rb +63 -0
- data/lib/action_controller/metal/instrumentation.rb +105 -0
- data/lib/action_controller/metal/live.rb +314 -0
- data/lib/action_controller/metal/mime_responds.rb +324 -0
- data/lib/action_controller/metal/parameter_encoding.rb +51 -0
- data/lib/action_controller/metal/params_wrapper.rb +297 -0
- data/lib/action_controller/metal/redirecting.rb +133 -0
- data/lib/action_controller/metal/renderers.rb +181 -0
- data/lib/action_controller/metal/rendering.rb +122 -0
- data/lib/action_controller/metal/request_forgery_protection.rb +456 -0
- data/lib/action_controller/metal/rescue.rb +28 -0
- data/lib/action_controller/metal/streaming.rb +223 -0
- data/lib/action_controller/metal/strong_parameters.rb +1105 -0
- data/lib/action_controller/metal/testing.rb +16 -0
- data/lib/action_controller/metal/url_for.rb +58 -0
- data/lib/action_controller/railtie.rb +89 -0
- data/lib/action_controller/railties/helpers.rb +24 -0
- data/lib/action_controller/renderer.rb +130 -0
- data/lib/action_controller/template_assertions.rb +11 -0
- data/lib/action_controller/test_case.rb +626 -0
- data/lib/action_dispatch.rb +114 -0
- data/lib/action_dispatch/http/cache.rb +226 -0
- data/lib/action_dispatch/http/content_disposition.rb +45 -0
- data/lib/action_dispatch/http/content_security_policy.rb +284 -0
- data/lib/action_dispatch/http/filter_parameters.rb +86 -0
- data/lib/action_dispatch/http/filter_redirect.rb +37 -0
- data/lib/action_dispatch/http/headers.rb +132 -0
- data/lib/action_dispatch/http/mime_negotiation.rb +177 -0
- data/lib/action_dispatch/http/mime_type.rb +350 -0
- data/lib/action_dispatch/http/mime_types.rb +50 -0
- data/lib/action_dispatch/http/parameter_filter.rb +12 -0
- data/lib/action_dispatch/http/parameters.rb +136 -0
- data/lib/action_dispatch/http/rack_cache.rb +63 -0
- data/lib/action_dispatch/http/request.rb +427 -0
- data/lib/action_dispatch/http/response.rb +534 -0
- data/lib/action_dispatch/http/upload.rb +92 -0
- data/lib/action_dispatch/http/url.rb +350 -0
- data/lib/action_dispatch/journey.rb +7 -0
- data/lib/action_dispatch/journey/formatter.rb +189 -0
- data/lib/action_dispatch/journey/gtg/builder.rb +164 -0
- data/lib/action_dispatch/journey/gtg/simulator.rb +41 -0
- data/lib/action_dispatch/journey/gtg/transition_table.rb +158 -0
- data/lib/action_dispatch/journey/nfa/builder.rb +78 -0
- data/lib/action_dispatch/journey/nfa/dot.rb +36 -0
- data/lib/action_dispatch/journey/nfa/simulator.rb +47 -0
- data/lib/action_dispatch/journey/nfa/transition_table.rb +120 -0
- data/lib/action_dispatch/journey/nodes/node.rb +141 -0
- data/lib/action_dispatch/journey/parser.rb +199 -0
- data/lib/action_dispatch/journey/parser.y +50 -0
- data/lib/action_dispatch/journey/parser_extras.rb +31 -0
- data/lib/action_dispatch/journey/path/pattern.rb +203 -0
- data/lib/action_dispatch/journey/route.rb +204 -0
- data/lib/action_dispatch/journey/router.rb +153 -0
- data/lib/action_dispatch/journey/router/utils.rb +102 -0
- data/lib/action_dispatch/journey/routes.rb +81 -0
- data/lib/action_dispatch/journey/scanner.rb +71 -0
- data/lib/action_dispatch/journey/visitors.rb +268 -0
- data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
- data/lib/action_dispatch/journey/visualizer/fsm.js +134 -0
- data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +39 -0
- data/lib/action_dispatch/middleware/callbacks.rb +34 -0
- data/lib/action_dispatch/middleware/cookies.rb +663 -0
- data/lib/action_dispatch/middleware/debug_exceptions.rb +185 -0
- data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
- data/lib/action_dispatch/middleware/debug_view.rb +68 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +181 -0
- data/lib/action_dispatch/middleware/executor.rb +21 -0
- data/lib/action_dispatch/middleware/flash.rb +300 -0
- data/lib/action_dispatch/middleware/host_authorization.rb +103 -0
- data/lib/action_dispatch/middleware/public_exceptions.rb +61 -0
- data/lib/action_dispatch/middleware/reloader.rb +12 -0
- data/lib/action_dispatch/middleware/remote_ip.rb +181 -0
- data/lib/action_dispatch/middleware/request_id.rb +43 -0
- data/lib/action_dispatch/middleware/session/abstract_store.rb +92 -0
- data/lib/action_dispatch/middleware/session/cache_store.rb +54 -0
- data/lib/action_dispatch/middleware/session/cookie_store.rb +113 -0
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +28 -0
- data/lib/action_dispatch/middleware/show_exceptions.rb +62 -0
- data/lib/action_dispatch/middleware/ssl.rb +150 -0
- data/lib/action_dispatch/middleware/stack.rb +148 -0
- data/lib/action_dispatch/middleware/static.rb +129 -0
- data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +24 -0
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +29 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +62 -0
- data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -0
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +38 -0
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +15 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +165 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +16 -0
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +203 -0
- data/lib/action_dispatch/railtie.rb +58 -0
- data/lib/action_dispatch/request/session.rb +242 -0
- data/lib/action_dispatch/request/utils.rb +78 -0
- data/lib/action_dispatch/routing.rb +261 -0
- data/lib/action_dispatch/routing/endpoint.rb +17 -0
- data/lib/action_dispatch/routing/inspector.rb +274 -0
- data/lib/action_dispatch/routing/mapper.rb +2289 -0
- data/lib/action_dispatch/routing/polymorphic_routes.rb +351 -0
- data/lib/action_dispatch/routing/redirection.rb +201 -0
- data/lib/action_dispatch/routing/route_set.rb +887 -0
- data/lib/action_dispatch/routing/routes_proxy.rb +69 -0
- data/lib/action_dispatch/routing/url_for.rb +237 -0
- data/lib/action_dispatch/system_test_case.rb +168 -0
- data/lib/action_dispatch/system_testing/browser.rb +80 -0
- data/lib/action_dispatch/system_testing/driver.rb +68 -0
- data/lib/action_dispatch/system_testing/server.rb +31 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +97 -0
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +33 -0
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
- data/lib/action_dispatch/testing/assertion_response.rb +47 -0
- data/lib/action_dispatch/testing/assertions.rb +24 -0
- data/lib/action_dispatch/testing/assertions/response.rb +106 -0
- data/lib/action_dispatch/testing/assertions/routing.rb +234 -0
- data/lib/action_dispatch/testing/integration.rb +659 -0
- data/lib/action_dispatch/testing/request_encoder.rb +55 -0
- data/lib/action_dispatch/testing/test_process.rb +50 -0
- data/lib/action_dispatch/testing/test_request.rb +71 -0
- data/lib/action_dispatch/testing/test_response.rb +25 -0
- data/lib/action_pack.rb +26 -0
- data/lib/action_pack/gem_version.rb +17 -0
- data/lib/action_pack/version.rb +10 -0
- metadata +329 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: b8db1d871d96c2bc367142553c0904b94c3d97016dabf79b4a6b8937bca18936
|
4
|
+
data.tar.gz: 667375200f2d159a53b70dbf607d35c37422e4289dbede8ff83da7cebad95f47
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e19317e121515e9866836182682c94f5d71f9d70236c710a41680ae9caa4b2376f888e975ff287a6cbb1f187547c59e9f7583ab410a2f437a01b2a57abf725c1
|
7
|
+
data.tar.gz: 21557eab0cd33607cbbd3e020d2dae220df079be98ccdeca0e93340824801f695a01fb882de686d9eddddeb2eaf5d165eec64d2eaa40981537baa8379bb98cc3
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,311 @@
|
|
1
|
+
## Rails 6.0.0 (August 16, 2019) ##
|
2
|
+
|
3
|
+
* No changes.
|
4
|
+
|
5
|
+
|
6
|
+
## Rails 6.0.0.rc2 (July 22, 2019) ##
|
7
|
+
|
8
|
+
* Add the ability to set the CSP nonce only to the specified directives.
|
9
|
+
|
10
|
+
Fixes #35137.
|
11
|
+
|
12
|
+
*Yuji Yaginuma*
|
13
|
+
|
14
|
+
* Keep part when scope option has value.
|
15
|
+
|
16
|
+
When a route was defined within an optional scope, if that route didn't
|
17
|
+
take parameters the scope was lost when using path helpers. This commit
|
18
|
+
ensures scope is kept both when the route takes parameters or when it
|
19
|
+
doesn't.
|
20
|
+
|
21
|
+
Fixes #33219
|
22
|
+
|
23
|
+
*Alberto Almagro*
|
24
|
+
|
25
|
+
* Change `ActionDispatch::Response#content_type` to return Content-Type header as it is.
|
26
|
+
|
27
|
+
Previously, `ActionDispatch::Response#content_type` returned value does NOT
|
28
|
+
contain charset part. This behavior changed to returned Content-Type header
|
29
|
+
containing charset part as it is.
|
30
|
+
|
31
|
+
If you want just MIME type, please use `ActionDispatch::Response#media_type`
|
32
|
+
instead.
|
33
|
+
|
34
|
+
Enable `action_dispatch.return_only_media_type_on_content_type` to use this change.
|
35
|
+
If not enabled, `ActionDispatch::Response#content_type` returns the same
|
36
|
+
value as before version, but its behavior is deprecate.
|
37
|
+
|
38
|
+
*Yuji Yaginuma*
|
39
|
+
|
40
|
+
* Calling `ActionController::Parameters#transform_keys/!` without a block now returns
|
41
|
+
an enumerator for the parameters instead of the underlying hash.
|
42
|
+
|
43
|
+
*Eugene Kenny*
|
44
|
+
|
45
|
+
* Fix a bug where DebugExceptions throws an error when malformed query parameters are provided
|
46
|
+
|
47
|
+
*Yuki Nishijima*, *Stan Lo*
|
48
|
+
|
49
|
+
|
50
|
+
## Rails 6.0.0.rc1 (April 24, 2019) ##
|
51
|
+
|
52
|
+
* Make system tests take a failed screenshot in a `before_teardown` hook
|
53
|
+
rather than an `after_teardown` hook.
|
54
|
+
|
55
|
+
This helps minimize the time gap between when an assertion fails and when
|
56
|
+
the screenshot is taken (reducing the time in which the page could have
|
57
|
+
been dynamically updated after the assertion failed).
|
58
|
+
|
59
|
+
*Richard Macklin*
|
60
|
+
|
61
|
+
* Introduce `ActionDispatch::ActionableExceptions`.
|
62
|
+
|
63
|
+
The `ActionDispatch::ActionableExceptions` middleware dispatches actions
|
64
|
+
from `ActiveSupport::ActionableError` descendants.
|
65
|
+
|
66
|
+
Actionable errors let's you dispatch actions from Rails' error pages.
|
67
|
+
|
68
|
+
*Vipul A M*, *Yao Jie*, *Genadi Samokovarov*
|
69
|
+
|
70
|
+
* Raise an `ArgumentError` if a resource custom param contains a colon (`:`).
|
71
|
+
|
72
|
+
After this change it's not possible anymore to configure routes like this:
|
73
|
+
|
74
|
+
```
|
75
|
+
routes.draw do
|
76
|
+
resources :users, param: 'name/:sneaky'
|
77
|
+
end
|
78
|
+
```
|
79
|
+
|
80
|
+
Fixes #30467.
|
81
|
+
|
82
|
+
*Josua Schmid*
|
83
|
+
|
84
|
+
|
85
|
+
## Rails 6.0.0.beta3 (March 11, 2019) ##
|
86
|
+
|
87
|
+
* No changes.
|
88
|
+
|
89
|
+
|
90
|
+
## Rails 6.0.0.beta2 (February 25, 2019) ##
|
91
|
+
|
92
|
+
* Make debug exceptions works in an environment where ActiveStorage is not loaded.
|
93
|
+
|
94
|
+
*Tomoyuki Kurosawa*
|
95
|
+
|
96
|
+
* `ActionDispatch::SystemTestCase.driven_by` can now be called with a block
|
97
|
+
to define specific browser capabilities.
|
98
|
+
|
99
|
+
*Edouard Chin*
|
100
|
+
|
101
|
+
|
102
|
+
## Rails 6.0.0.beta1 (January 18, 2019) ##
|
103
|
+
|
104
|
+
* Remove deprecated `fragment_cache_key` helper in favor of `combined_fragment_cache_key`.
|
105
|
+
|
106
|
+
*Rafael Mendonça França*
|
107
|
+
|
108
|
+
* Remove deprecated methods in `ActionDispatch::TestResponse`.
|
109
|
+
|
110
|
+
`#success?`, `missing?` and `error?` were deprecated in Rails 5.2 in favor of
|
111
|
+
`#successful?`, `not_found?` and `server_error?`.
|
112
|
+
|
113
|
+
*Rafael Mendonça França*
|
114
|
+
|
115
|
+
* Introduce `ActionDispatch::HostAuthorization`.
|
116
|
+
|
117
|
+
This is a new middleware that guards against DNS rebinding attacks by
|
118
|
+
explicitly permitting the hosts a request can be made to.
|
119
|
+
|
120
|
+
Each host is checked with the case operator (`#===`) to support `Regexp`,
|
121
|
+
`Proc`, `IPAddr` and custom objects as host allowances.
|
122
|
+
|
123
|
+
*Genadi Samokovarov*
|
124
|
+
|
125
|
+
* Allow using `parsed_body` in `ActionController::TestCase`.
|
126
|
+
|
127
|
+
In addition to `ActionDispatch::IntegrationTest`, allow using
|
128
|
+
`parsed_body` in `ActionController::TestCase`:
|
129
|
+
|
130
|
+
```
|
131
|
+
class SomeControllerTest < ActionController::TestCase
|
132
|
+
def test_some_action
|
133
|
+
post :action, body: { foo: 'bar' }
|
134
|
+
assert_equal({ "foo" => "bar" }, response.parsed_body)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
```
|
138
|
+
|
139
|
+
Fixes #34676.
|
140
|
+
|
141
|
+
*Tobias Bühlmann*
|
142
|
+
|
143
|
+
* Raise an error on root route naming conflicts.
|
144
|
+
|
145
|
+
Raises an `ArgumentError` when multiple root routes are defined in the
|
146
|
+
same context instead of assigning nil names to subsequent roots.
|
147
|
+
|
148
|
+
*Gannon McGibbon*
|
149
|
+
|
150
|
+
* Allow rescue from parameter parse errors:
|
151
|
+
|
152
|
+
```
|
153
|
+
rescue_from ActionDispatch::Http::Parameters::ParseError do
|
154
|
+
head :unauthorized
|
155
|
+
end
|
156
|
+
```
|
157
|
+
|
158
|
+
*Gannon McGibbon*, *Josh Cheek*
|
159
|
+
|
160
|
+
* Reset Capybara sessions if failed system test screenshot raising an exception.
|
161
|
+
|
162
|
+
Reset Capybara sessions if `take_failed_screenshot` raise exception
|
163
|
+
in system test `after_teardown`.
|
164
|
+
|
165
|
+
*Maxim Perepelitsa*
|
166
|
+
|
167
|
+
* Use request object for context if there's no controller
|
168
|
+
|
169
|
+
There is no controller instance when using a redirect route or a
|
170
|
+
mounted rack application so pass the request object as the context
|
171
|
+
when resolving dynamic CSP sources in this scenario.
|
172
|
+
|
173
|
+
Fixes #34200.
|
174
|
+
|
175
|
+
*Andrew White*
|
176
|
+
|
177
|
+
* Apply mapping to symbols returned from dynamic CSP sources
|
178
|
+
|
179
|
+
Previously if a dynamic source returned a symbol such as :self it
|
180
|
+
would be converted to a string implicitly, e.g:
|
181
|
+
|
182
|
+
policy.default_src -> { :self }
|
183
|
+
|
184
|
+
would generate the header:
|
185
|
+
|
186
|
+
Content-Security-Policy: default-src self
|
187
|
+
|
188
|
+
and now it generates:
|
189
|
+
|
190
|
+
Content-Security-Policy: default-src 'self'
|
191
|
+
|
192
|
+
*Andrew White*
|
193
|
+
|
194
|
+
* Add `ActionController::Parameters#each_value`.
|
195
|
+
|
196
|
+
*Lukáš Zapletal*
|
197
|
+
|
198
|
+
* Deprecate `ActionDispatch::Http::ParameterFilter` in favor of `ActiveSupport::ParameterFilter`.
|
199
|
+
|
200
|
+
*Yoshiyuki Kinjo*
|
201
|
+
|
202
|
+
* Encode Content-Disposition filenames on `send_data` and `send_file`.
|
203
|
+
Previously, `send_data 'data', filename: "\u{3042}.txt"` sends
|
204
|
+
`"filename=\"\u{3042}.txt\""` as Content-Disposition and it can be
|
205
|
+
garbled.
|
206
|
+
Now it follows [RFC 2231](https://tools.ietf.org/html/rfc2231) and
|
207
|
+
[RFC 5987](https://tools.ietf.org/html/rfc5987) and sends
|
208
|
+
`"filename=\"%3F.txt\"; filename*=UTF-8''%E3%81%82.txt"`.
|
209
|
+
Most browsers can find filename correctly and old browsers fallback to ASCII
|
210
|
+
converted name.
|
211
|
+
|
212
|
+
*Fumiaki Matsushima*
|
213
|
+
|
214
|
+
* Expose `ActionController::Parameters#each_key` which allows iterating over
|
215
|
+
keys without allocating an array.
|
216
|
+
|
217
|
+
*Richard Schneeman*
|
218
|
+
|
219
|
+
* Purpose metadata for signed/encrypted cookies.
|
220
|
+
|
221
|
+
Rails can now thwart attacks that attempt to copy signed/encrypted value
|
222
|
+
of a cookie and use it as the value of another cookie.
|
223
|
+
|
224
|
+
It does so by stashing the cookie-name in the purpose field which is
|
225
|
+
then signed/encrypted along with the cookie value. Then, on a server-side
|
226
|
+
read, we verify the cookie-names and discard any attacked cookies.
|
227
|
+
|
228
|
+
Enable `action_dispatch.use_cookies_with_metadata` to use this feature, which
|
229
|
+
writes cookies with the new purpose and expiry metadata embedded.
|
230
|
+
|
231
|
+
*Assain Jaleel*
|
232
|
+
|
233
|
+
* Raises `ActionController::RespondToMismatchError` with conflicting `respond_to` invocations.
|
234
|
+
|
235
|
+
`respond_to` can match multiple types and lead to undefined behavior when
|
236
|
+
multiple invocations are made and the types do not match:
|
237
|
+
|
238
|
+
respond_to do |outer_type|
|
239
|
+
outer_type.js do
|
240
|
+
respond_to do |inner_type|
|
241
|
+
inner_type.html { render body: "HTML" }
|
242
|
+
end
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
246
|
+
*Patrick Toomey*
|
247
|
+
|
248
|
+
* `ActionDispatch::Http::UploadedFile` now delegates `to_path` to its tempfile.
|
249
|
+
|
250
|
+
This allows uploaded file objects to be passed directly to `File.read`
|
251
|
+
without raising a `TypeError`:
|
252
|
+
|
253
|
+
uploaded_file = ActionDispatch::Http::UploadedFile.new(tempfile: tmp_file)
|
254
|
+
File.read(uploaded_file)
|
255
|
+
|
256
|
+
*Aaron Kromer*
|
257
|
+
|
258
|
+
* Pass along arguments to underlying `get` method in `follow_redirect!`
|
259
|
+
|
260
|
+
Now all arguments passed to `follow_redirect!` are passed to the underlying
|
261
|
+
`get` method. This for example allows to set custom headers for the
|
262
|
+
redirection request to the server.
|
263
|
+
|
264
|
+
follow_redirect!(params: { foo: :bar })
|
265
|
+
|
266
|
+
*Remo Fritzsche*
|
267
|
+
|
268
|
+
* Introduce a new error page to when the implicit render page is accessed in the browser.
|
269
|
+
|
270
|
+
Now instead of showing an error page that with exception and backtraces we now show only
|
271
|
+
one informative page.
|
272
|
+
|
273
|
+
*Vinicius Stock*
|
274
|
+
|
275
|
+
* Introduce `ActionDispatch::DebugExceptions.register_interceptor`.
|
276
|
+
|
277
|
+
Exception aware plugin authors can use the newly introduced
|
278
|
+
`.register_interceptor` method to get the processed exception, instead of
|
279
|
+
monkey patching DebugExceptions.
|
280
|
+
|
281
|
+
ActionDispatch::DebugExceptions.register_interceptor do |request, exception|
|
282
|
+
HypoteticalPlugin.capture_exception(request, exception)
|
283
|
+
end
|
284
|
+
|
285
|
+
*Genadi Samokovarov*
|
286
|
+
|
287
|
+
* Output only one Content-Security-Policy nonce header value per request.
|
288
|
+
|
289
|
+
Fixes #32597.
|
290
|
+
|
291
|
+
*Andrey Novikov*, *Andrew White*
|
292
|
+
|
293
|
+
* Move default headers configuration into their own module that can be included in controllers.
|
294
|
+
|
295
|
+
*Kevin Deisz*
|
296
|
+
|
297
|
+
* Add method `dig` to `session`.
|
298
|
+
|
299
|
+
*claudiob*, *Takumi Shotoku*
|
300
|
+
|
301
|
+
* Controller level `force_ssl` has been deprecated in favor of
|
302
|
+
`config.force_ssl`.
|
303
|
+
|
304
|
+
*Derek Prior*
|
305
|
+
|
306
|
+
* Rails 6 requires Ruby 2.5.0 or newer.
|
307
|
+
|
308
|
+
*Jeremy Daer*, *Kasper Timm Hansen*
|
309
|
+
|
310
|
+
|
311
|
+
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionpack/CHANGELOG.md) for previous changes.
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
Copyright (c) 2004-2019 David Heinemeier Hansson
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
21
|
+
|
data/README.rdoc
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
= Action Pack -- From request to response
|
2
|
+
|
3
|
+
Action Pack is a framework for handling and responding to web requests. It
|
4
|
+
provides mechanisms for *routing* (mapping request URLs to actions), defining
|
5
|
+
*controllers* that implement actions, and generating responses by rendering
|
6
|
+
*views*, which are templates of various formats. In short, Action Pack
|
7
|
+
provides the view and controller layers in the MVC paradigm.
|
8
|
+
|
9
|
+
It consists of several modules:
|
10
|
+
|
11
|
+
* Action Dispatch, which parses information about the web request, handles
|
12
|
+
routing as defined by the user, and does advanced processing related to HTTP
|
13
|
+
such as MIME-type negotiation, decoding parameters in POST, PATCH, or PUT bodies,
|
14
|
+
handling HTTP caching logic, cookies and sessions.
|
15
|
+
|
16
|
+
* Action Controller, which provides a base controller class that can be
|
17
|
+
subclassed to implement filters and actions to handle requests. The result
|
18
|
+
of an action is typically content generated from views.
|
19
|
+
|
20
|
+
With the Ruby on Rails framework, users only directly interface with the
|
21
|
+
Action Controller module. Necessary Action Dispatch functionality is activated
|
22
|
+
by default and Action View rendering is implicitly triggered by Action
|
23
|
+
Controller. However, these modules are designed to function on their own and
|
24
|
+
can be used outside of Rails.
|
25
|
+
|
26
|
+
You can read more about Action Pack in the {Action Controller Overview}[https://guides.rubyonrails.org/action_controller_overview.html] guide.
|
27
|
+
|
28
|
+
== Download and installation
|
29
|
+
|
30
|
+
The latest version of Action Pack can be installed with RubyGems:
|
31
|
+
|
32
|
+
$ gem install actionpack
|
33
|
+
|
34
|
+
Source code can be downloaded as part of the Rails project on GitHub:
|
35
|
+
|
36
|
+
* https://github.com/rails/rails/tree/master/actionpack
|
37
|
+
|
38
|
+
|
39
|
+
== License
|
40
|
+
|
41
|
+
Action Pack is released under the MIT license:
|
42
|
+
|
43
|
+
* https://opensource.org/licenses/MIT
|
44
|
+
|
45
|
+
|
46
|
+
== Support
|
47
|
+
|
48
|
+
API documentation is at:
|
49
|
+
|
50
|
+
* https://api.rubyonrails.org
|
51
|
+
|
52
|
+
Bug reports for the Ruby on Rails project can be filed here:
|
53
|
+
|
54
|
+
* https://github.com/rails/rails/issues
|
55
|
+
|
56
|
+
Feature requests should be discussed on the rails-core mailing list here:
|
57
|
+
|
58
|
+
* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "action_pack"
|
4
|
+
require "active_support/rails"
|
5
|
+
require "active_support/i18n"
|
6
|
+
|
7
|
+
module AbstractController
|
8
|
+
extend ActiveSupport::Autoload
|
9
|
+
|
10
|
+
autoload :ActionNotFound, "abstract_controller/base"
|
11
|
+
autoload :Base
|
12
|
+
autoload :Caching
|
13
|
+
autoload :Callbacks
|
14
|
+
autoload :Collector
|
15
|
+
autoload :DoubleRenderError, "abstract_controller/rendering"
|
16
|
+
autoload :Helpers
|
17
|
+
autoload :Logger
|
18
|
+
autoload :Rendering
|
19
|
+
autoload :Translation
|
20
|
+
autoload :AssetPaths
|
21
|
+
autoload :UrlFor
|
22
|
+
|
23
|
+
def self.eager_load!
|
24
|
+
super
|
25
|
+
AbstractController::Caching.eager_load!
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module AbstractController
|
4
|
+
module AssetPaths #:nodoc:
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
included do
|
8
|
+
config_accessor :asset_host, :assets_dir, :javascripts_dir,
|
9
|
+
:stylesheets_dir, :default_asset_host_protocol, :relative_url_root
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,267 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "abstract_controller/error"
|
4
|
+
require "active_support/configurable"
|
5
|
+
require "active_support/descendants_tracker"
|
6
|
+
require "active_support/core_ext/module/anonymous"
|
7
|
+
require "active_support/core_ext/module/attr_internal"
|
8
|
+
|
9
|
+
module AbstractController
|
10
|
+
# Raised when a non-existing controller action is triggered.
|
11
|
+
class ActionNotFound < StandardError
|
12
|
+
end
|
13
|
+
|
14
|
+
# AbstractController::Base is a low-level API. Nobody should be
|
15
|
+
# using it directly, and subclasses (like ActionController::Base) are
|
16
|
+
# expected to provide their own +render+ method, since rendering means
|
17
|
+
# different things depending on the context.
|
18
|
+
class Base
|
19
|
+
##
|
20
|
+
# Returns the body of the HTTP response sent by the controller.
|
21
|
+
attr_internal :response_body
|
22
|
+
|
23
|
+
##
|
24
|
+
# Returns the name of the action this controller is processing.
|
25
|
+
attr_internal :action_name
|
26
|
+
|
27
|
+
##
|
28
|
+
# Returns the formats that can be processed by the controller.
|
29
|
+
attr_internal :formats
|
30
|
+
|
31
|
+
include ActiveSupport::Configurable
|
32
|
+
extend ActiveSupport::DescendantsTracker
|
33
|
+
|
34
|
+
class << self
|
35
|
+
attr_reader :abstract
|
36
|
+
alias_method :abstract?, :abstract
|
37
|
+
|
38
|
+
# Define a controller as abstract. See internal_methods for more
|
39
|
+
# details.
|
40
|
+
def abstract!
|
41
|
+
@abstract = true
|
42
|
+
end
|
43
|
+
|
44
|
+
def inherited(klass) # :nodoc:
|
45
|
+
# Define the abstract ivar on subclasses so that we don't get
|
46
|
+
# uninitialized ivar warnings
|
47
|
+
unless klass.instance_variable_defined?(:@abstract)
|
48
|
+
klass.instance_variable_set(:@abstract, false)
|
49
|
+
end
|
50
|
+
super
|
51
|
+
end
|
52
|
+
|
53
|
+
# A list of all internal methods for a controller. This finds the first
|
54
|
+
# abstract superclass of a controller, and gets a list of all public
|
55
|
+
# instance methods on that abstract class. Public instance methods of
|
56
|
+
# a controller would normally be considered action methods, so methods
|
57
|
+
# declared on abstract classes are being removed.
|
58
|
+
# (<tt>ActionController::Metal</tt> and ActionController::Base are defined as abstract)
|
59
|
+
def internal_methods
|
60
|
+
controller = self
|
61
|
+
|
62
|
+
controller = controller.superclass until controller.abstract?
|
63
|
+
controller.public_instance_methods(true)
|
64
|
+
end
|
65
|
+
|
66
|
+
# A list of method names that should be considered actions. This
|
67
|
+
# includes all public instance methods on a controller, less
|
68
|
+
# any internal methods (see internal_methods), adding back in
|
69
|
+
# any methods that are internal, but still exist on the class
|
70
|
+
# itself.
|
71
|
+
#
|
72
|
+
# ==== Returns
|
73
|
+
# * <tt>Set</tt> - A set of all methods that should be considered actions.
|
74
|
+
def action_methods
|
75
|
+
@action_methods ||= begin
|
76
|
+
# All public instance methods of this class, including ancestors
|
77
|
+
methods = (public_instance_methods(true) -
|
78
|
+
# Except for public instance methods of Base and its ancestors
|
79
|
+
internal_methods +
|
80
|
+
# Be sure to include shadowed public instance methods of this class
|
81
|
+
public_instance_methods(false))
|
82
|
+
|
83
|
+
methods.map!(&:to_s)
|
84
|
+
|
85
|
+
methods.to_set
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
# action_methods are cached and there is sometimes a need to refresh
|
90
|
+
# them. ::clear_action_methods! allows you to do that, so next time
|
91
|
+
# you run action_methods, they will be recalculated.
|
92
|
+
def clear_action_methods!
|
93
|
+
@action_methods = nil
|
94
|
+
end
|
95
|
+
|
96
|
+
# Returns the full controller name, underscored, without the ending Controller.
|
97
|
+
#
|
98
|
+
# class MyApp::MyPostsController < AbstractController::Base
|
99
|
+
#
|
100
|
+
# end
|
101
|
+
#
|
102
|
+
# MyApp::MyPostsController.controller_path # => "my_app/my_posts"
|
103
|
+
#
|
104
|
+
# ==== Returns
|
105
|
+
# * <tt>String</tt>
|
106
|
+
def controller_path
|
107
|
+
@controller_path ||= name.sub(/Controller$/, "").underscore unless anonymous?
|
108
|
+
end
|
109
|
+
|
110
|
+
# Refresh the cached action_methods when a new action_method is added.
|
111
|
+
def method_added(name)
|
112
|
+
super
|
113
|
+
clear_action_methods!
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
abstract!
|
118
|
+
|
119
|
+
# Calls the action going through the entire action dispatch stack.
|
120
|
+
#
|
121
|
+
# The actual method that is called is determined by calling
|
122
|
+
# #method_for_action. If no method can handle the action, then an
|
123
|
+
# AbstractController::ActionNotFound error is raised.
|
124
|
+
#
|
125
|
+
# ==== Returns
|
126
|
+
# * <tt>self</tt>
|
127
|
+
def process(action, *args)
|
128
|
+
@_action_name = action.to_s
|
129
|
+
|
130
|
+
unless action_name = _find_action_name(@_action_name)
|
131
|
+
raise ActionNotFound, "The action '#{action}' could not be found for #{self.class.name}"
|
132
|
+
end
|
133
|
+
|
134
|
+
@_response_body = nil
|
135
|
+
|
136
|
+
process_action(action_name, *args)
|
137
|
+
end
|
138
|
+
|
139
|
+
# Delegates to the class' ::controller_path
|
140
|
+
def controller_path
|
141
|
+
self.class.controller_path
|
142
|
+
end
|
143
|
+
|
144
|
+
# Delegates to the class' ::action_methods
|
145
|
+
def action_methods
|
146
|
+
self.class.action_methods
|
147
|
+
end
|
148
|
+
|
149
|
+
# Returns true if a method for the action is available and
|
150
|
+
# can be dispatched, false otherwise.
|
151
|
+
#
|
152
|
+
# Notice that <tt>action_methods.include?("foo")</tt> may return
|
153
|
+
# false and <tt>available_action?("foo")</tt> returns true because
|
154
|
+
# this method considers actions that are also available
|
155
|
+
# through other means, for example, implicit render ones.
|
156
|
+
#
|
157
|
+
# ==== Parameters
|
158
|
+
# * <tt>action_name</tt> - The name of an action to be tested
|
159
|
+
def available_action?(action_name)
|
160
|
+
_find_action_name(action_name)
|
161
|
+
end
|
162
|
+
|
163
|
+
# Tests if a response body is set. Used to determine if the
|
164
|
+
# +process_action+ callback needs to be terminated in
|
165
|
+
# +AbstractController::Callbacks+.
|
166
|
+
def performed?
|
167
|
+
response_body
|
168
|
+
end
|
169
|
+
|
170
|
+
# Returns true if the given controller is capable of rendering
|
171
|
+
# a path. A subclass of +AbstractController::Base+
|
172
|
+
# may return false. An Email controller for example does not
|
173
|
+
# support paths, only full URLs.
|
174
|
+
def self.supports_path?
|
175
|
+
true
|
176
|
+
end
|
177
|
+
|
178
|
+
private
|
179
|
+
|
180
|
+
# Returns true if the name can be considered an action because
|
181
|
+
# it has a method defined in the controller.
|
182
|
+
#
|
183
|
+
# ==== Parameters
|
184
|
+
# * <tt>name</tt> - The name of an action to be tested
|
185
|
+
def action_method?(name)
|
186
|
+
self.class.action_methods.include?(name)
|
187
|
+
end
|
188
|
+
|
189
|
+
# Call the action. Override this in a subclass to modify the
|
190
|
+
# behavior around processing an action. This, and not #process,
|
191
|
+
# is the intended way to override action dispatching.
|
192
|
+
#
|
193
|
+
# Notice that the first argument is the method to be dispatched
|
194
|
+
# which is *not* necessarily the same as the action name.
|
195
|
+
def process_action(method_name, *args)
|
196
|
+
send_action(method_name, *args)
|
197
|
+
end
|
198
|
+
|
199
|
+
# Actually call the method associated with the action. Override
|
200
|
+
# this method if you wish to change how action methods are called,
|
201
|
+
# not to add additional behavior around it. For example, you would
|
202
|
+
# override #send_action if you want to inject arguments into the
|
203
|
+
# method.
|
204
|
+
alias send_action send
|
205
|
+
|
206
|
+
# If the action name was not found, but a method called "action_missing"
|
207
|
+
# was found, #method_for_action will return "_handle_action_missing".
|
208
|
+
# This method calls #action_missing with the current action name.
|
209
|
+
def _handle_action_missing(*args)
|
210
|
+
action_missing(@_action_name, *args)
|
211
|
+
end
|
212
|
+
|
213
|
+
# Takes an action name and returns the name of the method that will
|
214
|
+
# handle the action.
|
215
|
+
#
|
216
|
+
# It checks if the action name is valid and returns false otherwise.
|
217
|
+
#
|
218
|
+
# See method_for_action for more information.
|
219
|
+
#
|
220
|
+
# ==== Parameters
|
221
|
+
# * <tt>action_name</tt> - An action name to find a method name for
|
222
|
+
#
|
223
|
+
# ==== Returns
|
224
|
+
# * <tt>string</tt> - The name of the method that handles the action
|
225
|
+
# * false - No valid method name could be found.
|
226
|
+
# Raise +AbstractController::ActionNotFound+.
|
227
|
+
def _find_action_name(action_name)
|
228
|
+
_valid_action_name?(action_name) && method_for_action(action_name)
|
229
|
+
end
|
230
|
+
|
231
|
+
# Takes an action name and returns the name of the method that will
|
232
|
+
# handle the action. In normal cases, this method returns the same
|
233
|
+
# name as it receives. By default, if #method_for_action receives
|
234
|
+
# a name that is not an action, it will look for an #action_missing
|
235
|
+
# method and return "_handle_action_missing" if one is found.
|
236
|
+
#
|
237
|
+
# Subclasses may override this method to add additional conditions
|
238
|
+
# that should be considered an action. For instance, an HTTP controller
|
239
|
+
# with a template matching the action name is considered to exist.
|
240
|
+
#
|
241
|
+
# If you override this method to handle additional cases, you may
|
242
|
+
# also provide a method (like +_handle_method_missing+) to handle
|
243
|
+
# the case.
|
244
|
+
#
|
245
|
+
# If none of these conditions are true, and +method_for_action+
|
246
|
+
# returns +nil+, an +AbstractController::ActionNotFound+ exception will be raised.
|
247
|
+
#
|
248
|
+
# ==== Parameters
|
249
|
+
# * <tt>action_name</tt> - An action name to find a method name for
|
250
|
+
#
|
251
|
+
# ==== Returns
|
252
|
+
# * <tt>string</tt> - The name of the method that handles the action
|
253
|
+
# * <tt>nil</tt> - No method name could be found.
|
254
|
+
def method_for_action(action_name)
|
255
|
+
if action_method?(action_name)
|
256
|
+
action_name
|
257
|
+
elsif respond_to?(:action_missing, true)
|
258
|
+
"_handle_action_missing"
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
# Checks if the action name is valid and returns false otherwise.
|
263
|
+
def _valid_action_name?(action_name)
|
264
|
+
!action_name.to_s.include? File::SEPARATOR
|
265
|
+
end
|
266
|
+
end
|
267
|
+
end
|