RubyGems - actionpack - Versions diffs - 6.0.0.beta1 → 6.0.1.rc1 - Mend

actionpack 6.0.0.beta1 → 6.0.1.rc1

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (73) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df5b083c08009f1025bfbf541400a4819b5620f5bb49aa3d4bbe0c056eae44b3
-  data.tar.gz: '0374579e1273c1d727e0bc94d7a73b3933d8c0f54e7196beedc61ea30d88209f'
+  metadata.gz: 712053e56e990a145430653396c17ec95d5e838da7243b209cb340426c00e949
+  data.tar.gz: f6fc9d43ab2813011edd135cdb4d21dae7499fe66cef41e146c17c941d93edbe
 SHA512:
-  metadata.gz: cb0e467dc8c10baa42df2d08d79b2f5caedad996d247523abf54713a542f6d49a01f120ca0b0faa6930ea89592bfe074979201adec97d33135a5877391a5d4bb
-  data.tar.gz: dee5cf35ce9af7e795d65bb2a44d5edb229439f5fbde0dde1c35e8d3cf2564c49ddf929a9d5499b3aa6248c42cf6f61ca2c75c85a623ba51f1dd6106750d3267
+  metadata.gz: 1a5e6e7326f7d15187bcfcaebe72e02182ee7ee8454a5b2aac54adc9a8017dd80eebd4152d74f7ee6c5c0861f8ce87a1254f342bdea6b2760a66aab50ffdc639
+  data.tar.gz: 8b907a4c8c860951d3a7b04a3c353e05601c8d996f3d7448aaec30ba82c83c48595a752381eef44a1ed559c975835eb9557fe97c0c8e89f942d897afa3062680

data/CHANGELOG.md CHANGED

@@ -1,3 +1,121 @@
+## Rails 6.0.1.rc1 (October 31, 2019) ##
+*   `ActionDispatch::SystemTestCase` now inherits from `ActiveSupport::TestCase`
+    rather than `ActionDispatch::IntegrationTest`. This permits running jobs in
+    system tests.
+    *George Claghorn*, *Edouard Chin*
+*   Registered MIME types may contain extra flags:
+    ```ruby
+    Mime::Type.register "text/html; fragment", :html_fragment
+    ```
+    *Aaron Patterson*
+## Rails 6.0.0 (August 16, 2019) ##
+*   No changes.
+## Rails 6.0.0.rc2 (July 22, 2019) ##
+*   Add the ability to set the CSP nonce only to the specified directives.
+    Fixes #35137.
+    *Yuji Yaginuma*
+*   Keep part when scope option has value.
+    When a route was defined within an optional scope, if that route didn't
+    take parameters the scope was lost when using path helpers. This commit
+    ensures scope is kept both when the route takes parameters or when it
+    doesn't.
+    Fixes #33219
+    *Alberto Almagro*
+*   Change `ActionDispatch::Response#content_type` to return Content-Type header as it is.
+    Previously, `ActionDispatch::Response#content_type` returned value does NOT
+    contain charset part. This behavior changed to returned Content-Type header
+    containing charset part as it is.
+    If you want just MIME type, please use `ActionDispatch::Response#media_type`
+    instead.
+    Enable `action_dispatch.return_only_media_type_on_content_type` to use this change.
+    If not enabled, `ActionDispatch::Response#content_type` returns the same
+    value as before version, but its behavior is deprecate.
+    *Yuji Yaginuma*
+*   Calling `ActionController::Parameters#transform_keys/!` without a block now returns
+    an enumerator for the parameters instead of the underlying hash.
+    *Eugene Kenny*
+*   Fix a bug where DebugExceptions throws an error when malformed query parameters are provided
+    *Yuki Nishijima*, *Stan Lo*
+## Rails 6.0.0.rc1 (April 24, 2019) ##
+*   Make system tests take a failed screenshot in a `before_teardown` hook
+    rather than an `after_teardown` hook.
+    This helps minimize the time gap between when an assertion fails and when
+    the screenshot is taken (reducing the time in which the page could have
+    been dynamically updated after the assertion failed).
+    *Richard Macklin*
+*   Introduce `ActionDispatch::ActionableExceptions`.
+    The `ActionDispatch::ActionableExceptions` middleware dispatches actions
+    from `ActiveSupport::ActionableError` descendants.
+    Actionable errors let's you dispatch actions from Rails' error pages.
+    *Vipul A M*, *Yao Jie*, *Genadi Samokovarov*
+*   Raise an `ArgumentError` if a resource custom param contains a colon (`:`).
+    After this change it's not possible anymore to configure routes like this:
+    ```
+    routes.draw do
+      resources :users, param: 'name/:sneaky'
+    end
+    ```
+    Fixes #30467.
+    *Josua Schmid*
+## Rails 6.0.0.beta3 (March 11, 2019) ##
+*   No changes.
+## Rails 6.0.0.beta2 (February 25, 2019) ##
+*   Make debug exceptions works in an environment where ActiveStorage is not loaded.
+    *Tomoyuki Kurosawa*
+*   `ActionDispatch::SystemTestCase.driven_by` can now be called with a block
+    to define specific browser capabilities.
+    *Edouard Chin*
 ## Rails 6.0.0.beta1 (January 18, 2019) ##
 *   Remove deprecated `fragment_cache_key` helper in favor of `combined_fragment_cache_key`.
@@ -11,18 +129,12 @@
     *Rafael Mendonça França*
-*   Ensure external redirects are explicitly allowed
-    Add `fallback_location` and `allow_other_host` options to `redirect_to`.
-    *Gannon McGibbon*
-*   Introduce ActionDispatch::HostAuthorization
+*   Introduce `ActionDispatch::HostAuthorization`.
     This is a new middleware that guards against DNS rebinding attacks by
-    white-listing the allowed hosts a request can be made to.
+    explicitly permitting the hosts a request can be made to.
-    Each host is checked with the case operator (`#===`) to support `RegExp`,
+    Each host is checked with the case operator (`#===`) to support `Regexp`,
     `Proc`, `IPAddr` and custom objects as host allowances.
     *Genadi Samokovarov*
@@ -47,7 +159,7 @@
 *   Raise an error on root route naming conflicts.
-    Raises an ArgumentError when multiple root routes are defined in the
+    Raises an `ArgumentError` when multiple root routes are defined in the
     same context instead of assigning nil names to subsequent roots.
     *Gannon McGibbon*
@@ -82,7 +194,7 @@
 *   Apply mapping to symbols returned from dynamic CSP sources
     Previously if a dynamic source returned a symbol such as :self it
-    would be converted to a string implicity, e.g:
+    would be converted to a string implicitly, e.g:
         policy.default_src -> { :self }
@@ -135,7 +247,7 @@
     *Assain Jaleel*
-*   Raises `ActionController::RespondToMismatchError` with confliciting `respond_to` invocations.
+*   Raises `ActionController::RespondToMismatchError` with conflicting `respond_to` invocations.
     `respond_to` can match multiple types and lead to undefined behavior when
     multiple invocations are made and the types do not match:
@@ -160,7 +272,7 @@
     *Aaron Kromer*
-*   Pass along arguments to underlying `get` method in `follow_redirect!`.
+*   Pass along arguments to underlying `get` method in `follow_redirect!`
     Now all arguments passed to `follow_redirect!` are passed to the underlying
     `get` method. This for example allows to set custom headers for the

data/README.rdoc CHANGED

@@ -23,6 +23,7 @@ by default and Action View rendering is implicitly triggered by Action
 Controller. However, these modules are designed to function on their own and
 can be used outside of Rails.
+You can read more about Action Pack in the {Action Controller Overview}[https://guides.rubyonrails.org/action_controller_overview.html] guide.
 == Download and installation
@@ -46,7 +47,7 @@ Action Pack is released under the MIT license:
 API documentation is at:
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 Bug reports for the Ruby on Rails project can be filed here:

data/lib/abstract_controller/caching/fragments.rb CHANGED

@@ -28,7 +28,6 @@ module AbstractController
         self.fragment_cache_keys = []
         if respond_to?(:helper_method)
-          helper_method :fragment_cache_key
           helper_method :combined_fragment_cache_key
         end
       end

data/lib/abstract_controller/translation.rb CHANGED

@@ -11,6 +11,7 @@ module AbstractController
     # to translate many keys within the same controller / action and gives you a
     # simple framework for scoping them consistently.
     def translate(key, options = {})
+      options = options.dup
       if key.to_s.first == "."
         path = controller_path.tr("/", ".")
         defaults = [:"#{path}#{key}"]

data/lib/action_controller.rb CHANGED

@@ -3,7 +3,6 @@
 require "active_support/rails"
 require "abstract_controller"
 require "action_dispatch"
-require "action_controller/metal/live"
 require "action_controller/metal/strong_parameters"
 module ActionController
@@ -21,6 +20,10 @@ module ActionController
   end
   autoload_under "metal" do
+    eager_autoload do
+      autoload :Live
+    end
     autoload :ConditionalGet
     autoload :ContentSecurityPolicy
     autoload :Cookies

data/lib/action_controller/metal.rb CHANGED

@@ -26,10 +26,10 @@ module ActionController
       end
     end
-    def build(action, app = Proc.new)
+    def build(action, app = nil, &block)
       action = action.to_s
-      middlewares.reverse.inject(app) do |a, middleware|
+      middlewares.reverse.inject(app || block) do |a, middleware|
         middleware.valid?(action) ? middleware.build(a) : a
       end
     end
@@ -148,7 +148,7 @@ module ActionController
     attr_internal :response, :request
     delegate :session, to: "@_request"
     delegate :headers, :status=, :location=, :content_type=,
-             :status, :location, :content_type, to: "@_response"
+             :status, :location, :content_type, :media_type, to: "@_response"
     def initialize
       @_request = nil

data/lib/action_controller/metal/basic_implicit_render.rb CHANGED

@@ -6,7 +6,7 @@ module ActionController
       super.tap { default_render unless performed? }
     end
-    def default_render(*args)
+    def default_render
       head :no_content
     end
   end

data/lib/action_controller/metal/etag_with_template_digest.rb CHANGED

@@ -51,7 +51,7 @@ module ActionController
       end
       def lookup_and_digest_template(template)
-        ActionView::Digestor.digest name: template, finder: lookup_context
+        ActionView::Digestor.digest name: template, format: nil, finder: lookup_context
       end
   end
 end

data/lib/action_controller/metal/exceptions.rb CHANGED

@@ -27,7 +27,7 @@ module ActionController
   class MethodNotAllowed < ActionControllerError #:nodoc:
     def initialize(*allowed_methods)
-      super("Only #{allowed_methods.to_sentence(locale: :en)} requests are allowed.")
+      super("Only #{allowed_methods.to_sentence} requests are allowed.")
     end
   end
@@ -52,7 +52,7 @@ module ActionController
   end
   # Raised when a nested respond_to is triggered and the content types of each
-  # are incompatible. For exampe:
+  # are incompatible. For example:
   #
   #  respond_to do |outer_type|
   #    outer_type.js do

data/lib/action_controller/metal/force_ssl.rb CHANGED

@@ -13,7 +13,7 @@ module ActionController
     ACTION_OPTIONS = [:only, :except, :if, :unless]
     URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
-    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice, :allow_other_host]
+    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
     module ClassMethods # :nodoc:
       def force_ssl(options = {})
@@ -41,7 +41,6 @@ module ActionController
           host: request.host,
           path: request.fullpath,
           status: :moved_permanently,
-          allow_other_host: true,
         }
         if host_or_options.is_a?(Hash)

data/lib/action_controller/metal/helpers.rb CHANGED

@@ -34,7 +34,7 @@ module ActionController
   #     end
   #   end
   #
-  # Then, in any view rendered by <tt>EventController</tt>, the <tt>format_time</tt> method can be called:
+  # Then, in any view rendered by <tt>EventsController</tt>, the <tt>format_time</tt> method can be called:
   #
   #   <% @events.each do |event| -%>
   #     <p>
@@ -75,7 +75,7 @@ module ActionController
       # Provides a proxy to access helper methods from outside the view.
       def helpers
         @helper_proxy ||= begin
-          proxy = ActionView::Base.new
+          proxy = ActionView::Base.empty
           proxy.config = config.inheritable_copy
           proxy.extend(_helpers)
         end

data/lib/action_controller/metal/implicit_render.rb CHANGED

@@ -30,9 +30,9 @@ module ActionController
     # :stopdoc:
     include BasicImplicitRender
-    def default_render(*args)
+    def default_render
       if template_exists?(action_name.to_s, _prefixes, variants: request.variant)
-        render(*args)
+        render
       elsif any_templates?(action_name.to_s, _prefixes)
         message = "#{self.class.name}\##{action_name} is missing a template " \
           "for this request format and variant.\n" \

data/lib/action_controller/metal/live.rb CHANGED

@@ -146,7 +146,7 @@ module ActionController
       def write(string)
         unless @response.committed?
-          @response.set_header "Cache-Control", "no-cache"
+          @response.headers["Cache-Control"] ||= "no-cache"
           @response.delete_header "Content-Length"
         end
@@ -305,7 +305,7 @@ module ActionController
         logger.fatal do
           message = +"\n#{exception.class} (#{exception.message}):\n"
-          message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
+          message << exception.annotated_source_code.to_s if exception.respond_to?(:annotated_source_code)
           message << "  " << exception.backtrace.join("\n  ")
           "#{message}\n\n"
         end

data/lib/action_controller/metal/mime_responds.rb CHANGED

@@ -205,7 +205,7 @@ module ActionController #:nodoc:
       yield collector if block_given?
       if format = collector.negotiate_format(request)
-        if content_type && content_type != format
+        if media_type && media_type != format
           raise ActionController::RespondToMismatchError
         end
         _process_format(format)

data/lib/action_controller/metal/params_wrapper.rb CHANGED

@@ -93,7 +93,7 @@ module ActionController
       end
       def model
-        super || synchronize { super || self.model = _default_wrap_model }
+        super || self.model = _default_wrap_model
       end
       def include
@@ -115,7 +115,7 @@ module ActionController
               if m.respond_to?(:nested_attributes_options) && m.nested_attributes_options.keys.any?
                 self.include += m.nested_attributes_options.keys.map do |key|
-                  key.to_s.concat("_attributes")
+                  (+key.to_s).concat("_attributes")
                 end
               end

data/lib/action_controller/metal/redirecting.rb CHANGED

@@ -60,7 +60,7 @@ module ActionController
       raise AbstractController::DoubleRenderError if response_body
       self.status        = _extract_redirect_to_status(options, response_options)
-      self.location      = _compute_safe_redirect_to_location(request, options, response_options)
+      self.location      = _compute_redirect_to_location(request, options)
       self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(response.location)}\">redirected</a>.</body></html>"
     end
@@ -88,13 +88,9 @@ module ActionController
     # All other options that can be passed to <tt>redirect_to</tt> are accepted as
     # options and the behavior is identical.
     def redirect_back(fallback_location:, allow_other_host: true, **args)
-      referer = request.headers.fetch("Referer", fallback_location)
-      response_options = {
-        fallback_location: fallback_location,
-        allow_other_host: allow_other_host,
-        **args,
-      }
-      redirect_to referer, response_options
+      referer = request.headers["Referer"]
+      redirect_to_referer = referer && (allow_other_host || _url_host_allowed?(referer))
+      redirect_to redirect_to_referer ? referer : fallback_location, **args
     end
     def _compute_redirect_to_location(request, options) #:nodoc:
@@ -118,23 +114,6 @@ module ActionController
     public :_compute_redirect_to_location
     private
-      def _compute_safe_redirect_to_location(request, options, response_options)
-        location = _compute_redirect_to_location(request, options)
-        location_options = options.is_a?(Hash) ? options : {}
-        if response_options[:allow_other_host] || _url_host_allowed?(location, location_options)
-          location
-        else
-          fallback_location = response_options.fetch(:fallback_location) do
-            raise ArgumentError, <<~MSG.squish
-              Unsafe redirect #{location.inspect},
-              use :fallback_location to specify a fallback
-              or :allow_other_host to redirect anyway.
-            MSG
-          end
-          _compute_redirect_to_location(request, fallback_location)
-        end
-      end
       def _extract_redirect_to_status(options, response_options)
         if options.is_a?(Hash) && options.key?(:status)
           Rack::Utils.status_code(options.delete(:status))
@@ -145,8 +124,8 @@ module ActionController
         end
       end
-      def _url_host_allowed?(url, options = {})
-        URI(url.to_s).host.in?([request.host, options[:host]])
+      def _url_host_allowed?(url)
+        URI(url.to_s).host == request.host
       rescue ArgumentError, URI::Error
         false
       end