actionpack 6.1.7.5 → 7.1.3.1

data/lib/action_dispatch/middleware/stack.rb

@@ -4,6 +4,11 @@ require "active_support/inflector/methods"
 require "active_support/dependencies"
 
 module ActionDispatch
+  # = Action Dispatch \MiddlewareStack
+  #
+  # Read more about {Rails middleware
+  # stack}[https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack]
+  # in the guides.
   class MiddlewareStack
     class Middleware
       attr_reader :args, :block, :klass
@@ -20,13 +25,13 @@ module ActionDispatch
         case middleware
         when Middleware
           klass == middleware.klass
-        when Class
+        when Module
           klass == middleware
         end
       end
 
       def inspect
-        if klass.is_a?(Class)
+        if klass.is_a?(Module)
           klass.to_s
         else
           klass.class.to_s
@@ -72,8 +77,8 @@ module ActionDispatch
       yield(self) if block_given?
     end
 
-    def each
-      @middlewares.each { |x| yield x }
+    def each(&block)
+      @middlewares.each(&block)
     end
 
     def size
@@ -91,7 +96,7 @@ module ActionDispatch
     def unshift(klass, *args, &block)
       middlewares.unshift(build_middleware(klass, args, block))
     end
-    ruby2_keywords(:unshift) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:unshift)
 
     def initialize_copy(other)
       self.middlewares = other.middlewares.dup
@@ -101,7 +106,7 @@ module ActionDispatch
       index = assert_index(index, :before)
       middlewares.insert(index, build_middleware(klass, args, block))
     end
-    ruby2_keywords(:insert) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:insert)
 
     alias_method :insert_before, :insert
 
@@ -109,17 +114,29 @@ module ActionDispatch
       index = assert_index(index, :after)
       insert(index + 1, *args, &block)
     end
-    ruby2_keywords(:insert_after) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:insert_after)
 
     def swap(target, *args, &block)
       index = assert_index(target, :before)
       insert(index, *args, &block)
       middlewares.delete_at(index + 1)
     end
-    ruby2_keywords(:swap) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:swap)
 
+    # Deletes a middleware from the middleware stack.
+    #
+    # Returns the array of middlewares not including the deleted item, or
+    # returns nil if the target is not found.
     def delete(target)
-      middlewares.delete_if { |m| m.klass == target }
+      middlewares.reject! { |m| m.name == target.name }
+    end
+
+    # Deletes a middleware from the middleware stack.
+    #
+    # Returns the array of middlewares not including the deleted item, or
+    # raises +RuntimeError+ if the target is not found.
+    def delete!(target)
+      delete(target) || (raise "No such middleware to remove: #{target.inspect}")
     end
 
     def move(target, source)
@@ -143,7 +160,7 @@ module ActionDispatch
     def use(klass, *args, &block)
       middlewares.push(build_middleware(klass, args, block))
     end
-    ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:use)
 
     def build(app = nil, &block)
       instrumenting = ActiveSupport::Notifications.notifier.listening?(InstrumentationProxy::EVENT_NAME)
@@ -158,7 +175,7 @@ module ActionDispatch
 
     private
       def assert_index(index, where)
-        i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
+        i = index.is_a?(Integer) ? index : index_of(index)
         raise "No such middleware to insert #{where}: #{index.inspect}" unless i
         i
       end
@@ -166,5 +183,11 @@ module ActionDispatch
       def build_middleware(klass, args, block)
         Middleware.new(klass, args, block)
       end
+
+      def index_of(klass)
+        middlewares.index do |m|
+          m.name == klass.name
+        end
+      end
   end
 end

data/lib/action_dispatch/middleware/static.rb

@@ -1,13 +1,14 @@
 # frozen_string_literal: true
 
 require "rack/utils"
-require "active_support/core_ext/uri"
 
 module ActionDispatch
+  # = Action Dispatch \Static
+  #
   # This middleware serves static files from disk, if available.
   # If no file is found, it hands off to the main app.
   #
-  # In Rails apps, this middleware is configured to serve assets from
+  # In \Rails apps, this middleware is configured to serve assets from
   # the +public/+ directory.
   #
   # Only GET and HEAD requests are served. POST and other HTTP methods
@@ -25,22 +26,24 @@ module ActionDispatch
     end
   end
 
-  # This endpoint serves static files from disk using Rack::File.
+  # = Action Dispatch \FileHandler
+  #
+  # This endpoint serves static files from disk using +Rack::Files+.
   #
   # URL paths are matched with static files according to expected
   # conventions: +path+, +path+.html, +path+/index.html.
   #
   # Precompressed versions of these files are checked first. Brotli (.br)
   # and gzip (.gz) files are supported. If +path+.br exists, this
-  # endpoint returns that file with a <tt>Content-Encoding: br</tt> header.
+  # endpoint returns that file with a <tt>content-encoding: br</tt> header.
   #
-  # If no matching file is found, this endpoint responds 404 Not Found.
+  # If no matching file is found, this endpoint responds <tt>404 Not Found</tt>.
   #
   # Pass the +root+ directory to search for matching files, an optional
   # <tt>index: "index"</tt> to change the default +path+/index.html, and optional
   # additional response headers.
   class FileHandler
-    # Accept-Encoding value -> file extension
+    # +Accept-Encoding+ value -> file extension
     PRECOMPRESSED = {
       "br" => ".br",
       "gzip" => ".gz",
@@ -54,7 +57,7 @@ module ActionDispatch
       @precompressed = Array(precompressed).map(&:to_s) | %w[ identity ]
       @compressible_content_types = compressible_content_types
 
-      @file_server = ::Rack::File.new(@root, headers)
+      @file_server = ::Rack::Files.new(@root, headers)
     end
 
     def call(env)
@@ -77,7 +80,7 @@ module ActionDispatch
           request.path_info, ::Rack::Utils.escape_path(filepath).b
 
         @file_server.call(request.env).tap do |status, headers, body|
-          # Omit Content-Encoding/Type/etc headers for 304 Not Modified
+          # Omit content-encoding/type/etc headers for 304 Not Modified
           if status != 304
             headers.update(content_headers)
           end
@@ -105,7 +108,7 @@ module ActionDispatch
       end
 
       def try_files(filepath, content_type, accept_encoding:)
-        headers = { "Content-Type" => content_type }
+        headers = { Rack::CONTENT_TYPE => content_type }
 
         if compressible? content_type
           try_precompressed_files filepath, headers, accept_encoding: accept_encoding
@@ -125,10 +128,10 @@ module ActionDispatch
             if content_encoding == "identity"
               return precompressed_filepath, headers
             else
-              headers["Vary"] = "Accept-Encoding"
+              headers[ActionDispatch::Constants::VARY] = "accept-encoding"
 
               if accept_encoding.any? { |enc, _| /\b#{content_encoding}\b/i.match?(enc) }
-                headers["Content-Encoding"] = content_encoding
+                headers[ActionDispatch::Constants::CONTENT_ENCODING] = content_encoding
                 return precompressed_filepath, headers
               end
             end
@@ -137,11 +140,8 @@ module ActionDispatch
       end
 
       def file_readable?(path)
-        file_stat = File.stat(File.join(@root, path.b))
-      rescue SystemCallError
-        false
-      else
-        file_stat.file? && file_stat.readable?
+        file_path = File.join(@root, path.b)
+        File.file?(file_path) && File.readable?(file_path)
       end
 
       def compressible?(content_type)

data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb

@@ -1,10 +1,10 @@
-<% actions = ActiveSupport::ActionableError.actions(exception) %>
+<% actions = exception_wrapper.actions %>
 
 <% if actions.any? %>
   <div class="actions">
     <% actions.each do |action, _| %>
       <%= button_to action, ActionDispatch::ActionableExceptions.endpoint, params: {
-        error: exception.class.name,
+        error: exception_wrapper.exception_class_name,
         action: action,
         location: request.path
       } %>

data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb

@@ -1,22 +1,22 @@
-<% if exception.respond_to?(:original_message) && exception.respond_to?(:corrections) %>
+<% if exception_wrapper.has_corrections? %>
   <div class="exception-message">
-    <%= simple_format h(exception.original_message), { class: "message" }, wrapper_tag: "div" %>
+    <%= simple_format h(exception_wrapper.original_message), { class: "message" }, wrapper_tag: "div" %>
   </div>
   <%
     # The 'did_you_mean' gem can raise exceptions when calling #corrections on
     # the exception. If it does there are no corrections to show.
-    corrections = exception.corrections rescue []
+    corrections = exception_wrapper.corrections rescue []
   %>
   <% if corrections.any? %>
     <b>Did you mean?</b>
     <ul>
     <% corrections.each do |correction| %>
-      <li style="list-style-type: none"><%= h correction %></li>
+      <li class="correction"><%= h correction %></li>
     <% end %>
     </ul>
   <% end %>
 <% else %>
   <div class="exception-message">
-    <%= simple_format h(exception.message), { class: "message" }, wrapper_tag: "div" %>
+    <%= simple_format h(exception_wrapper.message), { class: "message" }, wrapper_tag: "div" %>
   </div>
 <% end %>

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb

@@ -1,24 +1,17 @@
-<% unless @exception.blamed_files.blank? %>
-  <% if (hide = @exception.blamed_files.length > 8) %>
-    <a href="#" onclick="return toggleTrace()">Toggle blamed files</a>
-  <% end %>
-  <pre id="blame_trace" <%='style="display:none"' if hide %>><code><%= @exception.describe_blame %></code></pre>
-<% end %>
-
-<h2 style="margin-top: 30px">Request</h2>
+<h2 class="request-heading">Request</h2>
 <% if params_valid? %>
   <p><b>Parameters</b>:</p> <pre><%= debug_params(@request.filtered_parameters) %></pre>
 <% end %>
 
 <div class="details">
   <div class="summary"><a href="#" onclick="return toggleSessionDump()">Toggle session dump</a></div>
-  <div id="session_dump" style="display:none"><pre><%= debug_hash @request.session %></pre></div>
+  <div id="session_dump" class="hidden"><pre><%= debug_hash @request.session %></pre></div>
 </div>
 
 <div class="details">
   <div class="summary"><a href="#" onclick="return toggleEnvDump()">Toggle env dump</a></div>
-  <div id="env_dump" style="display:none"><pre><%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %></pre></div>
+  <div id="env_dump" class="hidden"><pre><%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %></pre></div>
 </div>
 
-<h2 style="margin-top: 30px">Response</h2>
+<h2 class="response-heading">Response</h2>
 <p><b>Headers</b>:</p> <pre><%= debug_headers(defined?(@response) ? @response.headers : {}) %></pre>

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -18,12 +18,19 @@
             </td>
 <td width="100%">
 <pre>
-<% source_extract[:code].each do |line, source| -%><div class="line<%= " active" if line == source_extract[:line_number] -%>"><%= source -%></div><% end -%>
+<% source_extract[:code].each do |line, source| -%>
+<div class="line<%= " active" if line == source_extract[:line_number] -%>"><% if source.is_a?(Array) -%><%= source[0] -%><span class="error_highlight"><%= source[1] -%></span><%= source[2] -%>
+<% else -%>
+<%= source -%>
+<% end -%></div><% end -%>
 </pre>
 </td>
           </tr>
         </table>
       </div>
+      <%- unless self.error_highlight_available? -%>
+        <p class="error_highlight_tip">Tip: You may want to add <code>gem 'error_highlight', '&gt;= 0.4.0'</code> into your Gemfile, which will display the fine-grained error location.</p>
+      <%- end -%>
     </div>
   <% end %>
 <% end %>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb

@@ -14,7 +14,7 @@
 
   <% traces.each do |name, trace| %>
     <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
-      <code style="font-size: 11px;">
+      <code class="traces">
         <% trace.each do |frame| %>
           <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
             <%= frame[:trace] %>
@@ -25,7 +25,7 @@
     </div>
   <% end %>
 
-  <script type="text/javascript">
+  <script>
     (function() {
       var traceFrames = document.getElementsByClassName('trace-frames-<%= error_index %>');
       var selectedFrame, currentSource = document.getElementById('frame-source-<%= error_index %>-0');

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb

@@ -1,7 +1,12 @@
 <header>
-  <h1>Blocked host: <%= @host %></h1>
+  <h1>Blocked hosts: <%= @hosts.join(", ") %></h1>
 </header>
-<div id="container">
-  <h2>To allow requests to <%= @host %> make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:</h2>
-  <pre>config.hosts &lt;&lt; "<%= @host %>"</pre>
-</div>
+<main role="main" id="container">
+  <h2>To allow requests to these hosts, make sure they are valid hostnames (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:</h2>
+  <pre>
+  <% @hosts.each do |host| %>
+    config.hosts &lt;&lt; "<%= host %>"
+  <% end %>
+  </pre>
+  <p>For more details view: <a href="https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization">the Host Authorization guide</a></p>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb

@@ -1,5 +1,9 @@
-Blocked host: <%= @host %>
+Blocked hosts: <%= @hosts.join(", ") %>
 
-To allow requests to <%= @host %> make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:
+To allow requests to these hosts, make sure they are valid hostnames (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:
 
-  config.hosts << "<%= @host %>"
+<% @hosts.each do |host| %>
+  config.hosts << "<%= host %>"
+<% end %>
+
+For more details on host authorization view: https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb

@@ -1,35 +1,35 @@
 <header>
   <h1>
-    <%= @exception.class.to_s %>
+    <%= @exception_wrapper.exception_class_name %>
     <% if params_valid? && @request.parameters['controller'] %>
       in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
     <% end %>
   </h1>
 </header>
 
-<div id="container">
-  <%= render "rescues/message_and_suggestions", exception: @exception %>
-  <%= render "rescues/actions", exception: @exception, request: @request %>
+<main role="main" id="container">
+  <%= render "rescues/message_and_suggestions", exception: @exception, exception_wrapper: @exception_wrapper %>
+  <%= render "rescues/actions", exception: @exception, request: @request, exception_wrapper: @exception_wrapper %>
 
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx, error_index: 0 %>
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show, error_index: 0 %>
 
-  <% if @exception.cause %>
+  <% if @exception_wrapper.has_cause? %>
     <h2>Exception Causes</h2>
   <% end %>
 
   <% @exception_wrapper.wrapped_causes.each.with_index(1) do |wrapper, index| %>
     <div class="details">
-      <a class="summary" href="#" style="color: #F0F0F0; text-decoration: none; background: #C52F24; border-bottom: none;" onclick="return toggle(<%= wrapper.exception.object_id %>)">
-        <%= wrapper.exception.class.name %>: <%= h wrapper.exception.message %>
+      <a class="summary" href="#" onclick="return toggle(<%= wrapper.exception_id %>)">
+        <%= wrapper.exception_class_name %>: <%= h wrapper.message %>
       </a>
     </div>
 
-    <div id="<%= wrapper.exception.object_id %>" style="display: none;">
+    <div id="<%= wrapper.exception_id %>" class="hidden">
       <%= render "rescues/source", source_extracts: wrapper.source_extracts, show_source_idx: wrapper.source_to_show_id, error_index: index %>
       <%= render "rescues/trace", traces: wrapper.traces, trace_to_show: wrapper.trace_to_show, error_index: index %>
     </div>
   <% end %>
 
   <%= render template: "rescues/_request_and_response" %>
-</div>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb

@@ -1,9 +1,9 @@
-<%= @exception.class.to_s %><%
+<%= @exception_wrapper.exception_class_name %><%
   if params_valid? && @request.parameters['controller']
 %> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
 <% end %>
 
-<%= @exception.message %>
+<%= @exception_wrapper.message %>
 <%= render template: "rescues/_source" %>
 <%= render template: "rescues/_trace" %>
 <%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -1,4 +1,4 @@
-<header>
+<header role="banner">
   <h1>
     <%= @exception.class.to_s %>
     <% if @request.parameters['controller'] %>
@@ -7,7 +7,7 @@
   </h1>
 </header>
 
-<div id="container">
+<main role="main" id="container">
   <h2>
     <%= h @exception.message %>
     <% if defined?(ActiveStorage) && @exception.message.match?(%r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}) %>
@@ -21,4 +21,4 @@
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
-</div>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -3,6 +3,7 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta name="turbo-visit-control" content="reload">
   <title>Action Controller: Exception caught</title>
   <style>
     body {
@@ -49,11 +50,19 @@
       line-height: 25px;
     }
 
+    code.traces {
+      font-size: 11px;
+    }
+
+    .response-heading, .request-heading {
+      margin-top: 30px;
+    }
+
     .exception-message {
       padding: 8px 0;
     }
 
-    .exception-message .message{
+    .exception-message .message {
       margin-bottom: 8px;
       line-height: 25px;
       font-size: 1.5em;
@@ -75,6 +84,13 @@
       display: block;
     }
 
+    a.summary {
+      color: #F0F0F0;
+      text-decoration: none;
+      background: #C52F24;
+      border-bottom: none;
+    }
+
     .details pre {
       margin: 5px;
       border: none;
@@ -114,7 +130,7 @@
 
     .source .data .line_numbers {
       background-color: #ECECEC;
-      color: #AAA;
+      color: #555;
       padding: 1em .5em;
       border-right: 1px solid #DDD;
       text-align: right;
@@ -133,6 +149,18 @@
       background-color: #FCC;
     }
 
+    .error_highlight {
+      display: inline-block;
+      background-color: #FF9;
+      text-decoration: #F00 wavy underline;
+    }
+
+    .error_highlight_tip {
+      color: #666;
+      padding: 2px 2px;
+      font-size: 10px;
+    }
+
     .button_to {
       display: inline-block;
       margin-top: 0.75em;
@@ -143,6 +171,10 @@
       display: none;
     }
 
+    .correction {
+      list-style-type: none;
+    }
+
     input[type="submit"] {
       color: white;
       background-color: #C00;
@@ -153,6 +185,7 @@
       font-weight: bold;
       margin: 0;
       padding: 10px 18px;
+      cursor: pointer;
       -webkit-appearance: none;
     }
     input[type="submit"]:focus,
@@ -164,15 +197,14 @@
       transform: translateY(1px)
     }
 
-
     a { color: #980905; }
     a:visited { color: #666; }
     a.trace-frames {
       color: #666;
       overflow-wrap: break-word;
     }
-    a:hover { color: #C00; }
-    a.trace-frames.selected { color: #C00 }
+    a:hover, a.trace-frames.selected { color: #C00; }
+    a.summary:hover { color: #FFF; }
 
     @media (prefers-color-scheme: dark) {
       body {
@@ -180,11 +212,7 @@
         color: #ECECEC;
       }
 
-      .details {
-        border-color: #666;
-      }
-
-      .summary {
+      .details, .summary {
         border-color: #666;
       }
 
@@ -210,6 +238,10 @@
         background-color: #900;
       }
 
+      .error_highlight {
+        color: #333;
+      }
+
       input[type="submit"] {
         box-shadow: 0 3px #800;
       }
@@ -219,8 +251,7 @@
 
       a { color: #C00; }
       a.trace-frames { color: #999; }
-      a:hover { color: #E9382B; }
-      a.trace-frames.selected { color: #E9382B; }
+      a:hover, a.trace-frames.selected { color: #E9382B; }
     }
 
     <%= yield :style %>
@@ -228,8 +259,7 @@
 
   <script>
     var toggle = function(id) {
-      var s = document.getElementById(id).style;
-      s.display = s.display == 'none' ? 'block' : 'none';
+      document.getElementById(id).classList.toggle('hidden');
       return false;
     }
     var show = function(id) {
@@ -238,9 +268,6 @@
     var hide = function(id) {
       document.getElementById(id).style.display = 'none';
     }
-    var toggleTrace = function() {
-      return toggle('blame_trace');
-    }
     var toggleSessionDump = function() {
       return toggle('session_dump');
     }
@@ -251,7 +278,7 @@
 </head>
 <body>
 
-<%= yield %>
+  <%= yield %>
 
 </body>
 </html>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb

@@ -1,19 +1,23 @@
-<header>
-  <h1>No template for interactive request</h1>
+<header role="banner">
+  <h1>No view template for interactive request</h1>
 </header>
 
-<div id="container">
+<main id="container">
   <h2><%= h @exception.message %></h2>
 
-  <p class="summary">
-    <strong>NOTE!</strong><br>
-    Unless told otherwise, Rails expects an action to render a template with the same name,<br>
-    contained in a folder named after its controller.
-
-    If this controller is an API responding with 204 (No Content), <br>
-    which does not require a template,
-    then this error will occur when trying to access it via browser,<br>
-    since we expect an HTML template
-    to be rendered for such requests. If that's the case, carry on.
-  </p>
-</div>
+  <div class="summary">
+    <p>
+      <strong>NOTE:</strong> Rails usually expects a controller action to render a view template with the same name.
+    </p>
+    <p>
+      For example, a <code><%= @exception.controller %>#<%= @exception.action_name %></code> action defined in <code>app/controllers/<%= @exception.controller.controller_path %>_controller.rb</code> should have a corresponding view template
+      in a file named <code>app/views/<%= @exception.controller.controller_name %>/<%= @exception.action_name %>.html.erb</code>.
+    </p>
+    <p>
+      However, if this controller is an API endpoint responding with 204 (No Content), which does not require a view template because it doesn't serve an HTML response, then this error will occur when trying to access it with a browser. In this particular scenario, you can ignore this error.
+    </p>
+    <p>
+      You can find more about view template rendering conventions in the <a href="https://guides.rubyonrails.org/layouts_and_rendering.html#rendering-by-default-convention-over-configuration-in-action">Rails Guides on Layouts and Rendering in Rails</a>.
+    </p>
+  </div>
+</main>