actionpack 6.1.7.5 → 7.1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +355 -435
- data/MIT-LICENSE +2 -1
- data/README.rdoc +6 -7
- data/lib/abstract_controller/asset_paths.rb +1 -1
- data/lib/abstract_controller/base.rb +33 -37
- data/lib/abstract_controller/caching/fragments.rb +4 -2
- data/lib/abstract_controller/caching.rb +1 -1
- data/lib/abstract_controller/callbacks.rb +50 -11
- data/lib/abstract_controller/collector.rb +2 -2
- data/lib/abstract_controller/deprecator.rb +7 -0
- data/lib/abstract_controller/error.rb +1 -1
- data/lib/abstract_controller/helpers.rb +78 -30
- data/lib/abstract_controller/logger.rb +1 -1
- data/lib/abstract_controller/railties/routes_helpers.rb +3 -16
- data/lib/abstract_controller/rendering.rb +12 -14
- data/lib/abstract_controller/translation.rb +26 -7
- data/lib/abstract_controller/url_for.rb +6 -6
- data/lib/abstract_controller.rb +6 -0
- data/lib/action_controller/api.rb +12 -10
- data/lib/action_controller/base.rb +8 -21
- data/lib/action_controller/caching.rb +2 -0
- data/lib/action_controller/deprecator.rb +7 -0
- data/lib/action_controller/form_builder.rb +4 -2
- data/lib/action_controller/log_subscriber.rb +20 -7
- data/lib/action_controller/metal/basic_implicit_render.rb +3 -1
- data/lib/action_controller/metal/conditional_get.rb +137 -102
- data/lib/action_controller/metal/content_security_policy.rb +37 -3
- data/lib/action_controller/metal/cookies.rb +1 -1
- data/lib/action_controller/metal/data_streaming.rb +25 -31
- data/lib/action_controller/metal/default_headers.rb +2 -0
- data/lib/action_controller/metal/etag_with_flash.rb +3 -1
- data/lib/action_controller/metal/etag_with_template_digest.rb +2 -0
- data/lib/action_controller/metal/exceptions.rb +27 -30
- data/lib/action_controller/metal/flash.rb +6 -2
- data/lib/action_controller/metal/head.rb +9 -7
- data/lib/action_controller/metal/helpers.rb +5 -16
- data/lib/action_controller/metal/http_authentication.rb +78 -42
- data/lib/action_controller/metal/implicit_render.rb +5 -3
- data/lib/action_controller/metal/instrumentation.rb +62 -50
- data/lib/action_controller/metal/live.rb +67 -2
- data/lib/action_controller/metal/mime_responds.rb +5 -5
- data/lib/action_controller/metal/params_wrapper.rb +24 -13
- data/lib/action_controller/metal/permissions_policy.rb +20 -29
- data/lib/action_controller/metal/redirecting.rb +96 -23
- data/lib/action_controller/metal/renderers.rb +14 -15
- data/lib/action_controller/metal/rendering.rb +121 -16
- data/lib/action_controller/metal/request_forgery_protection.rb +208 -68
- data/lib/action_controller/metal/rescue.rb +7 -4
- data/lib/action_controller/metal/streaming.rb +74 -36
- data/lib/action_controller/metal/strong_parameters.rb +254 -151
- data/lib/action_controller/metal/testing.rb +9 -2
- data/lib/action_controller/metal/url_for.rb +10 -5
- data/lib/action_controller/metal.rb +89 -34
- data/lib/action_controller/railtie.rb +66 -9
- data/lib/action_controller/renderer.rb +99 -85
- data/lib/action_controller/test_case.rb +42 -11
- data/lib/action_controller.rb +10 -6
- data/lib/action_dispatch/constants.rb +32 -0
- data/lib/action_dispatch/deprecator.rb +7 -0
- data/lib/action_dispatch/http/cache.rb +21 -16
- data/lib/action_dispatch/http/content_security_policy.rb +122 -44
- data/lib/action_dispatch/http/filter_parameters.rb +14 -23
- data/lib/action_dispatch/http/headers.rb +3 -1
- data/lib/action_dispatch/http/mime_negotiation.rb +25 -15
- data/lib/action_dispatch/http/mime_type.rb +43 -22
- data/lib/action_dispatch/http/mime_types.rb +3 -1
- data/lib/action_dispatch/http/parameters.rb +6 -6
- data/lib/action_dispatch/http/permissions_policy.rb +57 -19
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +75 -51
- data/lib/action_dispatch/http/response.rb +81 -77
- data/lib/action_dispatch/http/upload.rb +15 -2
- data/lib/action_dispatch/http/url.rb +11 -19
- data/lib/action_dispatch/journey/formatter.rb +8 -2
- data/lib/action_dispatch/journey/gtg/builder.rb +11 -12
- data/lib/action_dispatch/journey/gtg/simulator.rb +10 -4
- data/lib/action_dispatch/journey/gtg/transition_table.rb +77 -21
- data/lib/action_dispatch/journey/nodes/node.rb +70 -5
- data/lib/action_dispatch/journey/path/pattern.rb +36 -27
- data/lib/action_dispatch/journey/route.rb +8 -14
- data/lib/action_dispatch/journey/router/utils.rb +2 -2
- data/lib/action_dispatch/journey/router.rb +10 -9
- data/lib/action_dispatch/journey/routes.rb +5 -5
- data/lib/action_dispatch/journey/visualizer/fsm.js +49 -24
- data/lib/action_dispatch/journey/visualizer/index.html.erb +1 -1
- data/lib/action_dispatch/log_subscriber.rb +23 -0
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +5 -7
- data/lib/action_dispatch/middleware/assume_ssl.rb +24 -0
- data/lib/action_dispatch/middleware/callbacks.rb +2 -0
- data/lib/action_dispatch/middleware/cookies.rb +97 -107
- data/lib/action_dispatch/middleware/debug_exceptions.rb +31 -28
- data/lib/action_dispatch/middleware/debug_locks.rb +7 -4
- data/lib/action_dispatch/middleware/debug_view.rb +7 -2
- data/lib/action_dispatch/middleware/exception_wrapper.rb +190 -27
- data/lib/action_dispatch/middleware/executor.rb +3 -0
- data/lib/action_dispatch/middleware/flash.rb +24 -18
- data/lib/action_dispatch/middleware/host_authorization.rb +19 -20
- data/lib/action_dispatch/middleware/public_exceptions.rb +5 -3
- data/lib/action_dispatch/middleware/reloader.rb +7 -5
- data/lib/action_dispatch/middleware/remote_ip.rb +32 -19
- data/lib/action_dispatch/middleware/request_id.rb +5 -3
- data/lib/action_dispatch/middleware/server_timing.rb +76 -0
- data/lib/action_dispatch/middleware/session/abstract_store.rb +6 -1
- data/lib/action_dispatch/middleware/session/cache_store.rb +2 -0
- data/lib/action_dispatch/middleware/session/cookie_store.rb +19 -13
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +3 -1
- data/lib/action_dispatch/middleware/show_exceptions.rb +30 -25
- data/lib/action_dispatch/middleware/ssl.rb +18 -6
- data/lib/action_dispatch/middleware/stack.rb +34 -11
- data/lib/action_dispatch/middleware/static.rb +16 -16
- data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +2 -2
- data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +5 -5
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +4 -11
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +8 -1
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +2 -2
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +10 -5
- data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +7 -3
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +9 -9
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +2 -2
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +3 -3
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +45 -18
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -15
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +4 -4
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +6 -6
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +7 -7
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +4 -4
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +3 -0
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +64 -55
- data/lib/action_dispatch/railtie.rb +20 -4
- data/lib/action_dispatch/request/session.rb +59 -19
- data/lib/action_dispatch/request/utils.rb +8 -3
- data/lib/action_dispatch/routing/inspector.rb +55 -7
- data/lib/action_dispatch/routing/mapper.rb +117 -107
- data/lib/action_dispatch/routing/polymorphic_routes.rb +2 -0
- data/lib/action_dispatch/routing/redirection.rb +20 -8
- data/lib/action_dispatch/routing/route_set.rb +67 -27
- data/lib/action_dispatch/routing/routes_proxy.rb +11 -16
- data/lib/action_dispatch/routing/url_for.rb +29 -26
- data/lib/action_dispatch/routing.rb +12 -13
- data/lib/action_dispatch/system_test_case.rb +8 -8
- data/lib/action_dispatch/system_testing/browser.rb +20 -29
- data/lib/action_dispatch/system_testing/driver.rb +34 -18
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +35 -20
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +0 -8
- data/lib/action_dispatch/testing/assertion_response.rb +1 -1
- data/lib/action_dispatch/testing/assertions/response.rb +14 -7
- data/lib/action_dispatch/testing/assertions/routing.rb +70 -30
- data/lib/action_dispatch/testing/assertions.rb +3 -4
- data/lib/action_dispatch/testing/integration.rb +33 -25
- data/lib/action_dispatch/testing/request_encoder.rb +4 -1
- data/lib/action_dispatch/testing/test_process.rb +5 -30
- data/lib/action_dispatch/testing/test_request.rb +1 -1
- data/lib/action_dispatch/testing/test_response.rb +34 -2
- data/lib/action_dispatch.rb +38 -4
- data/lib/action_pack/gem_version.rb +4 -4
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_pack.rb +1 -1
- metadata +67 -30
@@ -3,12 +3,12 @@
|
|
3
3
|
require "set"
|
4
4
|
|
5
5
|
module ActionController
|
6
|
-
# See
|
6
|
+
# See Renderers.add
|
7
7
|
def self.add_renderer(key, &block)
|
8
8
|
Renderers.add(key, &block)
|
9
9
|
end
|
10
10
|
|
11
|
-
# See
|
11
|
+
# See Renderers.remove
|
12
12
|
def self.remove_renderer(key)
|
13
13
|
Renderers.remove(key)
|
14
14
|
end
|
@@ -31,8 +31,7 @@ module ActionController
|
|
31
31
|
class_attribute :_renderers, default: Set.new.freeze
|
32
32
|
end
|
33
33
|
|
34
|
-
# Used in
|
35
|
-
# and <tt>ActionController::API</tt> to include all
|
34
|
+
# Used in ActionController::Base and ActionController::API to include all
|
36
35
|
# renderers by default.
|
37
36
|
module All
|
38
37
|
extend ActiveSupport::Concern
|
@@ -45,7 +44,7 @@ module ActionController
|
|
45
44
|
|
46
45
|
# Adds a new renderer to call within controller actions.
|
47
46
|
# A renderer is invoked by passing its name as an option to
|
48
|
-
#
|
47
|
+
# AbstractController::Rendering#render. To create a renderer
|
49
48
|
# pass it a name and a block. The block takes two arguments, the first
|
50
49
|
# is the value paired with its key and the second is the remaining
|
51
50
|
# hash of options passed to +render+.
|
@@ -59,7 +58,7 @@ module ActionController
|
|
59
58
|
# disposition: "attachment; filename=#{filename}.csv"
|
60
59
|
# end
|
61
60
|
#
|
62
|
-
# Note that we used Mime[:csv] for the csv mime type as it comes with Rails.
|
61
|
+
# Note that we used Mime[:csv] for the csv mime type as it comes with \Rails.
|
63
62
|
# For a custom renderer, you'll need to register a mime type with
|
64
63
|
# <tt>Mime::Type.register</tt>.
|
65
64
|
#
|
@@ -96,18 +95,18 @@ module ActionController
|
|
96
95
|
# Adds, by name, a renderer or renderers to the +_renderers+ available
|
97
96
|
# to call within controller actions.
|
98
97
|
#
|
99
|
-
# It is useful when rendering from an
|
98
|
+
# It is useful when rendering from an ActionController::Metal controller or
|
100
99
|
# otherwise to add an available renderer proc to a specific controller.
|
101
100
|
#
|
102
|
-
# Both
|
103
|
-
# include
|
104
|
-
# available in the controller. See
|
101
|
+
# Both ActionController::Base and ActionController::API
|
102
|
+
# include ActionController::Renderers::All, making all renderers
|
103
|
+
# available in the controller. See Renderers::RENDERERS and Renderers.add.
|
105
104
|
#
|
106
|
-
# Since
|
107
|
-
# must include
|
108
|
-
# and
|
105
|
+
# Since ActionController::Metal controllers cannot render, the controller
|
106
|
+
# must include AbstractController::Rendering, ActionController::Rendering,
|
107
|
+
# and ActionController::Renderers, and have at least one renderer.
|
109
108
|
#
|
110
|
-
# Rather than including
|
109
|
+
# Rather than including ActionController::Renderers::All and including all renderers,
|
111
110
|
# you may specify which renderers to include by passing the renderer name or names to
|
112
111
|
# +use_renderers+. For example, a controller that includes only the <tt>:json</tt> renderer
|
113
112
|
# (+_render_with_renderer_json+) might look like:
|
@@ -133,7 +132,7 @@ module ActionController
|
|
133
132
|
alias use_renderer use_renderers
|
134
133
|
end
|
135
134
|
|
136
|
-
# Called by +render+ in
|
135
|
+
# Called by +render+ in AbstractController::Rendering
|
137
136
|
# which sets the return value as the +response_body+.
|
138
137
|
#
|
139
138
|
# If no renderer is found, +super+ returns control to
|
@@ -24,19 +24,125 @@ module ActionController
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
#
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
27
|
+
# Renders a template and assigns the result to +self.response_body+.
|
28
|
+
#
|
29
|
+
# If no rendering mode option is specified, the template will be derived
|
30
|
+
# from the first argument.
|
31
|
+
#
|
32
|
+
# render "posts/show"
|
33
|
+
# # => renders app/views/posts/show.html.erb
|
34
|
+
#
|
35
|
+
# # In a PostsController action...
|
36
|
+
# render :show
|
37
|
+
# # => renders app/views/posts/show.html.erb
|
38
|
+
#
|
39
|
+
# If the first argument responds to +render_in+, the template will be
|
40
|
+
# rendered by calling +render_in+ with the current view context.
|
41
|
+
#
|
42
|
+
# ==== \Rendering Mode
|
43
|
+
#
|
44
|
+
# [+:partial+]
|
45
|
+
# See ActionView::PartialRenderer for details.
|
46
|
+
#
|
47
|
+
# render partial: "posts/form", locals: { post: Post.new }
|
48
|
+
# # => renders app/views/posts/_form.html.erb
|
49
|
+
#
|
50
|
+
# [+:file+]
|
51
|
+
# Renders the contents of a file. This option should <b>not</b> be used
|
52
|
+
# with unsanitized user input.
|
53
|
+
#
|
54
|
+
# render file: "/path/to/some/file"
|
55
|
+
# # => renders /path/to/some/file
|
56
|
+
#
|
57
|
+
# [+:inline+]
|
58
|
+
# Renders an ERB template string.
|
59
|
+
#
|
60
|
+
# @name = "World"
|
61
|
+
# render inline: "<h1>Hello, <%= @name %>!</h1>"
|
62
|
+
# # => renders "<h1>Hello, World!</h1>"
|
63
|
+
#
|
64
|
+
# [+:body+]
|
65
|
+
# Renders the provided text, and sets the content type as +text/plain+.
|
66
|
+
#
|
67
|
+
# render body: "Hello, World!"
|
68
|
+
# # => renders "Hello, World!"
|
69
|
+
#
|
70
|
+
# [+:plain+]
|
71
|
+
# Renders the provided text, and sets the content type as +text/plain+.
|
72
|
+
#
|
73
|
+
# render plain: "Hello, World!"
|
74
|
+
# # => renders "Hello, World!"
|
75
|
+
#
|
76
|
+
# [+:html+]
|
77
|
+
# Renders the provided HTML string, and sets the content type as +text/html+.
|
78
|
+
# If the string is not +html_safe?+, performs HTML escaping on the string
|
79
|
+
# before rendering.
|
80
|
+
#
|
81
|
+
# render html: "<h1>Hello, World!</h1>".html_safe
|
82
|
+
# # => renders "<h1>Hello, World!</h1>"
|
83
|
+
#
|
84
|
+
# render html: "<h1>Hello, World!</h1>"
|
85
|
+
# # => renders "<h1>Hello, World!</h1>"
|
86
|
+
#
|
87
|
+
# [+:json+]
|
88
|
+
# Renders the provided object as JSON, and sets the content type as
|
89
|
+
# +application/json+. If the object is not a string, it will be converted
|
90
|
+
# to JSON by calling +to_json+.
|
91
|
+
#
|
92
|
+
# render json: { hello: "world" }
|
93
|
+
# # => renders "{\"hello\":\"world\"}"
|
94
|
+
#
|
95
|
+
# By default, when a rendering mode is specified, no layout template is
|
96
|
+
# rendered.
|
97
|
+
#
|
98
|
+
# ==== Options
|
99
|
+
#
|
100
|
+
# [+:assigns+]
|
101
|
+
# Hash of instance variable assignments for the template.
|
102
|
+
#
|
103
|
+
# render inline: "<h1>Hello, <%= @name %>!</h1>", assigns: { name: "World" }
|
104
|
+
# # => renders "<h1>Hello, World!</h1>"
|
105
|
+
#
|
106
|
+
# [+:locals+]
|
107
|
+
# Hash of local variable assignments for the template.
|
108
|
+
#
|
109
|
+
# render inline: "<h1>Hello, <%= name %>!</h1>", locals: { name: "World" }
|
110
|
+
# # => renders "<h1>Hello, World!</h1>"
|
111
|
+
#
|
112
|
+
# [+:layout+]
|
113
|
+
# The layout template to render. Can also be +false+ or +true+ to disable
|
114
|
+
# or (re)enable the default layout template.
|
115
|
+
#
|
116
|
+
# render "posts/show", layout: "holiday"
|
117
|
+
# # => renders app/views/posts/show.html.erb with the app/views/layouts/holiday.html.erb layout
|
118
|
+
#
|
119
|
+
# render "posts/show", layout: false
|
120
|
+
# # => renders app/views/posts/show.html.erb with no layout
|
121
|
+
#
|
122
|
+
# render inline: "<h1>Hello, World!</h1>", layout: true
|
123
|
+
# # => renders "<h1>Hello, World!</h1>" with the default layout
|
124
|
+
#
|
125
|
+
# [+:status+]
|
126
|
+
# The HTTP status code to send with the response. Can be specified as a
|
127
|
+
# number or as the status name in Symbol form. Defaults to 200.
|
128
|
+
#
|
129
|
+
# render "posts/new", status: 422
|
130
|
+
# # => renders app/views/posts/new.html.erb with HTTP status code 422
|
131
|
+
#
|
132
|
+
# render "posts/new", status: :unprocessable_entity
|
133
|
+
# # => renders app/views/posts/new.html.erb with HTTP status code 422
|
134
|
+
#
|
135
|
+
#--
|
33
136
|
# Check for double render errors and set the content_type after rendering.
|
34
|
-
def render(*args)
|
137
|
+
def render(*args)
|
35
138
|
raise ::AbstractController::DoubleRenderError if response_body
|
36
139
|
super
|
37
140
|
end
|
38
141
|
|
39
|
-
#
|
142
|
+
# Similar to #render, but only returns the rendered template as a string,
|
143
|
+
# instead of setting +self.response_body+.
|
144
|
+
#--
|
145
|
+
# Override render_to_string because body can now be set to a Rack body.
|
40
146
|
def render_to_string(*)
|
41
147
|
result = super
|
42
148
|
if result.respond_to?(:each)
|
@@ -48,11 +154,17 @@ module ActionController
|
|
48
154
|
end
|
49
155
|
end
|
50
156
|
|
51
|
-
def render_to_body(options = {})
|
157
|
+
def render_to_body(options = {}) # :nodoc:
|
52
158
|
super || _render_in_priorities(options) || " "
|
53
159
|
end
|
54
160
|
|
55
161
|
private
|
162
|
+
# Before processing, set the request formats in current controller formats.
|
163
|
+
def process_action(*) # :nodoc:
|
164
|
+
self.formats = request.formats.filter_map(&:ref)
|
165
|
+
super
|
166
|
+
end
|
167
|
+
|
56
168
|
def _process_variant(options)
|
57
169
|
if defined?(request) && !request.nil? && request.variant.present?
|
58
170
|
options[:variant] = request.variant
|
@@ -83,13 +195,6 @@ module ActionController
|
|
83
195
|
end
|
84
196
|
end
|
85
197
|
|
86
|
-
# Normalize arguments by catching blocks and setting them on :update.
|
87
|
-
def _normalize_args(action = nil, options = {}, &blk)
|
88
|
-
options = super
|
89
|
-
options[:update] = blk if block_given?
|
90
|
-
options
|
91
|
-
end
|
92
|
-
|
93
198
|
# Normalize both text and status options.
|
94
199
|
def _normalize_options(options)
|
95
200
|
_normalize_text(options)
|