RubyGems - actionpack - Versions diffs - 7.0.4 → 7.1.3.4 - Mend

actionpack 7.0.4 → 7.1.3.4

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (140) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +397 -269
data/MIT-LICENSE +1 -1
data/README.rdoc +4 -4
data/lib/abstract_controller/base.rb +20 -11
data/lib/abstract_controller/caching/fragments.rb +2 -0
data/lib/abstract_controller/callbacks.rb +31 -6
data/lib/abstract_controller/deprecator.rb +7 -0
data/lib/abstract_controller/helpers.rb +75 -28
data/lib/abstract_controller/railties/routes_helpers.rb +1 -16
data/lib/abstract_controller/rendering.rb +12 -14
data/lib/abstract_controller/translation.rb +9 -6
data/lib/abstract_controller/url_for.rb +2 -0
data/lib/abstract_controller.rb +6 -0
data/lib/action_controller/api.rb +6 -4
data/lib/action_controller/base.rb +3 -17
data/lib/action_controller/caching.rb +2 -0
data/lib/action_controller/deprecator.rb +7 -0
data/lib/action_controller/form_builder.rb +2 -0
data/lib/action_controller/log_subscriber.rb +16 -4
data/lib/action_controller/metal/basic_implicit_render.rb +3 -1
data/lib/action_controller/metal/conditional_get.rb +121 -123
data/lib/action_controller/metal/content_security_policy.rb +5 -5
data/lib/action_controller/metal/data_streaming.rb +20 -18
data/lib/action_controller/metal/default_headers.rb +2 -0
data/lib/action_controller/metal/etag_with_flash.rb +3 -1
data/lib/action_controller/metal/etag_with_template_digest.rb +2 -0
data/lib/action_controller/metal/exceptions.rb +8 -0
data/lib/action_controller/metal/head.rb +9 -7
data/lib/action_controller/metal/helpers.rb +3 -14
data/lib/action_controller/metal/http_authentication.rb +17 -8
data/lib/action_controller/metal/implicit_render.rb +5 -3
data/lib/action_controller/metal/instrumentation.rb +8 -1
data/lib/action_controller/metal/live.rb +25 -1
data/lib/action_controller/metal/mime_responds.rb +2 -2
data/lib/action_controller/metal/params_wrapper.rb +4 -2
data/lib/action_controller/metal/permissions_policy.rb +2 -2
data/lib/action_controller/metal/redirecting.rb +29 -8
data/lib/action_controller/metal/renderers.rb +4 -4
data/lib/action_controller/metal/rendering.rb +114 -9
data/lib/action_controller/metal/request_forgery_protection.rb +144 -53
data/lib/action_controller/metal/rescue.rb +6 -3
data/lib/action_controller/metal/streaming.rb +71 -31
data/lib/action_controller/metal/strong_parameters.rb +158 -101
data/lib/action_controller/metal/url_for.rb +9 -4
data/lib/action_controller/metal.rb +79 -21
data/lib/action_controller/railtie.rb +24 -10
data/lib/action_controller/renderer.rb +99 -85
data/lib/action_controller/test_case.rb +15 -5
data/lib/action_controller.rb +8 -1
data/lib/action_dispatch/constants.rb +32 -0
data/lib/action_dispatch/deprecator.rb +7 -0
data/lib/action_dispatch/http/cache.rb +9 -11
data/lib/action_dispatch/http/content_security_policy.rb +14 -9
data/lib/action_dispatch/http/filter_parameters.rb +14 -28
data/lib/action_dispatch/http/headers.rb +3 -1
data/lib/action_dispatch/http/mime_negotiation.rb +22 -22
data/lib/action_dispatch/http/mime_type.rb +35 -12
data/lib/action_dispatch/http/mime_types.rb +3 -1
data/lib/action_dispatch/http/parameters.rb +1 -1
data/lib/action_dispatch/http/permissions_policy.rb +38 -23
data/lib/action_dispatch/http/rack_cache.rb +2 -0
data/lib/action_dispatch/http/request.rb +63 -30
data/lib/action_dispatch/http/response.rb +80 -63
data/lib/action_dispatch/http/upload.rb +15 -2
data/lib/action_dispatch/journey/formatter.rb +8 -2
data/lib/action_dispatch/journey/path/pattern.rb +14 -14
data/lib/action_dispatch/journey/route.rb +3 -2
data/lib/action_dispatch/journey/router.rb +9 -8
data/lib/action_dispatch/journey/routes.rb +2 -2
data/lib/action_dispatch/log_subscriber.rb +23 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +5 -6
data/lib/action_dispatch/middleware/assume_ssl.rb +24 -0
data/lib/action_dispatch/middleware/callbacks.rb +2 -0
data/lib/action_dispatch/middleware/cookies.rb +108 -117
data/lib/action_dispatch/middleware/debug_exceptions.rb +26 -25
data/lib/action_dispatch/middleware/debug_locks.rb +4 -1
data/lib/action_dispatch/middleware/debug_view.rb +7 -2
data/lib/action_dispatch/middleware/exception_wrapper.rb +186 -27
data/lib/action_dispatch/middleware/executor.rb +1 -1
data/lib/action_dispatch/middleware/flash.rb +7 -0
data/lib/action_dispatch/middleware/host_authorization.rb +18 -8
data/lib/action_dispatch/middleware/public_exceptions.rb +5 -3
data/lib/action_dispatch/middleware/reloader.rb +7 -5
data/lib/action_dispatch/middleware/remote_ip.rb +21 -20
data/lib/action_dispatch/middleware/request_id.rb +4 -2
data/lib/action_dispatch/middleware/server_timing.rb +4 -4
data/lib/action_dispatch/middleware/session/abstract_store.rb +5 -0
data/lib/action_dispatch/middleware/session/cache_store.rb +2 -0
data/lib/action_dispatch/middleware/session/cookie_store.rb +11 -5
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +3 -1
data/lib/action_dispatch/middleware/show_exceptions.rb +25 -18
data/lib/action_dispatch/middleware/ssl.rb +18 -6
data/lib/action_dispatch/middleware/stack.rb +7 -2
data/lib/action_dispatch/middleware/static.rb +14 -10
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +8 -1
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -3
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -3
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +17 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +16 -12
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +59 -41
data/lib/action_dispatch/railtie.rb +14 -4
data/lib/action_dispatch/request/session.rb +16 -6
data/lib/action_dispatch/request/utils.rb +8 -3
data/lib/action_dispatch/routing/inspector.rb +54 -6
data/lib/action_dispatch/routing/mapper.rb +58 -24
data/lib/action_dispatch/routing/polymorphic_routes.rb +2 -0
data/lib/action_dispatch/routing/redirection.rb +15 -6
data/lib/action_dispatch/routing/route_set.rb +52 -22
data/lib/action_dispatch/routing/routes_proxy.rb +10 -15
data/lib/action_dispatch/routing/url_for.rb +26 -22
data/lib/action_dispatch/routing.rb +7 -7
data/lib/action_dispatch/system_test_case.rb +3 -3
data/lib/action_dispatch/system_testing/browser.rb +20 -19
data/lib/action_dispatch/system_testing/driver.rb +14 -22
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +27 -16
data/lib/action_dispatch/testing/assertion_response.rb +1 -1
data/lib/action_dispatch/testing/assertions/response.rb +14 -7
data/lib/action_dispatch/testing/assertions/routing.rb +67 -28
data/lib/action_dispatch/testing/assertions.rb +3 -1
data/lib/action_dispatch/testing/integration.rb +27 -17
data/lib/action_dispatch/testing/request_encoder.rb +4 -1
data/lib/action_dispatch/testing/test_process.rb +4 -3
data/lib/action_dispatch/testing/test_request.rb +1 -1
data/lib/action_dispatch/testing/test_response.rb +23 -9
data/lib/action_dispatch.rb +37 -4
data/lib/action_pack/gem_version.rb +4 -4
data/lib/action_pack/version.rb +1 -1
data/lib/action_pack.rb +1 -1
metadata +65 -29

data/lib/action_dispatch/log_subscriber.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module ActionDispatch
+  class LogSubscriber < ActiveSupport::LogSubscriber
+    def redirect(event)
+      payload = event.payload
+      info { "Redirected to #{payload[:location]}" }
+      info do
+        status = payload[:status]
+        message = +"Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << "\n\n" if defined?(Rails.env) && Rails.env.development?
+        message
+      end
+    end
+    subscribe_log_level :redirect, :info
+  end
+end
+ActionDispatch::LogSubscriber.attach_to :action_dispatch

data/lib/action_dispatch/middleware/actionable_exceptions.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require "erb"
 require "uri"
 require "active_support/actionable_error"
@@ -30,15 +29,15 @@ module ActionDispatch
         uri = URI.parse location
         if uri.relative? || uri.scheme == "http" || uri.scheme == "https"
-          body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>"
+          body = ""
         else
-          return [400, { "Content-Type" => "text/plain" }, ["Invalid redirection URI"]]
+          return [400, { Rack::CONTENT_TYPE => "text/plain; charset=utf-8" }, ["Invalid redirection URI"]]
         end
         [302, {
-          "Content-Type" => "text/html; charset=#{Response.default_charset}",
-          "Content-Length" => body.bytesize.to_s,
-          "Location" => location,
+          Rack::CONTENT_TYPE => "text/html; charset=#{Response.default_charset}",
+          Rack::CONTENT_LENGTH => body.bytesize.to_s,
+          ActionDispatch::Constants::LOCATION => location,
         }, [body]]
       end
   end

data/lib/action_dispatch/middleware/assume_ssl.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module ActionDispatch
+  # = Action Dispatch \AssumeSSL
+  #
+  # When proxying through a load balancer that terminates SSL, the forwarded request will appear
+  # as though it's HTTP instead of HTTPS to the application. This makes redirects and cookie
+  # security target HTTP instead of HTTPS. This middleware makes the server assume that the
+  # proxy already terminated SSL, and that the request really is HTTPS.
+  class AssumeSSL
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      env["HTTPS"] = "on"
+      env["HTTP_X_FORWARDED_PORT"] = "443"
+      env["HTTP_X_FORWARDED_PROTO"] = "https"
+      env["rack.url_scheme"] = "https"
+      @app.call(env)
+    end
+  end
+end

data/lib/action_dispatch/middleware/callbacks.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 module ActionDispatch
+  # = Action Dispatch \Callbacks
+  #
   # Provides callbacks to be executed before and after dispatching the request.
   class Callbacks
     include ActiveSupport::Callbacks

data/lib/action_dispatch/middleware/cookies.rb CHANGED Viewed

@@ -70,7 +70,7 @@ module ActionDispatch
     end
     def cookies_same_site_protection
-      get_header(Cookies::COOKIES_SAME_SITE_PROTECTION) || Proc.new { }
+      get_header(Cookies::COOKIES_SAME_SITE_PROTECTION)&.call(self)
     end
     def cookies_digest
@@ -92,10 +92,10 @@ module ActionDispatch
     include RequestCookieMethods
   end
-  # Read and write data to cookies through ActionController::Base#cookies.
+  # Read and write data to cookies through ActionController::Cookies#cookies.
   #
   # When reading cookie data, the data is read from the HTTP request header, Cookie.
-  # When writing cookie data, the data is sent out in the HTTP response header, Set-Cookie.
+  # When writing cookie data, the data is sent out in the HTTP response header, +Set-Cookie+.
   #
   # Examples of writing:
   #
@@ -160,13 +160,18 @@ module ActionDispatch
   #   to <tt>:all</tt>. To support multiple domains, provide an array, and
   #   the first domain matching <tt>request.host</tt> will be used. Make
   #   sure to specify the <tt>:domain</tt> option with <tt>:all</tt> or
-  #   <tt>Array</tt> again when deleting cookies.
+  #   <tt>Array</tt> again when deleting cookies. For more flexibility you
+  #   can set the domain on a per-request basis by specifying <tt>:domain</tt>
+  #   with a proc.
   #
   #     domain: nil  # Does not set cookie domain. (default)
   #     domain: :all # Allow the cookie for the top most level
   #                  # domain and subdomains.
   #     domain: %w(.example.com .example.org) # Allow the cookie
   #                                           # for concrete domain names.
+  #     domain: proc { Tenant.current.cookie_domain } # Set cookie domain dynamically
+  #     domain: proc { |req| ".sub.#{req.host}" }     # Set cookie domain dynamically based on request
+  #
   #
   # * <tt>:tld_length</tt> - When using <tt>:domain => :all</tt>, this option can be used to explicitly
   #   set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD.
@@ -178,7 +183,8 @@ module ActionDispatch
   #   only HTTP. Defaults to +false+.
   # * <tt>:same_site</tt> - The value of the +SameSite+ cookie attribute, which
   #   determines how this cookie should be restricted in cross-site contexts.
-  #   Possible values are +:none+, +:lax+, and +:strict+. Defaults to +:lax+.
+  #   Possible values are +nil+, +:none+, +:lax+, and +:strict+. Defaults to
+  #   +:lax+.
   class Cookies
     HTTP_HEADER   = "Set-Cookie"
     GENERATOR_KEY = "action_dispatch.key_generator"
@@ -290,20 +296,6 @@ module ActionDispatch
     class CookieJar # :nodoc:
       include Enumerable, ChainedCookieJars
-      # This regular expression is used to split the levels of a domain.
-      # The top level domain can be any string without a period or
-      # **.**, ***.** style TLDs like co.uk or com.au
-      #
-      # www.example.co.uk gives:
-      # $& => example.co.uk
-      #
-      # example.com gives:
-      # $& => example.com
-      #
-      # lots.of.subdomains.example.local gives:
-      # $& => example.local
-      DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
       def self.build(req, cookies)
         jar = new(req)
         jar.update(cookies)
@@ -390,6 +382,8 @@ module ActionDispatch
       # Removes the cookie on the client machine by setting the value to an empty string
       # and the expiration date in the past. Like <tt>[]=</tt>, you can pass in
       # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
+      #
+      # Returns the value of the cookie, or +nil+ if the cookie does not exist.
       def delete(name, options = {})
         return unless @cookies.has_key? name.to_s
@@ -415,9 +409,15 @@ module ActionDispatch
         @cookies.each_key { |k| delete(k, options) }
       end
-      def write(headers)
-        if header = make_set_cookie_header(headers[HTTP_HEADER])
-          headers[HTTP_HEADER] = header
+      def write(response)
+        @set_cookies.each do |name, value|
+          if write_cookie?(value)
+            response.set_cookie(name, value)
+          end
+        end
+        @delete_cookies.each do |name, value|
+          response.delete_cookie(name, value)
         end
       end
@@ -428,19 +428,6 @@ module ActionDispatch
           ::Rack::Utils.escape(string)
         end
-        def make_set_cookie_header(header)
-          header = @set_cookies.inject(header) { |m, (k, v)|
-            if write_cookie?(v)
-              ::Rack::Utils.add_cookie_to_header(m, k, v)
-            else
-              m
-            end
-          }
-          @delete_cookies.inject(header) { |m, (k, v)|
-            ::Rack::Utils.add_remove_cookie_to_header(m, k, v)
-          }
-        end
         def write_cookie?(cookie)
           request.ssl? || !cookie[:secure] || always_write_cookie || request.host.end_with?(".onion")
         end
@@ -452,17 +439,40 @@ module ActionDispatch
           options[:path]      ||= "/"
-          cookies_same_site_protection = request.cookies_same_site_protection
-          options[:same_site] ||= cookies_same_site_protection.call(request)
+          unless options.key?(:same_site)
+            options[:same_site] = request.cookies_same_site_protection
+          end
           if options[:domain] == :all || options[:domain] == "all"
-            # If there is a provided tld length then we use it otherwise default domain regexp.
-            domain_regexp = options[:tld_length] ? /([^.]+\.?){#{options[:tld_length]}}$/ : DOMAIN_REGEXP
+            cookie_domain = ""
+            dot_splitted_host = request.host.split(".", -1)
+            # Case where request.host is not an IP address or it's an invalid domain
+            # (ip confirms to the domain structure we expect so we explicitly check for ip)
+            if request.host.match?(/^[\d.]+$/) || dot_splitted_host.include?("") || dot_splitted_host.length == 1
+              options[:domain] = nil
+              return
+            end
-            # If host is not ip and matches domain regexp.
-            # (ip confirms to domain regexp so we explicitly check for ip)
-            options[:domain] = if !request.host.match?(/^[\d.]+$/) && (request.host =~ domain_regexp)
-              ".#{$&}"
+            # If there is a provided tld length then we use it otherwise default domain.
+            if options[:tld_length].present?
+              # Case where the tld_length provided is valid
+              if dot_splitted_host.length >= options[:tld_length]
+                cookie_domain = dot_splitted_host.last(options[:tld_length]).join(".")
+              end
+            # Case where tld_length is not provided
+            else
+              # Regular TLDs
+              if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
+                cookie_domain = dot_splitted_host.last(2).join(".")
+              # **.**, ***.** style TLDs like co.uk and com.au
+              else
+                cookie_domain = dot_splitted_host.last(3).join(".")
+              end
+            end
+            options[:domain] = if cookie_domain.present?
+              cookie_domain
             end
           elsif options[:domain].is_a? Array
             # If host matches one of the supplied domains.
@@ -470,6 +480,8 @@ module ActionDispatch
               domain = domain.delete_prefix(".")
               request.host == domain || request.host.end_with?(".#{domain}")
             end
+          elsif options[:domain].respond_to?(:call)
+            options[:domain] = options[:domain].call(request)
           end
         end
     end
@@ -533,75 +545,57 @@ module ActionDispatch
         end
     end
-    class MarshalWithJsonFallback # :nodoc:
-      def self.load(value)
-        Marshal.load(value)
-      rescue TypeError => e
-        ActiveSupport::JSON.decode(value) rescue raise e
-      end
-      def self.dump(value)
-        Marshal.dump(value)
-      end
-    end
-    class JsonSerializer # :nodoc:
-      def self.load(value)
-        ActiveSupport::JSON.decode(value)
-      end
-      def self.dump(value)
-        ActiveSupport::JSON.encode(value)
-      end
-    end
     module SerializedCookieJars # :nodoc:
-      MARSHAL_SIGNATURE = "\x04\x08"
       SERIALIZER = ActiveSupport::MessageEncryptor::NullSerializer
       protected
-        def needs_migration?(value)
-          request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
+        def digest
+          request.cookies_digest || "SHA1"
         end
-        def serialize(value)
-          serializer.dump(value)
+      private
+        def serializer
+          @serializer ||=
+            case request.cookies_serializer
+            when nil
+              ActiveSupport::Messages::SerializerWithFallback[:marshal]
+            when :hybrid
+              ActiveSupport::Messages::SerializerWithFallback[:json_allow_marshal]
+            when Symbol
+              ActiveSupport::Messages::SerializerWithFallback[request.cookies_serializer]
+            else
+              request.cookies_serializer
+            end
         end
-        def deserialize(name)
-          rotate = false
-          value  = yield -> { rotate = true }
+        def reserialize?(dumped)
+          serializer.is_a?(ActiveSupport::Messages::SerializerWithFallback) &&
+            serializer != ActiveSupport::Messages::SerializerWithFallback[:marshal] &&
+            !serializer.dumped?(dumped)
+        end
-          if value
-            case
-            when needs_migration?(value)
-              Marshal.load(value).tap do |v|
-                self[name] = { value: v }
-              end
-            when rotate
-              serializer.load(value).tap do |v|
-                self[name] = { value: v }
-              end
-            else
-              serializer.load(value)
+        def parse(name, dumped, force_reserialize: false, **)
+          if dumped
+            begin
+              value = serializer.load(dumped)
+            rescue StandardError
+              return
             end
+            self[name] = { value: value } if force_reserialize || reserialize?(dumped)
+            value
           end
         end
-        def serializer
-          serializer = request.cookies_serializer || :marshal
-          case serializer
-          when :marshal
-            MarshalWithJsonFallback
-          when :json, :hybrid
-            JsonSerializer
-          else
-            serializer
-          end
+        def commit(name, options)
+          options[:value] = serializer.dump(options[:value])
         end
-        def digest
-          request.cookies_digest || "SHA1"
+        def check_for_overflow!(name, options)
+          if options[:value].bytesize > MAX_COOKIE_SIZE
+            raise CookieOverflow, "#{name} cookie overflowed with size #{options[:value].bytesize} bytes"
+          end
         end
     end
@@ -622,15 +616,15 @@ module ActionDispatch
       private
         def parse(name, signed_message, purpose: nil)
-          deserialize(name) do |rotate|
-            @verifier.verified(signed_message, on_rotation: rotate, purpose: purpose)
-          end
+          rotated = false
+          data = @verifier.verified(signed_message, purpose: purpose, on_rotation: -> { rotated = true })
+          super(name, data, force_reserialize: rotated)
         end
         def commit(name, options)
-          options[:value] = @verifier.generate(serialize(options[:value]), **cookie_metadata(name, options))
-          raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
+          super
+          options[:value] = @verifier.generate(options[:value], **cookie_metadata(name, options))
+          check_for_overflow!(name, options)
         end
     end
@@ -672,17 +666,17 @@ module ActionDispatch
       private
         def parse(name, encrypted_message, purpose: nil)
-          deserialize(name) do |rotate|
-            @encryptor.decrypt_and_verify(encrypted_message, on_rotation: rotate, purpose: purpose)
-          end
+          rotated = false
+          data = @encryptor.decrypt_and_verify(encrypted_message, purpose: purpose, on_rotation: -> { rotated = true })
+          super(name, data, force_reserialize: rotated)
         rescue ActiveSupport::MessageEncryptor::InvalidMessage, ActiveSupport::MessageVerifier::InvalidSignature
           nil
         end
         def commit(name, options)
-          options[:value] = @encryptor.encrypt_and_sign(serialize(options[:value]), **cookie_metadata(name, options))
-          raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
+          super
+          options[:value] = @encryptor.encrypt_and_sign(options[:value], **cookie_metadata(name, options))
+          check_for_overflow!(name, options)
         end
     end
@@ -691,21 +685,18 @@ module ActionDispatch
     end
     def call(env)
-      request = ActionDispatch::Request.new env
-      status, headers, body = @app.call(env)
+      request = ActionDispatch::Request.new(env)
+      response = @app.call(env)
       if request.have_cookie_jar?
         cookie_jar = request.cookie_jar
         unless cookie_jar.committed?
-          cookie_jar.write(headers)
-          if headers[HTTP_HEADER].respond_to?(:join)
-            headers[HTTP_HEADER] = headers[HTTP_HEADER].join("\n")
-          end
+          response = Rack::Response[*response]
+          cookie_jar.write(response)
         end
       end
-      [status, headers, body]
+      response.to_a
     end
   end
 end

data/lib/action_dispatch/middleware/debug_exceptions.rb CHANGED Viewed

@@ -6,6 +6,8 @@ require "action_dispatch/routing/inspector"
 require "action_view"
 module ActionDispatch
+  # = Action Dispatch \DebugExceptions
+  #
   # This middleware is responsible for logging exceptions and
   # showing a debugging page in case the request is local.
   class DebugExceptions
@@ -24,26 +26,26 @@ module ActionDispatch
     end
     def call(env)
-      request = ActionDispatch::Request.new env
       _, headers, body = response = @app.call(env)
-      if headers["X-Cascade"] == "pass"
+      if headers[Constants::X_CASCADE] == "pass"
         body.close if body.respond_to?(:close)
         raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
       end
       response
     rescue Exception => exception
-      invoke_interceptors(request, exception)
-      raise exception unless request.show_exceptions?
-      render_exception(request, exception)
+      request = ActionDispatch::Request.new env
+      backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+      wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+      invoke_interceptors(request, exception, wrapper)
+      raise exception unless wrapper.show?(request)
+      render_exception(request, exception, wrapper)
     end
     private
-      def invoke_interceptors(request, exception)
-        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
-        wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+      def invoke_interceptors(request, exception, wrapper)
         @interceptors.each do |interceptor|
           interceptor.call(request, exception)
         rescue Exception
@@ -51,9 +53,7 @@ module ActionDispatch
         end
       end
-      def render_exception(request, exception)
-        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
-        wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+      def render_exception(request, exception, wrapper)
         log_error(request, wrapper)
         if request.get_header("action_dispatch.show_detailed_exceptions")
@@ -94,7 +94,7 @@ module ActionDispatch
             wrapper.status_code,
             Rack::Utils::HTTP_STATUS_CODES[500]
           ),
-          exception: wrapper.exception.inspect,
+          exception: wrapper.exception_inspect,
           traces: wrapper.traces
         }
@@ -115,19 +115,19 @@ module ActionDispatch
         DebugView.new(
           request: request,
           exception_wrapper: wrapper,
+          # Everything should use the wrapper, but we need to pass
+          # `exception` for legacy code.
           exception: wrapper.exception,
           traces: wrapper.traces,
           show_source_idx: wrapper.source_to_show_id,
           trace_to_show: wrapper.trace_to_show,
-          routes_inspector: routes_inspector(wrapper.exception),
+          routes_inspector: routes_inspector(wrapper),
           source_extracts: wrapper.source_extracts,
-          line_number: wrapper.line_number,
-          file: wrapper.file
         )
       end
       def render(status, body, format)
-        [status, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s }, [body]]
+        [status, { Rack::CONTENT_TYPE => "#{format}; charset=#{Response.default_charset}", Rack::CONTENT_LENGTH => body.bytesize.to_s }, [body]]
       end
       def log_error(request, wrapper)
@@ -136,26 +136,27 @@ module ActionDispatch
         return unless logger
         return if !log_rescued_responses?(request) && wrapper.rescue_response?
-        exception = wrapper.exception
         trace = wrapper.exception_trace
         message = []
         message << "  "
-        message << "#{exception.class} (#{exception.message}):"
-        message.concat(exception.annotated_source_code) if exception.respond_to?(:annotated_source_code)
+        message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
+        message.concat(wrapper.annotated_source_code)
         message << "  "
         message.concat(trace)
-        log_array(logger, message)
+        log_array(logger, message, request)
       end
-      def log_array(logger, lines)
+      def log_array(logger, lines, request)
         return if lines.empty?
+        level = request.get_header("action_dispatch.debug_exception_log_level")
         if logger.formatter && logger.formatter.respond_to?(:tags_text)
-          logger.fatal lines.join("\n#{logger.formatter.tags_text}")
+          logger.add(level, lines.join("\n#{logger.formatter.tags_text}"))
         else
-          logger.fatal lines.join("\n")
+          logger.add(level, lines.join("\n"))
         end
       end
@@ -168,7 +169,7 @@ module ActionDispatch
       end
       def routes_inspector(exception)
-        if @routes_app.respond_to?(:routes) && (exception.is_a?(ActionController::RoutingError) || exception.is_a?(ActionView::Template::Error))
+        if @routes_app.respond_to?(:routes) && (exception.routing_error? || exception.template_error?)
           ActionDispatch::Routing::RoutesInspector.new(@routes_app.routes.routes)
         end
       end

data/lib/action_dispatch/middleware/debug_locks.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 module ActionDispatch
+  # = Action Dispatch \DebugLocks
+  #
   # This middleware can be used to diagnose deadlocks in the autoload interlock.
   #
   # To use it, insert it near the top of the middleware stack, using
@@ -97,7 +99,8 @@ module ActionDispatch
           msg << "\n#{info[:backtrace].join("\n")}\n" if info[:backtrace]
         end.join("\n\n---\n\n\n")
-        [200, { "Content-Type" => "text/plain", "Content-Length" => str.size }, [str]]
+        [200, { Rack::CONTENT_TYPE => "text/plain; charset=#{ActionDispatch::Response.default_charset}",
+                Rack::CONTENT_LENGTH => str.size.to_s }, [str]]
       end
       def blocked_by?(victim, blocker, all_threads)

data/lib/action_dispatch/middleware/debug_view.rb CHANGED Viewed

@@ -7,18 +7,23 @@ require "action_view/base"
 module ActionDispatch
   class DebugView < ActionView::Base # :nodoc:
-    RESCUES_TEMPLATE_PATH = File.expand_path("templates", __dir__)
+    RESCUES_TEMPLATE_PATHS = [File.expand_path("templates", __dir__)]
     def initialize(assigns)
-      paths = [RESCUES_TEMPLATE_PATH]
+      paths = RESCUES_TEMPLATE_PATHS.dup
       lookup_context = ActionView::LookupContext.new(paths)
       super(lookup_context, assigns, nil)
+      @exception_wrapper = assigns[:exception_wrapper]
     end
     def compiled_method_container
       self.class
     end
+    def error_highlight_available?
+      @exception_wrapper.error_highlight_available?
+    end
     def debug_params(params)
       clean_params = params.clone
       clean_params.delete("action")