RubyGems - actionpack - Versions diffs - 7.0.8.7 → 7.2.2.1 - Mend

actionpack 7.0.8.7 → 7.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +90 -537
data/MIT-LICENSE +1 -1
data/README.rdoc +2 -2
data/lib/abstract_controller/asset_paths.rb +2 -0
data/lib/abstract_controller/base.rb +119 -106
data/lib/abstract_controller/caching/fragments.rb +51 -52
data/lib/abstract_controller/caching.rb +2 -0
data/lib/abstract_controller/callbacks.rb +94 -67
data/lib/abstract_controller/collector.rb +6 -6
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +2 -0
data/lib/abstract_controller/helpers.rb +121 -91
data/lib/abstract_controller/logger.rb +2 -0
data/lib/abstract_controller/railties/routes_helpers.rb +3 -16
data/lib/abstract_controller/rendering.rb +14 -13
data/lib/abstract_controller/translation.rb +12 -30
data/lib/abstract_controller/url_for.rb +9 -5
data/lib/abstract_controller.rb +8 -0
data/lib/action_controller/api/api_rendering.rb +2 -0
data/lib/action_controller/api.rb +78 -73
data/lib/action_controller/base.rb +199 -141
data/lib/action_controller/caching.rb +16 -11
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +21 -16
data/lib/action_controller/log_subscriber.rb +19 -5
data/lib/action_controller/metal/allow_browser.rb +123 -0
data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
data/lib/action_controller/metal/conditional_get.rb +187 -174
data/lib/action_controller/metal/content_security_policy.rb +26 -25
data/lib/action_controller/metal/cookies.rb +4 -2
data/lib/action_controller/metal/data_streaming.rb +65 -54
data/lib/action_controller/metal/default_headers.rb +6 -2
data/lib/action_controller/metal/etag_with_flash.rb +4 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +18 -14
data/lib/action_controller/metal/exceptions.rb +19 -9
data/lib/action_controller/metal/flash.rb +12 -10
data/lib/action_controller/metal/head.rb +20 -16
data/lib/action_controller/metal/helpers.rb +64 -67
data/lib/action_controller/metal/http_authentication.rb +212 -199
data/lib/action_controller/metal/implicit_render.rb +21 -17
data/lib/action_controller/metal/instrumentation.rb +22 -12
data/lib/action_controller/metal/live.rb +125 -92
data/lib/action_controller/metal/logging.rb +6 -4
data/lib/action_controller/metal/mime_responds.rb +151 -142
data/lib/action_controller/metal/parameter_encoding.rb +34 -32
data/lib/action_controller/metal/params_wrapper.rb +58 -58
data/lib/action_controller/metal/permissions_policy.rb +14 -13
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +110 -84
data/lib/action_controller/metal/renderers.rb +50 -49
data/lib/action_controller/metal/rendering.rb +103 -82
data/lib/action_controller/metal/request_forgery_protection.rb +279 -161
data/lib/action_controller/metal/rescue.rb +12 -8
data/lib/action_controller/metal/streaming.rb +174 -132
data/lib/action_controller/metal/strong_parameters.rb +598 -473
data/lib/action_controller/metal/testing.rb +2 -0
data/lib/action_controller/metal/url_for.rb +23 -14
data/lib/action_controller/metal.rb +145 -61
data/lib/action_controller/railtie.rb +25 -9
data/lib/action_controller/railties/helpers.rb +2 -0
data/lib/action_controller/renderer.rb +105 -66
data/lib/action_controller/template_assertions.rb +4 -2
data/lib/action_controller/test_case.rb +157 -128
data/lib/action_controller.rb +17 -3
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +28 -29
data/lib/action_dispatch/http/content_disposition.rb +2 -0
data/lib/action_dispatch/http/content_security_policy.rb +48 -45
data/lib/action_dispatch/http/filter_parameters.rb +18 -8
data/lib/action_dispatch/http/filter_redirect.rb +22 -1
data/lib/action_dispatch/http/headers.rb +23 -21
data/lib/action_dispatch/http/mime_negotiation.rb +37 -48
data/lib/action_dispatch/http/mime_type.rb +60 -30
data/lib/action_dispatch/http/mime_types.rb +5 -1
data/lib/action_dispatch/http/parameters.rb +12 -10
data/lib/action_dispatch/http/permissions_policy.rb +32 -27
data/lib/action_dispatch/http/rack_cache.rb +4 -0
data/lib/action_dispatch/http/request.rb +132 -79
data/lib/action_dispatch/http/response.rb +136 -103
data/lib/action_dispatch/http/upload.rb +19 -15
data/lib/action_dispatch/http/url.rb +75 -73
data/lib/action_dispatch/journey/formatter.rb +19 -6
data/lib/action_dispatch/journey/gtg/builder.rb +4 -3
data/lib/action_dispatch/journey/gtg/simulator.rb +2 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +10 -8
data/lib/action_dispatch/journey/nfa/dot.rb +2 -0
data/lib/action_dispatch/journey/nodes/node.rb +6 -5
data/lib/action_dispatch/journey/parser.rb +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +2 -0
data/lib/action_dispatch/journey/path/pattern.rb +18 -15
data/lib/action_dispatch/journey/route.rb +12 -9
data/lib/action_dispatch/journey/router/utils.rb +16 -15
data/lib/action_dispatch/journey/router.rb +13 -10
data/lib/action_dispatch/journey/routes.rb +6 -4
data/lib/action_dispatch/journey/scanner.rb +4 -2
data/lib/action_dispatch/journey/visitors.rb +2 -0
data/lib/action_dispatch/journey.rb +2 -0
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +7 -6
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +4 -0
data/lib/action_dispatch/middleware/cookies.rb +192 -194
data/lib/action_dispatch/middleware/debug_exceptions.rb +36 -27
data/lib/action_dispatch/middleware/debug_locks.rb +18 -13
data/lib/action_dispatch/middleware/debug_view.rb +9 -2
data/lib/action_dispatch/middleware/exception_wrapper.rb +181 -27
data/lib/action_dispatch/middleware/executor.rb +9 -1
data/lib/action_dispatch/middleware/flash.rb +65 -46
data/lib/action_dispatch/middleware/host_authorization.rb +22 -17
data/lib/action_dispatch/middleware/public_exceptions.rb +12 -8
data/lib/action_dispatch/middleware/reloader.rb +9 -5
data/lib/action_dispatch/middleware/remote_ip.rb +88 -83
data/lib/action_dispatch/middleware/request_id.rb +15 -8
data/lib/action_dispatch/middleware/server_timing.rb +8 -6
data/lib/action_dispatch/middleware/session/abstract_store.rb +7 -0
data/lib/action_dispatch/middleware/session/cache_store.rb +14 -7
data/lib/action_dispatch/middleware/session/cookie_store.rb +32 -25
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +9 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +42 -28
data/lib/action_dispatch/middleware/ssl.rb +60 -45
data/lib/action_dispatch/middleware/stack.rb +15 -9
data/lib/action_dispatch/middleware/static.rb +40 -34
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +8 -1
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +17 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +16 -12
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +47 -38
data/lib/action_dispatch/railtie.rb +12 -4
data/lib/action_dispatch/request/session.rb +39 -27
data/lib/action_dispatch/request/utils.rb +10 -3
data/lib/action_dispatch/routing/endpoint.rb +2 -0
data/lib/action_dispatch/routing/inspector.rb +59 -9
data/lib/action_dispatch/routing/mapper.rb +686 -639
data/lib/action_dispatch/routing/polymorphic_routes.rb +70 -61
data/lib/action_dispatch/routing/redirection.rb +52 -38
data/lib/action_dispatch/routing/route_set.rb +106 -62
data/lib/action_dispatch/routing/routes_proxy.rb +16 -19
data/lib/action_dispatch/routing/url_for.rb +131 -122
data/lib/action_dispatch/routing.rb +152 -150
data/lib/action_dispatch/system_test_case.rb +91 -81
data/lib/action_dispatch/system_testing/browser.rb +27 -19
data/lib/action_dispatch/system_testing/driver.rb +16 -22
data/lib/action_dispatch/system_testing/server.rb +2 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +53 -31
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +2 -0
data/lib/action_dispatch/testing/assertion_response.rb +9 -7
data/lib/action_dispatch/testing/assertions/response.rb +36 -26
data/lib/action_dispatch/testing/assertions/routing.rb +203 -95
data/lib/action_dispatch/testing/assertions.rb +5 -1
data/lib/action_dispatch/testing/integration.rb +240 -229
data/lib/action_dispatch/testing/request_encoder.rb +6 -1
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +14 -9
data/lib/action_dispatch/testing/test_request.rb +4 -2
data/lib/action_dispatch/testing/test_response.rb +34 -19
data/lib/action_dispatch.rb +52 -21
data/lib/action_pack/gem_version.rb +6 -4
data/lib/action_pack/version.rb +3 -1
data/lib/action_pack.rb +18 -17
metadata +86 -27

data/lib/action_dispatch/http/mime_type.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 require "singleton"
 module Mime
@@ -11,6 +13,7 @@ module Mime
     def initialize
       @mimes = []
       @symbols = []
+      @symbols_set = Set.new
     end
     def each(&block)
@@ -19,17 +22,25 @@ module Mime
     def <<(type)
       @mimes << type
-      @symbols << type.to_sym
+      sym_type = type.to_sym
+      @symbols << sym_type
+      @symbols_set << sym_type
     end
     def delete_if
       @mimes.delete_if do |x|
         if yield x
-          @symbols.delete(x.to_sym)
+          sym_type = x.to_sym
+          @symbols.delete(sym_type)
+          @symbols_set.delete(sym_type)
           true
         end
       end
     end
+    def valid_symbols?(symbols) # :nodoc
+      symbols.all? { |s| @symbols_set.include?(s) }
+    end
   end
   SET              = Mimes.new
@@ -42,25 +53,34 @@ module Mime
       Type.lookup_by_extension(type)
     end
+    def symbols
+      SET.symbols
+    end
+    def valid_symbols?(symbols) # :nodoc:
+      SET.valid_symbols?(symbols)
+    end
     def fetch(type, &block)
       return type if type.is_a?(Type)
       EXTENSION_LOOKUP.fetch(type.to_s, &block)
     end
   end
-  # Encapsulates the notion of a MIME type. Can be used at render time, for example, with:
+  # Encapsulates the notion of a MIME type. Can be used at render time, for
+  # example, with:
   #
-  #   class PostsController < ActionController::Base
-  #     def show
-  #       @post = Post.find(params[:id])
+  #     class PostsController < ActionController::Base
+  #       def show
+  #         @post = Post.find(params[:id])
   #
-  #       respond_to do |format|
-  #         format.html
-  #         format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
-  #         format.xml { render xml: @post }
+  #         respond_to do |format|
+  #           format.html
+  #           format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
+  #           format.xml { render xml: @post }
+  #         end
   #       end
   #     end
-  #   end
   class Type
     attr_reader :symbol
@@ -135,13 +155,20 @@ module Mime
     class << self
       TRAILING_STAR_REGEXP = /^(text|application)\/\*/
-      PARAMETER_SEPARATOR_REGEXP = /;\s*\w+="?\w+"?/
+      # all media-type parameters need to be before the q-parameter
+      # https://www.rfc-editor.org/rfc/rfc7231#section-5.3.2
+      PARAMETER_SEPARATOR_REGEXP = /;\s*q="?/
+      ACCEPT_HEADER_REGEXP = /[^,\s"](?:[^,"]|"[^"]*")*/
       def register_callback(&block)
         @register_callbacks << block
       end
       def lookup(string)
+        return LOOKUP[string] if LOOKUP.key?(string)
+        # fallback to the media-type without parameters if it was not found
+        string = string.split(";", 2)[0]&.rstrip
         LOOKUP[string] || Type.new(string)
       end
@@ -149,8 +176,9 @@ module Mime
         EXTENSION_LOOKUP[extension.to_s]
       end
-      # Registers an alias that's not used on MIME type lookup, but can be referenced directly. Especially useful for
-      # rendering different HTML versions depending on the user agent, like an iPhone.
+      # Registers an alias that's not used on MIME type lookup, but can be referenced
+      # directly. Especially useful for rendering different HTML versions depending on
+      # the user agent, like an iPhone.
       def register_alias(string, symbol, extension_synonyms = [])
         register(string, symbol, [], extension_synonyms, true)
       end
@@ -171,12 +199,14 @@ module Mime
       def parse(accept_header)
         if !accept_header.include?(",")
-          accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
-          return [] unless accept_header
-          parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
+          if (index = accept_header.index(PARAMETER_SEPARATOR_REGEXP))
+            accept_header = accept_header[0, index].strip
+          end
+          return [] if accept_header.blank?
+          parse_trailing_star(accept_header) || Array(Mime::Type.lookup(accept_header))
         else
           list, index = [], 0
-          accept_header.split(",").each do |header|
+          accept_header.scan(ACCEPT_HEADER_REGEXP).each do |header|
             params, q = header.split(PARAMETER_SEPARATOR_REGEXP)
             next unless params
@@ -198,11 +228,11 @@ module Mime
         parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
       end
-      # For an input of <tt>'text'</tt>, returns <tt>[Mime[:json], Mime[:xml], Mime[:ics],
-      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]</tt>.
+      # For an input of `'text'`, returns `[Mime[:json], Mime[:xml], Mime[:ics],
+      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]]`.
       #
-      # For an input of <tt>'application'</tt>, returns <tt>[Mime[:html], Mime[:js],
-      # Mime[:xml], Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]</tt>.
+      # For an input of `'application'`, returns `[Mime[:html], Mime[:js], Mime[:xml],
+      # Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]]`.
       def parse_data_with_trailing_star(type)
         Mime::SET.select { |m| m.match?(type) }
       end
@@ -211,7 +241,7 @@ module Mime
       #
       # To unregister a MIME type:
       #
-      #   Mime::Type.unregister(:mobile)
+      #     Mime::Type.unregister(:mobile)
       def unregister(symbol)
         symbol = symbol.downcase
         if mime = Mime[symbol]
@@ -225,7 +255,7 @@ module Mime
     attr_reader :hash
     MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
-    MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?#{MIME_NAME}#{Regexp.escape('"')}?"
+    MIME_PARAMETER_VALUE = "(?:#{MIME_NAME}|\"[^\"\r\\\\]*\")"
     MIME_PARAMETER = "\s*;\s*#{MIME_NAME}(?:=#{MIME_PARAMETER_VALUE})?"
     MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?>#{MIME_PARAMETER})*\s*)\z/
@@ -291,7 +321,7 @@ module Mime
     end
     def html?
-      (symbol == :html) || /html/.match?(@string)
+      (symbol == :html) || @string.include?("html")
     end
     def all?; false; end
@@ -303,7 +333,7 @@ module Mime
       def to_ary; end
       def to_a; end
-      def method_missing(method, *args)
+      def method_missing(method, ...)
         if method.end_with?("?")
           method[0..-2].downcase.to_sym == to_sym
         else
@@ -327,9 +357,9 @@ module Mime
     def html?; true; end
   end
-  # ALL isn't a real MIME type, so we don't register it for lookup with the
-  # other concrete types. It's a wildcard match that we use for +respond_to+
-  # negotiation internals.
+  # ALL isn't a real MIME type, so we don't register it for lookup with the other
+  # concrete types. It's a wildcard match that we use for `respond_to` negotiation
+  # internals.
   ALL = AllType.instance
   class NullType
@@ -350,7 +380,7 @@ module Mime
         method.end_with?("?")
       end
-      def method_missing(method, *args)
+      def method_missing(method, ...)
         false if method.end_with?("?")
       end
   end

data/lib/action_dispatch/http/mime_types.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 # Build list of Mime types for HTTP responses
 # https://www.iana.org/assignments/media-types/
+# :markup: markdown
 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
 Mime::Type.register "text/plain", :text, [], %w(txt)
 Mime::Type.register "text/javascript", :js, %w( application/javascript application/x-javascript )
@@ -18,6 +20,7 @@ Mime::Type.register "image/gif", :gif, [], %w(gif)
 Mime::Type.register "image/bmp", :bmp, [], %w(bmp)
 Mime::Type.register "image/tiff", :tiff, [], %w(tif tiff)
 Mime::Type.register "image/svg+xml", :svg
+Mime::Type.register "image/webp", :webp, [], %w(webp)
 Mime::Type.register "video/mpeg", :mpeg, [], %w(mpg mpeg mpe)
@@ -43,7 +46,8 @@ Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 # https://www.ietf.org/rfc/rfc4627.txt
 # http://www.json.org/JSONRequest.html
-Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
+# https://www.ietf.org/rfc/rfc7807.txt
+Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest application/problem+json )
 Mime::Type.register "application/pdf", :pdf, [], %w(pdf)
 Mime::Type.register "application/zip", :zip, [], %w(zip)

data/lib/action_dispatch/http/parameters.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 module ActionDispatch
   module Http
     module Parameters
@@ -14,8 +16,8 @@ module ActionDispatch
         }
       }
-      # Raised when raw data from the request cannot be parsed by the parser
-      # defined for request's content MIME type.
+      # Raised when raw data from the request cannot be parsed by the parser defined
+      # for request's content MIME type.
       class ParseError < StandardError
         def initialize(message = $!.message)
           super(message)
@@ -34,8 +36,8 @@ module ActionDispatch
       module ClassMethods
         # Configure the parameter parser for a given MIME type.
         #
-        # It accepts a hash where the key is the symbol of the MIME type
-        # and the value is a proc.
+        # It accepts a hash where the key is the symbol of the MIME type and the value
+        # is a proc.
         #
         #     original_parsers = ActionDispatch::Request.parameter_parsers
         #     xml_parser = -> (raw_post) { Hash.from_xml(raw_post) || {} }
@@ -46,7 +48,7 @@ module ActionDispatch
         end
       end
-      # Returns both GET and POST \parameters in a single hash.
+      # Returns both GET and POST parameters in a single hash.
       def parameters
         params = get_header("action_dispatch.request.parameters")
         return params if params
@@ -66,8 +68,8 @@ module ActionDispatch
         delete_header("action_dispatch.request.parameters")
         parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
-        # If any of the path parameters has an invalid encoding then
-        # raise since it's likely to trigger errors further on.
+        # If any of the path parameters has an invalid encoding then raise since it's
+        # likely to trigger errors further on.
         Request::Utils.check_param_encoding(parameters)
         set_header PARAMETERS_KEY, parameters
@@ -75,10 +77,10 @@ module ActionDispatch
         raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
       end
-      # Returns a hash with the \parameters used to form the \path of the request.
-      # Returned hash keys are strings:
+      # Returns a hash with the parameters used to form the path of the request.
+      # Returned hash keys are symbols:
       #
-      #   { action: "my_action", controller: "my_controller" }
+      #     { action: "my_action", controller: "my_controller" }
       def path_parameters
         get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
       end

data/lib/action_dispatch/http/permissions_policy.rb CHANGED Viewed

@@ -1,50 +1,52 @@
 # frozen_string_literal: true
+# :markup: markdown
 require "active_support/core_ext/object/deep_dup"
 module ActionDispatch # :nodoc:
+  # # Action Dispatch PermissionsPolicy
+  #
   # Configures the HTTP
-  # {Feature-Policy}[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy]
-  # response header to specify which browser features the current document and
-  # its iframes can use.
+  # [Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
+  # response header to specify which browser features the current
+  # document and its iframes can use.
   #
   # Example global policy:
   #
-  #   Rails.application.config.permissions_policy do |policy|
-  #     policy.camera      :none
-  #     policy.gyroscope   :none
-  #     policy.microphone  :none
-  #     policy.usb         :none
-  #     policy.fullscreen  :self
-  #     policy.payment     :self, "https://secure.example.com"
-  #   end
+  #     Rails.application.config.permissions_policy do |policy|
+  #       policy.camera      :none
+  #       policy.gyroscope   :none
+  #       policy.microphone  :none
+  #       policy.usb         :none
+  #       policy.fullscreen  :self
+  #       policy.payment     :self, "https://secure.example.com"
+  #     end
   #
+  # The Feature-Policy header has been renamed to Permissions-Policy. The
+  # Permissions-Policy requires a different implementation and isn't yet supported
+  # by all browsers. To avoid having to rename this middleware in the future we
+  # use the new name for the middleware but keep the old header name and
+  # implementation for now.
   class PermissionsPolicy
     class Middleware
-      CONTENT_TYPE = "Content-Type"
-      # The Feature-Policy header has been renamed to Permissions-Policy.
-      # The Permissions-Policy requires a different implementation and isn't
-      # yet supported by all browsers. To avoid having to rename this
-      # middleware in the future we use the new name for the middleware but
-      # keep the old header name and implementation for now.
-      POLICY       = "Feature-Policy"
       def initialize(app)
         @app = app
       end
       def call(env)
-        request = ActionDispatch::Request.new(env)
         _, headers, _ = response = @app.call(env)
         return response if policy_present?(headers)
+        request = ActionDispatch::Request.new(env)
         if policy = request.permissions_policy
-          headers[POLICY] = policy.build(request.controller_instance)
+          headers[ActionDispatch::Constants::FEATURE_POLICY] = policy.build(request.controller_instance)
         end
         if policy_empty?(policy)
-          headers.delete(POLICY)
+          headers.delete(ActionDispatch::Constants::FEATURE_POLICY)
         end
         response
@@ -52,7 +54,7 @@ module ActionDispatch # :nodoc:
       private
         def policy_present?(headers)
-          headers[POLICY]
+          headers[ActionDispatch::Constants::FEATURE_POLICY]
         end
         def policy_empty?(policy)
@@ -78,7 +80,7 @@ module ActionDispatch # :nodoc:
     }.freeze
     # List of available permissions can be found at
-    # https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#policy-controlled-features
+    # https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md#policy-controlled-features
     DIRECTIVES = {
       accelerometer:        "accelerometer",
       ambient_light_sensor: "ambient-light-sensor",
@@ -88,15 +90,18 @@ module ActionDispatch # :nodoc:
       fullscreen:           "fullscreen",
       geolocation:          "geolocation",
       gyroscope:            "gyroscope",
+      hid:                  "hid",
+      idle_detection:       "idle-detection",
       magnetometer:         "magnetometer",
       microphone:           "microphone",
       midi:                 "midi",
       payment:              "payment",
       picture_in_picture:   "picture-in-picture",
-      speaker:              "speaker",
+      screen_wake_lock:     "screen-wake-lock",
+      serial:               "serial",
+      sync_xhr:             "sync-xhr",
       usb:                  "usb",
-      vibrate:              "vibrate",
-      vr:                   "vr",
+      web_share:            "web-share",
     }.freeze
     private_constant :MAPPINGS, :DIRECTIVES

data/lib/action_dispatch/http/rack_cache.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
+# :enddoc:
+# :markup: markdown
 require "rack/cache"
 require "rack/cache/context"
 require "active_support/cache"