actionpack 7.1.3 → 7.2.1.1

data/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -1,53 +1,54 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/hash/keys"
 require "action_dispatch/middleware/session/abstract_store"
 require "rack/session/cookie"
 
 module ActionDispatch
   module Session
-    # = Action Dispatch Session \CookieStore
+    # # Action Dispatch Session CookieStore
     #
-    # This cookie-based session store is the \Rails default. It is
-    # dramatically faster than the alternatives.
+    # This cookie-based session store is the Rails default. It is dramatically
+    # faster than the alternatives.
     #
     # Sessions typically contain at most a user ID and flash message; both fit
-    # within the 4096 bytes cookie size limit. A +CookieOverflow+ exception is raised if
-    # you attempt to store more than 4096 bytes of data.
+    # within the 4096 bytes cookie size limit. A `CookieOverflow` exception is
+    # raised if you attempt to store more than 4096 bytes of data.
     #
-    # The cookie jar used for storage is automatically configured to be the
-    # best possible option given your application's configuration.
+    # The cookie jar used for storage is automatically configured to be the best
+    # possible option given your application's configuration.
     #
-    # Your cookies will be encrypted using your application's +secret_key_base+. This
-    # goes a step further than signed cookies in that encrypted cookies cannot
-    # be altered or read by users. This is the default starting in \Rails 4.
+    # Your cookies will be encrypted using your application's `secret_key_base`.
+    # This goes a step further than signed cookies in that encrypted cookies cannot
+    # be altered or read by users. This is the default starting in Rails 4.
     #
     # Configure your session store in an initializer:
     #
-    #   Rails.application.config.session_store :cookie_store, key: '_your_app_session'
+    #     Rails.application.config.session_store :cookie_store, key: '_your_app_session'
     #
-    # In the development and test environments your application's +secret_key_base+ is
-    # generated by \Rails and stored in a temporary file in <tt>tmp/local_secret.txt</tt>.
-    # In all other environments, it is stored encrypted in the
-    # <tt>config/credentials.yml.enc</tt> file.
+    # In the development and test environments your application's `secret_key_base`
+    # is generated by Rails and stored in a temporary file in
+    # `tmp/local_secret.txt`. In all other environments, it is stored encrypted in
+    # the `config/credentials.yml.enc` file.
     #
-    # If your application was not updated to \Rails 5.2 defaults, the +secret_key_base+
-    # will be found in the old <tt>config/secrets.yml</tt> file.
+    # If your application was not updated to Rails 5.2 defaults, the
+    # `secret_key_base` will be found in the old `config/secrets.yml` file.
     #
-    # Note that changing your +secret_key_base+ will invalidate all existing session.
-    # Additionally, you should take care to make sure you are not relying on the
-    # ability to decode signed cookies generated by your app in external
+    # Note that changing your `secret_key_base` will invalidate all existing
+    # session. Additionally, you should take care to make sure you are not relying
+    # on the ability to decode signed cookies generated by your app in external
     # applications or JavaScript before changing it.
     #
-    # Because CookieStore extends +Rack::Session::Abstract::Persisted+, many of the
-    # options described there can be used to customize the session cookie that
-    # is generated. For example:
+    # Because CookieStore extends `Rack::Session::Abstract::Persisted`, many of the
+    # options described there can be used to customize the session cookie that is
+    # generated. For example:
     #
-    #   Rails.application.config.session_store :cookie_store, expire_after: 14.days
+    #     Rails.application.config.session_store :cookie_store, expire_after: 14.days
     #
     # would set the session cookie to expire automatically 14 days after creation.
-    # Other useful options include <tt>:key</tt>, <tt>:secure</tt>,
-    # <tt>:httponly</tt>, and <tt>:same_site</tt>.
+    # Other useful options include `:key`, `:secure`, `:httponly`, and `:same_site`.
     class CookieStore < AbstractSecureStore
       class SessionId < DelegateClass(Rack::Session::SessionId)
         attr_reader :cookie_value

data/lib/action_dispatch/middleware/session/mem_cache_store.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "action_dispatch/middleware/session/abstract_store"
 begin
   require "rack/session/dalli"
@@ -10,12 +12,14 @@ end
 
 module ActionDispatch
   module Session
-    # = Action Dispatch Session \MemCacheStore
+    # # Action Dispatch Session MemCacheStore
     #
     # A session store that uses MemCache to implement storage.
     #
-    # ==== Options
-    # * <tt>expire_after</tt>  - The length of time a session will be stored before automatically expiring.
+    # #### Options
+    # *   `expire_after`  - The length of time a session will be stored before
+    #     automatically expiring.
+    #
     class MemCacheStore < Rack::Session::Dalli
       include Compatibility
       include StaleSessionCheck

data/lib/action_dispatch/middleware/show_exceptions.rb

@@ -1,26 +1,27 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "action_dispatch/middleware/exception_wrapper"
 
 module ActionDispatch
-  # = Action Dispatch \ShowExceptions
+  # # Action Dispatch ShowExceptions
   #
-  # This middleware rescues any exception returned by the application
-  # and calls an exceptions app that will wrap it in a format for the end user.
+  # This middleware rescues any exception returned by the application and calls an
+  # exceptions app that will wrap it in a format for the end user.
   #
   # The exceptions app should be passed as a parameter on initialization of
-  # +ShowExceptions+. Every time there is an exception, +ShowExceptions+ will
-  # store the exception in <tt>env["action_dispatch.exception"]</tt>, rewrite
-  # the +PATH_INFO+ to the exception status code, and call the Rack app.
+  # `ShowExceptions`. Every time there is an exception, `ShowExceptions` will
+  # store the exception in `env["action_dispatch.exception"]`, rewrite the
+  # `PATH_INFO` to the exception status code, and call the Rack app.
   #
-  # In \Rails applications, the exceptions app can be configured with
-  # +config.exceptions_app+, which defaults to ActionDispatch::PublicExceptions.
+  # In Rails applications, the exceptions app can be configured with
+  # `config.exceptions_app`, which defaults to ActionDispatch::PublicExceptions.
   #
-  # If the application returns a response with the <tt>X-Cascade</tt> header
-  # set to <tt>"pass"</tt>, this middleware will send an empty response as a
-  # result with the correct status code. If any exception happens inside the
-  # exceptions app, this middleware catches the exceptions and returns a
-  # failsafe response.
+  # If the application returns a response with the `X-Cascade` header set to
+  # `"pass"`, this middleware will send an empty response as a result with the
+  # correct status code. If any exception happens inside the exceptions app, this
+  # middleware catches the exceptions and returns a failsafe response.
   class ShowExceptions
     def initialize(app, exceptions_app)
       @app = app
@@ -33,8 +34,11 @@ module ActionDispatch
       request = ActionDispatch::Request.new env
       backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
       wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+      request.set_header "action_dispatch.exception", wrapper.unwrapped_exception
+      request.set_header "action_dispatch.report_exception", !wrapper.rescue_response?
+
       if wrapper.show?(request)
-        render_exception(request, wrapper)
+        render_exception(request.dup, wrapper)
       else
         raise exception
       end
@@ -43,7 +47,6 @@ module ActionDispatch
     private
       def render_exception(request, wrapper)
         status = wrapper.status_code
-        request.set_header "action_dispatch.exception", wrapper.unwrapped_exception
         request.set_header "action_dispatch.original_path", request.path_info
         request.set_header "action_dispatch.original_request_method", request.raw_request_method
         fallback_to_html_format_if_invalid_mime_type(request)
@@ -62,12 +65,19 @@ module ActionDispatch
       end
 
       def fallback_to_html_format_if_invalid_mime_type(request)
-        # If the MIME type for the request is invalid then the
-        # @exceptions_app may not be able to handle it. To make it
-        # easier to handle, we switch to HTML.
-        request.formats
-      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
-        request.set_header "HTTP_ACCEPT", "text/html"
+        # If the MIME type for the request is invalid then the @exceptions_app may not
+        # be able to handle it. To make it easier to handle, we switch to HTML.
+        begin
+          request.content_mime_type
+        rescue ActionDispatch::Http::MimeNegotiation::InvalidType
+          request.set_header "CONTENT_TYPE", "text/html"
+        end
+
+        begin
+          request.formats
+        rescue ActionDispatch::Http::MimeNegotiation::InvalidType
+          request.set_header "HTTP_ACCEPT", "text/html"
+        end
       end
 
       def pass_response(status)

data/lib/action_dispatch/middleware/ssl.rb

@@ -1,57 +1,60 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
-  # = Action Dispatch \SSL
+  # # Action Dispatch SSL
+  #
+  # This middleware is added to the stack when `config.force_ssl = true`, and is
+  # passed the options set in `config.ssl_options`. It does three jobs to enforce
+  # secure HTTP requests:
   #
-  # This middleware is added to the stack when <tt>config.force_ssl = true</tt>, and is passed
-  # the options set in +config.ssl_options+. It does three jobs to enforce secure HTTP
-  # requests:
+  # 1.  **TLS redirect**: Permanently redirects `http://` requests to `https://`
+  #     with the same URL host, path, etc. Enabled by default. Set
+  #     `config.ssl_options` to modify the destination URL (e.g. `redirect: {
+  #     host: "secure.widgets.com", port: 8080 }`), or set `redirect: false` to
+  #     disable this feature.
   #
-  # 1. <b>TLS redirect</b>: Permanently redirects +http://+ requests to +https://+
-  #    with the same URL host, path, etc. Enabled by default. Set +config.ssl_options+
-  #    to modify the destination URL
-  #    (e.g. <tt>redirect: { host: "secure.widgets.com", port: 8080 }</tt>), or set
-  #    <tt>redirect: false</tt> to disable this feature.
+  #     Requests can opt-out of redirection with `exclude`:
   #
-  #    Requests can opt-out of redirection with +exclude+:
+  #         config.ssl_options = { redirect: { exclude: -> request { /healthcheck/.match?(request.path) } } }
   #
-  #      config.ssl_options = { redirect: { exclude: -> request { /healthcheck/.match?(request.path) } } }
+  #     Cookies will not be flagged as secure for excluded requests.
   #
-  #    Cookies will not be flagged as secure for excluded requests.
+  # 2.  **Secure cookies**: Sets the `secure` flag on cookies to tell browsers
+  #     they must not be sent along with `http://` requests. Enabled by default.
+  #     Set `config.ssl_options` with `secure_cookies: false` to disable this
+  #     feature.
   #
-  # 2. <b>Secure cookies</b>: Sets the +secure+ flag on cookies to tell browsers they
-  #    must not be sent along with +http://+ requests. Enabled by default. Set
-  #    +config.ssl_options+ with <tt>secure_cookies: false</tt> to disable this feature.
+  # 3.  **HTTP Strict Transport Security (HSTS)**: Tells the browser to remember
+  #     this site as TLS-only and automatically redirect non-TLS requests. Enabled
+  #     by default. Configure `config.ssl_options` with `hsts: false` to disable.
   #
-  # 3. <b>HTTP Strict Transport Security (HSTS)</b>: Tells the browser to remember
-  #    this site as TLS-only and automatically redirect non-TLS requests.
-  #    Enabled by default. Configure +config.ssl_options+ with <tt>hsts: false</tt> to disable.
+  #     Set `config.ssl_options` with `hsts: { ... }` to configure HSTS:
   #
-  #    Set +config.ssl_options+ with <tt>hsts: { ... }</tt> to configure HSTS:
+  #     *   `expires`: How long, in seconds, these settings will stick. The
+  #         minimum required to qualify for browser preload lists is 1 year.
+  #         Defaults to 2 years (recommended).
   #
-  #    * +expires+: How long, in seconds, these settings will stick. The minimum
-  #      required to qualify for browser preload lists is 1 year. Defaults to
-  #      2 years (recommended).
+  #     *   `subdomains`: Set to `true` to tell the browser to apply these
+  #         settings to all subdomains. This protects your cookies from
+  #         interception by a vulnerable site on a subdomain. Defaults to `true`.
   #
-  #    * +subdomains+: Set to +true+ to tell the browser to apply these settings
-  #      to all subdomains. This protects your cookies from interception by a
-  #      vulnerable site on a subdomain. Defaults to +true+.
+  #     *   `preload`: Advertise that this site may be included in browsers'
+  #         preloaded HSTS lists. HSTS protects your site on every visit *except
+  #         the first visit* since it hasn't seen your HSTS header yet. To close
+  #         this gap, browser vendors include a baked-in list of HSTS-enabled
+  #         sites. Go to https://hstspreload.org to submit your site for
+  #         inclusion. Defaults to `false`.
   #
-  #    * +preload+: Advertise that this site may be included in browsers'
-  #      preloaded HSTS lists. HSTS protects your site on every visit <i>except the
-  #      first visit</i> since it hasn't seen your HSTS header yet. To close this
-  #      gap, browser vendors include a baked-in list of HSTS-enabled sites.
-  #      Go to https://hstspreload.org to submit your site for inclusion.
-  #      Defaults to +false+.
   #
-  #    To turn off HSTS, omitting the header is not enough. Browsers will remember the
-  #    original HSTS directive until it expires. Instead, use the header to tell browsers to
-  #    expire HSTS immediately. Setting <tt>hsts: false</tt> is a shortcut for
-  #    <tt>hsts: { expires: 0 }</tt>.
+  #     To turn off HSTS, omitting the header is not enough. Browsers will
+  #     remember the original HSTS directive until it expires. Instead, use the
+  #     header to tell browsers to expire HSTS immediately. Setting `hsts: false`
+  #     is a shortcut for `hsts: { expires: 0 }`.
+  #
   class SSL
-    # :stopdoc:
-
-    # Default to 2 years as recommended on hstspreload.org.
+    # :stopdoc: Default to 2 years as recommended on hstspreload.org.
     HSTS_EXPIRES_IN = 63072000
 
     PERMANENT_REDIRECT_REQUEST_METHODS = %w[GET HEAD] # :nodoc:
@@ -93,8 +96,8 @@ module ActionDispatch
 
       def normalize_hsts_options(options)
         case options
-        # Explicitly disabling HSTS clears the existing setting from browsers
-        # by setting expiry to 0.
+        # Explicitly disabling HSTS clears the existing setting from browsers by setting
+        # expiry to 0.
         when false
           self.class.default_hsts_options.merge(expires: 0)
         # Default to enabled, with default options.

data/lib/action_dispatch/middleware/stack.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/inflector/methods"
 require "active_support/dependencies"
 
 module ActionDispatch
-  # = Action Dispatch \MiddlewareStack
+  # # Action Dispatch MiddlewareStack
   #
-  # Read more about {Rails middleware
-  # stack}[https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack]
+  # Read more about [Rails middleware
+  # stack](https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack)
   # in the guides.
   class MiddlewareStack
     class Middleware
@@ -47,9 +49,8 @@ module ActionDispatch
       end
     end
 
-    # This class is used to instrument the execution of a single middleware.
-    # It proxies the +call+ method transparently and instruments the method
-    # call.
+    # This class is used to instrument the execution of a single middleware. It
+    # proxies the `call` method transparently and instruments the method call.
     class InstrumentationProxy
       EVENT_NAME = "process_middleware.action_dispatch"
 
@@ -125,16 +126,16 @@ module ActionDispatch
 
     # Deletes a middleware from the middleware stack.
     #
-    # Returns the array of middlewares not including the deleted item, or
-    # returns nil if the target is not found.
+    # Returns the array of middlewares not including the deleted item, or returns
+    # nil if the target is not found.
     def delete(target)
       middlewares.reject! { |m| m.name == target.name }
     end
 
     # Deletes a middleware from the middleware stack.
     #
-    # Returns the array of middlewares not including the deleted item, or
-    # raises +RuntimeError+ if the target is not found.
+    # Returns the array of middlewares not including the deleted item, or raises
+    # `RuntimeError` if the target is not found.
     def delete!(target)
       delete(target) || (raise "No such middleware to remove: #{target.inspect}")
     end

data/lib/action_dispatch/middleware/static.rb

@@ -1,18 +1,20 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "rack/utils"
 
 module ActionDispatch
-  # = Action Dispatch \Static
+  # # Action Dispatch Static
   #
-  # This middleware serves static files from disk, if available.
-  # If no file is found, it hands off to the main app.
+  # This middleware serves static files from disk, if available. If no file is
+  # found, it hands off to the main app.
   #
-  # In \Rails apps, this middleware is configured to serve assets from
-  # the +public/+ directory.
+  # In Rails apps, this middleware is configured to serve assets from the
+  # `public/` directory.
   #
-  # Only GET and HEAD requests are served. POST and other HTTP methods
-  # are handed off to the main app.
+  # Only GET and HEAD requests are served. POST and other HTTP methods are handed
+  # off to the main app.
   #
   # Only files in the root directory are served; path traversal is denied.
   class Static
@@ -26,31 +28,31 @@ module ActionDispatch
     end
   end
 
-  # = Action Dispatch \FileHandler
+  # # Action Dispatch FileHandler
   #
-  # This endpoint serves static files from disk using +Rack::Files+.
+  # This endpoint serves static files from disk using `Rack::Files`.
   #
-  # URL paths are matched with static files according to expected
-  # conventions: +path+, +path+.html, +path+/index.html.
+  # URL paths are matched with static files according to expected conventions:
+  # `path`, `path`.html, `path`/index.html.
   #
-  # Precompressed versions of these files are checked first. Brotli (.br)
-  # and gzip (.gz) files are supported. If +path+.br exists, this
-  # endpoint returns that file with a <tt>content-encoding: br</tt> header.
+  # Precompressed versions of these files are checked first. Brotli (.br) and gzip
+  # (.gz) files are supported. If `path`.br exists, this endpoint returns that
+  # file with a `content-encoding: br` header.
   #
-  # If no matching file is found, this endpoint responds <tt>404 Not Found</tt>.
+  # If no matching file is found, this endpoint responds `404 Not Found`.
   #
-  # Pass the +root+ directory to search for matching files, an optional
-  # <tt>index: "index"</tt> to change the default +path+/index.html, and optional
-  # additional response headers.
+  # Pass the `root` directory to search for matching files, an optional `index:
+  # "index"` to change the default `path`/index.html, and optional additional
+  # response headers.
   class FileHandler
-    # +Accept-Encoding+ value -> file extension
+    # `Accept-Encoding` value -> file extension
     PRECOMPRESSED = {
       "br" => ".br",
       "gzip" => ".gz",
       "identity" => nil
     }
 
-    def initialize(root, index: "index", headers: {}, precompressed: %i[ br gzip ], compressible_content_types: /\A(?:text\/|application\/javascript)/)
+    def initialize(root, index: "index", headers: {}, precompressed: %i[ br gzip ], compressible_content_types: /\A(?:text\/|application\/javascript|image\/svg\+xml)/)
       @root = root.chomp("/").b
       @index = index
 
@@ -91,11 +93,11 @@ module ActionDispatch
 
       # Match a URI path to a static file to be served.
       #
-      # Used by the +Static+ class to negotiate a servable file in the
-      # +public/+ directory (see Static#call).
+      # Used by the `Static` class to negotiate a servable file in the `public/`
+      # directory (see Static#call).
       #
-      # Checks for +path+, +path+.html, and +path+/index.html files,
-      # in that order, including .br and .gzip compressed extensions.
+      # Checks for `path`, `path`.html, and `path`/index.html files, in that order,
+      # including .br and .gzip compressed extensions.
       #
       # If a matching file is found, the path and necessary response headers
       # (Content-Type, Content-Encoding) are returned.
@@ -120,11 +122,11 @@ module ActionDispatch
       def try_precompressed_files(filepath, headers, accept_encoding:)
         each_precompressed_filepath(filepath) do |content_encoding, precompressed_filepath|
           if file_readable? precompressed_filepath
-            # Identity encoding is default, so we skip Accept-Encoding
-            # negotiation and needn't set Content-Encoding.
+            # Identity encoding is default, so we skip Accept-Encoding negotiation and
+            # needn't set Content-Encoding.
             #
-            # Vary header is expected when we've found other available
-            # encodings that Accept-Encoding ruled out.
+            # Vary header is expected when we've found other available encodings that
+            # Accept-Encoding ruled out.
             if content_encoding == "identity"
               return precompressed_filepath, headers
             else
@@ -164,9 +166,9 @@ module ActionDispatch
         content_type = ::Rack::Mime.mime_type(ext, nil)
         yield path, content_type || "text/plain"
 
-        # Tack on .html and /index.html only for paths that don't have
-        # an explicit, resolvable file extension. No need to check
-        # for foo.js.html and foo.js/index.html.
+        # Tack on .html and /index.html only for paths that don't have an explicit,
+        # resolvable file extension. No need to check for foo.js.html and
+        # foo.js/index.html.
         unless content_type
           default_ext = ::ActionController::Base.default_static_extension
           if ext != default_ext

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -29,7 +29,7 @@
         </table>
       </div>
       <%- unless self.error_highlight_available? -%>
-        <p class="error_highlight_tip">Tip: You may want to add <code>gem 'error_highlight', '&gt;= 0.4.0'</code> into your Gemfile, which will display the fine-grained error location.</p>
+        <p class="error_highlight_tip">Tip: You may want to add <code>gem "error_highlight", "&gt;= 0.4.0"</code> into your Gemfile, which will display the fine-grained error location.</p>
       <%- end -%>
     </div>
   <% end %>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb

@@ -11,7 +11,7 @@
     </p>
     <p>
       For example, a <code><%= @exception.controller %>#<%= @exception.action_name %></code> action defined in <code>app/controllers/<%= @exception.controller.controller_path %>_controller.rb</code> should have a corresponding view template
-      in a file named <code>app/views/<%= @exception.controller.controller_name %>/<%= @exception.action_name %>.html.erb</code>.
+      in a file named <code>app/views/<%= @exception.controller.controller_path %>/<%= @exception.action_name %>.html.erb</code>.
     </p>
     <p>
       However, if this controller is an API endpoint responding with 204 (No Content), which does not require a view template because it doesn't serve an HTML response, then this error will occur when trying to access it with a browser. In this particular scenario, you can ignore this error.

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -158,7 +158,7 @@
     function buildTr(string) {
       var tr = document.createElement('tr');
       var th = document.createElement('th');
-      th.setAttribute('colspan', 4);
+      th.setAttribute('colspan', 5);
       tr.appendChild(th);
       th.innerText = string;
       return tr;

data/lib/action_dispatch/railtie.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "action_dispatch"
 require "action_dispatch/log_subscriber"
 require "active_support/messages/rotation_configuration"
@@ -51,9 +53,6 @@ module ActionDispatch
 
       ActiveSupport.on_load(:action_dispatch_request) do
         self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
-        unless app.config.action_dispatch.respond_to?(:return_only_request_media_type_on_content_type)
-          self.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_request_media_type_on_content_type
-        end
         ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
       end
 
@@ -69,7 +68,6 @@ module ActionDispatch
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
 
       ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
-      ActionDispatch::Routing::Mapper.backtrace_cleaner = Rails.backtrace_cleaner
 
       ActionDispatch.test_app = app
     end

data/lib/action_dispatch/request/session.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "rack/session/abstract/id"
 
 module ActionDispatch
@@ -107,8 +109,8 @@ module ActionDispatch
         end
       end
 
-      # Returns value of the key stored in the session or
-      # +nil+ if the given key is not found in the session.
+      # Returns value of the key stored in the session or `nil` if the given key is
+      # not found in the session.
       def [](key)
         load_for_read!
         key = key.to_s
@@ -120,8 +122,8 @@ module ActionDispatch
         end
       end
 
-      # Returns the nested value specified by the sequence of keys, returning
-      # +nil+ if any intermediate step is +nil+.
+      # Returns the nested value specified by the sequence of keys, returning `nil` if
+      # any intermediate step is `nil`.
       def dig(*keys)
         load_for_read!
         keys = keys.map.with_index { |key, i| i.zero? ? key.to_s : key }
@@ -169,14 +171,14 @@ module ActionDispatch
 
       # Updates the session with given Hash.
       #
-      #   session.to_hash
-      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2"}
+      #     session.to_hash
+      #     # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2"}
       #
-      #   session.update({ "foo" => "bar" })
-      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      #     session.update({ "foo" => "bar" })
+      #     # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
       #
-      #   session.to_hash
-      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      #     session.to_hash
+      #     # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
       def update(hash)
         unless hash.respond_to?(:to_hash)
           raise TypeError, "no implicit conversion of #{hash.class.name} into Hash"
@@ -193,20 +195,20 @@ module ActionDispatch
         @delegate.delete key.to_s
       end
 
-      # Returns value of the given key from the session, or raises +KeyError+
-      # if can't find the given key and no default value is set.
-      # Returns default value if specified.
+      # Returns value of the given key from the session, or raises `KeyError` if can't
+      # find the given key and no default value is set. Returns default value if
+      # specified.
       #
-      #   session.fetch(:foo)
-      #   # => KeyError: key not found: "foo"
+      #     session.fetch(:foo)
+      #     # => KeyError: key not found: "foo"
       #
-      #   session.fetch(:foo, :bar)
-      #   # => :bar
+      #     session.fetch(:foo, :bar)
+      #     # => :bar
       #
-      #   session.fetch(:foo) do
-      #     :bar
-      #   end
-      #   # => :bar
+      #     session.fetch(:foo) do
+      #       :bar
+      #     end
+      #     # => :bar
       def fetch(key, default = Unspecified, &block)
         load_for_read!
         if default == Unspecified

data/lib/action_dispatch/request/utils.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/hash/indifferent_access"
 
 module ActionDispatch

data/lib/action_dispatch/routing/endpoint.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   module Routing
     class Endpoint # :nodoc: