actionpack 7.1.3 → 7.2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +82 -501
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +102 -98
- data/lib/abstract_controller/caching/fragments.rb +50 -53
- data/lib/abstract_controller/caching.rb +2 -0
- data/lib/abstract_controller/callbacks.rb +66 -64
- data/lib/abstract_controller/collector.rb +6 -6
- data/lib/abstract_controller/deprecator.rb +2 -0
- data/lib/abstract_controller/error.rb +2 -0
- data/lib/abstract_controller/helpers.rb +70 -85
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +2 -0
- data/lib/abstract_controller/rendering.rb +13 -12
- data/lib/abstract_controller/translation.rb +15 -7
- data/lib/abstract_controller/url_for.rb +8 -6
- data/lib/abstract_controller.rb +2 -0
- data/lib/action_controller/api/api_rendering.rb +2 -0
- data/lib/action_controller/api.rb +74 -72
- data/lib/action_controller/base.rb +198 -126
- data/lib/action_controller/caching.rb +15 -12
- data/lib/action_controller/deprecator.rb +2 -0
- data/lib/action_controller/form_builder.rb +20 -17
- data/lib/action_controller/log_subscriber.rb +3 -1
- data/lib/action_controller/metal/allow_browser.rb +123 -0
- data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
- data/lib/action_controller/metal/conditional_get.rb +188 -174
- data/lib/action_controller/metal/content_security_policy.rb +25 -24
- data/lib/action_controller/metal/cookies.rb +4 -2
- data/lib/action_controller/metal/data_streaming.rb +64 -55
- data/lib/action_controller/metal/default_headers.rb +5 -3
- data/lib/action_controller/metal/etag_with_flash.rb +3 -1
- data/lib/action_controller/metal/etag_with_template_digest.rb +17 -15
- data/lib/action_controller/metal/exceptions.rb +11 -9
- data/lib/action_controller/metal/flash.rb +12 -10
- data/lib/action_controller/metal/head.rb +12 -10
- data/lib/action_controller/metal/helpers.rb +63 -55
- data/lib/action_controller/metal/http_authentication.rb +210 -205
- data/lib/action_controller/metal/implicit_render.rb +17 -15
- data/lib/action_controller/metal/instrumentation.rb +15 -12
- data/lib/action_controller/metal/live.rb +113 -107
- data/lib/action_controller/metal/logging.rb +6 -4
- data/lib/action_controller/metal/mime_responds.rb +151 -142
- data/lib/action_controller/metal/parameter_encoding.rb +34 -32
- data/lib/action_controller/metal/params_wrapper.rb +57 -59
- data/lib/action_controller/metal/permissions_policy.rb +13 -12
- data/lib/action_controller/metal/rate_limiting.rb +62 -0
- data/lib/action_controller/metal/redirecting.rb +108 -82
- data/lib/action_controller/metal/renderers.rb +50 -49
- data/lib/action_controller/metal/rendering.rb +103 -75
- data/lib/action_controller/metal/request_forgery_protection.rb +162 -133
- data/lib/action_controller/metal/rescue.rb +11 -9
- data/lib/action_controller/metal/streaming.rb +138 -136
- data/lib/action_controller/metal/strong_parameters.rb +525 -480
- data/lib/action_controller/metal/testing.rb +2 -0
- data/lib/action_controller/metal/url_for.rb +17 -15
- data/lib/action_controller/metal.rb +86 -60
- data/lib/action_controller/railtie.rb +3 -0
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +42 -36
- data/lib/action_controller/template_assertions.rb +4 -2
- data/lib/action_controller/test_case.rb +146 -126
- data/lib/action_controller.rb +10 -3
- data/lib/action_dispatch/constants.rb +2 -0
- data/lib/action_dispatch/deprecator.rb +2 -0
- data/lib/action_dispatch/http/cache.rb +27 -26
- data/lib/action_dispatch/http/content_disposition.rb +2 -0
- data/lib/action_dispatch/http/content_security_policy.rb +44 -38
- data/lib/action_dispatch/http/filter_parameters.rb +18 -9
- data/lib/action_dispatch/http/filter_redirect.rb +22 -1
- data/lib/action_dispatch/http/headers.rb +22 -22
- data/lib/action_dispatch/http/mime_negotiation.rb +30 -41
- data/lib/action_dispatch/http/mime_type.rb +31 -24
- data/lib/action_dispatch/http/mime_types.rb +2 -0
- data/lib/action_dispatch/http/parameters.rb +11 -9
- data/lib/action_dispatch/http/permissions_policy.rb +20 -44
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +94 -75
- data/lib/action_dispatch/http/response.rb +73 -61
- data/lib/action_dispatch/http/upload.rb +18 -16
- data/lib/action_dispatch/http/url.rb +75 -73
- data/lib/action_dispatch/journey/formatter.rb +13 -6
- data/lib/action_dispatch/journey/gtg/builder.rb +4 -3
- data/lib/action_dispatch/journey/gtg/simulator.rb +2 -0
- data/lib/action_dispatch/journey/gtg/transition_table.rb +10 -8
- data/lib/action_dispatch/journey/nfa/dot.rb +2 -0
- data/lib/action_dispatch/journey/nodes/node.rb +6 -5
- data/lib/action_dispatch/journey/parser.rb +4 -3
- data/lib/action_dispatch/journey/parser_extras.rb +2 -0
- data/lib/action_dispatch/journey/path/pattern.rb +4 -1
- data/lib/action_dispatch/journey/route.rb +9 -7
- data/lib/action_dispatch/journey/router/utils.rb +16 -15
- data/lib/action_dispatch/journey/router.rb +4 -2
- data/lib/action_dispatch/journey/routes.rb +4 -2
- data/lib/action_dispatch/journey/scanner.rb +4 -2
- data/lib/action_dispatch/journey/visitors.rb +2 -0
- data/lib/action_dispatch/journey.rb +2 -0
- data/lib/action_dispatch/log_subscriber.rb +2 -0
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +2 -0
- data/lib/action_dispatch/middleware/assume_ssl.rb +8 -5
- data/lib/action_dispatch/middleware/callbacks.rb +3 -1
- data/lib/action_dispatch/middleware/cookies.rb +119 -104
- data/lib/action_dispatch/middleware/debug_exceptions.rb +13 -5
- data/lib/action_dispatch/middleware/debug_locks.rb +15 -13
- data/lib/action_dispatch/middleware/debug_view.rb +2 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +6 -11
- data/lib/action_dispatch/middleware/executor.rb +8 -0
- data/lib/action_dispatch/middleware/flash.rb +63 -51
- data/lib/action_dispatch/middleware/host_authorization.rb +17 -15
- data/lib/action_dispatch/middleware/public_exceptions.rb +8 -6
- data/lib/action_dispatch/middleware/reloader.rb +5 -3
- data/lib/action_dispatch/middleware/remote_ip.rb +77 -72
- data/lib/action_dispatch/middleware/request_id.rb +14 -9
- data/lib/action_dispatch/middleware/server_timing.rb +4 -2
- data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -0
- data/lib/action_dispatch/middleware/session/cache_store.rb +13 -8
- data/lib/action_dispatch/middleware/session/cookie_store.rb +27 -26
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +7 -3
- data/lib/action_dispatch/middleware/show_exceptions.rb +31 -21
- data/lib/action_dispatch/middleware/ssl.rb +43 -40
- data/lib/action_dispatch/middleware/stack.rb +11 -10
- data/lib/action_dispatch/middleware/static.rb +33 -31
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +1 -1
- data/lib/action_dispatch/railtie.rb +2 -4
- data/lib/action_dispatch/request/session.rb +23 -21
- data/lib/action_dispatch/request/utils.rb +2 -0
- data/lib/action_dispatch/routing/endpoint.rb +2 -0
- data/lib/action_dispatch/routing/inspector.rb +5 -3
- data/lib/action_dispatch/routing/mapper.rb +671 -636
- data/lib/action_dispatch/routing/polymorphic_routes.rb +69 -62
- data/lib/action_dispatch/routing/redirection.rb +37 -32
- data/lib/action_dispatch/routing/route_set.rb +59 -45
- data/lib/action_dispatch/routing/routes_proxy.rb +6 -4
- data/lib/action_dispatch/routing/url_for.rb +130 -125
- data/lib/action_dispatch/routing.rb +150 -148
- data/lib/action_dispatch/system_test_case.rb +91 -81
- data/lib/action_dispatch/system_testing/browser.rb +10 -3
- data/lib/action_dispatch/system_testing/driver.rb +3 -1
- data/lib/action_dispatch/system_testing/server.rb +2 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +32 -21
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +2 -0
- data/lib/action_dispatch/testing/assertion_response.rb +8 -6
- data/lib/action_dispatch/testing/assertions/response.rb +26 -23
- data/lib/action_dispatch/testing/assertions/routing.rb +153 -84
- data/lib/action_dispatch/testing/assertions.rb +2 -0
- data/lib/action_dispatch/testing/integration.rb +223 -222
- data/lib/action_dispatch/testing/request_encoder.rb +2 -0
- data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
- data/lib/action_dispatch/testing/test_process.rb +12 -8
- data/lib/action_dispatch/testing/test_request.rb +3 -1
- data/lib/action_dispatch/testing/test_response.rb +27 -26
- data/lib/action_dispatch.rb +22 -28
- data/lib/action_pack/gem_version.rb +6 -4
- data/lib/action_pack/version.rb +3 -1
- data/lib/action_pack.rb +17 -16
- metadata +39 -16
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
# :markup: markdown
|
|
4
|
+
|
|
3
5
|
module AbstractController
|
|
4
|
-
#
|
|
6
|
+
# # URL For
|
|
5
7
|
#
|
|
6
|
-
# Includes
|
|
7
|
-
# has to provide a
|
|
8
|
-
# exception will be raised.
|
|
8
|
+
# Includes `url_for` into the host class (e.g. an abstract controller or
|
|
9
|
+
# mailer). The class has to provide a `RouteSet` by implementing the `_routes`
|
|
10
|
+
# methods. Otherwise, an exception will be raised.
|
|
9
11
|
#
|
|
10
|
-
# Note that this module is completely decoupled from HTTP - the only requirement
|
|
11
|
-
#
|
|
12
|
+
# Note that this module is completely decoupled from HTTP - the only requirement
|
|
13
|
+
# is a valid `_routes` implementation.
|
|
12
14
|
module UrlFor
|
|
13
15
|
extend ActiveSupport::Concern
|
|
14
16
|
include ActionDispatch::Routing::UrlFor
|
data/lib/abstract_controller.rb
CHANGED
|
@@ -1,107 +1,108 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
# :markup: markdown
|
|
4
|
+
|
|
3
5
|
require "action_view"
|
|
4
6
|
require "action_controller"
|
|
5
7
|
require "action_controller/log_subscriber"
|
|
6
8
|
|
|
7
9
|
module ActionController
|
|
8
|
-
#
|
|
10
|
+
# # Action Controller API
|
|
9
11
|
#
|
|
10
|
-
# API Controller is a lightweight version of ActionController::Base,
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
12
|
+
# API Controller is a lightweight version of ActionController::Base, created for
|
|
13
|
+
# applications that don't require all functionalities that a complete Rails
|
|
14
|
+
# controller provides, allowing you to create controllers with just the features
|
|
15
|
+
# that you need for API only applications.
|
|
14
16
|
#
|
|
15
|
-
# An API Controller is different from a normal controller in the sense that
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
21
|
-
#
|
|
17
|
+
# An API Controller is different from a normal controller in the sense that by
|
|
18
|
+
# default it doesn't include a number of features that are usually required by
|
|
19
|
+
# browser access only: layouts and templates rendering, flash, assets, and so
|
|
20
|
+
# on. This makes the entire controller stack thinner, suitable for API
|
|
21
|
+
# applications. It doesn't mean you won't have such features if you need them:
|
|
22
|
+
# they're all available for you to include in your application, they're just not
|
|
23
|
+
# part of the default API controller stack.
|
|
22
24
|
#
|
|
23
|
-
# Normally,
|
|
24
|
-
#
|
|
25
|
-
#
|
|
25
|
+
# Normally, `ApplicationController` is the only controller that inherits from
|
|
26
|
+
# `ActionController::API`. All other controllers in turn inherit from
|
|
27
|
+
# `ApplicationController`.
|
|
26
28
|
#
|
|
27
29
|
# A sample controller could look like this:
|
|
28
30
|
#
|
|
29
|
-
#
|
|
30
|
-
#
|
|
31
|
-
#
|
|
32
|
-
#
|
|
31
|
+
# class PostsController < ApplicationController
|
|
32
|
+
# def index
|
|
33
|
+
# posts = Post.all
|
|
34
|
+
# render json: posts
|
|
35
|
+
# end
|
|
33
36
|
# end
|
|
34
|
-
# end
|
|
35
37
|
#
|
|
36
38
|
# Request, response, and parameters objects all work the exact same way as
|
|
37
39
|
# ActionController::Base.
|
|
38
40
|
#
|
|
39
|
-
#
|
|
41
|
+
# ## Renders
|
|
40
42
|
#
|
|
41
|
-
# The default API Controller stack includes all renderers, which means you
|
|
42
|
-
#
|
|
43
|
-
#
|
|
44
|
-
#
|
|
45
|
-
#
|
|
43
|
+
# The default API Controller stack includes all renderers, which means you can
|
|
44
|
+
# use `render :json` and siblings freely in your controllers. Keep in mind that
|
|
45
|
+
# templates are not going to be rendered, so you need to ensure your controller
|
|
46
|
+
# is calling either `render` or `redirect_to` in all actions, otherwise it will
|
|
47
|
+
# return `204 No Content`.
|
|
46
48
|
#
|
|
47
|
-
#
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
#
|
|
49
|
+
# def show
|
|
50
|
+
# post = Post.find(params[:id])
|
|
51
|
+
# render json: post
|
|
52
|
+
# end
|
|
51
53
|
#
|
|
52
|
-
#
|
|
54
|
+
# ## Redirects
|
|
53
55
|
#
|
|
54
56
|
# Redirects are used to move from one action to another. You can use the
|
|
55
|
-
#
|
|
57
|
+
# `redirect_to` method in your controllers in the same way as in
|
|
56
58
|
# ActionController::Base. For example:
|
|
57
59
|
#
|
|
58
|
-
#
|
|
59
|
-
#
|
|
60
|
-
#
|
|
61
|
-
#
|
|
60
|
+
# def create
|
|
61
|
+
# redirect_to root_url and return if not_authorized?
|
|
62
|
+
# # do stuff here
|
|
63
|
+
# end
|
|
62
64
|
#
|
|
63
|
-
#
|
|
65
|
+
# ## Adding New Behavior
|
|
64
66
|
#
|
|
65
67
|
# In some scenarios you may want to add back some functionality provided by
|
|
66
68
|
# ActionController::Base that is not present by default in
|
|
67
|
-
#
|
|
68
|
-
#
|
|
69
|
-
#
|
|
70
|
-
#
|
|
71
|
-
#
|
|
72
|
-
#
|
|
73
|
-
#
|
|
74
|
-
#
|
|
75
|
-
#
|
|
76
|
-
#
|
|
77
|
-
#
|
|
78
|
-
#
|
|
79
|
-
#
|
|
80
|
-
#
|
|
81
|
-
#
|
|
82
|
-
#
|
|
83
|
-
#
|
|
69
|
+
# `ActionController::API`, for instance `MimeResponds`. This module gives you
|
|
70
|
+
# the `respond_to` method. Adding it is quite simple, you just need to include
|
|
71
|
+
# the module in a specific controller or in `ApplicationController` in case you
|
|
72
|
+
# want it available in your entire application:
|
|
73
|
+
#
|
|
74
|
+
# class ApplicationController < ActionController::API
|
|
75
|
+
# include ActionController::MimeResponds
|
|
76
|
+
# end
|
|
77
|
+
#
|
|
78
|
+
# class PostsController < ApplicationController
|
|
79
|
+
# def index
|
|
80
|
+
# posts = Post.all
|
|
81
|
+
#
|
|
82
|
+
# respond_to do |format|
|
|
83
|
+
# format.json { render json: posts }
|
|
84
|
+
# format.xml { render xml: posts }
|
|
85
|
+
# end
|
|
84
86
|
# end
|
|
85
87
|
# end
|
|
86
|
-
# end
|
|
87
88
|
#
|
|
88
|
-
# Make sure to check the modules included in ActionController::Base
|
|
89
|
-
#
|
|
90
|
-
#
|
|
89
|
+
# Make sure to check the modules included in ActionController::Base if you want
|
|
90
|
+
# to use any other functionality that is not provided by `ActionController::API`
|
|
91
|
+
# out of the box.
|
|
91
92
|
class API < Metal
|
|
92
93
|
abstract!
|
|
93
94
|
|
|
94
|
-
# Shortcut helper that returns all the ActionController::API modules except
|
|
95
|
-
#
|
|
95
|
+
# Shortcut helper that returns all the ActionController::API modules except the
|
|
96
|
+
# ones passed as arguments:
|
|
96
97
|
#
|
|
97
|
-
#
|
|
98
|
-
#
|
|
99
|
-
#
|
|
98
|
+
# class MyAPIBaseController < ActionController::Metal
|
|
99
|
+
# ActionController::API.without_modules(:UrlFor).each do |left|
|
|
100
|
+
# include left
|
|
101
|
+
# end
|
|
100
102
|
# end
|
|
101
|
-
# end
|
|
102
103
|
#
|
|
103
|
-
# This gives better control over what you want to exclude and makes it easier
|
|
104
|
-
#
|
|
104
|
+
# This gives better control over what you want to exclude and makes it easier to
|
|
105
|
+
# create an API controller class, instead of listing the modules required
|
|
105
106
|
# manually.
|
|
106
107
|
def self.without_modules(*modules)
|
|
107
108
|
modules = modules.map do |m|
|
|
@@ -121,24 +122,25 @@ module ActionController
|
|
|
121
122
|
ConditionalGet,
|
|
122
123
|
BasicImplicitRender,
|
|
123
124
|
StrongParameters,
|
|
125
|
+
RateLimiting,
|
|
124
126
|
|
|
125
127
|
DataStreaming,
|
|
126
128
|
DefaultHeaders,
|
|
127
129
|
Logging,
|
|
128
130
|
|
|
129
|
-
# Before callbacks should also be executed as early as possible, so
|
|
130
|
-
#
|
|
131
|
+
# Before callbacks should also be executed as early as possible, so also include
|
|
132
|
+
# them at the bottom.
|
|
131
133
|
AbstractController::Callbacks,
|
|
132
134
|
|
|
133
135
|
# Append rescue at the bottom to wrap as much as possible.
|
|
134
136
|
Rescue,
|
|
135
137
|
|
|
136
|
-
# Add instrumentations hooks at the bottom, to ensure they instrument
|
|
137
|
-
#
|
|
138
|
+
# Add instrumentations hooks at the bottom, to ensure they instrument all the
|
|
139
|
+
# methods properly.
|
|
138
140
|
Instrumentation,
|
|
139
141
|
|
|
140
|
-
# Params wrapper should come before instrumentation so they are
|
|
141
|
-
#
|
|
142
|
+
# Params wrapper should come before instrumentation so they are properly showed
|
|
143
|
+
# in logs
|
|
142
144
|
ParamsWrapper
|
|
143
145
|
]
|
|
144
146
|
|