actionpack 7.1.3 → 7.2.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +82 -501
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +102 -98
- data/lib/abstract_controller/caching/fragments.rb +50 -53
- data/lib/abstract_controller/caching.rb +2 -0
- data/lib/abstract_controller/callbacks.rb +66 -64
- data/lib/abstract_controller/collector.rb +6 -6
- data/lib/abstract_controller/deprecator.rb +2 -0
- data/lib/abstract_controller/error.rb +2 -0
- data/lib/abstract_controller/helpers.rb +70 -85
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +2 -0
- data/lib/abstract_controller/rendering.rb +13 -12
- data/lib/abstract_controller/translation.rb +15 -7
- data/lib/abstract_controller/url_for.rb +8 -6
- data/lib/abstract_controller.rb +2 -0
- data/lib/action_controller/api/api_rendering.rb +2 -0
- data/lib/action_controller/api.rb +74 -72
- data/lib/action_controller/base.rb +198 -126
- data/lib/action_controller/caching.rb +15 -12
- data/lib/action_controller/deprecator.rb +2 -0
- data/lib/action_controller/form_builder.rb +20 -17
- data/lib/action_controller/log_subscriber.rb +3 -1
- data/lib/action_controller/metal/allow_browser.rb +123 -0
- data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
- data/lib/action_controller/metal/conditional_get.rb +188 -174
- data/lib/action_controller/metal/content_security_policy.rb +25 -24
- data/lib/action_controller/metal/cookies.rb +4 -2
- data/lib/action_controller/metal/data_streaming.rb +64 -55
- data/lib/action_controller/metal/default_headers.rb +5 -3
- data/lib/action_controller/metal/etag_with_flash.rb +3 -1
- data/lib/action_controller/metal/etag_with_template_digest.rb +17 -15
- data/lib/action_controller/metal/exceptions.rb +11 -9
- data/lib/action_controller/metal/flash.rb +12 -10
- data/lib/action_controller/metal/head.rb +12 -10
- data/lib/action_controller/metal/helpers.rb +63 -55
- data/lib/action_controller/metal/http_authentication.rb +210 -205
- data/lib/action_controller/metal/implicit_render.rb +17 -15
- data/lib/action_controller/metal/instrumentation.rb +15 -12
- data/lib/action_controller/metal/live.rb +113 -107
- data/lib/action_controller/metal/logging.rb +6 -4
- data/lib/action_controller/metal/mime_responds.rb +151 -142
- data/lib/action_controller/metal/parameter_encoding.rb +34 -32
- data/lib/action_controller/metal/params_wrapper.rb +57 -59
- data/lib/action_controller/metal/permissions_policy.rb +13 -12
- data/lib/action_controller/metal/rate_limiting.rb +62 -0
- data/lib/action_controller/metal/redirecting.rb +108 -82
- data/lib/action_controller/metal/renderers.rb +50 -49
- data/lib/action_controller/metal/rendering.rb +103 -75
- data/lib/action_controller/metal/request_forgery_protection.rb +162 -133
- data/lib/action_controller/metal/rescue.rb +11 -9
- data/lib/action_controller/metal/streaming.rb +138 -136
- data/lib/action_controller/metal/strong_parameters.rb +525 -480
- data/lib/action_controller/metal/testing.rb +2 -0
- data/lib/action_controller/metal/url_for.rb +17 -15
- data/lib/action_controller/metal.rb +86 -60
- data/lib/action_controller/railtie.rb +3 -0
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +42 -36
- data/lib/action_controller/template_assertions.rb +4 -2
- data/lib/action_controller/test_case.rb +146 -126
- data/lib/action_controller.rb +10 -3
- data/lib/action_dispatch/constants.rb +2 -0
- data/lib/action_dispatch/deprecator.rb +2 -0
- data/lib/action_dispatch/http/cache.rb +27 -26
- data/lib/action_dispatch/http/content_disposition.rb +2 -0
- data/lib/action_dispatch/http/content_security_policy.rb +44 -38
- data/lib/action_dispatch/http/filter_parameters.rb +18 -9
- data/lib/action_dispatch/http/filter_redirect.rb +22 -1
- data/lib/action_dispatch/http/headers.rb +22 -22
- data/lib/action_dispatch/http/mime_negotiation.rb +30 -41
- data/lib/action_dispatch/http/mime_type.rb +31 -24
- data/lib/action_dispatch/http/mime_types.rb +2 -0
- data/lib/action_dispatch/http/parameters.rb +11 -9
- data/lib/action_dispatch/http/permissions_policy.rb +20 -44
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +94 -75
- data/lib/action_dispatch/http/response.rb +73 -61
- data/lib/action_dispatch/http/upload.rb +18 -16
- data/lib/action_dispatch/http/url.rb +75 -73
- data/lib/action_dispatch/journey/formatter.rb +13 -6
- data/lib/action_dispatch/journey/gtg/builder.rb +4 -3
- data/lib/action_dispatch/journey/gtg/simulator.rb +2 -0
- data/lib/action_dispatch/journey/gtg/transition_table.rb +10 -8
- data/lib/action_dispatch/journey/nfa/dot.rb +2 -0
- data/lib/action_dispatch/journey/nodes/node.rb +6 -5
- data/lib/action_dispatch/journey/parser.rb +4 -3
- data/lib/action_dispatch/journey/parser_extras.rb +2 -0
- data/lib/action_dispatch/journey/path/pattern.rb +4 -1
- data/lib/action_dispatch/journey/route.rb +9 -7
- data/lib/action_dispatch/journey/router/utils.rb +16 -15
- data/lib/action_dispatch/journey/router.rb +4 -2
- data/lib/action_dispatch/journey/routes.rb +4 -2
- data/lib/action_dispatch/journey/scanner.rb +4 -2
- data/lib/action_dispatch/journey/visitors.rb +2 -0
- data/lib/action_dispatch/journey.rb +2 -0
- data/lib/action_dispatch/log_subscriber.rb +2 -0
- data/lib/action_dispatch/middleware/actionable_exceptions.rb +2 -0
- data/lib/action_dispatch/middleware/assume_ssl.rb +8 -5
- data/lib/action_dispatch/middleware/callbacks.rb +3 -1
- data/lib/action_dispatch/middleware/cookies.rb +119 -104
- data/lib/action_dispatch/middleware/debug_exceptions.rb +13 -5
- data/lib/action_dispatch/middleware/debug_locks.rb +15 -13
- data/lib/action_dispatch/middleware/debug_view.rb +2 -0
- data/lib/action_dispatch/middleware/exception_wrapper.rb +6 -11
- data/lib/action_dispatch/middleware/executor.rb +8 -0
- data/lib/action_dispatch/middleware/flash.rb +63 -51
- data/lib/action_dispatch/middleware/host_authorization.rb +17 -15
- data/lib/action_dispatch/middleware/public_exceptions.rb +8 -6
- data/lib/action_dispatch/middleware/reloader.rb +5 -3
- data/lib/action_dispatch/middleware/remote_ip.rb +77 -72
- data/lib/action_dispatch/middleware/request_id.rb +14 -9
- data/lib/action_dispatch/middleware/server_timing.rb +4 -2
- data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -0
- data/lib/action_dispatch/middleware/session/cache_store.rb +13 -8
- data/lib/action_dispatch/middleware/session/cookie_store.rb +27 -26
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +7 -3
- data/lib/action_dispatch/middleware/show_exceptions.rb +31 -21
- data/lib/action_dispatch/middleware/ssl.rb +43 -40
- data/lib/action_dispatch/middleware/stack.rb +11 -10
- data/lib/action_dispatch/middleware/static.rb +33 -31
- data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +1 -1
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +1 -1
- data/lib/action_dispatch/railtie.rb +2 -4
- data/lib/action_dispatch/request/session.rb +23 -21
- data/lib/action_dispatch/request/utils.rb +2 -0
- data/lib/action_dispatch/routing/endpoint.rb +2 -0
- data/lib/action_dispatch/routing/inspector.rb +5 -3
- data/lib/action_dispatch/routing/mapper.rb +671 -636
- data/lib/action_dispatch/routing/polymorphic_routes.rb +69 -62
- data/lib/action_dispatch/routing/redirection.rb +37 -32
- data/lib/action_dispatch/routing/route_set.rb +59 -45
- data/lib/action_dispatch/routing/routes_proxy.rb +6 -4
- data/lib/action_dispatch/routing/url_for.rb +130 -125
- data/lib/action_dispatch/routing.rb +150 -148
- data/lib/action_dispatch/system_test_case.rb +91 -81
- data/lib/action_dispatch/system_testing/browser.rb +10 -3
- data/lib/action_dispatch/system_testing/driver.rb +3 -1
- data/lib/action_dispatch/system_testing/server.rb +2 -0
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +32 -21
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +2 -0
- data/lib/action_dispatch/testing/assertion_response.rb +8 -6
- data/lib/action_dispatch/testing/assertions/response.rb +26 -23
- data/lib/action_dispatch/testing/assertions/routing.rb +153 -84
- data/lib/action_dispatch/testing/assertions.rb +2 -0
- data/lib/action_dispatch/testing/integration.rb +223 -222
- data/lib/action_dispatch/testing/request_encoder.rb +2 -0
- data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
- data/lib/action_dispatch/testing/test_process.rb +12 -8
- data/lib/action_dispatch/testing/test_request.rb +3 -1
- data/lib/action_dispatch/testing/test_response.rb +27 -26
- data/lib/action_dispatch.rb +22 -28
- data/lib/action_pack/gem_version.rb +6 -4
- data/lib/action_pack/version.rb +3 -1
- data/lib/action_pack.rb +17 -16
- metadata +39 -16
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
# :markup: markdown
|
|
4
|
+
|
|
3
5
|
module AbstractController
|
|
4
|
-
#
|
|
6
|
+
# # URL For
|
|
5
7
|
#
|
|
6
|
-
# Includes
|
|
7
|
-
# has to provide a
|
|
8
|
-
# exception will be raised.
|
|
8
|
+
# Includes `url_for` into the host class (e.g. an abstract controller or
|
|
9
|
+
# mailer). The class has to provide a `RouteSet` by implementing the `_routes`
|
|
10
|
+
# methods. Otherwise, an exception will be raised.
|
|
9
11
|
#
|
|
10
|
-
# Note that this module is completely decoupled from HTTP - the only requirement
|
|
11
|
-
#
|
|
12
|
+
# Note that this module is completely decoupled from HTTP - the only requirement
|
|
13
|
+
# is a valid `_routes` implementation.
|
|
12
14
|
module UrlFor
|
|
13
15
|
extend ActiveSupport::Concern
|
|
14
16
|
include ActionDispatch::Routing::UrlFor
|
data/lib/abstract_controller.rb
CHANGED
|
@@ -1,107 +1,108 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
# :markup: markdown
|
|
4
|
+
|
|
3
5
|
require "action_view"
|
|
4
6
|
require "action_controller"
|
|
5
7
|
require "action_controller/log_subscriber"
|
|
6
8
|
|
|
7
9
|
module ActionController
|
|
8
|
-
#
|
|
10
|
+
# # Action Controller API
|
|
9
11
|
#
|
|
10
|
-
# API Controller is a lightweight version of ActionController::Base,
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
12
|
+
# API Controller is a lightweight version of ActionController::Base, created for
|
|
13
|
+
# applications that don't require all functionalities that a complete Rails
|
|
14
|
+
# controller provides, allowing you to create controllers with just the features
|
|
15
|
+
# that you need for API only applications.
|
|
14
16
|
#
|
|
15
|
-
# An API Controller is different from a normal controller in the sense that
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
21
|
-
#
|
|
17
|
+
# An API Controller is different from a normal controller in the sense that by
|
|
18
|
+
# default it doesn't include a number of features that are usually required by
|
|
19
|
+
# browser access only: layouts and templates rendering, flash, assets, and so
|
|
20
|
+
# on. This makes the entire controller stack thinner, suitable for API
|
|
21
|
+
# applications. It doesn't mean you won't have such features if you need them:
|
|
22
|
+
# they're all available for you to include in your application, they're just not
|
|
23
|
+
# part of the default API controller stack.
|
|
22
24
|
#
|
|
23
|
-
# Normally,
|
|
24
|
-
#
|
|
25
|
-
#
|
|
25
|
+
# Normally, `ApplicationController` is the only controller that inherits from
|
|
26
|
+
# `ActionController::API`. All other controllers in turn inherit from
|
|
27
|
+
# `ApplicationController`.
|
|
26
28
|
#
|
|
27
29
|
# A sample controller could look like this:
|
|
28
30
|
#
|
|
29
|
-
#
|
|
30
|
-
#
|
|
31
|
-
#
|
|
32
|
-
#
|
|
31
|
+
# class PostsController < ApplicationController
|
|
32
|
+
# def index
|
|
33
|
+
# posts = Post.all
|
|
34
|
+
# render json: posts
|
|
35
|
+
# end
|
|
33
36
|
# end
|
|
34
|
-
# end
|
|
35
37
|
#
|
|
36
38
|
# Request, response, and parameters objects all work the exact same way as
|
|
37
39
|
# ActionController::Base.
|
|
38
40
|
#
|
|
39
|
-
#
|
|
41
|
+
# ## Renders
|
|
40
42
|
#
|
|
41
|
-
# The default API Controller stack includes all renderers, which means you
|
|
42
|
-
#
|
|
43
|
-
#
|
|
44
|
-
#
|
|
45
|
-
#
|
|
43
|
+
# The default API Controller stack includes all renderers, which means you can
|
|
44
|
+
# use `render :json` and siblings freely in your controllers. Keep in mind that
|
|
45
|
+
# templates are not going to be rendered, so you need to ensure your controller
|
|
46
|
+
# is calling either `render` or `redirect_to` in all actions, otherwise it will
|
|
47
|
+
# return `204 No Content`.
|
|
46
48
|
#
|
|
47
|
-
#
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
#
|
|
49
|
+
# def show
|
|
50
|
+
# post = Post.find(params[:id])
|
|
51
|
+
# render json: post
|
|
52
|
+
# end
|
|
51
53
|
#
|
|
52
|
-
#
|
|
54
|
+
# ## Redirects
|
|
53
55
|
#
|
|
54
56
|
# Redirects are used to move from one action to another. You can use the
|
|
55
|
-
#
|
|
57
|
+
# `redirect_to` method in your controllers in the same way as in
|
|
56
58
|
# ActionController::Base. For example:
|
|
57
59
|
#
|
|
58
|
-
#
|
|
59
|
-
#
|
|
60
|
-
#
|
|
61
|
-
#
|
|
60
|
+
# def create
|
|
61
|
+
# redirect_to root_url and return if not_authorized?
|
|
62
|
+
# # do stuff here
|
|
63
|
+
# end
|
|
62
64
|
#
|
|
63
|
-
#
|
|
65
|
+
# ## Adding New Behavior
|
|
64
66
|
#
|
|
65
67
|
# In some scenarios you may want to add back some functionality provided by
|
|
66
68
|
# ActionController::Base that is not present by default in
|
|
67
|
-
#
|
|
68
|
-
#
|
|
69
|
-
#
|
|
70
|
-
#
|
|
71
|
-
#
|
|
72
|
-
#
|
|
73
|
-
#
|
|
74
|
-
#
|
|
75
|
-
#
|
|
76
|
-
#
|
|
77
|
-
#
|
|
78
|
-
#
|
|
79
|
-
#
|
|
80
|
-
#
|
|
81
|
-
#
|
|
82
|
-
#
|
|
83
|
-
#
|
|
69
|
+
# `ActionController::API`, for instance `MimeResponds`. This module gives you
|
|
70
|
+
# the `respond_to` method. Adding it is quite simple, you just need to include
|
|
71
|
+
# the module in a specific controller or in `ApplicationController` in case you
|
|
72
|
+
# want it available in your entire application:
|
|
73
|
+
#
|
|
74
|
+
# class ApplicationController < ActionController::API
|
|
75
|
+
# include ActionController::MimeResponds
|
|
76
|
+
# end
|
|
77
|
+
#
|
|
78
|
+
# class PostsController < ApplicationController
|
|
79
|
+
# def index
|
|
80
|
+
# posts = Post.all
|
|
81
|
+
#
|
|
82
|
+
# respond_to do |format|
|
|
83
|
+
# format.json { render json: posts }
|
|
84
|
+
# format.xml { render xml: posts }
|
|
85
|
+
# end
|
|
84
86
|
# end
|
|
85
87
|
# end
|
|
86
|
-
# end
|
|
87
88
|
#
|
|
88
|
-
# Make sure to check the modules included in ActionController::Base
|
|
89
|
-
#
|
|
90
|
-
#
|
|
89
|
+
# Make sure to check the modules included in ActionController::Base if you want
|
|
90
|
+
# to use any other functionality that is not provided by `ActionController::API`
|
|
91
|
+
# out of the box.
|
|
91
92
|
class API < Metal
|
|
92
93
|
abstract!
|
|
93
94
|
|
|
94
|
-
# Shortcut helper that returns all the ActionController::API modules except
|
|
95
|
-
#
|
|
95
|
+
# Shortcut helper that returns all the ActionController::API modules except the
|
|
96
|
+
# ones passed as arguments:
|
|
96
97
|
#
|
|
97
|
-
#
|
|
98
|
-
#
|
|
99
|
-
#
|
|
98
|
+
# class MyAPIBaseController < ActionController::Metal
|
|
99
|
+
# ActionController::API.without_modules(:UrlFor).each do |left|
|
|
100
|
+
# include left
|
|
101
|
+
# end
|
|
100
102
|
# end
|
|
101
|
-
# end
|
|
102
103
|
#
|
|
103
|
-
# This gives better control over what you want to exclude and makes it easier
|
|
104
|
-
#
|
|
104
|
+
# This gives better control over what you want to exclude and makes it easier to
|
|
105
|
+
# create an API controller class, instead of listing the modules required
|
|
105
106
|
# manually.
|
|
106
107
|
def self.without_modules(*modules)
|
|
107
108
|
modules = modules.map do |m|
|
|
@@ -121,24 +122,25 @@ module ActionController
|
|
|
121
122
|
ConditionalGet,
|
|
122
123
|
BasicImplicitRender,
|
|
123
124
|
StrongParameters,
|
|
125
|
+
RateLimiting,
|
|
124
126
|
|
|
125
127
|
DataStreaming,
|
|
126
128
|
DefaultHeaders,
|
|
127
129
|
Logging,
|
|
128
130
|
|
|
129
|
-
# Before callbacks should also be executed as early as possible, so
|
|
130
|
-
#
|
|
131
|
+
# Before callbacks should also be executed as early as possible, so also include
|
|
132
|
+
# them at the bottom.
|
|
131
133
|
AbstractController::Callbacks,
|
|
132
134
|
|
|
133
135
|
# Append rescue at the bottom to wrap as much as possible.
|
|
134
136
|
Rescue,
|
|
135
137
|
|
|
136
|
-
# Add instrumentations hooks at the bottom, to ensure they instrument
|
|
137
|
-
#
|
|
138
|
+
# Add instrumentations hooks at the bottom, to ensure they instrument all the
|
|
139
|
+
# methods properly.
|
|
138
140
|
Instrumentation,
|
|
139
141
|
|
|
140
|
-
# Params wrapper should come before instrumentation so they are
|
|
141
|
-
#
|
|
142
|
+
# Params wrapper should come before instrumentation so they are properly showed
|
|
143
|
+
# in logs
|
|
142
144
|
ParamsWrapper
|
|
143
145
|
]
|
|
144
146
|
|