actionpack 7.1.5.1 → 8.1.2

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/module/attribute_accessors"
 require "active_support/syntax_error_proxy"
 require "active_support/core_ext/thread/backtrace/location"
@@ -16,11 +18,12 @@ module ActionDispatch
       "ActionController::UnknownFormat"                    => :not_acceptable,
       "ActionDispatch::Http::MimeNegotiation::InvalidType" => :not_acceptable,
       "ActionController::MissingExactTemplate"             => :not_acceptable,
-      "ActionController::InvalidAuthenticityToken"         => :unprocessable_entity,
-      "ActionController::InvalidCrossOriginRequest"        => :unprocessable_entity,
+      "ActionController::InvalidAuthenticityToken"         => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
+      "ActionController::InvalidCrossOriginRequest"        => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
+      "ActionController::TooManyRequests"                  => :too_many_requests,
       "Rack::QueryParser::ParameterTypeError"              => :bad_request,
       "Rack::QueryParser::InvalidParameterError"           => :bad_request
     )
@@ -146,15 +149,20 @@ module ActionDispatch
       application_trace_with_ids = []
       framework_trace_with_ids = []
       full_trace_with_ids = []
+      application_traces = application_trace.map(&:to_s)
 
+      full_trace = backtrace_cleaner&.clean_locations(backtrace, :all).presence || backtrace
       full_trace.each_with_index do |trace, idx|
+        filtered_trace = backtrace_cleaner&.clean_frame(trace, :all) || trace
+
         trace_with_id = {
           exception_object_id: @exception.object_id,
           id: idx,
-          trace: trace
+          trace: trace,
+          filtered_trace: filtered_trace,
         }
 
-        if application_trace.include?(trace)
+        if application_traces.include?(filtered_trace.to_s)
           application_trace_with_ids << trace_with_id
         else
           framework_trace_with_ids << trace_with_id
@@ -171,27 +179,19 @@ module ActionDispatch
     end
 
     def self.status_code_for_exception(class_name)
-      Rack::Utils.status_code(@@rescue_responses[class_name])
+      ActionDispatch::Response.rack_status_code(@@rescue_responses[class_name])
     end
 
     def show?(request)
-      # We're treating `nil` as "unset", and we want the default setting to be
-      # `:all`. This logic should be extracted to `env_config` and calculated
-      # once.
+      # We're treating `nil` as "unset", and we want the default setting to be `:all`.
+      # This logic should be extracted to `env_config` and calculated once.
       config = request.get_header("action_dispatch.show_exceptions")
 
-      # Include true and false for backwards compatibility.
       case config
       when :none
         false
       when :rescuable
         rescue_response?
-      when true
-        ActionDispatch.deprecator.warn("Setting action_dispatch.show_exceptions to true is deprecated. Set to :all instead.")
-        true
-      when false
-        ActionDispatch.deprecator.warn("Setting action_dispatch.show_exceptions to false is deprecated. Set to :none instead.")
-        false
       else
         true
       end
@@ -203,15 +203,10 @@ module ActionDispatch
 
     def source_extracts
       backtrace.map do |trace|
-        extract_source(trace)
+        extract_source(trace).merge(trace: trace)
       end
     end
 
-    def error_highlight_available?
-      # ErrorHighlight.spot with backtrace_location keyword is available since error_highlight 0.4.0
-      defined?(ErrorHighlight) && Gem::Version.new(ErrorHighlight::VERSION) >= Gem::Version.new("0.4.0")
-    end
-
     def trace_to_show
       if traces["Application Trace"].empty? && rescue_template != "routing_error"
         "Full Trace"
@@ -272,13 +267,13 @@ module ActionDispatch
         end
 
         (@exception.backtrace_locations || []).map do |loc|
-          if built_methods.key?(loc.label.to_s)
+          if built_methods.key?(loc.base_label)
             thread_backtrace_location = if loc.respond_to?(:__getobj__)
               loc.__getobj__
             else
               loc
             end
-            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.label.to_s])
+            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.base_label])
           else
             loc
           end

data/lib/action_dispatch/middleware/executor.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "rack/body_proxy"
 
 module ActionDispatch
@@ -10,6 +12,10 @@ module ActionDispatch
 
     def call(env)
       state = @executor.run!(reset: true)
+      if response_finished = env["rack.response_finished"]
+        response_finished << proc { state.complete! }
+      end
+
       begin
         response = @app.call(env)
 
@@ -18,12 +24,21 @@ module ActionDispatch
           @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
         end
 
-        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
-      rescue => error
-        @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
+        unless response_finished
+          response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        end
+        returned = true
+        response
+      rescue Exception => error
+        request = ActionDispatch::Request.new env
+        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, error)
+        @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
-        state.complete! unless returned
+        if !returned && !response_finished
+          state.complete!
+        end
       end
     end
   end

data/lib/action_dispatch/middleware/flash.rb

@@ -1,41 +1,48 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/hash/keys"
 
 module ActionDispatch
-  # = Action Dispatch \Flash
+  # # Action Dispatch Flash
   #
-  # The flash provides a way to pass temporary primitive-types (String, Array, Hash) between actions. Anything you place in the flash will be exposed
-  # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create
-  # action that sets <tt>flash[:notice] = "Post successfully created"</tt> before redirecting to a display action that can
-  # then expose the flash to its template. Actually, that exposure is automatically done.
+  # The flash provides a way to pass temporary primitive-types (String, Array,
+  # Hash) between actions. Anything you place in the flash will be exposed to the
+  # very next action and then cleared out. This is a great way of doing notices
+  # and alerts, such as a create action that sets `flash[:notice] = "Post
+  # successfully created"` before redirecting to a display action that can then
+  # expose the flash to its template. Actually, that exposure is automatically
+  # done.
   #
-  #   class PostsController < ActionController::Base
-  #     def create
-  #       # save post
-  #       flash[:notice] = "Post successfully created"
-  #       redirect_to @post
-  #     end
+  #     class PostsController < ActionController::Base
+  #       def create
+  #         # save post
+  #         flash[:notice] = "Post successfully created"
+  #         redirect_to @post
+  #       end
   #
-  #     def show
-  #       # doesn't need to assign the flash notice to the template, that's done automatically
+  #       def show
+  #         # doesn't need to assign the flash notice to the template, that's done automatically
+  #       end
   #     end
-  #   end
   #
-  # Then in +show.html.erb+:
+  # Then in `show.html.erb`:
   #
-  #   <% if flash[:notice] %>
-  #     <div class="notice"><%= flash[:notice] %></div>
-  #   <% end %>
+  #     <% if flash[:notice] %>
+  #       <div class="notice"><%= flash[:notice] %></div>
+  #     <% end %>
   #
-  # Since the +notice+ and +alert+ keys are a common idiom, convenience accessors are available:
+  # Since the `notice` and `alert` keys are a common idiom, convenience accessors
+  # are available:
   #
-  #   flash.alert = "You must be logged in"
-  #   flash.notice = "Post successfully created"
+  #     flash.alert = "You must be logged in"
+  #     flash.notice = "Post successfully created"
   #
-  # This example places a string in the flash. And of course, you can put as many as you like at a time too. If you want to pass
-  # non-primitive types, you will have to handle that in your application. Example: To show messages with links, you will have to
-  # use sanitize helper.
+  # This example places a string in the flash. And of course, you can put as many
+  # as you like at a time too. If you want to pass non-primitive types, you will
+  # have to handle that in your application. Example: To show messages with links,
+  # you will have to use sanitize helper.
   #
   # Just remember: They'll be gone by the time the next action has been performed.
   #
@@ -98,12 +105,12 @@ module ActionDispatch
         @flash[k.to_s]
       end
 
-      # Convenience accessor for <tt>flash.now[:alert]=</tt>.
+      # Convenience accessor for `flash.now[:alert]=`.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for <tt>flash.now[:notice]=</tt>.
+      # Convenience accessor for `flash.now[:notice]=`.
       def notice=(message)
         self[:notice] = message
       end
@@ -131,8 +138,8 @@ module ActionDispatch
         end
       end
 
-      # Builds a hash containing the flashes to keep for the next request.
-      # If there are none to keep, returns +nil+.
+      # Builds a hash containing the flashes to keep for the next request. If there
+      # are none to keep, returns `nil`.
       def to_session_value # :nodoc:
         flashes_to_keep = @flashes.except(*@discard)
         return nil if flashes_to_keep.empty?
@@ -177,8 +184,8 @@ module ActionDispatch
         @flashes.key? name.to_s
       end
 
-      # Immediately deletes the single flash entry. Use this method when you
-      # want remove the message within the current action. See also #discard.
+      # Immediately deletes the single flash entry. Use this method when you want
+      # remove the message within the current action. See also #discard.
       def delete(key)
         key = key.to_s
         @discard.delete key
@@ -211,45 +218,49 @@ module ActionDispatch
         self
       end
 
-      # Sets a flash that will not be available to the next action, only to the current.
+      # Sets a flash that will not be available to the next action, only to the
+      # current.
       #
       #     flash.now[:message] = "Hello current action"
       #
-      # This method enables you to use the flash as a central messaging system in your app.
-      # When you need to pass an object to the next action, you use the standard flash assign (<tt>[]=</tt>).
-      # When you need to pass an object to the current action, you use <tt>now</tt>, and your object will
-      # vanish when the current action is done.
+      # This method enables you to use the flash as a central messaging system in your
+      # app. When you need to pass an object to the next action, you use the standard
+      # flash assign (`[]=`). When you need to pass an object to the current action,
+      # you use `now`, and your object will vanish when the current action is done.
       #
-      # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>.
+      # Entries set via `now` are accessed the same way as standard entries:
+      # `flash['my-key']`.
       #
       # Also, brings two convenience accessors:
       #
-      #   flash.now.alert = "Beware now!"
-      #   # Equivalent to flash.now[:alert] = "Beware now!"
+      #     flash.now.alert = "Beware now!"
+      #     # Equivalent to flash.now[:alert] = "Beware now!"
       #
-      #   flash.now.notice = "Good luck now!"
-      #   # Equivalent to flash.now[:notice] = "Good luck now!"
+      #     flash.now.notice = "Good luck now!"
+      #     # Equivalent to flash.now[:notice] = "Good luck now!"
       def now
         @now ||= FlashNow.new(self)
       end
 
-      # Keeps either the entire current flash or a specific flash entry available for the next action:
+      # Keeps either the entire current flash or a specific flash entry available for
+      # the next action:
       #
-      #    flash.keep            # keeps the entire flash
-      #    flash.keep(:notice)   # keeps only the "notice" entry, the rest of the flash is discarded
+      #     flash.keep            # keeps the entire flash
+      #     flash.keep(:notice)   # keeps only the "notice" entry, the rest of the flash is discarded
       def keep(k = nil)
         k = k.to_s if k
         @discard.subtract Array(k || keys)
         k ? self[k] : self
       end
 
-      # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
+      # Marks the entire flash or a single flash entry to be discarded by the end of
+      # the current action:
       #
       #     flash.discard              # discard the entire flash at the end of the current action
       #     flash.discard(:warning)    # discard only the "warning" entry at the end of the current action
       #
-      # Use this method when you want to display the message in the current
-      # action but not in the next one. See also #delete.
+      # Use this method when you want to display the message in the current action but
+      # not in the next one. See also #delete.
       def discard(k = nil)
         k = k.to_s if k
         @discard.merge Array(k || keys)
@@ -258,28 +269,29 @@ module ActionDispatch
 
       # Mark for removal entries that were kept, and delete unkept ones.
       #
-      # This method is called automatically by filters, so you generally don't need to care about it.
+      # This method is called automatically by filters, so you generally don't need to
+      # care about it.
       def sweep # :nodoc:
         @discard.each { |k| @flashes.delete k }
         @discard.replace @flashes.keys
       end
 
-      # Convenience accessor for <tt>flash[:alert]</tt>.
+      # Convenience accessor for `flash[:alert]`.
       def alert
         self[:alert]
       end
 
-      # Convenience accessor for <tt>flash[:alert]=</tt>.
+      # Convenience accessor for `flash[:alert]=`.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for <tt>flash[:notice]</tt>.
+      # Convenience accessor for `flash[:notice]`.
       def notice
         self[:notice]
       end
 
-      # Convenience accessor for <tt>flash[:notice]=</tt>.
+      # Convenience accessor for `flash[:notice]=`.
       def notice=(message)
         self[:notice] = message
       end

data/lib/action_dispatch/middleware/host_authorization.rb

@@ -1,24 +1,26 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
-  # = Action Dispatch \HostAuthorization
+  # # Action Dispatch HostAuthorization
   #
-  # This middleware guards from DNS rebinding attacks by explicitly permitting
-  # the hosts a request can be sent to, and is passed the options set in
-  # +config.host_authorization+.
+  # This middleware guards from DNS rebinding attacks by explicitly permitting the
+  # hosts a request can be sent to, and is passed the options set in
+  # `config.host_authorization`.
   #
-  # Requests can opt-out of Host Authorization with +exclude+:
+  # Requests can opt-out of Host Authorization with `exclude`:
   #
-  #    config.host_authorization = { exclude: ->(request) { request.path =~ /healthcheck/ } }
+  #     config.host_authorization = { exclude: ->(request) { request.path =~ /healthcheck/ } }
   #
-  # When a request comes to an unauthorized host, the +response_app+
-  # application will be executed and rendered. If no +response_app+ is given, a
-  # default one will run.
-  # The default response app logs blocked host info with level 'error' and
-  # responds with <tt>403 Forbidden</tt>. The body of the response contains debug info
-  # if +config.consider_all_requests_local+ is set to true, otherwise the body is empty.
+  # When a request comes to an unauthorized host, the `response_app` application
+  # will be executed and rendered. If no `response_app` is given, a default one
+  # will run. The default response app logs blocked host info with level 'error'
+  # and responds with `403 Forbidden`. The body of the response contains debug
+  # info if `config.consider_all_requests_local` is set to true, otherwise the
+  # body is empty.
   class HostAuthorization
-    ALLOWED_HOSTS_IN_DEVELOPMENT = [".localhost", IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0")]
+    ALLOWED_HOSTS_IN_DEVELOPMENT = [".localhost", ".test", IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0")]
     PORT_REGEX = /(?::\d+)/ # :nodoc:
     SUBDOMAIN_REGEX = /(?:[a-z0-9-]+\.)/i # :nodoc:
     IPV4_HOSTNAME = /(?<host>\d+\.\d+\.\d+\.\d+)#{PORT_REGEX}?/ # :nodoc:
@@ -45,8 +47,8 @@ module ActionDispatch
             begin
               allowed === extract_hostname(host)
             rescue
-              # IPAddr#=== raises an error if you give it a hostname instead of
-              # IP. Treat similar errors as blocked access.
+              # IPAddr#=== raises an error if you give it a hostname instead of IP. Treat
+              # similar errors as blocked access.
               false
             end
           else

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -1,15 +1,17 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
-  # = Action Dispatch \PublicExceptions
+  # # Action Dispatch PublicExceptions
   #
   # When called, this middleware renders an error page. By default if an HTML
-  # response is expected it will render static error pages from the <tt>/public</tt>
+  # response is expected it will render static error pages from the `/public`
   # directory. For example when this middleware receives a 500 response it will
-  # render the template found in <tt>/public/500.html</tt>.
-  # If an internationalized locale is set, this middleware will attempt to render
-  # the template in <tt>/public/500.<locale>.html</tt>. If an internationalized template
-  # is not found it will fall back on <tt>/public/500.html</tt>.
+  # render the template found in `/public/500.html`. If an internationalized
+  # locale is set, this middleware will attempt to render the template in
+  # `/public/500.<locale>.html`. If an internationalized template is not found it
+  # will fall back on `/public/500.html`.
   #
   # When a request with a content type other than HTML is made, this middleware
   # will attempt to convert error information into the appropriate response type.
@@ -23,14 +25,14 @@ module ActionDispatch
     def call(env)
       request      = ActionDispatch::Request.new(env)
       status       = request.path_info[1..-1].to_i
-      begin
-        content_type = request.formats.first
-      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
-        content_type = Mime[:text]
-      end
+      content_type = request.formats.first
       body = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
-      render(status, content_type, body)
+      if env["action_dispatch.original_request_method"] == "HEAD"
+        render_format(status, content_type, "")
+      else
+        render(status, content_type, body)
+      end
     end
 
     private

data/lib/action_dispatch/middleware/reloader.rb

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
-  # = Action Dispatch \Reloader
+  # # Action Dispatch Reloader
   #
   # ActionDispatch::Reloader wraps the request with callbacks provided by
   # ActiveSupport::Reloader, intended to assist with code reloading during
   # development.
   #
-  # ActionDispatch::Reloader is included in the middleware stack only if
-  # reloading is enabled, which it is by the default in +development+ mode.
+  # ActionDispatch::Reloader is included in the middleware stack only if reloading
+  # is enabled, which it is by the default in `development` mode.
   class Reloader < Executor
   end
 end