actionpack 7.2.3 → 8.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e774a50c3ffb6c9c4f387e2bf3632992f1979e8b050cdd481e0ff41fc289f4d4
-  data.tar.gz: b433f1b952b2cca2850d40a668bbf4196a72dd1981ede7714348607cb79fadb1
+  metadata.gz: 1ba808f5ffd02a8121b8ec0cd96f7bf004fc2f05e4459c31cc8a02189325481c
+  data.tar.gz: a0396999d33b94532455bc8d4811cc586b8d25b0396c2ae72bdd622055c4ab34
 SHA512:
-  metadata.gz: 7c48de1742782bbad870035834911eb2bac273330d2d34317c2d670f02d762d9998f024491fe37e17b8628f4255844d66fec7522bb47e10668e0a775e160e6c4
-  data.tar.gz: d72cf3db810cc51bfca8ff37af293e22a4089838ec00fb8cc44dce15d77255937a7221a90b6fdd2dc38f01803abd42757641b5fb665d6c121111bf3e548022f4
+  metadata.gz: 2b91c87967cb5c30b48b55b46dbc2542cd8aceca3018d995a4fdebcba33f0ff0cbcdcf3c114d82326e3f2b57478a888c4fa2396169b4800f1c2fed9e27be5031
+  data.tar.gz: 70438647135541badfc1ecb2f0c07de0bc8823dc8c7c8b9b2daae8ab502a182a77b53d9bac0000409ef43c7c19e610b9cabe9fa43d306525fe33dc28466c524c

data/CHANGELOG.md

@@ -1,239 +1,514 @@
-## Rails 7.2.3 (October 28, 2025) ##
+## Rails 8.1.3 (March 24, 2026) ##
 
-*   Submit test requests using `as: :html` with `Content-Type: x-www-form-urlencoded`
+*   No changes.
 
-    *Sean Doyle*
 
-*   Address `rack 3.2` deprecations warnings.
+## Rails 8.1.2.1 (March 23, 2026) ##
 
-    ```
-    warning: Status code :unprocessable_entity is deprecated and will be removed in a future version of Rack.
-    Please use :unprocessable_content instead.
+*   No changes.
+
+
+## Rails 8.1.2 (January 08, 2026) ##
+
+*   Add `config.action_controller.live_streaming_excluded_keys` to control execution state sharing in ActionController::Live.
+
+    When using ActionController::Live, actions are executed in a separate thread that shares
+    state from the parent thread. This new configuration allows applications to opt-out specific
+    state keys that should not be shared.
+
+    This is useful when streaming inside a `connected_to` block, where you may want
+    the streaming thread to use its own database connection context.
+
+    ```ruby
+    # config/application.rb
+    config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]
     ```
 
-    Rails API will transparently convert one into the other for the forseable future.
+    By default, all keys are shared.
 
-    *Earlopain*, *Jean Boussier*
+    *Eileen M. Uchitelle*
 
-*   Always return empty body for HEAD requests in `PublicExceptions` and
-    `DebugExceptions`.
+*   Fix `IpSpoofAttackError` message to include `Forwarded` header content.
 
-    This is required by `Rack::Lint` (per RFC9110).
+    Without it, the error message may be misleading.
 
-    *Hartley McGuire*
+    *zzak*
 
-*   Fix `url_for` to handle `:path_params` gracefully when it's not a `Hash`.
 
-    Prevents various security scanners from causing exceptions.
+## Rails 8.1.1 (October 28, 2025) ##
 
-    *Martin Emde*
+*   Allow methods starting with underscore to be action methods.
 
-*   Fix `ActionDispatch::Executor` to unwrap exceptions like other error reporting middlewares.
+    Disallowing methods starting with an underscore from being action methods
+    was an unintended side effect of the performance optimization in
+    207a254.
 
-    *Jean Boussier*
+    Fixes #55985.
 
-*   Fix NoMethodError when a non-string CSRF token is passed through headers.
+    *Rafael Mendonça França*
 
-    *Ryan Heneise*
 
-*   Fix invalid response when rescuing `ActionController::Redirecting::UnsafeRedirectError` in a controller.
+## Rails 8.1.0 (October 22, 2025) ##
 
-    *Alex Ghiculescu*
+*   Submit test requests using `as: :html` with `Content-Type: x-www-form-urlencoded`
 
+    *Sean Doyle*
 
-## Rails 7.2.2.2 (August 13, 2025) ##
+*   Add link-local IP ranges to `ActionDispatch::RemoteIp` default proxies.
 
-*   No changes.
+    Link-local addresses (`169.254.0.0/16` for IPv4 and `fe80::/10` for IPv6)
+    are now included in the default trusted proxy list, similar to private IP ranges.
 
+    *Adam Daniels*
 
-## Rails 7.2.2.1 (December 10, 2024) ##
+*   `remote_ip` will no longer ignore IPs in X-Forwarded-For headers if they
+    are accompanied by port information.
 
-*   Add validation to content security policies to disallow spaces and semicolons.
-    Developers should use multiple arguments, and different directive methods instead.
+    *Duncan Brown*, *Prevenios Marinos*, *Masafumi Koba*, *Adam Daniels*
 
-    [CVE-2024-54133]
+*   Add `action_dispatch.verbose_redirect_logs` setting that logs where redirects were called from.
 
-    *Gannon McGibbon*
+    Similar to `active_record.verbose_query_logs` and `active_job.verbose_enqueue_logs`, this adds a line in your logs that shows where a redirect was called from.
 
+    Example:
 
-## Rails 7.2.2 (October 30, 2024) ##
+    ```
+    Redirected to http://localhost:3000/posts/1
+    ↳ app/controllers/posts_controller.rb:32:in `block (2 levels) in create'
+    ```
 
-*   Fix non-GET requests not updating cookies in `ActionController::TestCase`.
+    *Dennis Paagman*
 
-    *Jon Moss*, *Hartley McGuire*
+*   Add engine route filtering and better formatting in `bin/rails routes`.
 
+    Allow engine routes to be filterable in the routing inspector, and
+    improve formatting of engine routing output.
 
-## Rails 7.2.1.2 (October 23, 2024) ##
+    Before:
+    ```
+    > bin/rails routes -e engine_only
+    No routes were found for this grep pattern.
+    For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html.
+    ```
 
-*   No changes.
+    After:
+    ```
+    > bin/rails routes -e engine_only
+    Routes for application:
+    No routes were found for this grep pattern.
+    For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html.
+
+    Routes for Test::Engine:
+    Prefix Verb URI Pattern       Controller#Action
+    engine GET  /engine_only(.:format) a#b
+    ```
 
+    *Dennis Paagman*, *Gannon McGibbon*
 
-## Rails 7.2.1.1 (October 15, 2024) ##
+*   Add structured events for Action Pack and Action Dispatch:
+    - `action_dispatch.redirect`
+    - `action_controller.request_started`
+    - `action_controller.request_completed`
+    - `action_controller.callback_halted`
+    - `action_controller.rescue_from_handled`
+    - `action_controller.file_sent`
+    - `action_controller.redirected`
+    - `action_controller.data_sent`
+    - `action_controller.unpermitted_parameters`
+    - `action_controller.fragment_cache`
 
-*   Avoid regex backtracking in HTTP Token authentication
+    *Adrianna Chang*
 
-    [CVE-2024-47887]
+*   URL helpers for engines mounted at the application root handle `SCRIPT_NAME` correctly.
 
-    *John Hawthorn*
+    Fixed an issue where `SCRIPT_NAME` is not applied to paths generated for routes in an engine
+    mounted at "/".
 
-*   Avoid regex backtracking in query parameter filtering
+    *Mike Dalessio*
 
-    [CVE-2024-41128]
+*   Update `ActionController::Metal::RateLimiting` to support passing method names to `:by` and `:with`
 
-    *John Hawthorn*
+    ```ruby
+    class SignupsController < ApplicationController
+      rate_limit to: 10, within: 1.minute, with: :redirect_with_flash
 
+      private
+        def redirect_with_flash
+          redirect_to root_url, alert: "Too many requests!"
+        end
+    end
+    ```
 
-## Rails 7.2.1 (August 22, 2024) ##
+    *Sean Doyle*
 
-*   Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`.
+*   Optimize `ActionDispatch::Http::URL.build_host_url` when protocol is included in host.
 
-    *Hartley McGuire*
+    When using URL helpers with a host that includes the protocol (e.g., `{ host: "https://example.com" }`),
+    skip unnecessary protocol normalization and string duplication since the extracted protocol is already
+    in the correct format. This eliminates 2 string allocations per URL generation and provides a ~10%
+    performance improvement for this case.
 
+    *Joshua Young*, *Hartley McGuire*
 
-## Rails 7.2.0 (August 09, 2024) ##
+*   Allow `action_controller.logger` to be disabled by setting it to `nil` or `false` instead of always defaulting to `Rails.logger`.
 
-*   Allow bots to ignore `allow_browser`.
+    *Roberto Miranda*
 
-    *Matthew Nguyen*
+*   Remove deprecated support to a route to multiple paths.
 
-*   Include the HTTP Permissions-Policy on non-HTML Content-Types
-    [CVE-2024-28103]
+    *Rafael Mendonça França*
 
-    *Aaron Patterson*, *Zack Deveau*
+*   Remove deprecated support for using semicolons as a query string separator.
 
-*   Fix `Mime::Type.parse` handling type parameters for HTTP Accept headers.
+    Before:
 
-    *Taylor Chaparro*
+    ```ruby
+    ActionDispatch::QueryParser.each_pair("foo=bar;baz=quux").to_a
+    # => [["foo", "bar"], ["baz", "quux"]]
+    ```
 
-*   Fix the error page that is displayed when a view template is missing to account for nested controller paths in the
-    suggested correct location for the missing template.
+    After:
 
-    *Joshua Young*
+    ```ruby
+    ActionDispatch::QueryParser.each_pair("foo=bar;baz=quux").to_a
+    # => [["foo", "bar;baz=quux"]]
+    ```
+
+    *Rafael Mendonça França*
+
+*   Remove deprecated support to skipping over leading brackets in parameter names in the parameter parser.
 
-*   Add `save_and_open_page` helper to `IntegrationTest`.
+    Before:
 
-    `save_and_open_page` is a helpful helper to keep a short feedback loop when working on system tests.
-    A similar helper with matching signature has been added to integration tests.
+    ```ruby
+    ActionDispatch::ParamBuilder.from_query_string("[foo]=bar") # => { "foo" => "bar" }
+    ActionDispatch::ParamBuilder.from_query_string("[foo][bar]=baz") # => { "foo" => { "bar" => "baz" } }
+    ```
+
+    After:
 
-    *Joé Dupuis*
+    ```ruby
+    ActionDispatch::ParamBuilder.from_query_string("[foo]=bar") # => { "[foo]" => "bar" }
+    ActionDispatch::ParamBuilder.from_query_string("[foo][bar]=baz") # => { "[foo]" => { "bar" => "baz" } }
+    ```
+
+    *Rafael Mendonça França*
+
+*   Deprecate `Rails.application.config.action_dispatch.ignore_leading_brackets`.
+
+    *Rafael Mendonça França*
+
+*   Raise `ActionController::TooManyRequests` error from `ActionController::RateLimiting`
+
+    Requests that exceed the rate limit raise an `ActionController::TooManyRequests` error.
+    By default, Action Dispatch rescues the error and responds with a `429 Too Many Requests` status.
+
+    *Sean Doyle*
 
-*   Fix a regression in 7.1.3 passing a `to:` option without a controller when the controller is already defined by a scope.
+*   Add .md/.markdown as Markdown extensions and add a default `markdown:` renderer:
 
     ```ruby
-    Rails.application.routes.draw do
-      controller :home do
-        get "recent", to: "recent_posts"
+    class Page
+      def to_markdown
+        body
+      end
+    end
+
+    class PagesController < ActionController::Base
+      def show
+        @page = Page.find(params[:id])
+
+        respond_to do |format|
+          format.html
+          format.md { render markdown: @page }
+        end
       end
     end
     ```
 
-    *Étienne Barrié*
+    *DHH*
+
+*   Add headers to engine routes inspection command
 
-*   Request Forgery takes relative paths into account.
+    *Petrik de Heus*
 
-    *Stefan Wienert*
+*   Add "Copy as text" button to error pages
 
-*   Add ".test" as a default allowed host in development to ensure smooth golden-path setup with puma.dev.
+    *Mikkel Malmberg*
 
-    *DHH*
+*   Add `scope:` option to `rate_limit` method.
 
-*   Add `allow_browser` to set minimum browser versions for the application.
+    Previously, it was not possible to share a rate limit count between several controllers, since the count was by
+    default separate for each controller.
 
-    A browser that's blocked will by default be served the file in `public/406-unsupported-browser.html` with a HTTP status code of "406 Not Acceptable".
+    Now, the `scope:` option solves this problem.
 
     ```ruby
-    class ApplicationController < ActionController::Base
-      # Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has
-      allow_browser versions: :modern
+    class APIController < ActionController::API
+      rate_limit to: 2, within: 2.seconds, scope: "api"
     end
 
-    class ApplicationController < ActionController::Base
-      # All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+.
-      allow_browser versions: { safari: 16.4, firefox: 121, ie: false }
+    class API::PostsController < APIController
+      # ...
     end
 
-    class MessagesController < ApplicationController
-      # In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action.
-      allow_browser versions: { opera: 104, chrome: 119 }, only: :show
+    class API::UsersController < APIController
+      # ...
     end
     ```
 
-    *DHH*
+    *ArthurPV*, *Kamil Hanus*
+
+*   Add support for `rack.response_finished` callbacks in ActionDispatch::Executor.
+
+    The executor middleware now supports deferring completion callbacks to later
+    in the request lifecycle by utilizing Rack's `rack.response_finished` mechanism,
+    when available. This enables applications to define `rack.response_finished` callbacks
+    that may rely on state that would be cleaned up by the executor's completion callbacks.
+
+    *Adrianna Chang*, *Hartley McGuire*
+
+*   Produce a log when `rescue_from` is invoked.
+
+    *Steven Webb*, *Jean Boussier*
+
+*   Allow hosts redirects from `hosts` Rails configuration
+
+    ```ruby
+    config.action_controller.allowed_redirect_hosts << "example.com"
+    ```
+
+    *Kevin Robatel*
+
+*   `rate_limit.action_controller` notification has additional payload
 
-*   Add rate limiting API.
+    additional values: count, to, within, by, name, cache_key
+
+    *Jonathan Rochkind*
+
+*   Add JSON support to the built-in health controller.
+
+    The health controller now responds to JSON requests with a structured response
+    containing status and timestamp information. This makes it easier for monitoring
+    tools and load balancers to consume health check data programmatically.
+
+    ```ruby
+    # /up.json
+    {
+      "status": "up",
+      "timestamp": "2025-09-19T12:00:00Z"
+    }
+    ```
+
+    *Francesco Loreti*, *Juan Vásquez*
+
+*   Allow to open source file with a crash from the browser.
+
+    *Igor Kasyanchuk*
+
+*   Always check query string keys for valid encoding just like values are checked.
+
+    *Casper Smits*
+
+*   Always return empty body for HEAD requests in `PublicExceptions` and
+    `DebugExceptions`.
+
+    This is required by `Rack::Lint` (per RFC9110).
+
+    *Hartley McGuire*
+
+*   Add comprehensive support for HTTP Cache-Control request directives according to RFC 9111.
+
+    Provides a `request.cache_control_directives` object that gives access to request cache directives:
 
     ```ruby
-    class SessionsController < ApplicationController
-      rate_limit to: 10, within: 3.minutes, only: :create
+    # Boolean directives
+    request.cache_control_directives.only_if_cached?  # => true/false
+    request.cache_control_directives.no_cache?        # => true/false
+    request.cache_control_directives.no_store?        # => true/false
+    request.cache_control_directives.no_transform?    # => true/false
+
+    # Value directives
+    request.cache_control_directives.max_age          # => integer or nil
+    request.cache_control_directives.max_stale        # => integer or nil (or true for valueless max-stale)
+    request.cache_control_directives.min_fresh        # => integer or nil
+    request.cache_control_directives.stale_if_error   # => integer or nil
+
+    # Special helpers for max-stale
+    request.cache_control_directives.max_stale?         # => true if max-stale present (with or without value)
+    request.cache_control_directives.max_stale_unlimited? # => true only for valueless max-stale
+    ```
+
+    Example usage:
+
+    ```ruby
+    def show
+      if request.cache_control_directives.only_if_cached?
+        @article = Article.find_cached(params[:id])
+        return head(:gateway_timeout) if @article.nil?
+      else
+        @article = Article.find(params[:id])
+      end
+
+      render :show
     end
+    ```
 
-    class SignupsController < ApplicationController
-      rate_limit to: 1000, within: 10.seconds,
-        by: -> { request.domain }, with: -> { redirect_to busy_controller_url, alert: "Too many signups!" }, only: :new
+    *egg528*
+
+*   Add assert_in_body/assert_not_in_body as the simplest way to check if a piece of text is in the response body.
+
+    *DHH*
+
+*   Include cookie name when calculating maximum allowed size.
+
+    *Hartley McGuire*
+
+*   Implement `must-understand` directive according to RFC 9111.
+
+    The `must-understand` directive indicates that a cache must understand the semantics of the response status code, or discard the response. This directive is enforced to be used only with `no-store` to ensure proper cache behavior.
+
+    ```ruby
+    class ArticlesController < ApplicationController
+      def show
+        @article = Article.find(params[:id])
+
+        if @article.special_format?
+          must_understand
+          render status: 203 # Non-Authoritative Information
+        else
+          fresh_when @article
+        end
+      end
     end
     ```
 
-    *DHH*, *Jean Boussier*
+    *heka1024*
 
-*   Add `image/svg+xml` to the compressible content types of `ActionDispatch::Static`.
+*   The JSON renderer doesn't escape HTML entities or Unicode line separators anymore.
 
-    *Georg Ledermann*
+    Using `render json:` will no longer escape `<`, `>`, `&`, `U+2028` and `U+2029` characters that can cause errors
+    when the resulting JSON is embedded in JavaScript, or vulnerabilities when the resulting JSON is embedded in HTML.
 
-*   Add instrumentation for `ActionController::Live#send_stream`.
+    Since the renderer is used to return a JSON document as `application/json`, it's typically not necessary to escape
+    those characters, and it improves performance.
 
-    Allows subscribing to `send_stream` events. The event payload contains the filename, disposition, and type.
+    Escaping will still occur when the `:callback` option is set, since the JSON is used as JavaScript code in this
+    situation (JSONP).
 
-    *Hannah Ramadan*
+    You can use the `:escape` option or set `config.action_controller.escape_json_responses` to `true` to restore the
+    escaping behavior.
 
-*   Add support for `with_routing` test helper in `ActionDispatch::IntegrationTest`.
+    ```ruby
+    class PostsController < ApplicationController
+      def index
+        render json: Post.last(30), escape: true
+      end
+    end
+    ```
+
+    *Étienne Barrié*, *Jean Boussier*
+
+*   Load lazy route sets before inserting test routes
+
+    Without loading lazy route sets early, we miss `after_routes_loaded` callbacks, or risk
+    invoking them with the test routes instead of the real ones if another load is triggered by an engine.
 
     *Gannon McGibbon*
 
-*   Remove deprecated support to set `Rails.application.config.action_dispatch.show_exceptions` to `true` and `false`.
+*   Raise `AbstractController::DoubleRenderError` if `head` is called after rendering.
 
-    *Rafael Mendonça França*
+    After this change, invoking `head` will lead to an error if response body is already set:
 
-*   Remove deprecated `speaker`, `vibrate`, and `vr` permissions policy directives.
+    ```ruby
+    class PostController < ApplicationController
+      def index
+        render locals: {}
+        head :ok
+      end
+    end
+    ```
 
-    *Rafael Mendonça França*
+    *Iaroslav Kurbatov*
 
-*   Remove deprecated `Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type`.
+*   The Cookie Serializer can now serialize an Active Support SafeBuffer when using message pack.
 
-    *Rafael Mendonça França*
+    Such code would previously produce an error if an application was using messagepack as its cookie serializer.
 
-*   Deprecate `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
+    ```ruby
+    class PostController < ApplicationController
+      def index
+        flash.notice = t(:hello_html) # This would try to serialize a SafeBuffer, which was not possible.
+      end
+    end
+    ```
 
-    *Rafael Mendonça França*
+    *Edouard Chin*
 
-*   Remove deprecated comparison between `ActionController::Parameters` and `Hash`.
+*   Fix `Rails.application.reload_routes!` from clearing almost all routes.
 
-    *Rafael Mendonça França*
+    When calling `Rails.application.reload_routes!` inside a middleware of
+    a Rake task, it was possible under certain conditions that all routes would be cleared.
+    If ran inside a middleware, this would result in getting a 404 on most page you visit.
+    This issue was only happening in development.
 
-*   Remove deprecated constant `AbstractController::Helpers::MissingHelperError`.
+    *Edouard Chin*
 
-    *Rafael Mendonça França*
+*   Add resource name to the `ArgumentError` that's raised when invalid `:only` or `:except` options are given to `#resource` or `#resources`
+
+    This makes it easier to locate the source of the problem, especially for routes drawn by gems.
 
-*   Fix a race condition that could cause a `Text file busy - chromedriver`
-    error with parallel system tests.
+    Before:
+    ```
+    :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+    ```
 
-    *Matt Brictson*
+    After:
+    ```
+    Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+    ```
 
-*   Add `racc` as a dependency since it will become a bundled gem in Ruby 3.4.0
+    *Jeremy Green*
 
-    *Hartley McGuire*
-*   Remove deprecated constant `ActionDispatch::IllegalStateError`.
+*   A route pointing to a non-existing controller now returns a 500 instead of a 404.
 
-    *Rafael Mendonça França*
+    A controller not existing isn't a routing error that should result
+    in a 404, but a programming error that should result in a 500 and
+    be reported.
 
-*   Add parameter filter capability for redirect locations.
+    Until recently, this was hard to untangle because of the support
+    for dynamic `:controller` segment in routes, but since this is
+    deprecated and will be removed in Rails 8.1, we can now easily
+    not consider missing controllers as routing errors.
 
-    It uses the `config.filter_parameters` to match what needs to be filtered.
-    The result would be like this:
+    *Jean Boussier*
 
-        Redirected to http://secret.foo.bar?username=roque&password=[FILTERED]
+*   Add `check_collisions` option to `ActionDispatch::Session::CacheStore`.
 
-    Fixes #14055.
+    Newly generated session ids use 128 bits of randomness, which is more than
+    enough to ensure collisions can't happen, but if you need to harden sessions
+    even more, you can enable this option to check in the session store that the id
+    is indeed free you can enable that option. This however incurs an extra write
+    on session creation.
+
+    *Shia*
+
+*   In ExceptionWrapper, match backtrace lines with built templates more often,
+    allowing improved highlighting of errors within do-end blocks in templates.
+    Fix for Ruby 3.4 to match new method labels in backtrace.
+
+    *Martin Emde*
+
+*   Allow setting content type with a symbol of the Mime type.
+
+    ```ruby
+    # Before
+    response.content_type = "text/html"
+
+    # After
+    response.content_type = :html
+    ```
 
-    *Roque Pinel*, *Trevor Turk*, *tonytonyjan*
+    *Petrik de Heus*
 
-Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionpack/CHANGELOG.md) for previous changes.
+Please check [8-0-stable](https://github.com/rails/rails/blob/8-0-stable/actionpack/CHANGELOG.md) for previous changes.

data/lib/abstract_controller/asset_paths.rb

@@ -7,8 +7,10 @@ module AbstractController
     extend ActiveSupport::Concern
 
     included do
-      config_accessor :asset_host, :assets_dir, :javascripts_dir,
-        :stylesheets_dir, :default_asset_host_protocol, :relative_url_root
+      singleton_class.delegate :asset_host, :asset_host=, :assets_dir, :assets_dir=, :javascripts_dir, :javascripts_dir=,
+        :stylesheets_dir, :stylesheets_dir=, :default_asset_host_protocol, :default_asset_host_protocol=, :relative_url_root, :relative_url_root=, to: :config
+      delegate :asset_host, :asset_host=, :assets_dir, :assets_dir=, :javascripts_dir, :javascripts_dir=,
+        :stylesheets_dir, :stylesheets_dir=, :default_asset_host_protocol, :default_asset_host_protocol=, :relative_url_root, :relative_url_root=, to: :config
     end
   end
 end