actionpack 8.0.4 → 8.1.0.beta1

data/lib/action_dispatch/http/cache.rb

@@ -63,6 +63,114 @@ module ActionDispatch
             success
           end
         end
+
+        def cache_control_directives
+          @cache_control_directives ||= CacheControlDirectives.new(get_header("HTTP_CACHE_CONTROL"))
+        end
+
+        # Represents the HTTP Cache-Control header for requests,
+        # providing methods to access various cache control directives
+        # Reference: https://www.rfc-editor.org/rfc/rfc9111.html#name-request-directives
+        class CacheControlDirectives
+          def initialize(cache_control_header)
+            @only_if_cached = false
+            @no_cache = false
+            @no_store = false
+            @no_transform = false
+            @max_age = nil
+            @max_stale = nil
+            @min_fresh = nil
+            @stale_if_error = false
+            parse_directives(cache_control_header)
+          end
+
+          # Returns true if the only-if-cached directive is present.
+          # This directive indicates that the client only wishes to obtain a
+          # stored response. If a valid stored response is not available,
+          # the server should respond with a 504 (Gateway Timeout) status.
+          def only_if_cached?
+            @only_if_cached
+          end
+
+          # Returns true if the no-cache directive is present.
+          # This directive indicates that a cache must not use the response
+          # to satisfy subsequent requests without successful validation on the origin server.
+          def no_cache?
+            @no_cache
+          end
+
+          # Returns true if the no-store directive is present.
+          # This directive indicates that a cache must not store any part of the
+          # request or response.
+          def no_store?
+            @no_store
+          end
+
+          # Returns true if the no-transform directive is present.
+          # This directive indicates that a cache or proxy must not transform the payload.
+          def no_transform?
+            @no_transform
+          end
+
+          # Returns the value of the max-age directive.
+          # This directive indicates that the client is willing to accept a response
+          # whose age is no greater than the specified number of seconds.
+          attr_reader :max_age
+
+          # Returns the value of the max-stale directive.
+          # When max-stale is present with a value, returns that integer value.
+          # When max-stale is present without a value, returns true (unlimited staleness).
+          # When max-stale is not present, returns nil.
+          attr_reader :max_stale
+
+          # Returns true if max-stale directive is present (with or without a value)
+          def max_stale?
+            !@max_stale.nil?
+          end
+
+          # Returns true if max-stale directive is present without a value (unlimited staleness)
+          def max_stale_unlimited?
+            @max_stale == true
+          end
+
+          # Returns the value of the min-fresh directive.
+          # This directive indicates that the client is willing to accept a response
+          # whose freshness lifetime is no less than its current age plus the specified time in seconds.
+          attr_reader :min_fresh
+
+          # Returns the value of the stale-if-error directive.
+          # This directive indicates that the client is willing to accept a stale response
+          # if the check for a fresh one fails with an error for the specified number of seconds.
+          attr_reader :stale_if_error
+
+          private
+            def parse_directives(header_value)
+              return unless header_value
+
+              header_value.delete(" ").downcase.split(",").each do |directive|
+                name, value = directive.split("=", 2)
+
+                case name
+                when "max-age"
+                  @max_age = value.to_i
+                when "min-fresh"
+                  @min_fresh = value.to_i
+                when "stale-if-error"
+                  @stale_if_error = value.to_i
+                when "no-cache"
+                  @no_cache = true
+                when "no-store"
+                  @no_store = true
+                when "no-transform"
+                  @no_transform = true
+                when "only-if-cached"
+                  @only_if_cached = true
+                when "max-stale"
+                  @max_stale = value ? value.to_i : true
+                end
+              end
+            end
+        end
       end
 
       module Response
@@ -142,7 +250,7 @@ module ActionDispatch
       private
         DATE          = "Date"
         LAST_MODIFIED = "Last-Modified"
-        SPECIAL_KEYS  = Set.new(%w[extras no-store no-cache max-age public private must-revalidate])
+        SPECIAL_KEYS  = Set.new(%w[extras no-store no-cache max-age public private must-revalidate must-understand])
 
         def generate_weak_etag(validators)
           "W/#{generate_strong_etag(validators)}"
@@ -187,6 +295,7 @@ module ActionDispatch
         PRIVATE               = "private"
         MUST_REVALIDATE       = "must-revalidate"
         IMMUTABLE             = "immutable"
+        MUST_UNDERSTAND       = "must-understand"
 
         def handle_conditional_get!
           # Normally default cache control setting is handled by ETag middleware. But, if
@@ -221,6 +330,7 @@ module ActionDispatch
 
           if control[:no_store]
             options << PRIVATE if control[:private]
+            options << MUST_UNDERSTAND if control[:must_understand]
             options << NO_STORE
           elsif control[:no_cache]
             options << PUBLIC if control[:public]

data/lib/action_dispatch/http/filter_parameters.rb

@@ -17,9 +17,11 @@ module ActionDispatch
     # For more information about filter behavior, see
     # ActiveSupport::ParameterFilter.
     module FilterParameters
-      ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"] # :nodoc:
-      NULL_PARAM_FILTER = ActiveSupport::ParameterFilter.new # :nodoc:
-      NULL_ENV_FILTER   = ActiveSupport::ParameterFilter.new ENV_MATCH # :nodoc:
+      # :stopdoc:
+      ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"]
+      NULL_PARAM_FILTER = ActiveSupport::ParameterFilter.new
+      NULL_ENV_FILTER   = ActiveSupport::ParameterFilter.new ENV_MATCH
+      # :startdoc:
 
       def initialize
         super

data/lib/action_dispatch/http/mime_types.rb

@@ -13,6 +13,7 @@ Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
 Mime::Type.register "text/vcard", :vcf
 Mime::Type.register "text/vtt", :vtt, %w(vtt)
+Mime::Type.register "text/markdown", :md, [], %w(md markdown)
 
 Mime::Type.register "image/png", :png, [], %w(png)
 Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)

data/lib/action_dispatch/http/param_builder.rb

@@ -16,15 +16,27 @@ module ActionDispatch
       @param_depth_limit = param_depth_limit
     end
 
-    cattr_accessor :ignore_leading_brackets
-
-    LEADING_BRACKETS_COMPAT = defined?(::Rack::RELEASE) && ::Rack::RELEASE.to_s.start_with?("2.")
-
     cattr_accessor :default
     self.default = make_default(100)
 
     class << self
       delegate :from_query_string, :from_pairs, :from_hash, to: :default
+
+      def ignore_leading_brackets
+        ActionDispatch.deprecator.warn <<~MSG
+          ActionDispatch::ParamBuilder.ignore_leading_brackets is deprecated and have no effect and will be removed in Rails 8.2.
+        MSG
+
+        @ignore_leading_brackets
+      end
+
+      def ignore_leading_brackets=(value)
+        ActionDispatch.deprecator.warn <<~MSG
+          ActionDispatch::ParamBuilder.ignore_leading_brackets is deprecated and have no effect and will be removed in Rails 8.2.
+        MSG
+
+        @ignore_leading_brackets = value
+      end
     end
 
     def from_query_string(qs, separator: nil, encoding_template: nil)
@@ -69,30 +81,15 @@ module ActionDispatch
           # nil name, treat same as empty string (required by tests)
           k = after = ""
         elsif depth == 0
-          if ignore_leading_brackets || (ignore_leading_brackets.nil? && LEADING_BRACKETS_COMPAT)
-            # Rack 2 compatible behavior, ignore leading brackets
-            if name =~ /\A[\[\]]*([^\[\]]+)\]*/
-              k = $1
-              after = $' || ""
-
-              if !ignore_leading_brackets && (k != $& || !after.empty? && !after.start_with?("["))
-                ActionDispatch.deprecator.warn("Skipping over leading brackets in parameter name #{name.inspect} is deprecated and will parse differently in Rails 8.1 or Rack 3.0.")
-              end
-            else
-              k = name
-              after = ""
-            end
+          # Start of parsing, don't treat [] or [ at start of string specially
+          if start = name.index("[", 1)
+            # Start of parameter nesting, use part before brackets as key
+            k = name[0, start]
+            after = name[start, name.length]
           else
-            # Start of parsing, don't treat [] or [ at start of string specially
-            if start = name.index("[", 1)
-              # Start of parameter nesting, use part before brackets as key
-              k = name[0, start]
-              after = name[start, name.length]
-            else
-              # Plain parameter with no nesting
-              k = name
-              after = ""
-            end
+            # Plain parameter with no nesting
+            k = name
+            after = ""
           end
         elsif name.start_with?("[]")
           # Array nesting
@@ -111,6 +108,10 @@ module ActionDispatch
 
         return if k.empty?
 
+        unless k.valid_encoding?
+          raise InvalidParameterError, "Invalid encoding for parameter: #{k}"
+        end
+
         if depth == 0 && String === v
           # We have to wait until we've found the top part of the name,
           # because that's what the encoding template is configured with

data/lib/action_dispatch/http/parameters.rb

@@ -65,14 +65,14 @@ module ActionDispatch
       alias :params :parameters
 
       def path_parameters=(parameters) # :nodoc:
-        delete_header("action_dispatch.request.parameters")
+        @env.delete("action_dispatch.request.parameters")
 
         parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
         # If any of the path parameters has an invalid encoding then raise since it's
         # likely to trigger errors further on.
         Request::Utils.check_param_encoding(parameters)
 
-        set_header PARAMETERS_KEY, parameters
+        @env[PARAMETERS_KEY] = parameters
       rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
         raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
       end
@@ -82,7 +82,7 @@ module ActionDispatch
       #
       #     { action: "my_action", controller: "my_controller" }
       def path_parameters
-        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
+        @env[PARAMETERS_KEY] ||= {}
       end
 
       private

data/lib/action_dispatch/http/permissions_policy.rb

@@ -186,4 +186,8 @@ module ActionDispatch # :nodoc:
         end
       end
   end
+
+  ActiveSupport.on_load(:action_dispatch_request) do
+    include ActionDispatch::PermissionsPolicy::Request
+  end
 end

data/lib/action_dispatch/http/query_parser.rb

@@ -6,12 +6,21 @@ require "rack"
 module ActionDispatch
   class QueryParser
     DEFAULT_SEP = /& */n
-    COMPAT_SEP = /[&;] */n
     COMMON_SEP = { ";" => /; */n, ";," => /[;,] */n, "&" => /& */n, "&;" => /[&;] */n }
 
-    cattr_accessor :strict_query_string_separator
+    def self.strict_query_string_separator
+      ActionDispatch.deprecator.warn <<~MSG
+        The `strict_query_string_separator` configuration is deprecated have no effect and will be removed in Rails 8.2.
+      MSG
+      @strict_query_string_separator
+    end
 
-    SEMICOLON_COMPAT = defined?(::Rack::QueryParser::DEFAULT_SEP) && ::Rack::QueryParser::DEFAULT_SEP.to_s.include?(";")
+    def self.strict_query_string_separator=(value)
+      ActionDispatch.deprecator.warn <<~MSG
+        The `strict_query_string_separator` configuration is deprecated have no effect and will be removed in Rails 8.2.
+      MSG
+      @strict_query_string_separator = value
+    end
 
     #--
     # Note this departs from WHATWG's specified parsing algorithm by
@@ -25,13 +34,6 @@ module ActionDispatch
       splitter =
         if separator
           COMMON_SEP[separator] || /[#{separator}] */n
-        elsif strict_query_string_separator
-          DEFAULT_SEP
-        elsif SEMICOLON_COMPAT && s.include?(";")
-          if strict_query_string_separator.nil?
-            ActionDispatch.deprecator.warn("Using semicolon as a query string separator is deprecated and will not be supported in Rails 8.1 or Rack 3.0. Use `&` instead.")
-          end
-          COMPAT_SEP
         else
           DEFAULT_SEP
         end

data/lib/action_dispatch/http/request.rb

@@ -25,7 +25,6 @@ module ActionDispatch
     include ActionDispatch::Http::FilterParameters
     include ActionDispatch::Http::URL
     include ActionDispatch::ContentSecurityPolicy::Request
-    include ActionDispatch::PermissionsPolicy::Request
     include Rack::Request::Env
 
     autoload :Session, "action_dispatch/request/session"
@@ -139,7 +138,7 @@ module ActionDispatch
 
     # Populate the HTTP method lookup cache.
     HTTP_METHODS.each { |method|
-      HTTP_METHOD_LOOKUP[method] = method.downcase.underscore.to_sym
+      HTTP_METHOD_LOOKUP[method] = method.downcase.tap { |m| m.tr!("-", "_") }.to_sym
     }
 
     alias raw_request_method request_method # :nodoc:
@@ -158,11 +157,17 @@ module ActionDispatch
     #
     #     request.route_uri_pattern # => "/:controller(/:action(/:id))(.:format)"
     def route_uri_pattern
-      get_header("action_dispatch.route_uri_pattern")
+      unless pattern = get_header("action_dispatch.route_uri_pattern")
+        route = get_header("action_dispatch.route")
+        return if route.nil?
+        pattern = route.path.spec.to_s
+        set_header("action_dispatch.route_uri_pattern", pattern)
+      end
+      pattern
     end
 
-    def route_uri_pattern=(pattern) # :nodoc:
-      set_header("action_dispatch.route_uri_pattern", pattern)
+    def route=(route) # :nodoc:
+      @env["action_dispatch.route"] = route
     end
 
     def routes # :nodoc:

data/lib/action_dispatch/http/response.rb

@@ -277,14 +277,27 @@ module ActionDispatch # :nodoc:
     # Sets the HTTP response's content MIME type. For example, in the controller you
     # could write this:
     #
-    #     response.content_type = "text/plain"
+    #     response.content_type = "text/html"
+    #
+    # This method also accepts a symbol with the extension of the MIME type:
+    #
+    #     response.content_type = :html
     #
     # If a character set has been defined for this response (see #charset=) then the
     # character set information will also be included in the content type
     # information.
     def content_type=(content_type)
-      return unless content_type
-      new_header_info = parse_content_type(content_type.to_s)
+      case content_type
+      when NilClass
+        return
+      when Symbol
+        mime_type = Mime[content_type]
+        raise ArgumentError, "Unknown MIME type #{content_type}" unless mime_type
+        new_header_info = ContentTypeHeader.new(mime_type.to_s)
+      else
+        new_header_info = parse_content_type(content_type.to_s)
+      end
+
       prev_header_info = parsed_content_type_header
       charset = new_header_info.charset || prev_header_info.charset
       charset ||= self.class.default_charset unless prev_header_info.mime_type

data/lib/action_dispatch/http/url.rb

@@ -11,8 +11,105 @@ module ActionDispatch
       HOST_REGEXP     = /(^[^:]+:\/\/)?(\[[^\]]+\]|[^:]+)(?::(\d+$))?/
       PROTOCOL_REGEXP = /^([^:]+)(:)?(\/\/)?$/
 
+      # DomainExtractor provides utility methods for extracting domain and subdomain
+      # information from host strings. This module is used internally by Action Dispatch
+      # to parse host names and separate the domain from subdomains based on the
+      # top-level domain (TLD) length.
+      #
+      # The module assumes a standard domain structure where domains consist of:
+      # - Subdomains (optional, can be multiple levels)
+      # - Domain name
+      # - Top-level domain (TLD, can be multiple levels like .co.uk)
+      #
+      # For example, in "api.staging.example.co.uk":
+      # - Subdomains: ["api", "staging"]
+      # - Domain: "example.co.uk" (with tld_length=2)
+      # - TLD: "co.uk"
+      module DomainExtractor
+        extend self
+
+        # Extracts the domain part from a host string, including the specified
+        # number of top-level domain components.
+        #
+        # The domain includes the main domain name plus the TLD components.
+        # The +tld_length+ parameter specifies how many components from the right
+        # should be considered part of the TLD.
+        #
+        # ==== Parameters
+        #
+        # [+host+]
+        #   The host string to extract the domain from.
+        #
+        # [+tld_length+]
+        #   The number of domain components that make up the TLD. For example,
+        #   use 1 for ".com" or 2 for ".co.uk".
+        #
+        # ==== Examples
+        #
+        #   # Standard TLD (tld_length = 1)
+        #   DomainExtractor.domain_from("www.example.com", 1)
+        #   # => "example.com"
+        #
+        #   # Country-code TLD (tld_length = 2)
+        #   DomainExtractor.domain_from("www.example.co.uk", 2)
+        #   # => "example.co.uk"
+        #
+        #   # Multiple subdomains
+        #   DomainExtractor.domain_from("api.staging.myapp.herokuapp.com", 1)
+        #   # => "herokuapp.com"
+        #
+        #   # Single component (returns the host itself)
+        #   DomainExtractor.domain_from("localhost", 1)
+        #   # => "localhost"
+        def domain_from(host, tld_length)
+          host.split(".").last(1 + tld_length).join(".")
+        end
+
+        # Extracts the subdomain components from a host string as an Array.
+        #
+        # Returns all the components that come before the domain and TLD parts.
+        # The +tld_length+ parameter is used to determine where the domain begins
+        # so that everything before it is considered a subdomain.
+        #
+        # ==== Parameters
+        #
+        # [+host+]
+        #   The host string to extract subdomains from.
+        #
+        # [+tld_length+]
+        #   The number of domain components that make up the TLD. This affects
+        #   where the domain boundary is calculated.
+        #
+        # ==== Examples
+        #
+        #   # Standard TLD (tld_length = 1)
+        #   DomainExtractor.subdomains_from("www.example.com", 1)
+        #   # => ["www"]
+        #
+        #   # Country-code TLD (tld_length = 2)
+        #   DomainExtractor.subdomains_from("api.staging.example.co.uk", 2)
+        #   # => ["api", "staging"]
+        #
+        #   # No subdomains
+        #   DomainExtractor.subdomains_from("example.com", 1)
+        #   # => []
+        #
+        #   # Single subdomain with complex TLD
+        #   DomainExtractor.subdomains_from("www.mysite.co.uk", 2)
+        #   # => ["www"]
+        #
+        #   # Multiple levels of subdomains
+        #   DomainExtractor.subdomains_from("dev.api.staging.example.com", 1)
+        #   # => ["dev", "api", "staging"]
+        def subdomains_from(host, tld_length)
+          parts = host.split(".")
+          parts[0..-(tld_length + 2)]
+        end
+      end
+
       mattr_accessor :secure_protocol, default: false
       mattr_accessor :tld_length, default: 1
+      mattr_accessor :domain_extractor, default: DomainExtractor
 
       class << self
         # Returns the domain part of a host given the domain level.
@@ -96,12 +193,11 @@ module ActionDispatch
           end
 
           def extract_domain_from(host, tld_length)
-            host.split(".").last(1 + tld_length).join(".")
+            domain_extractor.domain_from(host, tld_length)
           end
 
           def extract_subdomains_from(host, tld_length)
-            parts = host.split(".")
-            parts[0..-(tld_length + 2)]
+            domain_extractor.subdomains_from(host, tld_length)
           end
 
           def build_host_url(host, port, protocol, options, path)

data/lib/action_dispatch/journey/gtg/simulator.rb

@@ -2,8 +2,6 @@
 
 # :markup: markdown
 
-require "strscan"
-
 module ActionDispatch
   module Journey # :nodoc:
     module GTG # :nodoc:
@@ -16,7 +14,13 @@ module ActionDispatch
       end
 
       class Simulator # :nodoc:
-        INITIAL_STATE = [ [0, nil] ].freeze
+        STATIC_TOKENS = Array.new(64)
+        STATIC_TOKENS[".".ord] = "."
+        STATIC_TOKENS["/".ord] = "/"
+        STATIC_TOKENS["?".ord] = "?"
+        STATIC_TOKENS.freeze
+
+        INITIAL_STATE = [0, nil].freeze
 
         attr_reader :tt
 
@@ -25,21 +29,38 @@ module ActionDispatch
         end
 
         def memos(string)
-          input = StringScanner.new(string)
           state = INITIAL_STATE
-          start_index = 0
 
-          while sym = input.scan(%r([/.?]|[^/.?]+))
-            end_index = start_index + sym.length
+          pos = 0
+          eos = string.bytesize
+
+          while pos < eos
+            start_index = pos
+            pos += 1
 
-            state = tt.move(state, string, start_index, end_index)
+            if (token = STATIC_TOKENS[string.getbyte(start_index)])
+              state = tt.move(state, string, token, start_index, false)
+            else
+              while pos < eos && STATIC_TOKENS[string.getbyte(pos)].nil?
+                pos += 1
+              end
 
-            start_index = end_index
+              token = string.byteslice(start_index, pos - start_index)
+              state = tt.move(state, string, token, start_index, true)
+            end
           end
 
-          acceptance_states = state.each_with_object([]) do |s_d, memos|
-            s, idx = s_d
-            memos.concat(tt.memo(s)) if idx.nil? && tt.accepting?(s)
+          acceptance_states = []
+          states_count = state.size
+          i = 0
+          while i < states_count
+            if state[i + 1].nil?
+              s = state[i]
+              if tt.accepting?(s)
+                acceptance_states.concat(tt.memo(s))
+              end
+            end
+            i += 2
           end
 
           acceptance_states.empty? ? yield : acceptance_states