actionpack 5.1.5 → 5.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: cc35c737d2a3d7345e91f68dfa3a52f1f087a6382887bd27978b777e564a0e2f
-  data.tar.gz: f40dee80da4444057925b3cb78f73cfd38f3ca54ff1f1289b2fc8d5240652696
+SHA1:
+  metadata.gz: 3f2b9bbede2083f81c567797e5f7595b26c3a641
+  data.tar.gz: 86ab105b9a9119a4b06fda662109fd265c22ed70
 SHA512:
-  metadata.gz: 5cffb277d9d97f1afddc5d2c61431071f2ecedd0a9252187145028fcb893bf4fa0d3f9abca5726df1f2f069a98b2d2287f811ad43c93fc9644001ecaf6fad3bf
-  data.tar.gz: dab970e3fa0bb0ac54a57141b122a6775760c1a088182524a7028ada2964914bef93cc9f1aeb0f4839d2470b629eb2c6d4845fcb6da2d359705849e2191936cc
+  metadata.gz: 480092618ef2df237225b0017e3e935388253c4789829d532a054e9ecb5de15eee97b6f06a653a0fdd593fe8e9ea569d8271126f1f44978345e15cd8c7bd9ca1
+  data.tar.gz: 4f0e5dbd95f861f59077d22fa8d994a8b8fc88f3398867ae1205ffc9aadb7c62568fb7c1395f80b53368d78936a42cdde3323c144f9eed6c437589ab37a1d24b

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## Rails 5.1.6 (March 29, 2018) ##
+
+*   Check exclude before flagging cookies as secure.
+
+    *Catherine Khuu*
+
+
 ## Rails 5.1.5 (February 14, 2018) ##
 
 *   Fix optimized url helpers when using relative url root

data/lib/action_dispatch/middleware/ssl.rb

@@ -9,6 +9,8 @@ module ActionDispatch
   #      (e.g. `redirect: { host: "secure.widgets.com", port: 8080 }`), or set
   #      `redirect: false` to disable this feature.
   #
+  #    Cookies will not be flagged as secure for excluded requests.
+  #
   #   2. Secure cookies: Sets the `secure` flag on cookies to tell browsers they
   #      mustn't be sent along with http:// requests. Enabled by default. Set
   #      `config.ssl_options` with `secure_cookies: false` to disable this feature.
@@ -65,7 +67,7 @@ module ActionDispatch
       if request.ssl?
         @app.call(env).tap do |status, headers, body|
           set_hsts_header! headers
-          flag_cookies_as_secure! headers if @secure_cookies
+          flag_cookies_as_secure! headers if @secure_cookies && !@exclude.call(request)
         end
       else
         return redirect_to_https request unless @exclude.call(request)

data/lib/action_dispatch/routing/mapper.rb

@@ -652,6 +652,7 @@ module ActionDispatch
           def define_generate_prefix(app, name)
             _route = @set.named_routes.get name
             _routes = @set
+            _url_helpers = @set.url_helpers
 
             script_namer = ->(options) do
               prefix_options = options.slice(*_route.segment_keys)
@@ -663,7 +664,7 @@ module ActionDispatch
 
               # We must actually delete prefix segment keys to avoid passing them to next url_for.
               _route.segment_keys.each { |k| options.delete(k) }
-              _routes.url_helpers.send("#{name}_path", prefix_options)
+              _url_helpers.send("#{name}_path", prefix_options)
             end
 
             app.routes.define_mounted_helper(name, script_namer)

data/lib/action_pack/gem_version.rb

@@ -7,7 +7,7 @@ module ActionPack
   module VERSION
     MAJOR = 5
     MINOR = 1
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 5.1.5
+  version: 5.1.6
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-14 00:00:00.000000000 Z
+date: 2018-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.5
+        version: 5.1.6
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -287,8 +287,8 @@ homepage: http://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.1.5/actionpack
-  changelog_uri: https://github.com/rails/rails/blob/v5.1.5/actionpack/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v5.1.6/actionpack
+  changelog_uri: https://github.com/rails/rails/blob/v5.1.6/actionpack/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -306,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - none
 rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).