actionpack 6.1.0.rc1 → 6.1.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a4a41e1ca0c25578fbd6a0ea8a05295194ae1bd4583adec81c901d36df926af
4
- data.tar.gz: 8582c26944953ae947cf95b4582f3b000af462b0786476d4dc84a268963bbdd8
3
+ metadata.gz: bc84b6b896fe838781d03a845564d7d0d55c125c08891dac5192dd0b4218e148
4
+ data.tar.gz: 2d6978599e5d5f2becc3ced8db15918edbeffe6048cffa5f3b11b68e0fe7fb97
5
5
  SHA512:
6
- metadata.gz: c6ae9cf119acfd74a41566d30f6d499ed3590355134a7a00ebc77b25a8516f1037448bc202c543b0c92cedc842d38e1b787df12f4260bebf5f1595c42c192d2a
7
- data.tar.gz: 69965930679b64e98df6a5b4edaefa9f15a7c38480fd179507b3a27c663b07478411a6ae04355dd5a30f97f18be8b4441e083b5c97d0015f95963d5adf29dcda
6
+ metadata.gz: cba23b8e3d5344c09f2b3f41d4544c8486dafe103a1c5fd1c4f050f543a35d17346d747ff1e2cd62e7535258ee38953ab2b12eb62119d086c9e9b35c8344c2c4
7
+ data.tar.gz: 7e8b5c27070a8bf909e09e8d1bd98565da44321186bdaae0e5ebc474cbaf85dc242191863b8041696cdf995e75110b94ab3af7e304d99180c78000cbec00e9ec
@@ -1,3 +1,21 @@
1
+ ## Rails 6.1.0.rc2 (December 01, 2020) ##
2
+
3
+ * Support for the HTTP header `Feature-Policy` has been revised to reflect
4
+ its [rename](https://github.com/w3c/webappsec-permissions-policy/pull/379) to [`Permissions-Policy`](https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field).
5
+
6
+ ```ruby
7
+ Rails.application.config.permissions_policy do |p|
8
+ p.camera :none
9
+ p.gyroscope :none
10
+ p.microphone :none
11
+ p.usb :none
12
+ p.fullscreen :self
13
+ p.payment :self, "https://secure-example.com"
14
+ end
15
+ ```
16
+
17
+ *Julien Grillot*
18
+
1
19
  ## Rails 6.1.0.rc1 (November 02, 2020) ##
2
20
 
3
21
  * Allow `ActionDispatch::HostAuthorization` to exclude specific requests.
@@ -29,7 +29,7 @@ module ActionController
29
29
  autoload :DefaultHeaders
30
30
  autoload :EtagWithTemplateDigest
31
31
  autoload :EtagWithFlash
32
- autoload :FeaturePolicy
32
+ autoload :PermissionsPolicy
33
33
  autoload :Flash
34
34
  autoload :Head
35
35
  autoload :Helpers
@@ -226,7 +226,7 @@ module ActionController
226
226
  FormBuilder,
227
227
  RequestForgeryProtection,
228
228
  ContentSecurityPolicy,
229
- FeaturePolicy,
229
+ PermissionsPolicy,
230
230
  Streaming,
231
231
  DataStreaming,
232
232
  HttpAuthentication::Basic::ControllerMethods,
@@ -9,7 +9,9 @@ module ActionController #:nodoc:
9
9
  end
10
10
 
11
11
  private
12
- def cookies
12
+ # The cookies for the current request. See ActionDispatch::Cookies for
13
+ # more information.
14
+ def cookies # :doc:
13
15
  request.cookie_jar
14
16
  end
15
17
  end
@@ -1,11 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ActionController #:nodoc:
4
- # HTTP Feature Policy is a web standard for defining a mechanism to
5
- # allow and deny the use of browser features in its own context, and
4
+ # HTTP Permissions Policy is a web standard for defining a mechanism to
5
+ # allow and deny the use of browser permissions in its own context, and
6
6
  # in content within any <iframe> elements in the document.
7
7
  #
8
- # Full details of HTTP Feature Policy specification and guidelines can
8
+ # Full details of HTTP Permissions Policy specification and guidelines can
9
9
  # be found at MDN:
10
10
  #
11
11
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
@@ -13,7 +13,7 @@ module ActionController #:nodoc:
13
13
  # Examples of usage:
14
14
  #
15
15
  # # Global policy
16
- # Rails.application.config.feature_policy do |f|
16
+ # Rails.application.config.permissions_policy do |f|
17
17
  # f.camera :none
18
18
  # f.gyroscope :none
19
19
  # f.microphone :none
@@ -24,20 +24,20 @@ module ActionController #:nodoc:
24
24
  #
25
25
  # # Controller level policy
26
26
  # class PagesController < ApplicationController
27
- # feature_policy do |p|
27
+ # permissions_policy do |p|
28
28
  # p.geolocation "https://example.com"
29
29
  # end
30
30
  # end
31
- module FeaturePolicy
31
+ module PermissionsPolicy
32
32
  extend ActiveSupport::Concern
33
33
 
34
34
  module ClassMethods
35
- def feature_policy(**options, &block)
35
+ def permissions_policy(**options, &block)
36
36
  before_action(options) do
37
37
  if block_given?
38
- policy = request.feature_policy.clone
38
+ policy = request.permissions_policy.clone
39
39
  yield policy
40
- request.feature_policy = policy
40
+ request.permissions_policy = policy
41
41
  end
42
42
  end
43
43
  end
@@ -46,7 +46,7 @@ module ActionDispatch
46
46
  eager_autoload do
47
47
  autoload_under "http" do
48
48
  autoload :ContentSecurityPolicy
49
- autoload :FeaturePolicy
49
+ autoload :PermissionsPolicy
50
50
  autoload :Request
51
51
  autoload :Response
52
52
  end
@@ -3,9 +3,14 @@
3
3
  require "active_support/core_ext/object/deep_dup"
4
4
 
5
5
  module ActionDispatch #:nodoc:
6
- class FeaturePolicy
6
+ class PermissionsPolicy
7
7
  class Middleware
8
8
  CONTENT_TYPE = "Content-Type"
9
+ # The Feature-Policy header has been renamed to Permissions-Policy.
10
+ # The Permissions-Policy requires a different implementation and isn't
11
+ # yet supported by all browsers. To avoid having to rename this
12
+ # middleware in the future we use the new name for the middleware but
13
+ # keep the old header name and implementation for now.
9
14
  POLICY = "Feature-Policy"
10
15
 
11
16
  def initialize(app)
@@ -19,7 +24,7 @@ module ActionDispatch #:nodoc:
19
24
  return response unless html_response?(headers)
20
25
  return response if policy_present?(headers)
21
26
 
22
- if policy = request.feature_policy
27
+ if policy = request.permissions_policy
23
28
  headers[POLICY] = policy.build(request.controller_instance)
24
29
  end
25
30
 
@@ -47,13 +52,13 @@ module ActionDispatch #:nodoc:
47
52
  end
48
53
 
49
54
  module Request
50
- POLICY = "action_dispatch.feature_policy"
55
+ POLICY = "action_dispatch.permissions_policy"
51
56
 
52
- def feature_policy
57
+ def permissions_policy
53
58
  get_header(POLICY)
54
59
  end
55
60
 
56
- def feature_policy=(policy)
61
+ def permissions_policy=(policy)
57
62
  set_header(POLICY, policy)
58
63
  end
59
64
  end
@@ -63,8 +68,8 @@ module ActionDispatch #:nodoc:
63
68
  none: "'none'",
64
69
  }.freeze
65
70
 
66
- # List of available features can be found at
67
- # https://github.com/WICG/feature-policy/blob/master/features.md#policy-controlled-features
71
+ # List of available permissions can be found at
72
+ # https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#policy-controlled-features
68
73
  DIRECTIVES = {
69
74
  accelerometer: "accelerometer",
70
75
  ambient_light_sensor: "ambient-light-sensor",
@@ -121,14 +126,14 @@ module ActionDispatch #:nodoc:
121
126
  when String, Proc
122
127
  source
123
128
  else
124
- raise ArgumentError, "Invalid HTTP feature policy source: #{source.inspect}"
129
+ raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}"
125
130
  end
126
131
  end
127
132
  end
128
133
 
129
134
  def apply_mapping(source)
130
135
  MAPPINGS.fetch(source) do
131
- raise ArgumentError, "Unknown HTTP feature policy source mapping: #{source.inspect}"
136
+ raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}"
132
137
  end
133
138
  end
134
139
 
@@ -156,12 +161,12 @@ module ActionDispatch #:nodoc:
156
161
  source.to_s
157
162
  when Proc
158
163
  if context.nil?
159
- raise RuntimeError, "Missing context for the dynamic feature policy source: #{source.inspect}"
164
+ raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}"
160
165
  else
161
166
  context.instance_exec(&source)
162
167
  end
163
168
  else
164
- raise RuntimeError, "Unexpected feature policy source: #{source.inspect}"
169
+ raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}"
165
170
  end
166
171
  end
167
172
  end
@@ -23,7 +23,7 @@ module ActionDispatch
23
23
  include ActionDispatch::Http::FilterParameters
24
24
  include ActionDispatch::Http::URL
25
25
  include ActionDispatch::ContentSecurityPolicy::Request
26
- include ActionDispatch::FeaturePolicy::Request
26
+ include ActionDispatch::PermissionsPolicy::Request
27
27
  include Rack::Request::Env
28
28
 
29
29
  autoload :Session, "action_dispatch/request/session"
@@ -51,9 +51,9 @@ module ActionDispatch
51
51
 
52
52
  def sanitize_string(host)
53
53
  if host.start_with?(".")
54
- /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/
54
+ /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/i
55
55
  else
56
- host
56
+ /\A#{host}\z/i
57
57
  end
58
58
  end
59
59
  end
@@ -1,5 +1,7 @@
1
1
  <% if exception.respond_to?(:original_message) && exception.respond_to?(:corrections) %>
2
- <h2><%= h exception.original_message %></h2>
2
+ <div class="exception-message">
3
+ <%= simple_format h(exception.original_message), { class: "message" }, wrapper_tag: "div" %>
4
+ </div>
3
5
  <%
4
6
  # The 'did_you_mean' gem can raise exceptions when calling #corrections on
5
7
  # the exception. If it does there are no corrections to show.
@@ -14,5 +16,7 @@
14
16
  </ul>
15
17
  <% end %>
16
18
  <% else %>
17
- <h2><%= h exception.message %></h2>
19
+ <div class="exception-message">
20
+ <%= simple_format h(exception.message), { class: "message" }, wrapper_tag: "div" %>
21
+ </div>
18
22
  <% end %>
@@ -49,6 +49,18 @@
49
49
  line-height: 25px;
50
50
  }
51
51
 
52
+ .exception-message {
53
+ padding: 8px 0;
54
+ }
55
+
56
+ .exception-message .message{
57
+ margin-bottom: 8px;
58
+ line-height: 25px;
59
+ font-size: 1.5em;
60
+ font-weight: bold;
61
+ color: #C00;
62
+ }
63
+
52
64
  .details {
53
65
  border: 1px solid #D0D0D0;
54
66
  border-radius: 4px;
@@ -10,7 +10,7 @@ module ActionPack
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
12
  TINY = 0
13
- PRE = "rc1"
13
+ PRE = "rc2"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.0.rc1
4
+ version: 6.1.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-02 00:00:00.000000000 Z
11
+ date: 2020-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.1.0.rc1
19
+ version: 6.1.0.rc2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.1.0.rc1
26
+ version: 6.1.0.rc2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
98
98
  requirements:
99
99
  - - '='
100
100
  - !ruby/object:Gem::Version
101
- version: 6.1.0.rc1
101
+ version: 6.1.0.rc2
102
102
  type: :runtime
103
103
  prerelease: false
104
104
  version_requirements: !ruby/object:Gem::Requirement
105
105
  requirements:
106
106
  - - '='
107
107
  - !ruby/object:Gem::Version
108
- version: 6.1.0.rc1
108
+ version: 6.1.0.rc2
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: activemodel
111
111
  requirement: !ruby/object:Gem::Requirement
112
112
  requirements:
113
113
  - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: 6.1.0.rc1
115
+ version: 6.1.0.rc2
116
116
  type: :development
117
117
  prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: 6.1.0.rc1
122
+ version: 6.1.0.rc2
123
123
  description: Web apps on Rails. Simple, battle-tested conventions for building and
124
124
  testing MVC web applications. Works with any Rack-compatible server.
125
125
  email: david@loudthinking.com
@@ -161,7 +161,6 @@ files:
161
161
  - lib/action_controller/metal/etag_with_flash.rb
162
162
  - lib/action_controller/metal/etag_with_template_digest.rb
163
163
  - lib/action_controller/metal/exceptions.rb
164
- - lib/action_controller/metal/feature_policy.rb
165
164
  - lib/action_controller/metal/flash.rb
166
165
  - lib/action_controller/metal/head.rb
167
166
  - lib/action_controller/metal/helpers.rb
@@ -173,6 +172,7 @@ files:
173
172
  - lib/action_controller/metal/mime_responds.rb
174
173
  - lib/action_controller/metal/parameter_encoding.rb
175
174
  - lib/action_controller/metal/params_wrapper.rb
175
+ - lib/action_controller/metal/permissions_policy.rb
176
176
  - lib/action_controller/metal/redirecting.rb
177
177
  - lib/action_controller/metal/renderers.rb
178
178
  - lib/action_controller/metal/rendering.rb
@@ -191,7 +191,6 @@ files:
191
191
  - lib/action_dispatch/http/cache.rb
192
192
  - lib/action_dispatch/http/content_disposition.rb
193
193
  - lib/action_dispatch/http/content_security_policy.rb
194
- - lib/action_dispatch/http/feature_policy.rb
195
194
  - lib/action_dispatch/http/filter_parameters.rb
196
195
  - lib/action_dispatch/http/filter_redirect.rb
197
196
  - lib/action_dispatch/http/headers.rb
@@ -199,6 +198,7 @@ files:
199
198
  - lib/action_dispatch/http/mime_type.rb
200
199
  - lib/action_dispatch/http/mime_types.rb
201
200
  - lib/action_dispatch/http/parameters.rb
201
+ - lib/action_dispatch/http/permissions_policy.rb
202
202
  - lib/action_dispatch/http/rack_cache.rb
203
203
  - lib/action_dispatch/http/request.rb
204
204
  - lib/action_dispatch/http/response.rb
@@ -309,10 +309,10 @@ licenses:
309
309
  - MIT
310
310
  metadata:
311
311
  bug_tracker_uri: https://github.com/rails/rails/issues
312
- changelog_uri: https://github.com/rails/rails/blob/v6.1.0.rc1/actionpack/CHANGELOG.md
313
- documentation_uri: https://api.rubyonrails.org/v6.1.0.rc1/
312
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.0.rc2/actionpack/CHANGELOG.md
313
+ documentation_uri: https://api.rubyonrails.org/v6.1.0.rc2/
314
314
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
315
- source_code_uri: https://github.com/rails/rails/tree/v6.1.0.rc1/actionpack
315
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.0.rc2/actionpack
316
316
  post_install_message:
317
317
  rdoc_options: []
318
318
  require_paths: