actionpack 7.2.0.beta1 → 7.2.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/action_controller/base.rb +7 -4
  4. data/lib/action_controller/metal/strong_parameters.rb +2 -2
  5. data/lib/action_dispatch/http/permissions_policy.rb +0 -7
  6. data/lib/action_dispatch/http/request.rb +2 -2
  7. data/lib/action_dispatch/routing/mapper.rb +1 -1
  8. data/lib/action_pack/gem_version.rb +1 -1
  9. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0123bbeea23e6d62a0290acc58bad6fbe553c2166462201e5468df2de56a57ac
4
- data.tar.gz: e9241af2c4cb05c18c6bb5c3bf7da08fa814f592a1ecaace52b925a7a8906780
3
+ metadata.gz: fba22bfa740eaf52af14cc4f253b413c214c7d0361fd2b62360e4fcb4cf0b9c9
4
+ data.tar.gz: 8759e30d54569185f3b6d6a02fec6cc9edb4d1147c3ce623a67f8909f4b6fbc7
5
5
  SHA512:
6
- metadata.gz: eb26162552c078839c11acb547fd122c5f8436271305f9372f267532706ab2d5b2862d00055f184f744351fd4ef73f744b173e63d9646af2c56d8f66bdee7454
7
- data.tar.gz: 411d83ea88d757b9a86002e009d4d243f6cd5ac9dac6929a43324d595a275fa9abcdbbf53d1e291b38a090a9e1d7c39d5a140099012a6268dd681447c7132884
6
+ metadata.gz: 3cc6ac8ca0074fb51eeb0af110f0c10bbf41fa5c5f1c843bf22e49fcc93b54e19d4f29a10a3f5d9984b1e3aba8fbacc87f0cddfaab1fc7ab201d6aaab94cfd50
7
+ data.tar.gz: 5f1438d0e91c7571bd661d4c9fad2bf112f6808efda565694cafdb045cca1ce2e75cc1a671796f310cb1abdac804bc189d7eb096aced1a89731ae2dc7c686b87
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## Rails 7.2.0.beta2 (June 04, 2024) ##
2
+
3
+ * Include the HTTP Permissions-Policy on non-HTML Content-Types
4
+ [CVE-2024-28103]
5
+
6
+
1
7
  ## Rails 7.2.0.beta1 (May 29, 2024) ##
2
8
 
3
9
  * Fix `Mime::Type.parse` handling type parameters for HTTP Accept headers.
data/lib/action_controller/base.rb CHANGED
@@ -185,8 +185,8 @@ module ActionController
185
185
  #
186
186
  # ## Calling multiple redirects or renders
187
187
  #
188
- # An action may contain only a single render or a single redirect. Attempting to
189
- # try to do either again will result in a DoubleRenderError:
188
+ # An action may perform only a single render or a single redirect. Attempting to
189
+ # do either again will result in a DoubleRenderError:
190
190
  #
191
191
  # def do_something
192
192
  # redirect_to action: "elsewhere"
@@ -194,10 +194,13 @@ module ActionController
194
194
  # end
195
195
  #
196
196
  # If you need to redirect on the condition of something, then be sure to add
197
- # "and return" to halt execution.
197
+ # "return" to halt execution.
198
198
  #
199
199
  # def do_something
200
- # redirect_to(action: "elsewhere") and return if monkeys.nil?
200
+ # if monkeys.nil?
201
+ # redirect_to(action: "elsewhere")
202
+ # return
203
+ # end
201
204
  # render action: "overthere" # won't be called if monkeys is nil
202
205
  # end
203
206
  #
data/lib/action_controller/metal/strong_parameters.rb CHANGED
@@ -253,14 +253,14 @@ module ActionController
253
253
  def allow_deprecated_parameters_hash_equality
254
254
  ActionController.deprecator.warn <<-WARNING.squish
255
255
  `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality` is
256
- deprecated and will be removed in Rails 7.3.
256
+ deprecated and will be removed in Rails 8.0.
257
257
  WARNING
258
258
  end
259
259
 
260
260
  def allow_deprecated_parameters_hash_equality=(value)
261
261
  ActionController.deprecator.warn <<-WARNING.squish
262
262
  `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`
263
- is deprecated and will be removed in Rails 7.3.
263
+ is deprecated and will be removed in Rails 8.0.
264
264
  WARNING
265
265
  end
266
266
 
data/lib/action_dispatch/http/permissions_policy.rb CHANGED
@@ -37,7 +37,6 @@ module ActionDispatch # :nodoc:
37
37
  def call(env)
38
38
  _, headers, _ = response = @app.call(env)
39
39
 
40
- return response unless html_response?(headers)
41
40
  return response if policy_present?(headers)
42
41
 
43
42
  request = ActionDispatch::Request.new(env)
@@ -54,12 +53,6 @@ module ActionDispatch # :nodoc:
54
53
  end
55
54
 
56
55
  private
57
- def html_response?(headers)
58
- if content_type = headers[Rack::CONTENT_TYPE]
59
- content_type.include?("html")
60
- end
61
- end
62
-
63
56
  def policy_present?(headers)
64
57
  headers[ActionDispatch::Constants::FEATURE_POLICY]
65
58
  end
data/lib/action_dispatch/http/request.rb CHANGED
@@ -230,11 +230,11 @@ module ActionDispatch
230
230
  # start making preparations for processing the final response.
231
231
  #
232
232
  # If the env contains `rack.early_hints` then the server accepts HTTP2 push for
233
- # Link headers.
233
+ # link headers.
234
234
  #
235
235
  # The `send_early_hints` method accepts a hash of links as follows:
236
236
  #
237
- # send_early_hints("Link" => "</style.css>; rel=preload; as=style\n</script.js>; rel=preload")
237
+ # send_early_hints("link" => "</style.css>; rel=preload; as=style,</script.js>; rel=preload")
238
238
  #
239
239
  # If you are using `javascript_include_tag` or `stylesheet_link_tag` the Early
240
240
  # Hints headers are included by default if supported.
data/lib/action_dispatch/routing/mapper.rb CHANGED
@@ -714,7 +714,7 @@ module ActionDispatch
714
714
  def optimize_routes_generation?; false; end
715
715
 
716
716
  define_method :find_script_name do |options|
717
- if options.key? :script_name
717
+ if options.key?(:script_name) && options[:script_name].present?
718
718
  super(options)
719
719
  else
720
720
  script_namer.call(options)
data/lib/action_pack/gem_version.rb CHANGED
@@ -12,7 +12,7 @@ module ActionPack
12
12
  MAJOR = 7
13
13
  MINOR = 2
14
14
  TINY = 0
15
- PRE = "beta1"
15
+ PRE = "beta2"
16
16
 
17
17
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
18
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.0.beta1
4
+ version: 7.2.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-29 00:00:00.000000000 Z
11
+ date: 2024-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.2.0.beta1
19
+ version: 7.2.0.beta2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.2.0.beta1
26
+ version: 7.2.0.beta2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +142,28 @@ dependencies:
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 7.2.0.beta1
145
+ version: 7.2.0.beta2
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 7.2.0.beta1
152
+ version: 7.2.0.beta2
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: activemodel
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - '='
158
158
  - !ruby/object:Gem::Version
159
- version: 7.2.0.beta1
159
+ version: 7.2.0.beta2
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - '='
165
165
  - !ruby/object:Gem::Version
166
- version: 7.2.0.beta1
166
+ version: 7.2.0.beta2
167
167
  description: Web apps on Rails. Simple, battle-tested conventions for building and
168
168
  testing MVC web applications. Works with any Rack-compatible server.
169
169
  email: david@loudthinking.com
@@ -363,10 +363,10 @@ licenses:
363
363
  - MIT
364
364
  metadata:
365
365
  bug_tracker_uri: https://github.com/rails/rails/issues
366
- changelog_uri: https://github.com/rails/rails/blob/v7.2.0.beta1/actionpack/CHANGELOG.md
367
- documentation_uri: https://api.rubyonrails.org/v7.2.0.beta1/
366
+ changelog_uri: https://github.com/rails/rails/blob/v7.2.0.beta2/actionpack/CHANGELOG.md
367
+ documentation_uri: https://api.rubyonrails.org/v7.2.0.beta2/
368
368
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
369
- source_code_uri: https://github.com/rails/rails/tree/v7.2.0.beta1/actionpack
369
+ source_code_uri: https://github.com/rails/rails/tree/v7.2.0.beta2/actionpack
370
370
  rubygems_mfa_required: 'true'
371
371
  post_install_message:
372
372
  rdoc_options: []
@@ -379,12 +379,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
379
379
  version: 3.1.0
380
380
  required_rubygems_version: !ruby/object:Gem::Requirement
381
381
  requirements:
382
- - - ">="
382
+ - - ">"
383
383
  - !ruby/object:Gem::Version
384
- version: '0'
384
+ version: 1.3.1
385
385
  requirements:
386
386
  - none
387
- rubygems_version: 3.5.10
387
+ rubygems_version: 3.3.27
388
388
  signing_key:
389
389
  specification_version: 4
390
390
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).