actionpack 7.2.0.beta1 → 7.2.0.beta2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/action_controller/base.rb +7 -4
  4. data/lib/action_controller/metal/strong_parameters.rb +2 -2
  5. data/lib/action_dispatch/http/permissions_policy.rb +0 -7
  6. data/lib/action_dispatch/http/request.rb +2 -2
  7. data/lib/action_dispatch/routing/mapper.rb +1 -1
  8. data/lib/action_pack/gem_version.rb +1 -1
  9. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0123bbeea23e6d62a0290acc58bad6fbe553c2166462201e5468df2de56a57ac
4
- data.tar.gz: e9241af2c4cb05c18c6bb5c3bf7da08fa814f592a1ecaace52b925a7a8906780
3
+ metadata.gz: fba22bfa740eaf52af14cc4f253b413c214c7d0361fd2b62360e4fcb4cf0b9c9
4
+ data.tar.gz: 8759e30d54569185f3b6d6a02fec6cc9edb4d1147c3ce623a67f8909f4b6fbc7
5
5
  SHA512:
6
- metadata.gz: eb26162552c078839c11acb547fd122c5f8436271305f9372f267532706ab2d5b2862d00055f184f744351fd4ef73f744b173e63d9646af2c56d8f66bdee7454
7
- data.tar.gz: 411d83ea88d757b9a86002e009d4d243f6cd5ac9dac6929a43324d595a275fa9abcdbbf53d1e291b38a090a9e1d7c39d5a140099012a6268dd681447c7132884
6
+ metadata.gz: 3cc6ac8ca0074fb51eeb0af110f0c10bbf41fa5c5f1c843bf22e49fcc93b54e19d4f29a10a3f5d9984b1e3aba8fbacc87f0cddfaab1fc7ab201d6aaab94cfd50
7
+ data.tar.gz: 5f1438d0e91c7571bd661d4c9fad2bf112f6808efda565694cafdb045cca1ce2e75cc1a671796f310cb1abdac804bc189d7eb096aced1a89731ae2dc7c686b87
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## Rails 7.2.0.beta2 (June 04, 2024) ##
2
+
3
+ * Include the HTTP Permissions-Policy on non-HTML Content-Types
4
+ [CVE-2024-28103]
5
+
6
+
1
7
  ## Rails 7.2.0.beta1 (May 29, 2024) ##
2
8
 
3
9
  * Fix `Mime::Type.parse` handling type parameters for HTTP Accept headers.
data/lib/action_controller/base.rb CHANGED
@@ -185,8 +185,8 @@ module ActionController
185
185
  #
186
186
  # ## Calling multiple redirects or renders
187
187
  #
188
- # An action may contain only a single render or a single redirect. Attempting to
189
- # try to do either again will result in a DoubleRenderError:
188
+ # An action may perform only a single render or a single redirect. Attempting to
189
+ # do either again will result in a DoubleRenderError:
190
190
  #
191
191
  # def do_something
192
192
  # redirect_to action: "elsewhere"
@@ -194,10 +194,13 @@ module ActionController
194
194
  # end
195
195
  #
196
196
  # If you need to redirect on the condition of something, then be sure to add
197
- # "and return" to halt execution.
197
+ # "return" to halt execution.
198
198
  #
199
199
  # def do_something
200
- # redirect_to(action: "elsewhere") and return if monkeys.nil?
200
+ # if monkeys.nil?
201
+ # redirect_to(action: "elsewhere")
202
+ # return
203
+ # end
201
204
  # render action: "overthere" # won't be called if monkeys is nil
202
205
  # end
203
206
  #
data/lib/action_controller/metal/strong_parameters.rb CHANGED
@@ -253,14 +253,14 @@ module ActionController
253
253
  def allow_deprecated_parameters_hash_equality
254
254
  ActionController.deprecator.warn <<-WARNING.squish
255
255
  `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality` is
256
- deprecated and will be removed in Rails 7.3.
256
+ deprecated and will be removed in Rails 8.0.
257
257
  WARNING
258
258
  end
259
259
 
260
260
  def allow_deprecated_parameters_hash_equality=(value)
261
261
  ActionController.deprecator.warn <<-WARNING.squish
262
262
  `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`
263
- is deprecated and will be removed in Rails 7.3.
263
+ is deprecated and will be removed in Rails 8.0.
264
264
  WARNING
265
265
  end
266
266
 
data/lib/action_dispatch/http/permissions_policy.rb CHANGED
@@ -37,7 +37,6 @@ module ActionDispatch # :nodoc:
37
37
  def call(env)
38
38
  _, headers, _ = response = @app.call(env)
39
39
 
40
- return response unless html_response?(headers)
41
40
  return response if policy_present?(headers)
42
41
 
43
42
  request = ActionDispatch::Request.new(env)
@@ -54,12 +53,6 @@ module ActionDispatch # :nodoc:
54
53
  end
55
54
 
56
55
  private
57
- def html_response?(headers)
58
- if content_type = headers[Rack::CONTENT_TYPE]
59
- content_type.include?("html")
60
- end
61
- end
62
-
63
56
  def policy_present?(headers)
64
57
  headers[ActionDispatch::Constants::FEATURE_POLICY]
65
58
  end
data/lib/action_dispatch/http/request.rb CHANGED
@@ -230,11 +230,11 @@ module ActionDispatch
230
230
  # start making preparations for processing the final response.
231
231
  #
232
232
  # If the env contains `rack.early_hints` then the server accepts HTTP2 push for
233
- # Link headers.
233
+ # link headers.
234
234
  #
235
235
  # The `send_early_hints` method accepts a hash of links as follows:
236
236
  #
237
- # send_early_hints("Link" => "</style.css>; rel=preload; as=style\n</script.js>; rel=preload")
237
+ # send_early_hints("link" => "</style.css>; rel=preload; as=style,</script.js>; rel=preload")
238
238
  #
239
239
  # If you are using `javascript_include_tag` or `stylesheet_link_tag` the Early
240
240
  # Hints headers are included by default if supported.
data/lib/action_dispatch/routing/mapper.rb CHANGED
@@ -714,7 +714,7 @@ module ActionDispatch
714
714
  def optimize_routes_generation?; false; end
715
715
 
716
716
  define_method :find_script_name do |options|
717
- if options.key? :script_name
717
+ if options.key?(:script_name) && options[:script_name].present?
718
718
  super(options)
719
719
  else
720
720
  script_namer.call(options)
data/lib/action_pack/gem_version.rb CHANGED
@@ -12,7 +12,7 @@ module ActionPack
12
12
  MAJOR = 7
13
13
  MINOR = 2
14
14
  TINY = 0
15
- PRE = "beta1"
15
+ PRE = "beta2"
16
16
 
17
17
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
18
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.0.beta1
4
+ version: 7.2.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-29 00:00:00.000000000 Z
11
+ date: 2024-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.2.0.beta1
19
+ version: 7.2.0.beta2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.2.0.beta1
26
+ version: 7.2.0.beta2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +142,28 @@ dependencies:
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 7.2.0.beta1
145
+ version: 7.2.0.beta2
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 7.2.0.beta1
152
+ version: 7.2.0.beta2
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: activemodel
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - '='
158
158
  - !ruby/object:Gem::Version
159
- version: 7.2.0.beta1
159
+ version: 7.2.0.beta2
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - '='
165
165
  - !ruby/object:Gem::Version
166
- version: 7.2.0.beta1
166
+ version: 7.2.0.beta2
167
167
  description: Web apps on Rails. Simple, battle-tested conventions for building and
168
168
  testing MVC web applications. Works with any Rack-compatible server.
169
169
  email: david@loudthinking.com
@@ -363,10 +363,10 @@ licenses:
363
363
  - MIT
364
364
  metadata:
365
365
  bug_tracker_uri: https://github.com/rails/rails/issues
366
- changelog_uri: https://github.com/rails/rails/blob/v7.2.0.beta1/actionpack/CHANGELOG.md
367
- documentation_uri: https://api.rubyonrails.org/v7.2.0.beta1/
366
+ changelog_uri: https://github.com/rails/rails/blob/v7.2.0.beta2/actionpack/CHANGELOG.md
367
+ documentation_uri: https://api.rubyonrails.org/v7.2.0.beta2/
368
368
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
369
- source_code_uri: https://github.com/rails/rails/tree/v7.2.0.beta1/actionpack
369
+ source_code_uri: https://github.com/rails/rails/tree/v7.2.0.beta2/actionpack
370
370
  rubygems_mfa_required: 'true'
371
371
  post_install_message:
372
372
  rdoc_options: []
@@ -379,12 +379,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
379
379
  version: 3.1.0
380
380
  required_rubygems_version: !ruby/object:Gem::Requirement
381
381
  requirements:
382
- - - ">="
382
+ - - ">"
383
383
  - !ruby/object:Gem::Version
384
- version: '0'
384
+ version: 1.3.1
385
385
  requirements:
386
386
  - none
387
- rubygems_version: 3.5.10
387
+ rubygems_version: 3.3.27
388
388
  signing_key:
389
389
  specification_version: 4
390
390
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).