actionpack 8.1.1 → 8.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/action_controller/log_subscriber.rb +5 -1
- data/lib/action_controller/metal/live.rb +43 -1
- data/lib/action_controller/metal/redirecting.rb +2 -2
- data/lib/action_controller/railtie.rb +5 -0
- data/lib/action_controller/structured_event_subscriber.rb +5 -1
- data/lib/action_dispatch/middleware/remote_ip.rb +2 -1
- data/lib/action_dispatch/system_test_case.rb +3 -3
- data/lib/action_pack/gem_version.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b072680373752ca3a9a2b837cac08f7b0f91dd61026dcbad3c8639aff3d3d87e
|
|
4
|
+
data.tar.gz: 5c5835d778ba95993c1ddb1da5321c5f3b81dc1cd2041ef7ab259e041c694463
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b7ba997d7ee51886a1c6e1c49c397b60deb477c5608f54740529c21857142ed45d79a6a4f5aa917095f2005199d2289153223b54d57cb4249b11226d64558ef
|
|
7
|
+
data.tar.gz: d2a9daa41336f39a153b0c2e864edf732533a768a38385795a2a8e86b34e4ff10969be62b83e635d3e517e497726f9346609a7ecb48a39f3aa9d7c02888cad22
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,30 @@
|
|
|
1
|
+
## Rails 8.1.2 (January 08, 2026) ##
|
|
2
|
+
|
|
3
|
+
* Add `config.action_controller.live_streaming_excluded_keys` to control execution state sharing in ActionController::Live.
|
|
4
|
+
|
|
5
|
+
When using ActionController::Live, actions are executed in a separate thread that shares
|
|
6
|
+
state from the parent thread. This new configuration allows applications to opt-out specific
|
|
7
|
+
state keys that should not be shared.
|
|
8
|
+
|
|
9
|
+
This is useful when streaming inside a `connected_to` block, where you may want
|
|
10
|
+
the streaming thread to use its own database connection context.
|
|
11
|
+
|
|
12
|
+
```ruby
|
|
13
|
+
# config/application.rb
|
|
14
|
+
config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
By default, all keys are shared.
|
|
18
|
+
|
|
19
|
+
*Eileen M. Uchitelle*
|
|
20
|
+
|
|
21
|
+
* Fix `IpSpoofAttackError` message to include `Forwarded` header content.
|
|
22
|
+
|
|
23
|
+
Without it, the error message may be misleading.
|
|
24
|
+
|
|
25
|
+
*zzak*
|
|
26
|
+
|
|
27
|
+
|
|
1
28
|
## Rails 8.1.1 (October 28, 2025) ##
|
|
2
29
|
|
|
3
30
|
* Allow methods starting with underscore to be action methods.
|
|
@@ -52,7 +52,11 @@ module ActionController
|
|
|
52
52
|
# Manually subscribed below
|
|
53
53
|
def rescue_from_callback(event)
|
|
54
54
|
exception = event.payload[:exception]
|
|
55
|
-
|
|
55
|
+
|
|
56
|
+
exception_backtrace = exception.backtrace&.first
|
|
57
|
+
exception_backtrace = exception_backtrace&.delete_prefix("#{Rails.root}/") if defined?(Rails.root) && Rails.root
|
|
58
|
+
|
|
59
|
+
info { "rescue_from handled #{exception.class} (#{exception.message}) - #{exception_backtrace}" }
|
|
56
60
|
end
|
|
57
61
|
subscribe_log_level :rescue_from_callback, :info
|
|
58
62
|
|
|
@@ -53,9 +53,50 @@ module ActionController
|
|
|
53
53
|
# response.headers["Last-Modified"] = Time.now.httpdate # Add this line if your Rack version is 2.2.x
|
|
54
54
|
# ...
|
|
55
55
|
# end
|
|
56
|
+
#
|
|
57
|
+
# ## Streaming and Execution State
|
|
58
|
+
#
|
|
59
|
+
# When streaming, the action is executed in a separate thread. By default, this thread
|
|
60
|
+
# shares execution state from the parent thread.
|
|
61
|
+
#
|
|
62
|
+
# You can configure which execution state keys should be excluded from being shared
|
|
63
|
+
# using the `config.action_controller.live_streaming_excluded_keys` configuration:
|
|
64
|
+
#
|
|
65
|
+
# # config/application.rb
|
|
66
|
+
# config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]
|
|
67
|
+
#
|
|
68
|
+
# This is useful when using ActionController::Live inside a `connected_to` block. For example,
|
|
69
|
+
# if the parent request is reading from a replica using `connected_to(role: :reading)`, you may
|
|
70
|
+
# want the streaming thread to use its own connection context instead of inheriting the read-only
|
|
71
|
+
# context:
|
|
72
|
+
#
|
|
73
|
+
# # Without configuration, streaming thread inherits read-only connection
|
|
74
|
+
# ActiveRecord::Base.connected_to(role: :reading) do
|
|
75
|
+
# @posts = Post.all
|
|
76
|
+
# render stream: true # Streaming thread cannot write to database
|
|
77
|
+
# end
|
|
78
|
+
#
|
|
79
|
+
# # With configuration, streaming thread gets fresh connection context
|
|
80
|
+
# # config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]
|
|
81
|
+
# ActiveRecord::Base.connected_to(role: :reading) do
|
|
82
|
+
# @posts = Post.all
|
|
83
|
+
# render stream: true # Streaming thread can write to database if needed
|
|
84
|
+
# end
|
|
85
|
+
#
|
|
86
|
+
# Common keys you might want to exclude:
|
|
87
|
+
# - `:active_record_connected_to_stack` - Database connection routing and roles
|
|
88
|
+
# - `:active_record_prohibit_shard_swapping` - Shard swapping restrictions
|
|
89
|
+
#
|
|
90
|
+
# By default, no keys are excluded to maintain backward compatibility.
|
|
56
91
|
module Live
|
|
57
92
|
extend ActiveSupport::Concern
|
|
58
93
|
|
|
94
|
+
mattr_accessor :live_streaming_excluded_keys, default: []
|
|
95
|
+
|
|
96
|
+
included do
|
|
97
|
+
class_attribute :live_streaming_excluded_keys, instance_accessor: false, default: Live.live_streaming_excluded_keys
|
|
98
|
+
end
|
|
99
|
+
|
|
59
100
|
module ClassMethods
|
|
60
101
|
def make_response!(request)
|
|
61
102
|
if (request.get_header("SERVER_PROTOCOL") || request.get_header("HTTP_VERSION")) == "HTTP/1.0"
|
|
@@ -278,7 +319,8 @@ module ActionController
|
|
|
278
319
|
# Since we're processing the view in a different thread, copy the thread locals
|
|
279
320
|
# from the main thread to the child thread. :'(
|
|
280
321
|
locals.each { |k, v| t2[k] = v }
|
|
281
|
-
|
|
322
|
+
|
|
323
|
+
ActiveSupport::IsolatedExecutionState.share_with(t1, except: self.class.live_streaming_excluded_keys) do
|
|
282
324
|
super(name)
|
|
283
325
|
rescue => e
|
|
284
326
|
if @_response.committed?
|
|
@@ -117,7 +117,7 @@ module ActionController
|
|
|
117
117
|
# The `action_on_open_redirect` configuration option controls the behavior when an unsafe
|
|
118
118
|
# redirect is detected:
|
|
119
119
|
# * `:log` - Logs a warning but allows the redirect
|
|
120
|
-
# * `:notify` - Sends an
|
|
120
|
+
# * `:notify` - Sends an Active Support notification for monitoring
|
|
121
121
|
# * `:raise` - Raises an UnsafeRedirectError
|
|
122
122
|
#
|
|
123
123
|
# To allow any external redirects pass `allow_other_host: true`, though using a
|
|
@@ -144,7 +144,7 @@ module ActionController
|
|
|
144
144
|
# config.action_controller.action_on_path_relative_redirect = :raise
|
|
145
145
|
#
|
|
146
146
|
# * `:log` - Logs a warning but allows the redirect
|
|
147
|
-
# * `:notify` - Sends an
|
|
147
|
+
# * `:notify` - Sends an Active Support notification but allows the redirect
|
|
148
148
|
# (includes stack trace to help identify the source)
|
|
149
149
|
# * `:raise` - Raises an UnsafeRedirectError
|
|
150
150
|
def redirect_to(options = {}, response_options = {})
|
|
@@ -33,6 +33,10 @@ module ActionController
|
|
|
33
33
|
ActionController::Helpers.helpers_path = app.helpers_paths
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
initializer "action_controller.live_streaming_excluded_keys" do |app|
|
|
37
|
+
ActionController::Live.live_streaming_excluded_keys = app.config.action_controller.live_streaming_excluded_keys
|
|
38
|
+
end
|
|
39
|
+
|
|
36
40
|
initializer "action_controller.parameters_config" do |app|
|
|
37
41
|
options = app.config.action_controller
|
|
38
42
|
|
|
@@ -83,6 +87,7 @@ module ActionController
|
|
|
83
87
|
:action_on_unpermitted_parameters,
|
|
84
88
|
:always_permitted_parameters,
|
|
85
89
|
:wrap_parameters_by_default,
|
|
90
|
+
:live_streaming_excluded_keys
|
|
86
91
|
)
|
|
87
92
|
|
|
88
93
|
filtered_options.each do |k, v|
|
|
@@ -46,10 +46,14 @@ module ActionController
|
|
|
46
46
|
|
|
47
47
|
def rescue_from_callback(event)
|
|
48
48
|
exception = event.payload[:exception]
|
|
49
|
+
|
|
50
|
+
exception_backtrace = exception.backtrace&.first
|
|
51
|
+
exception_backtrace = exception_backtrace&.delete_prefix("#{Rails.root}/") if defined?(Rails.root) && Rails.root
|
|
52
|
+
|
|
49
53
|
emit_event("action_controller.rescue_from_handled",
|
|
50
54
|
exception_class: exception.class.name,
|
|
51
55
|
exception_message: exception.message,
|
|
52
|
-
exception_backtrace:
|
|
56
|
+
exception_backtrace:
|
|
53
57
|
)
|
|
54
58
|
end
|
|
55
59
|
|
|
@@ -152,7 +152,8 @@ module ActionDispatch
|
|
|
152
152
|
# We don't know which came from the proxy, and which from the user
|
|
153
153
|
raise IpSpoofAttackError, "IP spoofing attack?! " \
|
|
154
154
|
"HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
|
|
155
|
-
"HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
|
|
155
|
+
"HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}" \
|
|
156
|
+
" HTTP_FORWARDED=" + @req.forwarded_for.map { "for=#{_1}" }.join(", ").inspect if @req.forwarded_for.any?
|
|
156
157
|
end
|
|
157
158
|
|
|
158
159
|
# We assume these things about the IP headers:
|
|
@@ -22,8 +22,8 @@ module ActionDispatch
|
|
|
22
22
|
#
|
|
23
23
|
# To create a system test in your application, extend your test class from
|
|
24
24
|
# `ApplicationSystemTestCase`. System tests use Capybara as a base and allow you
|
|
25
|
-
# to configure the settings through
|
|
26
|
-
#
|
|
25
|
+
# to configure the settings through the `application_system_test_case.rb` file,
|
|
26
|
+
# which is created when you generate your first system test.
|
|
27
27
|
#
|
|
28
28
|
# Here is an example system test:
|
|
29
29
|
#
|
|
@@ -41,7 +41,7 @@ module ActionDispatch
|
|
|
41
41
|
# end
|
|
42
42
|
# end
|
|
43
43
|
#
|
|
44
|
-
# When generating
|
|
44
|
+
# When generating system tests, an
|
|
45
45
|
# `application_system_test_case.rb` file will also be generated containing the
|
|
46
46
|
# base class for system testing. This is where you can change the driver, add
|
|
47
47
|
# Capybara settings, and other configuration for your system tests.
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.1.
|
|
4
|
+
version: 8.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 8.1.
|
|
18
|
+
version: 8.1.2
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 8.1.
|
|
25
|
+
version: 8.1.2
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: nokogiri
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -127,28 +127,28 @@ dependencies:
|
|
|
127
127
|
requirements:
|
|
128
128
|
- - '='
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
|
-
version: 8.1.
|
|
130
|
+
version: 8.1.2
|
|
131
131
|
type: :runtime
|
|
132
132
|
prerelease: false
|
|
133
133
|
version_requirements: !ruby/object:Gem::Requirement
|
|
134
134
|
requirements:
|
|
135
135
|
- - '='
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: 8.1.
|
|
137
|
+
version: 8.1.2
|
|
138
138
|
- !ruby/object:Gem::Dependency
|
|
139
139
|
name: activemodel
|
|
140
140
|
requirement: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - '='
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: 8.1.
|
|
144
|
+
version: 8.1.2
|
|
145
145
|
type: :development
|
|
146
146
|
prerelease: false
|
|
147
147
|
version_requirements: !ruby/object:Gem::Requirement
|
|
148
148
|
requirements:
|
|
149
149
|
- - '='
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: 8.1.
|
|
151
|
+
version: 8.1.2
|
|
152
152
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
|
153
153
|
testing MVC web applications. Works with any Rack-compatible server.
|
|
154
154
|
email: david@loudthinking.com
|
|
@@ -352,10 +352,10 @@ licenses:
|
|
|
352
352
|
- MIT
|
|
353
353
|
metadata:
|
|
354
354
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
|
355
|
-
changelog_uri: https://github.com/rails/rails/blob/v8.1.
|
|
356
|
-
documentation_uri: https://api.rubyonrails.org/v8.1.
|
|
355
|
+
changelog_uri: https://github.com/rails/rails/blob/v8.1.2/actionpack/CHANGELOG.md
|
|
356
|
+
documentation_uri: https://api.rubyonrails.org/v8.1.2/
|
|
357
357
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
|
358
|
-
source_code_uri: https://github.com/rails/rails/tree/v8.1.
|
|
358
|
+
source_code_uri: https://github.com/rails/rails/tree/v8.1.2/actionpack
|
|
359
359
|
rubygems_mfa_required: 'true'
|
|
360
360
|
rdoc_options: []
|
|
361
361
|
require_paths:
|
|
@@ -372,7 +372,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
372
372
|
version: '0'
|
|
373
373
|
requirements:
|
|
374
374
|
- none
|
|
375
|
-
rubygems_version:
|
|
375
|
+
rubygems_version: 4.0.3
|
|
376
376
|
specification_version: 4
|
|
377
377
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
|
378
378
|
test_files: []
|