activestorage 5.2.7.1 → 6.1.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 720766163ccd94089bfe775bc38d20fa1487f010d12241c2092fe42b5a2a337a
-  data.tar.gz: 00c06f3175cb485efe9c1e8501a53269e0e4618c83c521b719f87aa9e3619367
+  metadata.gz: 4f78821f730cf6d374a408a0b130b92437182d3026404916ca79618e7c8b2ffd
+  data.tar.gz: 613fab9e9ce486a0897f55c0cf654e0edd98549cdc963813367289651f1bb03e
 SHA512:
-  metadata.gz: 67371ca78c45513bdcfe0d3db9842c69025f9d7b8524dcd8fa9ead4a9163e6302d16a407ab949d89c5afc9d08f586af7812cf8e8b2b125f767bc25af27f725ba
-  data.tar.gz: 4e1176bd5e4f9d21b644632e965bdc411e4cd438d7bffb2bf3b1fba309e4d0b59ae1b824bb78afce7fdecdb855c6406998e43cedc032e2edab0c4f737a7594c1
+  metadata.gz: bf9329ba6d4500c9f31b0390fabd11854354d3ad6b131280e148912487deb119168dfe35a4fb92db4ee55708c665065b76845f815c96b26557405eb0e13a71a3
+  data.tar.gz: 88cbbc25f7b4d8cbeb5eb57805d79f4d7df2288391835a9abe3aace1680a265edb369bf284dfc99713be94e74998323474f87bb70cb89b7ba7a01273ced37b3d

data/CHANGELOG.md

@@ -1,204 +1,336 @@
-## Rails 5.2.7.1 (April 26, 2022) ##
+## Rails 6.1.4.6 (February 11, 2022) ##
 
 *   No changes.
 
 
-## Rails 5.2.7 (March 10, 2022) ##
+## Rails 6.1.4.5 (February 11, 2022) ##
 
-*   Fix `ActiveStorage.supported_image_processing_methods` and
-    `ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
+*   No changes.
 
-    *Rafael Mendonça França*
 
+## Rails 6.1.4.4 (December 15, 2021) ##
 
-## Rails 5.2.6.3 (March 08, 2022) ##
+*   No changes.
 
-*   Added image transformation validation via configurable allow-list.
 
-    Variant now offers a configurable allow-list for
-    transformation methods in addition to a configurable deny-list for arguments.
+## Rails 6.1.4.3 (December 14, 2021) ##
 
-    [CVE-2022-21831]
+*   No changes.
 
 
-## Rails 5.2.6.2 (February 11, 2022) ##
+## Rails 6.1.4.2 (December 14, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.6.1 (February 11, 2022) ##
+## Rails 6.1.4.1 (August 19, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.6 (May 05, 2021) ##
+## Rails 6.1.4 (June 24, 2021) ##
 
-*   No changes.
+*   The parameters sent to `ffmpeg` for generating a video preview image are now
+    configurable under `config.active_storage.video_preview_arguments`.
 
+    *Brendon Muir*
 
-## Rails 5.2.5 (March 26, 2021) ##
+*   Fix Active Storage update task when running in an engine.
 
-*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
-    mime types data.
+    Justin Malčić*
 
-    *George Claghorn*
+*   Don't raise an error if the mime type is not recognized.
 
-*   The Poppler PDF previewer renders a preview image using the original
-    document's crop box rather than its media box, hiding print margins. This
-    matches the behavior of the MuPDF previewer.
+    Fixes #41777.
 
-    *Vincent Robert*
+    *Alex Ghiculescu*
 
+*   `ActiveStorage::PreviewError` is raised when a previewer is unable to generate a preview image.
 
-## Rails 5.2.4.6 (May 05, 2021) ##
+    *Alex Robbin*
 
-*   No changes.
+*   respond with 404 given invalid variation key when asking for representations.
 
+    *George Claghorn*
 
-## Rails 5.2.4.5 (February 10, 2021) ##
+*   `Blob` creation shouldn't crash if no service selected.
 
-*   No changes.
+    *Alex Ghiculescu*
 
 
-## Rails 5.2.4.4 (September 09, 2020) ##
+## Rails 6.1.3.2 (May 05, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4.3 (May 18, 2020) ##
+## Rails 6.1.3.1 (March 26, 2021) ##
+
+*  Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
+   mime types data.
 
-*   [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
+   *George Claghorn*
 
 
-## Rails 5.2.4.2 (March 19, 2020) ##
+## Rails 6.1.3 (February 17, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4.1 (December 18, 2019) ##
+## Rails 6.1.2.1 (February 10, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4 (November 27, 2019) ##
+## Rails 6.1.2 (February 09, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.3 (March 27, 2019) ##
+## Rails 6.1.1 (January 07, 2021) ##
 
-*   No changes.
+*   Fix S3 multipart uploads when threshold is larger than file.
 
+    *Matt Muller*
 
-## Rails 5.2.2.1 (March 11, 2019) ##
 
-*   No changes.
+## Rails 6.1.0 (December 09, 2020) ##
+
+*   Change default queue name of the analysis (`:active_storage_analysis`) and
+    purge (`:active_storage_purge`) jobs to be the job adapter's default (`:default`).
+
+    *Rafael Mendonça França*
 
+*   Implement `strict_loading` on ActiveStorage associations.
 
-## Rails 5.2.2 (December 04, 2018) ##
+    *David Angulo*
 
-*   Support multiple submit buttons in Active Storage forms.
+*   Remove deprecated support to pass `:combine_options` operations to `ActiveStorage::Transformers::ImageProcessing`.
 
-    *Chrıs Seelus*
+    *Rafael Mendonça França*
 
-*   Fix `ArgumentError` when uploading to amazon s3
+*   Remove deprecated `ActiveStorage::Transformers::MiniMagickTransformer`.
 
-    *Hiroki Sanpei*
+    *Rafael Mendonça França*
 
-*   Add a foreign-key constraint to the `active_storage_attachments` table for blobs.
+*   Remove deprecated `config.active_storage.queue`.
 
-    *George Claghorn*
+    *Rafael Mendonça França*
 
-*   Discard `ActiveStorage::PurgeJobs` for missing blobs.
+*   Remove deprecated `ActiveStorage::Downloading`.
 
-    *George Claghorn*
+    *Rafael Mendonça França*
 
-*   Fix uploading Tempfiles to Azure Storage.
+*   Add per-environment configuration support
 
-    *George Claghorn*
+    *Pietro Moro*
+
+*   The Poppler PDF previewer renders a preview image using the original
+    document's crop box rather than its media box, hiding print margins. This
+    matches the behavior of the MuPDF previewer.
+
+    *Vincent Robert*
+
+*   Touch parent model when an attachment is purged.
+
+    *Víctor Pérez Rodríguez*
+
+*   Files can now be served by proxying them from the underlying storage service
+    instead of redirecting to a signed service URL. Use the
+    `rails_storage_proxy_path` and `_url` helpers to proxy an attached file:
+
+    ```erb
+    <%= image_tag rails_storage_proxy_path(@user.avatar) %>
+    ```
 
+    To proxy by default, set `config.active_storage.resolve_model_to_route`:
 
-## Rails 5.2.1.1 (November 27, 2018) ##
+    ```ruby
+    # Proxy attached files instead.
+    config.active_storage.resolve_model_to_route = :rails_storage_proxy
+    ```
 
-*   Prevent content type and disposition bypass in storage service URLs.
+    ```erb
+    <%= image_tag @user.avatar %>
+    ```
 
-    Fix CVE-2018-16477.
+    To redirect to a signed service URL when the default file serving strategy
+    is set to proxying, use the `rails_storage_redirect_path` and `_url` helpers:
 
-    *Rosa Gutierrez*
+    ```erb
+    <%= image_tag rails_storage_redirect_path(@user.avatar) %>
+    ```
 
+    *Jonathan Fleckenstein*
 
-## Rails 5.2.1 (August 07, 2018) ##
+*   Add `config.active_storage.web_image_content_types` to allow applications
+    to add content types (like `image/webp`) in which variants can be processed,
+    instead of letting those images be converted to the fallback PNG format.
 
-*   Fix direct upload with zero-byte files.
+    *Jeroen van Haperen*
+
+*   Add support for creating variants of `WebP` images out of the box.
+
+    *Dino Maric*
+
+*   Only enqueue analysis jobs for blobs with non-null analyzer classes.
+
+    *Gannon McGibbon*
+
+*   Previews are created on the same service as the original blob.
+
+    *Peter Zhu*
+
+*   Remove unused `disposition` and `content_type` query parameters for `DiskService`.
+
+    *Peter Zhu*
+
+*   Use `DiskController` for both public and private files.
+
+    `DiskController` is able to handle multiple services by adding a
+    `service_name` field in the generated URL in `DiskService`.
+
+    *Peter Zhu*
+
+*   Variants are tracked in the database to avoid existence checks in the storage service.
 
     *George Claghorn*
 
-*   Exclude JSON root from `active_storage/direct_uploads#create` response.
+*   Deprecate `service_url` methods in favour of `url`.
+
+    Deprecate `Variant#service_url` and `Preview#service_url` to instead use
+    `#url` method to be consistent with `Blob`.
+
+    *Peter Zhu*
 
-    *Javan Makhmali*
+*   Permanent URLs for public storage blobs.
 
+    Services can be configured in `config/storage.yml` with a new key
+    `public: true | false` to indicate whether a service holds public
+    blobs or private blobs. Public services will always return a permanent URL.
 
-## Rails 5.2.0 (April 09, 2018) ##
+    Deprecates `Blob#service_url` in favor of `Blob#url`.
 
-*   Allow full use of the AWS S3 SDK options for authentication. If an
-    explicit AWS key pair and/or region is not provided in `storage.yml`,
-    attempt to use environment variables, shared credentials, or IAM
-    (instance or task) role credentials. Order of precedence is determined
-    by the [AWS SDK](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+    *Peter Zhu*
 
-    *Brian Knight*
+*   Make services aware of configuration names.
 
-*   Remove path config option from Azure service.
+    *Gannon McGibbon*
 
-    The Active Storage service for Azure Storage has an option called `path`
-    that is ambiguous in meaning. It needs to be set to the primary blob
-    storage endpoint but that can be determined from the blobs client anyway.
+*   The `Content-Type` header is set on image variants when they're uploaded to third-party storage services.
 
-    To simplify the configuration, we've removed the `path` option and
-    now get the endpoint from the blobs client instead.
+    *Kyle Ribordy*
 
-    Closes #32225.
+*   Allow storage services to be configured per attachment.
 
-    *Andrew White*
+    ```ruby
+    class User < ActiveRecord::Base
+      has_one_attached :avatar, service: :s3
+    end
 
-*   Generate root-relative paths in disk service URL methods.
+    class Gallery < ActiveRecord::Base
+      has_many_attached :photos, service: :s3
+    end
+    ```
 
-    Obviate the disk service's `:host` configuration option.
+    *Dmitry Tsepelev*
+
+*   You can optionally provide a custom blob key when attaching a new file:
+
+    ```ruby
+    user.avatar.attach key: "avatars/#{user.id}.jpg",
+      io: io, content_type: "image/jpeg", filename: "avatar.jpg"
+    ```
+
+    Active Storage will store the blob's data on the configured service at the provided key.
 
     *George Claghorn*
 
-*   Add source code to published npm package.
+*   Replace `Blob.create_after_upload!` with `Blob.create_and_upload!` and deprecate the former.
+
+    `create_after_upload!` has been removed since it could lead to data
+    corruption by uploading to a key on the storage service which happened to
+    be already taken. Creating the record would then correctly raise a
+    database uniqueness exception but the stored object would already have
+    overwritten another. `create_and_upload!` swaps the order of operations
+    so that the key gets reserved up-front or the uniqueness error gets raised,
+    before the upload to a key takes place.
 
-    This allows activestorage users to depend on the javascript source code
-    rather than the compiled code, which can produce smaller javascript bundles.
+    *Julik Tarkhanov*
 
-    *Richard Macklin*
+*   Set content disposition in direct upload using `filename` and `disposition` parameters to `ActiveStorage::Service#headers_for_direct_upload`.
 
-*   Preserve display aspect ratio when extracting width and height from videos
-    with rectangular samples in `ActiveStorage::Analyzer::VideoAnalyzer`.
+    *Peter Zhu*
 
-    When a video contains a display aspect ratio, emit it in metadata as
-    `:display_aspect_ratio` rather than the ambiguous `:aspect_ratio`. Compute
-    its height by scaling its encoded frame width according to the DAR.
+*   Allow record to be optionally passed to blob finders to make sharding
+    easier.
+
+    *Gannon McGibbon*
+
+*   Switch from `azure-storage` gem to `azure-storage-blob` gem for Azure service.
+
+    *Peter Zhu*
+
+*   Add `config.active_storage.draw_routes` to disable Active Storage routes.
+
+    *Gannon McGibbon*
+
+*   Image analysis is skipped if ImageMagick returns an error.
+
+    `ActiveStorage::Analyzer::ImageAnalyzer#metadata` would previously raise a
+    `MiniMagick::Error`, which caused persistent `ActiveStorage::AnalyzeJob`
+    failures. It now logs the error and returns `{}`, resulting in no metadata
+    being added to the offending image blob.
 
     *George Claghorn*
 
-*   Use `after_destroy_commit` instead of `before_destroy` for purging
-    attachments when a record is destroyed.
+*   Method calls on singular attachments return `nil` when no file is attached.
+
+    Previously, assuming the following User model, `user.avatar.filename` would
+    raise a `Module::DelegationError` if no avatar was attached:
+
+    ```ruby
+    class User < ApplicationRecord
+      has_one_attached :avatar
+    end
+    ```
 
-    *Hiroki Zenigami*
+    They now return `nil`.
 
-*   Force `:attachment` disposition for specific, configurable content types.
-    This mitigates possible security issues such as XSS or phishing when
-    serving them inline. A list of such content types is included by default,
-    and can be configured via `content_types_to_serve_as_binary`.
+    *Matthew Tanous*
 
-    *Rosa Gutierrez*
+*   The mirror service supports direct uploads.
 
-*   Fix the gem adding the migrations files to the package.
+    New files are directly uploaded to the primary service. When a
+    directly-uploaded file is attached to a record, a background job is enqueued
+    to copy it to each secondary service.
 
-    *Yuji Yaginuma*
+    Configure the queue used to process mirroring jobs by setting
+    `config.active_storage.queues.mirror`. The default is `:active_storage_mirror`.
+
+    *George Claghorn*
+
+*   The S3 service now permits uploading files larger than 5 gigabytes.
+
+    When uploading a file greater than 100 megabytes in size, the service
+    transparently switches to [multipart uploads](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+    using a part size computed from the file's total size and S3's part count limit.
+
+    No application changes are necessary to take advantage of this feature. You
+    can customize the default 100 MB multipart upload threshold in your S3
+    service's configuration:
+
+    ```yaml
+    production:
+      service: s3
+      access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+      secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+      region: us-east-1
+      bucket: my-bucket
+      upload:
+        multipart_threshold: <%= 250.megabytes %>
+    ```
+
+    *George Claghorn*
 
-*   Added to Rails.
 
-    *DHH*
+Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2018 David Heinemeier Hansson, Basecamp
+Copyright (c) 2017-2020 David Heinemeier Hansson, Basecamp
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -4,17 +4,21 @@ Active Storage makes it simple to upload and reference files in cloud services l
 
 Files can be uploaded from the server to the cloud or directly from the client to the cloud.
 
-Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) supported transformation.
+Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) or [Vips](https://www.rubydoc.info/gems/ruby-vips/Vips/Image) supported transformation.
+
+You can read more about Active Storage in the [Active Storage Overview](https://edgeguides.rubyonrails.org/active_storage_overview.html) guide.
 
 ## Compared to other storage solutions
 
-A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/5-2-stable/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/5-2-stable/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
+A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
 
 `Blob` models store attachment metadata (filename, content-type, etc.), and their identifier key in the storage service. Blob models do not store the actual binary data. They are intended to be immutable in spirit. One file, one blob. You can associate the same blob with multiple application models as well. And if you want to do transformations of a given `Blob`, the idea is that you'll simply create a new one, rather than attempt to mutate the existing one (though of course you can delete the previous version later if you don't need it).
 
 ## Installation
 
-Run `rails active_storage:install` to copy over active_storage migrations.
+Run `bin/rails active_storage:install` to copy over active_storage migrations.
+
+NOTE: If the task cannot be found, verify that `require "active_storage/engine"` is present in `config/application.rb`.
 
 ## Examples
 
@@ -51,7 +55,7 @@ url_for(user.avatar)
 
 class AvatarsController < ApplicationController
   def update
-    # params[:avatar] contains a ActionDispatch::Http::UploadedFile object
+    # params[:avatar] contains an ActionDispatch::Http::UploadedFile object
     Current.user.avatar.attach(params.require(:avatar))
     redirect_to Current.user
   end
@@ -99,7 +103,38 @@ Variation of image attachment:
 
 ```erb
 <%# Hitting the variant URL will lazy transform the original blob and then redirect to its new service location %>
-<%= image_tag user.avatar.variant(resize: "100x100") %>
+<%= image_tag user.avatar.variant(resize_to_limit: [100, 100]) %>
+```
+
+## File serving strategies
+
+Active Storage supports two ways to serve files: redirecting and proxying.
+
+### Redirecting
+
+Active Storage generates stable application URLs for files which, when accessed, redirect to signed, short-lived service URLs. This relieves application servers of the burden of serving file data. It is the default file serving strategy.
+
+When the application is configured to proxy files by default, use the `rails_storage_redirect_path` and `_url` route helpers to redirect instead:
+
+```erb
+<%= image_tag rails_storage_redirect_path(@user.avatar) %>
+```
+
+### Proxying
+
+Optionally, files can be proxied instead. This means that your application servers will download file data from the storage service in response to requests. This can be useful for serving files from a CDN.
+
+Explicitly proxy attachments using the `rails_storage_proxy_path` and `_url` route helpers:
+
+```erb
+<%= image_tag rails_storage_proxy_path(@user.avatar) %>
+```
+
+Or configure Active Storage to use proxying by default:
+
+```ruby
+# config/initializers/active_storage.rb
+Rails.application.config.active_storage.resolve_model_to_route = :rails_storage_proxy
 ```
 
 ## Direct uploads
@@ -116,7 +151,7 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```
     Using the npm package:
     ```js
-    import * as ActiveStorage from "activestorage"
+    import * as ActiveStorage from "@rails/activestorage"
     ActiveStorage.start()
     ```
 2. Annotate file inputs with the direct upload URL.
@@ -148,7 +183,7 @@ Active Storage is released under the [MIT License](https://opensource.org/licens
 
 API documentation is at:
 
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 
 Bug reports for the Ruby on Rails project can be filed here:
 
@@ -156,4 +191,4 @@ Bug reports for the Ruby on Rails project can be filed here:
 
 Feature requests should be discussed on the rails-core mailing list here:
 
-* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core
+* https://discuss.rubyonrails.org/c/rubyonrails-core

data/app/assets/javascripts/activestorage.js

@@ -550,7 +550,7 @@
       this.file = file;
       this.attributes = {
         filename: file.name,
-        content_type: file.type,
+        content_type: file.type || "application/octet-stream",
         byte_size: file.size,
         checksum: checksum
       };
@@ -560,7 +560,10 @@
       this.xhr.setRequestHeader("Content-Type", "application/json");
       this.xhr.setRequestHeader("Accept", "application/json");
       this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
-      this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token"));
+      var csrfToken = getMetaValue("csrf-token");
+      if (csrfToken != undefined) {
+        this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
+      }
       this.xhr.addEventListener("load", function(event) {
         return _this.requestDidLoad(event);
       });

data/app/controllers/active_storage/base_controller.rb

@@ -1,10 +1,19 @@
 # frozen_string_literal: true
 
-# The base controller for all ActiveStorage controllers.
+# The base class for all Active Storage controllers.
 class ActiveStorage::BaseController < ActionController::Base
+  include ActiveStorage::SetCurrent
+
   protect_from_forgery with: :exception
 
-  before_action do
-    ActiveStorage::Current.host = request.base_url
-  end
+  self.etag_with_template_digest = false
+
+  private
+    def stream(blob)
+      blob.download do |chunk|
+        response.stream.write chunk
+      end
+    ensure
+      response.stream.close
+    end
 end

data/app/controllers/active_storage/blobs/proxy_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Proxy files through application. This avoids having a redirect and makes files easier to cache.
+class ActiveStorage::Blobs::ProxyController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+  include ActiveStorage::SetHeaders
+
+  def show
+    http_cache_forever public: true do
+      set_content_headers_from @blob
+      stream @blob
+    end
+  end
+end

data/app/controllers/active_storage/{blobs_controller.rb → blobs/redirect_controller.rb}

@@ -4,11 +4,11 @@
 # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
 # security-through-obscurity factor of the signed blob references, you'll need to implement your own
 # authenticated redirection controller.
-class ActiveStorage::BlobsController < ActiveStorage::BaseController
+class ActiveStorage::Blobs::RedirectController < ActiveStorage::BaseController
   include ActiveStorage::SetBlob
 
   def show
-    expires_in ActiveStorage::Blob.service.url_expires_in
-    redirect_to @blob.service_url(disposition: params[:disposition])
+    expires_in ActiveStorage.service_urls_expire_in
+    redirect_to @blob.url(disposition: params[:disposition])
   end
 end

data/app/controllers/active_storage/direct_uploads_controller.rb

@@ -5,13 +5,13 @@
 # the blob that was created up front.
 class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController
   def create
-    blob = ActiveStorage::Blob.create_before_direct_upload!(blob_args)
+    blob = ActiveStorage::Blob.create_before_direct_upload!(**blob_args)
     render json: direct_upload_json(blob)
   end
 
   private
     def blob_args
-      params.require(:blob).permit(:filename, :byte_size, :checksum, :content_type, :metadata).to_h.symbolize_keys
+      params.require(:blob).permit(:filename, :byte_size, :checksum, :content_type, metadata: {}).to_h.symbolize_keys
     end
 
     def direct_upload_json(blob)