activestorage 6.0.4.6 → 6.1.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd478b94709d7df9dbb70008f89cb1b5bf7e6984e025f3cadea8e1f7c27d0383
-  data.tar.gz: 4ccf47891c900e624d8d93935460ad0951198cf5a096177fab0ffa46f4b89179
+  metadata.gz: 2b5828c669886bb3073bc9a325644f70785b9e7432fe34bf609369ae854472d1
+  data.tar.gz: c20c99725925af7c67f86c4ad99fcc5add79a4c373db3c1d5ae6fe4c2b1a893b
 SHA512:
-  metadata.gz: bbca4133f93dbc6a64151d30f4023f8da2e1e8fa6fb37c43e6e312ff090cd5c498e54f5abf0858ccab79d4a68b7631f4d98157dcc7a65bbda4d04ac9ec605840
-  data.tar.gz: 49b603b52623d68bc21295a65337aad7025a822c02e1d90ef8e7eb7977aa03cab78b2100bebf77f15ab229483e6bd0d830a1d0d46cc7343a5f5dfdea2e9c4378
+  metadata.gz: 7d0adc41784932bd392d92f120fadea916633ccf659a2b2d5d3b6a305eee2ca093a6d82045e322b40a5d6349cfeae880db08c87f1972bb40e954f52dd1457c45
+  data.tar.gz: adf193c0617237b63aaf251b0e0fe8ec0e48da5b3dc47d8a6e60a5b91ea976d3a205dd990a0a2b20d65bd21b70dc5eccbaed0a512a86c03445be84811fa5deda

data/CHANGELOG.md

@@ -1,34 +1,24 @@
-## Rails 6.0.4.6 (February 11, 2022) ##
+## Rails 6.1.0.rc1 (November 02, 2020) ##
 
-*   No changes.
+*   Remove deprecated support to pass `:combine_options` operations to `ActiveStorage::Transformers::ImageProcessing`.
 
+    *Rafael Mendonça França*
 
-## Rails 6.0.4.5 (February 11, 2022) ##
+*   Remove deprecated `ActiveStorage::Transformers::MiniMagickTransformer`.
 
-*   No changes.
+    *Rafael Mendonça França*
 
+*   Remove deprecated `config.active_storage.queue`.
 
-## Rails 6.0.4.4 (December 15, 2021) ##
+    *Rafael Mendonça França*
 
-*   No changes.
+*   Remove deprecated `ActiveStorage::Downloading`.
 
+    *Rafael Mendonça França*
 
-## Rails 6.0.4.3 (December 14, 2021) ##
+*   Add per-environment configuration support
 
-*   No changes.
-
-
-## Rails 6.0.4.2 (December 14, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.1 (August 19, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4 (June 15, 2021) ##
+    *Pietro Moro*
 
 *   The Poppler PDF previewer renders a preview image using the original
     document's crop box rather than its media box, hiding print margins. This
@@ -36,273 +26,207 @@
 
     *Vincent Robert*
 
+*   Touch parent model when an attachment is purged.
 
-## Rails 6.0.3.7 (May 05, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.6 (March 26, 2021) ##
-
-*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
-    mime types data.
-
-    *George Claghorn*
-
-
-## Rails 6.0.3.5 (February 10, 2021) ##
-
-*   No changes.
-
+    *Víctor Pérez Rodríguez*
 
-## Rails 6.0.3.4 (October 07, 2020) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.3 (September 09, 2020) ##
-
-*   No changes.
+*   Files can now be served by proxying them from the underlying storage service
+    instead of redirecting to a signed service URL. Use the
+    `rails_storage_proxy_path` and `_url` helpers to proxy an attached file:
 
+    ```erb
+    <%= image_tag rails_storage_proxy_path(@user.avatar) %>
+    ```
 
-## Rails 6.0.3.2 (June 17, 2020) ##
+    To proxy by default, set `config.active_storage.resolve_model_to_route`:
 
-*   No changes.
+    ```ruby
+    # Proxy attached files instead.
+    config.active_storage.resolve_model_to_route = :rails_storage_proxy
+    ```
 
+    ```erb
+    <%= image_tag @user.avatar %>
+    ```
 
-## Rails 6.0.3.1 (May 18, 2020) ##
+    To redirect to a signed service URL when the default file serving strategy
+    is set to proxying, use the `rails_storage_redirect_path` and `_url` helpers:
 
-*   [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
+    ```erb
+    <%= image_tag rails_storage_redirect_path(@user.avatar) %>
+    ```
 
+    *Jonathan Fleckenstein*
 
-## Rails 6.0.3 (May 06, 2020) ##
+*   Add `config.active_storage.web_image_content_types` to allow applications
+    to add content types (like `image/webp`) in which variants can be processed,
+    instead of letting those images be converted to the fallback PNG format.
 
-*   No changes.
+    *Jeroen van Haperen*
 
+*   Add support for creating variants of `WebP` images out of the box.
 
-## Rails 6.0.2.2 (March 19, 2020) ##
+    *Dino Maric*
 
-*   No changes.
+*   Only enqueue analysis jobs for blobs with non-null analyzer classes.
 
+    *Gannon McGibbon*
 
-## Rails 6.0.2.1 (December 18, 2019) ##
+*   Previews are created on the same service as the original blob.
 
-*   No changes.
+    *Peter Zhu*
 
+*   Remove unused `disposition` and `content_type` query parameters for `DiskService`.
 
-## Rails 6.0.2 (December 13, 2019) ##
+    *Peter Zhu*
 
-*   No changes.
+*   Use `DiskController` for both public and private files.
 
+    `DiskController` is able to handle multiple services by adding a
+    `service_name` field in the generated URL in `DiskService`.
 
-## Rails 6.0.1 (November 5, 2019) ##
+    *Peter Zhu*
 
-*   `ActiveStorage::AnalyzeJob`s are discarded on `ActiveRecord::RecordNotFound` errors.
+*   Variants are tracked in the database to avoid existence checks in the storage service.
 
     *George Claghorn*
 
-*   Blobs are recorded in the database before being uploaded to the service.
-    This fixes that generated blob keys could silently collide, leading to
-    data loss.
-
-    *Julik Tarkhanov*
-
-
-## Rails 6.0.0 (August 16, 2019) ##
-
-*   No changes.
-
-
-## Rails 6.0.0.rc2 (July 22, 2019) ##
-
-*   No changes.
+*   Deprecate `service_url` methods in favour of `url`.
 
+    Deprecate `Variant#service_url` and `Preview#service_url` to instead use
+    `#url` method to be consistent with `Blob`.
 
-## Rails 6.0.0.rc1 (April 24, 2019) ##
+    *Peter Zhu*
 
-*   Don't raise when analyzing an image whose type is unsupported by ImageMagick.
+*   Permanent URLs for public storage blobs.
 
-    Fixes #36065.
+    Services can be configured in `config/storage.yml` with a new key
+    `public: true | false` to indicate whether a service holds public
+    blobs or private blobs. Public services will always return a permanent URL.
 
-    *Guilherme Mansur*
+    Deprecates `Blob#service_url` in favor of `Blob#url`.
 
-*   Permit generating variants of BMP images.
+    *Peter Zhu*
 
-    *Younes Serraj*
+*   Make services aware of configuration names.
 
+    *Gannon McGibbon*
 
-## Rails 6.0.0.beta3 (March 11, 2019) ##
+*   The `Content-Type` header is set on image variants when they're uploaded to third-party storage services.
 
-*   No changes.
+    *Kyle Ribordy*
 
+*   Allow storage services to be configured per attachment.
 
-## Rails 6.0.0.beta2 (February 25, 2019) ##
-
-*   No changes.
-
-
-## Rails 6.0.0.beta1 (January 18, 2019) ##
+    ```ruby
+    class User < ActiveRecord::Base
+      has_one_attached :avatar, service: :s3
+    end
 
-*   [Rename npm package](https://github.com/rails/rails/pull/34905) from
-    [`activestorage`](https://www.npmjs.com/package/activestorage) to
-    [`@rails/activestorage`](https://www.npmjs.com/package/@rails/activestorage).
+    class Gallery < ActiveRecord::Base
+      has_many_attached :photos, service: :s3
+    end
+    ```
 
-    *Javan Makhmali*
+    *Dmitry Tsepelev*
 
-*   Replace `config.active_storage.queue` with two options that indicate which
-    queues analysis and purge jobs should use, respectively:
+*   You can optionally provide a custom blob key when attaching a new file:
 
-    * `config.active_storage.queues.analysis`
-    * `config.active_storage.queues.purge`
+    ```ruby
+    user.avatar.attach key: "avatars/#{user.id}.jpg",
+      io: io, content_type: "image/jpeg", filename: "avatar.jpg"
+    ```
 
-    `config.active_storage.queue` is preferred over the new options when it's
-    set, but it is deprecated and will be removed in Rails 6.1.
+    Active Storage will store the blob's data on the configured service at the provided key.
 
     *George Claghorn*
 
-*   Permit generating variants of TIFF images.
+*   Replace `Blob.create_after_upload!` with `Blob.create_and_upload!` and deprecate the former.
 
-    *Luciano Sousa*
-
-*   Use base36 (all lowercase) for all new Blob keys to prevent
-    collisions and undefined behavior with case-insensitive filesystems and
-    database indices.
+    `create_after_upload!` has been removed since it could lead to data
+    corruption by uploading to a key on the storage service which happened to
+    be already taken. Creating the record would then correctly raise a
+    database uniqueness exception but the stored object would already have
+    overwritten another. `create_and_upload!` swaps the order of operations
+    so that the key gets reserved up-front or the uniqueness error gets raised,
+    before the upload to a key takes place.
 
     *Julik Tarkhanov*
 
-*   It doesn’t include an `X-CSRF-Token` header if a meta tag is not found on
-    the page. It previously included one with a value of `undefined`.
-
-    *Cameron Bothner*
-
-*   Fix `ArgumentError` when uploading to amazon s3
-
-    *Hiroki Sanpei*
-
-*   Add progressive JPG to default list of variable content types
-
-    *Maurice Kühlborn*
-
-*   Add `ActiveStorage.routes_prefix` for configuring generated routes.
-
-    *Chris Bisnett*
-
-*   `ActiveStorage::Service::AzureStorageService` only handles specifically
-    relevant types of `Azure::Core::Http::HTTPError`. It previously obscured
-    other types of `HTTPError`, which is the azure-storage gem’s catch-all
-    exception class.
-
-    *Cameron Bothner*
+*   Set content disposition in direct upload using `filename` and `disposition` parameters to `ActiveStorage::Service#headers_for_direct_upload`.
 
-*   `ActiveStorage::DiskController#show` generates a 404 Not Found response when
-    the requested file is missing from the disk service. It previously raised
-    `Errno::ENOENT`.
+    *Peter Zhu*
 
-    *Cameron Bothner*
+*   Allow record to be optionally passed to blob finders to make sharding
+    easier.
 
-*   `ActiveStorage::Blob#download` and `ActiveStorage::Blob#open` raise
-    `ActiveStorage::FileNotFoundError` when the corresponding file is missing
-    from the storage service. Services translate service-specific missing object
-    exceptions (e.g. `Google::Cloud::NotFoundError` for the GCS service and
-    `Errno::ENOENT` for the disk service) into
-    `ActiveStorage::FileNotFoundError`.
+    *Gannon McGibbon*
 
-    *Cameron Bothner*
+*   Switch from `azure-storage` gem to `azure-storage-blob` gem for Azure service.
 
-*   Added the `ActiveStorage::SetCurrent` concern for custom Active Storage
-    controllers that can't inherit from `ActiveStorage::BaseController`.
+    *Peter Zhu*
 
-    *George Claghorn*
-
-*   Active Storage error classes like `ActiveStorage::IntegrityError` and
-    `ActiveStorage::UnrepresentableError` now inherit from `ActiveStorage::Error`
-    instead of `StandardError`. This permits rescuing `ActiveStorage::Error` to
-    handle all Active Storage errors.
-
-    *Andrei Makarov*, *George Claghorn*
+*   Add `config.active_storage.draw_routes` to disable Active Storage routes.
 
-*   Uploaded files assigned to a record are persisted to storage when the record
-    is saved instead of immediately.
+    *Gannon McGibbon*
 
-    In Rails 5.2, the following causes an uploaded file in `params[:avatar]` to
-    be stored:
+*   Image analysis is skipped if ImageMagick returns an error.
 
-    ```ruby
-    @user.avatar = params[:avatar]
-    ```
-
-    In Rails 6, the uploaded file is stored when `@user` is successfully saved.
+    `ActiveStorage::Analyzer::ImageAnalyzer#metadata` would previously raise a
+    `MiniMagick::Error`, which caused persistent `ActiveStorage::AnalyzeJob`
+    failures. It now logs the error and returns `{}`, resulting in no metadata
+    being added to the offending image blob.
 
     *George Claghorn*
 
-*   Add the ability to reflect on defined attachments using the existing
-    ActiveRecord reflection mechanism.
-
-    *Kevin Deisz*
+*   Method calls on singular attachments return `nil` when no file is attached.
 
-*   Variant arguments of `false` or `nil` will no longer be passed to the
-    processor. For example, the following will not have the monochrome
-    variation applied:
+    Previously, assuming the following User model, `user.avatar.filename` would
+    raise a `Module::DelegationError` if no avatar was attached:
 
     ```ruby
-      avatar.variant(monochrome: false)
+    class User < ApplicationRecord
+      has_one_attached :avatar
+    end
     ```
 
-    *Jacob Smith*
+    They now return `nil`.
 
-*   Generated attachment getter and setter methods are created
-    within the model's `GeneratedAssociationMethods` module to
-    allow overriding and composition using `super`.
+    *Matthew Tanous*
 
-    *Josh Susser*, *Jamon Douglas*
+*   The mirror service supports direct uploads.
 
-*   Add `ActiveStorage::Blob#open`, which downloads a blob to a tempfile on disk
-    and yields the tempfile. Deprecate `ActiveStorage::Downloading`.
+    New files are directly uploaded to the primary service. When a
+    directly-uploaded file is attached to a record, a background job is enqueued
+    to copy it to each secondary service.
 
-    *David Robertson*, *George Claghorn*
+    Configure the queue used to process mirroring jobs by setting
+    `config.active_storage.queues.mirror`. The default is `:active_storage_mirror`.
 
-*   Pass in `identify: false` as an argument when providing a `content_type` for
-    `ActiveStorage::Attached::{One,Many}#attach` to bypass automatic content
-    type inference. For example:
+    *George Claghorn*
 
-    ```ruby
-      @message.image.attach(
-        io: File.open('/path/to/file'),
-        filename: 'file.pdf',
-        content_type: 'application/pdf',
-        identify: false
-      )
+*   The S3 service now permits uploading files larger than 5 gigabytes.
+
+    When uploading a file greater than 100 megabytes in size, the service
+    transparently switches to [multipart uploads](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+    using a part size computed from the file's total size and S3's part count limit.
+
+    No application changes are necessary to take advantage of this feature. You
+    can customize the default 100 MB multipart upload threshold in your S3
+    service's configuration:
+
+    ```yaml
+    production:
+      service: s3
+      access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+      secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+      region: us-east-1
+      bucket: my-bucket
+      upload:
+        multipart_threshold: <%= 250.megabytes %>
     ```
 
-    *Ryan Davidson*
-
-*   The Google Cloud Storage service properly supports streaming downloads.
-    It now requires version 1.11 or newer of the google-cloud-storage gem.
-
     *George Claghorn*
 
-*   Use the [ImageProcessing](https://github.com/janko-m/image_processing) gem
-    for Active Storage variants, and deprecate the MiniMagick backend.
-
-    This means that variants are now automatically oriented if the original
-    image was rotated. Also, in addition to the existing ImageMagick
-    operations, variants can now use `:resize_to_fit`, `:resize_to_fill`, and
-    other ImageProcessing macros. These are now recommended over raw `:resize`,
-    as they also sharpen the thumbnail after resizing.
-
-    The ImageProcessing gem also comes with a backend implemented on
-    [libvips](http://jcupitt.github.io/libvips/), an alternative to
-    ImageMagick which has significantly better performance than
-    ImageMagick in most cases, both in terms of speed and memory usage. In
-    Active Storage it's now possible to switch to the libvips backend by
-    changing `Rails.application.config.active_storage.variant_processor` to
-    `:vips`.
-
-    *Janko Marohnić*
-
-*   Rails 6 requires Ruby 2.5.0 or newer.
-
-    *Jeremy Daer*, *Kasper Timm Hansen*
-
 
-Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/activestorage/CHANGELOG.md) for previous changes.
+Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp
+Copyright (c) 2017-2020 David Heinemeier Hansson, Basecamp
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -10,13 +10,13 @@ You can read more about Active Storage in the [Active Storage Overview](https://
 
 ## Compared to other storage solutions
 
-A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
+A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/master/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/master/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
 
 `Blob` models store attachment metadata (filename, content-type, etc.), and their identifier key in the storage service. Blob models do not store the actual binary data. They are intended to be immutable in spirit. One file, one blob. You can associate the same blob with multiple application models as well. And if you want to do transformations of a given `Blob`, the idea is that you'll simply create a new one, rather than attempt to mutate the existing one (though of course you can delete the previous version later if you don't need it).
 
 ## Installation
 
-Run `rails active_storage:install` to copy over active_storage migrations.
+Run `bin/rails active_storage:install` to copy over active_storage migrations.
 
 NOTE: If the task cannot be found, verify that `require "active_storage/engine"` is present in `config/application.rb`.
 
@@ -55,7 +55,7 @@ url_for(user.avatar)
 
 class AvatarsController < ApplicationController
   def update
-    # params[:avatar] contains a ActionDispatch::Http::UploadedFile object
+    # params[:avatar] contains an ActionDispatch::Http::UploadedFile object
     Current.user.avatar.attach(params.require(:avatar))
     redirect_to Current.user
   end
@@ -106,6 +106,37 @@ Variation of image attachment:
 <%= image_tag user.avatar.variant(resize_to_limit: [100, 100]) %>
 ```
 
+## File serving strategies
+
+Active Storage supports two ways to serve files: redirecting and proxying.
+
+### Redirecting
+
+Active Storage generates stable application URLs for files which, when accessed, redirect to signed, short-lived service URLs. This relieves application servers of the burden of serving file data. It is the default file serving strategy.
+
+When the application is configured to proxy files by default, use the `rails_storage_redirect_path` and `_url` route helpers to redirect instead:
+
+```erb
+<%= image_tag rails_storage_redirect_path(@user.avatar) %>
+```
+
+### Proxying
+
+Optionally, files can be proxied instead. This means that your application servers will download file data from the storage service in response to requests. This can be useful for serving files from a CDN.
+
+Explicitly proxy attachments using the `rails_storage_proxy_path` and `_url` route helpers:
+
+```erb
+<%= image_tag rails_storage_proxy_path(@user.avatar) %>
+```
+
+Or configure Active Storage to use proxying by default:
+
+```ruby
+# config/initializers/active_storage.rb
+Rails.application.config.active_storage.resolve_model_to_route = :rails_storage_proxy
+```
+
 ## Direct uploads
 
 Active Storage, with its included JavaScript library, supports uploading directly from the client to the cloud.
@@ -120,7 +151,8 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```
     Using the npm package:
     ```js
-    require("@rails/activestorage").start()
+    import * as ActiveStorage from "@rails/activestorage"
+    ActiveStorage.start()
     ```
 2. Annotate file inputs with the direct upload URL.
 

data/app/controllers/active_storage/base_controller.rb

@@ -5,4 +5,15 @@ class ActiveStorage::BaseController < ActionController::Base
   include ActiveStorage::SetCurrent
 
   protect_from_forgery with: :exception
+
+  self.etag_with_template_digest = false
+
+  private
+    def stream(blob)
+      blob.download do |chunk|
+        response.stream.write chunk
+      end
+    ensure
+      response.stream.close
+    end
 end

data/app/controllers/active_storage/blobs/proxy_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Proxy files through application. This avoids having a redirect and makes files easier to cache.
+class ActiveStorage::Blobs::ProxyController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+  include ActiveStorage::SetHeaders
+
+  def show
+    http_cache_forever public: true do
+      set_content_headers_from @blob
+      stream @blob
+    end
+  end
+end

data/app/controllers/active_storage/{blobs_controller.rb → blobs/redirect_controller.rb}

@@ -4,11 +4,11 @@
 # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
 # security-through-obscurity factor of the signed blob references, you'll need to implement your own
 # authenticated redirection controller.
-class ActiveStorage::BlobsController < ActiveStorage::BaseController
+class ActiveStorage::Blobs::RedirectController < ActiveStorage::BaseController
   include ActiveStorage::SetBlob
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.service_url(disposition: params[:disposition])
+    redirect_to @blob.url(disposition: params[:disposition])
   end
 end

data/app/controllers/active_storage/disk_controller.rb

@@ -5,11 +5,13 @@
 # Always go through the BlobsController, or your own authenticated controller, rather than directly
 # to the service URL.
 class ActiveStorage::DiskController < ActiveStorage::BaseController
+  include ActiveStorage::FileServer
+
   skip_forgery_protection
 
   def show
     if key = decode_verified_key
-      serve_file disk_service.path_for(key[:key]), content_type: key[:content_type], disposition: key[:disposition]
+      serve_file named_disk_service(key[:service_name]).path_for(key[:key]), content_type: key[:content_type], disposition: key[:disposition]
     else
       head :not_found
     end
@@ -20,7 +22,7 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
   def update
     if token = decode_verified_token
       if acceptable_content?(token)
-        disk_service.upload token[:key], request.body, checksum: token[:checksum]
+        named_disk_service(token[:service_name]).upload token[:key], request.body, checksum: token[:checksum]
       else
         head :unprocessable_entity
       end
@@ -32,30 +34,16 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
   end
 
   private
-    def disk_service
-      ActiveStorage::Blob.service
+    def named_disk_service(name)
+      ActiveStorage::Blob.services.fetch(name) do
+        ActiveStorage::Blob.service
+      end
     end
 
-
     def decode_verified_key
       ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
 
-    def serve_file(path, content_type:, disposition:)
-      Rack::File.new(nil).serving(request, path).tap do |(status, headers, body)|
-        self.status = status
-        self.response_body = body
-
-        headers.each do |name, value|
-          response.headers[name] = value
-        end
-
-        response.headers["Content-Type"] = content_type || DEFAULT_SEND_FILE_TYPE
-        response.headers["Content-Disposition"] = disposition || DEFAULT_SEND_FILE_DISPOSITION
-      end
-    end
-
-
     def decode_verified_token
       ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
     end

data/app/controllers/active_storage/representations/proxy_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Proxy files through application. This avoids having a redirect and makes files easier to cache.
+class ActiveStorage::Representations::ProxyController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+  include ActiveStorage::SetHeaders
+
+  def show
+    http_cache_forever public: true do
+      set_content_headers_from representation.image
+      stream representation
+    end
+  end
+
+  private
+    def representation
+      @representation ||= @blob.representation(params[:variation_key]).processed
+    end
+end