activestorage 7.0.8 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9e342b04e0f0e10c35e4f32e52d6a0e0097e74a77982df1a6a39e9424dae4120
-  data.tar.gz: 86b32ee44b192ec4f376096939712d43c10006e6e2272d8a0de547a69fc1e297
+  metadata.gz: 3f09e751b9896e3e99bda5b07a2f946e14cc08a8b25b29b872c85d918fa906c1
+  data.tar.gz: f10ad7fbf13f79f91b690a6417a7f035038f62f2c82ee39a94070566773c2bd5
 SHA512:
-  metadata.gz: 0aff23ae574910fb16b69232b28446dd72fead8385a298083dd29a1d237e2f277e6dc98b392dc2364ef20b4181c75d0652f9b5bd9af95b8dbf44a1ebf891d05f
-  data.tar.gz: 1186e01c13dc861941a1a350dab1bbf1983b71fafeca7f359fcdf84d27ed2fd7a4edf020918be5363550fb67e24628d45e631c3e743b95e8c9b87f9551c388d3
+  metadata.gz: d5fc945abbfdfbe05b6aeafa393ef6b6995fa1c0e6f908006dc52e570ba9d17e982f40df652814b95e5da0db68a7bacf8f0a7820de2bec928fbaf1519fed00bd
+  data.tar.gz: 627a0bf0f41c633ce7f3c098b264ffafebe6d081b2aea39ef0c9e30985fe06fb167b192abfd5fd5d729cef9592abe2acade5760ea792089373482dce1183b867

data/CHANGELOG.md

@@ -1,404 +1,252 @@
-## Rails 7.0.8 (September 09, 2023) ##
+## Rails 7.1.0 (October 05, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.7.2 (August 22, 2023) ##
+## Rails 7.1.0.rc2 (October 01, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.7.1 (August 22, 2023) ##
+## Rails 7.1.0.rc1 (September 27, 2023) ##
 
-*   No changes.
-
-
-## Rails 7.0.7 (August 09, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.6 (June 29, 2023) ##
-
-*   Fix retrieving rotation value from FFmpeg on version 5.0+.
-
-    In FFmpeg version 5.0+ the rotation value has been removed from tags.
-    Instead the value can be found in side_data_list. Along with
-    this update it's possible to have values of -90, -270 to denote the video
-    has been rotated.
-
-    *Haroon Ahmed*
-
-
-## Rails 7.0.5.1 (June 26, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.5 (May 24, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4.3 (March 13, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4.2 (January 24, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4.1 (January 17, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4 (September 09, 2022) ##
-
-*   Fixes proxy downloads of files over 5MiB
-
-    Previously, trying to view and/or download files larger than 5mb stored in
-    services like S3 via proxy mode could return corrupted files at around
-    5.2mb or cause random halts in the download. Now,
-    `ActiveStorage::Blobs::ProxyController` correctly handles streaming these
-    larger files from the service to the client without any issues.
-
-    Fixes #44679
-
-    *Felipe Raul*
-
-## Rails 7.0.3.1 (July 12, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.3 (May 09, 2022) ##
-
-*   Don't stream responses in redirect mode
-
-    Previously, both redirect mode and proxy mode streamed their
-    responses which caused a new thread to be created, and could end
-    up leaking connections in the connection pool. But since redirect
-    mode doesn't actually send any data, it doesn't need to be
-    streamed.
-
-    *Luke Lau*
-
-## Rails 7.0.2.4 (April 26, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2.3 (March 08, 2022) ##
-
-*   Added image transformation validation via configurable allow-list.
-
-    Variant now offers a configurable allow-list for
-    transformation methods in addition to a configurable deny-list for arguments.
-
-    [CVE-2022-21831]
-
-
-## Rails 7.0.2.2 (February 11, 2022) ##
-
-*   No changes.
-
-## Rails 7.0.2.1 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2 (February 08, 2022) ##
-
-*   Revert the ability to pass `service_name` param to `DirectUploadsController` which was introduced
-    in 7.0.0.
-
-    That change caused a lot of problems to upgrade Rails applications so we decided to remove it
-    while in work in a more backwards compatible implementation.
-
-    *Gannon McGibbon*
-
-*   Allow applications to opt out of precompiling Active Storage JavaScript assets.
-
-    *jlestavel*
-
-
-## Rails 7.0.1 (January 06, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.0 (December 15, 2021) ##
-
-*   Support transforming empty-ish `has_many_attached` value into `[]` (e.g. `[""]`).
+*   Add `expires_at` option to `ActiveStorage::Blob#signed_id`.
 
     ```ruby
-    @user.highlights = [""]
-    @user.highlights # => []
+    rails_blob_path(user.avatar, disposition: "attachment", expires_at: 30.minutes.from_now)
+    <%= image_tag rails_blob_path(user.avatar.variant(resize: "100x100"), expires_at: 30.minutes.from_now) %>
     ```
 
-    *Sean Doyle*
-
-
-## Rails 7.0.0.rc3 (December 14, 2021) ##
-
-*   No changes.
-
-
-## Rails 7.0.0.rc2 (December 14, 2021) ##
-
-*   No changes.
-
-## Rails 7.0.0.rc1 (December 06, 2021) ##
+    *Aki*
 
-*   `Add ActiveStorage::Blob.compose` to concatenate multiple blobs.
+*   Allow attaching File and Pathname when assigning attributes, e.g.
 
-    *Gannon McGibbon*
-
-*   Setting custom metadata on blobs are now persisted to remote storage.
-
-    *joshuamsager*
-
-*   Support direct uploads to multiple services.
+    ```ruby
+    User.create!(avatar: File.open("image.jpg"))
+    User.create!(avatar: file_fixture("image.jpg"))
+    ```
 
-    *Dmitry Tsepelev*
+    *Dorian Marié*
 
-*   Invalid default content types are deprecated
 
-    Blobs created with content_type `image/jpg`, `image/pjpeg`, `image/bmp`, `text/javascript` will now produce
-    a deprecation warning, since these are not valid content types.
+## Rails 7.1.0.beta1 (September 13, 2023) ##
 
-    These content types will be removed from the defaults in Rails 7.1.
+*   Disables the session in `ActiveStorage::Blobs::ProxyController`
+    and `ActiveStorage::Representations::ProxyController`
+    in order to allow caching by default in some CDNs as CloudFlare
 
-    You can set `config.active_storage.silence_invalid_content_types_warning = true` to dismiss the warning.
+    Fixes #44136
 
-    *Alex Ghiculescu*
+    *Bruno Prieto*
 
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
+*   Add `tags` to `ActiveStorage::Analyzer::AudioAnalyzer` output
 
-*   No changes.
+    *Keaton Roux*
 
+*   Add an option to preprocess variants
 
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
+    ActiveStorage variants are processed on the fly when they are needed but
+    sometimes we're sure that they are accessed and want to processed them
+    upfront.
 
-*   Emit Active Support instrumentation events from Active Storage analyzers.
+    `preprocessed` option is added when declaring variants.
 
-    Fixes #42930
+    ```
+    class User < ApplicationRecord
+      has_one_attached :avatar do |attachable|
+        attachable.variant :thumb, resize_to_limit: [100, 100], preprocessed: true
+      end
+    end
+    ```
 
     *Shouichi Kamiya*
 
-*   Add support for byte range requests
+*   Fix variants not included when eager loading multiple records containing a single attachment
 
-    *Tom Prats*
+    When using the `with_attached_#{name}` scope for a `has_one_attached` relation,
+    attachment variants were not eagerly loaded.
 
-*   Attachments can be deleted after their association is no longer defined.
+    *Russell Porter*
 
-    Fixes #42514
+*   Allow an ActiveStorage attachment to be removed via a form post
 
-    *Don Sisco*
-
-*   Make `vips` the default variant processor for new apps.
-
-    See the upgrade guide for instructions on converting from `mini_magick` to `vips`. `mini_magick` is
-    not deprecated, existing apps can keep using it.
-
-    *Breno Gazzola*
+    Attachments can already be removed by updating the attachment to be nil such as:
+    ```ruby
+    User.find(params[:id]).update!(avatar: nil)
+    ```
 
-*   Deprecate `ActiveStorage::Current.host` in favor of `ActiveStorage::Current.url_options` which accepts
-    a host, protocol and port.
+    However, a form cannot post a nil param, it can only post an empty string. But, posting an
+    empty string would result in an `ActiveSupport::MessageVerifier::InvalidSignature: mismatched digest`
+    error being raised, because it's being treated as a signed blob id.
 
-    *Santiago Bartesaghi*
-
-*   Allow using [IAM](https://cloud.google.com/storage/docs/access-control/signed-urls) when signing URLs with GCS.
+    Now, nil and an empty string are treated as a delete, which allows attachments to be removed via:
+    ```ruby
+    User.find(params[:id]).update!(params.require(:user).permit(:avatar))
 
-    ```yaml
-    gcs:
-      service: GCS
-      ...
-      iam: true
     ```
 
-    *RRethy*
-
-*   OpenSSL constants are now used for Digest computations.
+    *Nate Matykiewicz*
 
-    *Dirkjan Bussink*
+*   Remove mini_mime usage in favour of marcel.
 
-*   Deprecate `config.active_storage.replace_on_assign_to_many`. Future versions of Rails
-    will behave the same way as when the config is set to `true`.
-
-    *Santiago Bartesaghi*
+    We have two libraries that are have similar usage. This change removes
+    dependency on mini_mime and makes use of similar methods from marcel.
 
-*   Remove deprecated methods: `build_after_upload`, `create_after_upload!` in favor of `create_and_upload!`,
-    and `service_url` in favor of `url`.
+    *Vipul A M*
 
-    *Santiago Bartesaghi*
+*   Allow destroying active storage variants
 
-*   Add support of `strict_loading_by_default` to `ActiveStorage::Representations` controllers.
+    ```ruby
+    User.first.avatar.variant(resize_to_limit: [100, 100]).destroy
+    ```
 
-    *Anton Topchii*, *Andrew White*
+    *Shouichi Kamiya*, *Yuichiro NAKAGAWA*, *Ryohei UEDA*
 
-*   Allow to detach an attachment when record is not persisted.
+*   Add `sample_rate` to `ActiveStorage::Analyzer::AudioAnalyzer` output
 
-    *Jacopo Beschi*
+    *Matija Čupić*
 
-*   Use libvips instead of ImageMagick to analyze images when `active_storage.variant_processor = vips`.
+*   Remove deprecated `purge` and `purge_later` methods from the attachments association.
 
-    *Breno Gazzola*
+    *Rafael Mendonça França*
 
-*   Add metadata value for presence of video channel in video blobs.
+*   Remove deprecated behavior when assigning to a collection of attachments.
 
-    The `metadata` attribute of video blobs has a new boolean key named `video` that is set to
-    `true` if the file has an video channel and `false` if it doesn't.
+    Instead of appending to the collection, the collection is now replaced.
 
-    *Breno Gazzola*
+    *Rafael Mendonça França*
 
-*   Deprecate usage of `purge` and `purge_later` from the association extension.
+*   Remove deprecated `ActiveStorage::Current#host` and `ActiveStorage::Current#host=` methods.
 
-    *Jacopo Beschi*
+    *Rafael Mendonça França*
 
-*   Passing extra parameters in `ActiveStorage::Blob#url` to S3 Client.
+*   Remove deprecated invalid default content types in Active Storage configurations.
 
-    This allows calls of `ActiveStorage::Blob#url` to have more interaction with
-    the S3 Presigner, enabling, amongst other options, custom S3 domain URL
-    Generation.
+    *Rafael Mendonça França*
 
-    ```ruby
-    blob = ActiveStorage::Blob.last
+*   Add missing preview event to `ActiveStorage::LogSubscriber`
 
-    blob.url # => https://<bucket-name>.s3.<region>.amazonaws.com/<key>
-    blob.url(virtual_host: true) # => # => https://<bucket-name>/<key>
-    ```
+    A `preview` event is being instrumented in `ActiveStorage::Previewer`.
+    However it was not added inside ActiveStorage's LogSubscriber class.
 
-    *josegomezr*
+    This will allow to have logs for when a preview happens
+    in the same fashion as all other ActiveStorage events such as
+    `upload` and `download` inside `Rails.logger`.
 
-*   Allow setting a `Cache-Control` on files uploaded to GCS.
+    *Chedli Bourguiba*
 
-    ```yaml
-    gcs:
-      service: GCS
-      ...
-      cache_control: "public, max-age=3600"
-    ```
+*   Fix retrieving rotation value from FFmpeg on version 5.0+.
 
-    *maleblond*
+    In FFmpeg version 5.0+ the rotation value has been removed from tags.
+    Instead the value can be found in side_data_list. Along with
+    this update it's possible to have values of -90, -270 to denote the video
+    has been rotated.
 
-*   The parameters sent to `ffmpeg` for generating a video preview image are now
-    configurable under `config.active_storage.video_preview_arguments`.
+    *Haroon Ahmed*
 
-    *Brendon Muir*
+*   Touch all corresponding model records after ActiveStorage::Blob is analyzed
 
-*   The ActiveStorage video previewer will now use scene change detection to generate
-    better preview images (rather than the previous default of using the first frame
-    of the video). This change requires FFmpeg v3.4+.
+    This fixes a race condition where a record can be requested and have a cache entry built, before
+    the initial `analyze_later` completes, which will not be invalidated until something else
+    updates the record. This also invalidates cache entries when a blob is re-analyzed, which
+    is helpful if a bug is fixed in an analyzer or a new analyzer is added.
 
-    *Jonathan Hefner*
+    *Nate Matykiewicz*
 
-*   Add support for ActiveStorage expiring URLs.
+*   Add ability to use pre-defined variants when calling `preview` or
+    `representation` on an attachment.
 
     ```ruby
-    rails_blob_path(user.avatar, disposition: "attachment", expires_in: 30.minutes)
+    class User < ActiveRecord::Base
+      has_one_attached :file do |attachable|
+        attachable.variant :thumb, resize_to_limit: [100, 100]
+      end
+    end
 
-    <%= image_tag rails_blob_path(user.avatar.variant(resize: "100x100"), expires_in: 30.minutes) %>
+    <%= image_tag user.file.representation(:thumb) %>
     ```
 
-    If you want to set default expiration time for ActiveStorage URLs throughout your application, set `config.active_storage.urls_expire_in`.
-
-    *aki77*
-
-*   Allow to purge an attachment when record is not persisted for `has_many_attached`.
-
-    *Jacopo Beschi*
-
-*   Add `with_all_variant_records` method to eager load all variant records on an attachment at once.
-    `with_attached_image` scope now eager loads variant records if using variant tracking.
-
-    *Alex Ghiculescu*
-
-*   Add metadata value for presence of audio channel in video blobs.
-
-    The `metadata` attribute of video blobs has a new boolean key named `audio` that is set to
-    `true` if the file has an audio channel and `false` if it doesn't.
+    *Richard Böhme*
 
-    *Breno Gazzola*
+*   Method `attach` always returns the attachments except when the record
+    is persisted, unchanged, and saving it fails, in which case it returns `nil`.
 
-*   Adds analyzer for audio files.
-
-    *Breno Gazzola*
-
-*   Respect Active Record's primary_key_type in Active Storage migrations.
-
-    *fatkodima*
+    *Santiago Bartesaghi*
 
-*   Allow `expires_in` for ActiveStorage signed ids.
+*   Fixes multiple `attach` calls within transaction not uploading files correctly.
 
-    *aki77*
+    In the following example, the code failed to upload all but the last file to the configured service.
+    ```ruby
+    ActiveRecord::Base.transaction do
+      user.attachments.attach({
+        content_type: "text/plain",
+        filename: "dummy.txt",
+        io: ::StringIO.new("dummy"),
+      })
+      user.attachments.attach({
+        content_type: "text/plain",
+        filename: "dummy2.txt",
+        io: ::StringIO.new("dummy2"),
+      })
+    end
 
-*   Allow to purge an attachment when record is not persisted for `has_one_attached`.
+    assert_equal 2, user.attachments.count
+    assert user.attachments.first.service.exist?(user.attachments.first.key)  # Fails
+    ```
 
-    *Jacopo Beschi*
+    This was addressed by keeping track of the subchanges pending upload, and uploading them
+    once the transaction is committed.
 
-*   Add a load hook called `active_storage_variant_record` (providing `ActiveStorage::VariantRecord`)
-    to allow for overriding aspects of the `ActiveStorage::VariantRecord` class. This makes
-    `ActiveStorage::VariantRecord` consistent with `ActiveStorage::Blob` and `ActiveStorage::Attachment`
-    that already have load hooks.
+    Fixes #41661
 
-    *Brendon Muir*
+    *Santiago Bartesaghi*, *Bruno Vezoli*, *Juan Roig*, *Abhay Nikam*
 
-*   `ActiveStorage::PreviewError` is raised when a previewer is unable to generate a preview image.
+*   Raise an exception if `config.active_storage.service` is not set.
 
-    *Alex Robbin*
+    If Active Storage is configured and `config.active_storage.service` is not
+    set in the respective environment's configuration file, then an exception
+    is raised with a meaningful message when attempting to use Active Storage.
 
-*   Add `ActiveStorage::Streaming` module that can be included in a controller to get access to `#send_blob_stream`,
-    which wraps the new `ActionController::Base#send_stream` method to stream a blob from cloud storage:
+    *Ghouse Mohamed*
 
-    ```ruby
-    class MyPublicBlobsController < ApplicationController
-      include ActiveStorage::SetBlob, ActiveStorage::Streaming
+*   Fixes proxy downloads of files over 5mb
 
-      def show
-        http_cache_forever(public: true) do
-          send_blob_stream @blob, disposition: params[:disposition]
-        end
-      end
-    end
-    ```
+    Previously, trying to view and/or download files larger than 5mb stored in
+    services like S3 via proxy mode could return corrupted files at around
+    5.2mb or cause random halts in the download. Now,
+    `ActiveStorage::Blobs::ProxyController` correctly handles streaming these
+    larger files from the service to the client without any issues.
 
-    *DHH*
+    Fixes #44679
 
-*   Add ability to use pre-defined variants.
+    *Felipe Raul*
 
-    ```ruby
-    class User < ActiveRecord::Base
-      has_one_attached :avatar do |attachable|
-        attachable.variant :thumb, resize: "100x100"
-        attachable.variant :medium, resize: "300x300", monochrome: true
-      end
-    end
+*   Saving attachment(s) to a record returns the blob/blobs object
 
-    class Gallery < ActiveRecord::Base
-      has_many_attached :photos do |attachable|
-        attachable.variant :thumb, resize: "100x100"
-        attachable.variant :medium, resize: "300x300", monochrome: true
-      end
-    end
+    Previously, saving attachments did not return the blob/blobs that
+    were attached. Now, saving attachments to a record with `#attach`
+    method returns the blob or array of blobs that were attached to
+    the record. If it fails to save the attachment(s), then it returns
+    `false`.
 
-    <%= image_tag user.avatar.variant(:thumb) %>
-    ```
+    *Ghouse Mohamed*
 
-    *fatkodima*
+*   Don't stream responses in redirect mode
 
-*   After setting `config.active_storage.resolve_model_to_route = :rails_storage_proxy`
-    `rails_blob_path` and `rails_representation_path` will generate proxy URLs by default.
+    Previously, both redirect mode and proxy mode streamed their
+    responses which caused a new thread to be created, and could end
+    up leaking connections in the connection pool. But since redirect
+    mode doesn't actually send any data, it doesn't need to be
+    streamed.
 
-    *Ali Ismayilov*
+    *Luke Lau*
 
-*   Declare `ActiveStorage::FixtureSet` and `ActiveStorage::FixtureSet.blob` to
-    improve fixture integration.
+*   Safe for direct upload on Libraries or Frameworks
 
-    *Sean Doyle*
+    Enable the use of custom headers during direct uploads, which allows for
+    the inclusion of Authorization bearer tokens or other forms of authorization
+    tokens through headers.
 
+    *Radamés Roriz*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/activestorage/CHANGELOG.md) for previous changes.
+Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2022 David Heinemeier Hansson, Basecamp
+Copyright (c) David Heinemeier Hansson, 37signals LLC
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -6,11 +6,11 @@ Files can be uploaded from the server to the cloud or directly from the client t
 
 Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) or [Vips](https://www.rubydoc.info/gems/ruby-vips/Vips/Image) supported transformation.
 
-You can read more about Active Storage in the [Active Storage Overview](https://edgeguides.rubyonrails.org/active_storage_overview.html) guide.
+You can read more about Active Storage in the [Active Storage Overview](https://guides.rubyonrails.org/active_storage_overview.html) guide.
 
 ## Compared to other storage solutions
 
-A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
+A key difference to how Active Storage works compared to other attachment solutions in \Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/main/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
 
 `Blob` models store attachment metadata (filename, content-type, etc.), and their identifier key in the storage service. Blob models do not store the actual binary data. They are intended to be immutable in spirit. One file, one blob. You can associate the same blob with multiple application models as well. And if you want to do transformations of a given `Blob`, the idea is that you'll simply create a new one, rather than attempt to mutate the existing one (though of course you can delete the previous version later if you don't need it).
 
@@ -144,11 +144,11 @@ Active Storage, with its included JavaScript library, supports uploading directl
 
 1. Include the Active Storage JavaScript in your application's JavaScript bundle or reference it directly.
 
-    Requiring directly without bundling through the asset pipeline in the application html with autostart:
-    ```html
+    Requiring directly without bundling through the asset pipeline in the application HTML with autostart:
+    ```erb
     <%= javascript_include_tag "activestorage" %>
     ```
-    Requiring via importmap-rails without bundling through the asset pipeline in the application html without autostart as ESM:
+    Requiring via importmap-rails without bundling through the asset pipeline in the application HTML without autostart as ESM:
     ```ruby
     # config/importmap.rb
     pin "@rails/activestorage", to: "activestorage.esm.js"
@@ -170,7 +170,7 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```
 2. Annotate file inputs with the direct upload URL.
 
-    ```ruby
+    ```erb
     <%= form.file_field :attachments, multiple: true, direct_upload: true %>
     ```
 3. That's it! Uploads begin upon form submission.

data/app/assets/javascripts/activestorage.esm.js

@@ -508,7 +508,7 @@ function toArray(value) {
 }
 
 class BlobRecord {
-  constructor(file, checksum, url) {
+  constructor(file, checksum, url, customHeaders = {}) {
     this.file = file;
     this.attributes = {
       filename: file.name,
@@ -522,6 +522,9 @@ class BlobRecord {
     this.xhr.setRequestHeader("Content-Type", "application/json");
     this.xhr.setRequestHeader("Accept", "application/json");
     this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+    Object.keys(customHeaders).forEach((headerKey => {
+      this.xhr.setRequestHeader(headerKey, customHeaders[headerKey]);
+    }));
     const csrfToken = getMetaValue("csrf-token");
     if (csrfToken != undefined) {
       this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
@@ -604,11 +607,12 @@ class BlobUpload {
 let id = 0;
 
 class DirectUpload {
-  constructor(file, url, delegate) {
+  constructor(file, url, delegate, customHeaders = {}) {
     this.id = ++id;
     this.file = file;
     this.url = url;
     this.delegate = delegate;
+    this.customHeaders = customHeaders;
   }
   create(callback) {
     FileChecksum.create(this.file, ((error, checksum) => {
@@ -616,7 +620,7 @@ class DirectUpload {
         callback(error);
         return;
       }
-      const blob = new BlobRecord(this.file, checksum, this.url);
+      const blob = new BlobRecord(this.file, checksum, this.url, this.customHeaders);
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
       blob.create((error => {
         if (error) {
@@ -841,4 +845,4 @@ function autostart() {
 
 setTimeout(autostart, 1);
 
-export { DirectUpload, start };
+export { DirectUpload, DirectUploadController, DirectUploadsController, start };