bullet 8.0.3 → 8.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/README.md +5 -0
- data/lib/bullet/active_record4.rb +4 -1
- data/lib/bullet/active_record41.rb +4 -1
- data/lib/bullet/active_record42.rb +4 -1
- data/lib/bullet/active_record5.rb +1 -0
- data/lib/bullet/active_record52.rb +1 -0
- data/lib/bullet/active_record60.rb +1 -0
- data/lib/bullet/active_record61.rb +1 -0
- data/lib/bullet/active_record70.rb +1 -0
- data/lib/bullet/active_record71.rb +1 -0
- data/lib/bullet/active_record72.rb +1 -0
- data/lib/bullet/active_record80.rb +1 -0
- data/lib/bullet/rack.rb +26 -3
- data/lib/bullet/version.rb +1 -1
- data/lib/bullet.rb +7 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 257c8bc067513839f2adb33e6630d62c3b92d6cd7cbdc3656b01349cfc385e20
|
|
4
|
+
data.tar.gz: 131c0be29b73f72d828eaf3825ab37bd2dda9e8880228f3f2b467589fb9dd080
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fe1cfd7baac8c98b3937e7c32a9b54e73446275371501e47f151bd8ec51c95089bb959280419204d33f4a7fffbb0c46bf6d403c03cefe188ab8c02e8de7c5bf4
|
|
7
|
+
data.tar.gz: 8290a945d4ee31300b46ddc622845dc63b1ae33172331e20a4a2ef6b6b7f597766afb4e1c3632225b5de6a6c09c8e7b13fb6b42e69f7fe8148cb76af28ab5f59
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
## Next Release
|
|
2
2
|
|
|
3
|
+
## 8.0.5 (04/21/2025)
|
|
4
|
+
|
|
5
|
+
* Properly insert ContentSecurityPolicy middleware
|
|
6
|
+
* Properly parse query string
|
|
7
|
+
|
|
8
|
+
## 8.0.4 (04/18/2025)
|
|
9
|
+
|
|
10
|
+
* Insert bullet middleware before `ContentSecurityPolicy`
|
|
11
|
+
* Support url query `skip_html_injection=true`
|
|
12
|
+
* Mark object as impossible after updating inversed
|
|
13
|
+
|
|
3
14
|
## 8.0.3 (04/04/2025)
|
|
4
15
|
|
|
5
16
|
* Update non persisted `inversed_objects`
|
data/README.md
CHANGED
|
@@ -192,6 +192,11 @@ see [https://github.com/flyerhzm/uniform_notifier](https://github.com/flyerhzm/u
|
|
|
192
192
|
|
|
193
193
|
Growl support is dropped from uniform_notifier 1.16.0, if you still want it, please use uniform_notifier 1.15.0.
|
|
194
194
|
|
|
195
|
+
## URL query control
|
|
196
|
+
|
|
197
|
+
You can add the URL query parameter `skip_html_injection` to make the current HTML request behave as if `Bullet.skip_html_injection` is enabled,
|
|
198
|
+
e.g. `http://localhost:3000/posts?skip_html_injection=true`
|
|
199
|
+
|
|
195
200
|
## Important
|
|
196
201
|
|
|
197
202
|
If you find Bullet does not work for you, *please disable your browser's cache*.
|
|
@@ -49,7 +49,10 @@ module Bullet
|
|
|
49
49
|
|
|
50
50
|
::ActiveRecord::Persistence.class_eval do
|
|
51
51
|
def _create_record_with_bullet(*args)
|
|
52
|
-
_create_record_without_bullet(*args).tap
|
|
52
|
+
_create_record_without_bullet(*args).tap do
|
|
53
|
+
Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
|
|
54
|
+
Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
|
|
55
|
+
end
|
|
53
56
|
end
|
|
54
57
|
alias_method_chain :_create_record, :bullet
|
|
55
58
|
end
|
|
@@ -52,7 +52,10 @@ module Bullet
|
|
|
52
52
|
|
|
53
53
|
::ActiveRecord::Persistence.class_eval do
|
|
54
54
|
def _create_record_with_bullet(*args)
|
|
55
|
-
_create_record_without_bullet(*args).tap
|
|
55
|
+
_create_record_without_bullet(*args).tap do
|
|
56
|
+
Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
|
|
57
|
+
Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
|
|
58
|
+
end
|
|
56
59
|
end
|
|
57
60
|
alias_method_chain :_create_record, :bullet
|
|
58
61
|
end
|
|
@@ -45,7 +45,10 @@ module Bullet
|
|
|
45
45
|
|
|
46
46
|
::ActiveRecord::Persistence.class_eval do
|
|
47
47
|
def _create_record_with_bullet(*args)
|
|
48
|
-
_create_record_without_bullet(*args).tap
|
|
48
|
+
_create_record_without_bullet(*args).tap do
|
|
49
|
+
Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
|
|
50
|
+
Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
|
|
51
|
+
end
|
|
49
52
|
end
|
|
50
53
|
alias_method_chain :_create_record, :bullet
|
|
51
54
|
end
|
data/lib/bullet/rack.rb
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'rack/request'
|
|
4
|
+
require 'json'
|
|
5
|
+
require 'cgi'
|
|
6
|
+
|
|
3
7
|
module Bullet
|
|
4
8
|
class Rack
|
|
5
9
|
include Dependency
|
|
@@ -19,7 +23,8 @@ module Bullet
|
|
|
19
23
|
response_body = nil
|
|
20
24
|
|
|
21
25
|
if Bullet.notification? || Bullet.always_append_html_body
|
|
22
|
-
|
|
26
|
+
request = ::Rack::Request.new(env)
|
|
27
|
+
if Bullet.inject_into_page? && !skip_html_injection?(request) && !file?(headers) && !sse?(headers) && !empty?(response) && status == 200
|
|
23
28
|
if html_request?(headers, response)
|
|
24
29
|
response_body = response_body(response)
|
|
25
30
|
|
|
@@ -73,8 +78,26 @@ module Bullet
|
|
|
73
78
|
# Many proxy applications such as Nginx and AWS ELB limit
|
|
74
79
|
# the size a header to 8KB, so truncate the list of reports to
|
|
75
80
|
# be under that limit
|
|
76
|
-
header_array.pop while header_array.
|
|
77
|
-
headers[header_name] = header_array
|
|
81
|
+
header_array.pop while JSON.generate(header_array).length > 8 * 1024
|
|
82
|
+
headers[header_name] = JSON.generate(header_array)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def skip_html_injection?(request)
|
|
86
|
+
query_string = request.env['QUERY_STRING']
|
|
87
|
+
return false if query_string.nil? || query_string.empty?
|
|
88
|
+
|
|
89
|
+
params = simple_parse_query_string(query_string)
|
|
90
|
+
params['skip_html_injection'] == 'true'
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
# Simple query string parser
|
|
94
|
+
def simple_parse_query_string(query_string)
|
|
95
|
+
params = {}
|
|
96
|
+
query_string.split('&').each do |pair|
|
|
97
|
+
key, value = pair.split('=', 2).map { |s| CGI.unescape(s) }
|
|
98
|
+
params[key] = value if key && !key.empty?
|
|
99
|
+
end
|
|
100
|
+
params
|
|
78
101
|
end
|
|
79
102
|
|
|
80
103
|
def file?(headers)
|
data/lib/bullet/version.rb
CHANGED
data/lib/bullet.rb
CHANGED
|
@@ -23,11 +23,14 @@ module Bullet
|
|
|
23
23
|
|
|
24
24
|
if defined?(Rails::Railtie)
|
|
25
25
|
class BulletRailtie < Rails::Railtie
|
|
26
|
-
initializer 'bullet.
|
|
27
|
-
if
|
|
28
|
-
|
|
29
|
-
|
|
26
|
+
initializer 'bullet.add_middleware' do |app|
|
|
27
|
+
# I don't find a way to detect if the middleware is already in the stack,
|
|
28
|
+
# so I'm using the api_only flag.
|
|
29
|
+
# If it is true, ActionDispatch::ContentSecurityPolicy::Middleware is not in the stack.
|
|
30
|
+
if app.config.api_only || !defined?(ActionDispatch::ContentSecurityPolicy::Middleware)
|
|
30
31
|
app.middleware.use Bullet::Rack
|
|
32
|
+
else
|
|
33
|
+
app.middleware.insert_before ActionDispatch::ContentSecurityPolicy::Middleware, Bullet::Rack
|
|
31
34
|
end
|
|
32
35
|
end
|
|
33
36
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bullet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.0.
|
|
4
|
+
version: 8.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Richard Huang
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-04-
|
|
10
|
+
date: 2025-04-21 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: activesupport
|