bullet 8.0.3 → 8.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0b32cc08a4de57560f18996d4ff4c96cb7a8cbc36cfb6dc285f612ac8ccd8f2e
-  data.tar.gz: 1d5b9e6f885039b6a3208d546b2ebad0a44e8063c4e1fffc7d74790ba79c1f71
+  metadata.gz: ca6723ad41e0d2c1303ee57eda90abd7973379fff9760a4d94ccc54765af56d5
+  data.tar.gz: a96d3fab59f09fa013794cdb4fdf1ecc1e033a94650005e2a42e089ba590742d
 SHA512:
-  metadata.gz: fb317b0bab9154eb40be0a315f1fe767ff8c227f631ee6b25e270c31422fb6aa7b4857ae7cb33b9155eb8a2300a1c52d6097fef899ad02b7cae42c8c7082e2a6
-  data.tar.gz: ba13a423de83f43a6a5a2d75a576e4612011c21cf835f2204cda2b02114680f03cf397b7d28f476eefd1c8e933da2a7e0ab9e860ee28f9e0dbbb1ecbf5abeef7
+  metadata.gz: 60ad7aab73a64546410654d8bf1bc6b07671efd9b6d3860c0192a8287ef7446f287fea34f0011d1d30f3f5a74e6fb5391a8826bca9f86b45813772395795415b
+  data.tar.gz: f9076576155195baee90fbee13217bf5e4b6a83faff5e11bfadfe91ec8a9f9db3e06df1014c78549893abb767139fdde904a1c097b1867976784f9cba77cf9c0

data/CHANGELOG.md

@@ -1,5 +1,35 @@
 ## Next Release
 
+## 8.1.0 (10/23/2025)
+
+* Make `get_relation` private
+* Support Rails 8.1
+
+## 8.0.8 (05/30/2025)
+
+* Add middleware after initializers
+* Fix bullet composite primary key retrieval
+
+## 8.0.7 (05/15/2025)
+
+* Try to insert `Bullet::Rack` properly
+
+## 8.0.6 (05/07/2025)
+
+* Add CSP nonce for footer styles as well
+* Add support for OpenTelemetry reporting
+
+## 8.0.5 (04/21/2025)
+
+* Properly insert ContentSecurityPolicy middleware
+* Properly parse query string
+
+## 8.0.4 (04/18/2025)
+
+* Insert bullet middleware before `ContentSecurityPolicy`
+* Support url query `skip_html_injection=true`
+* Mark object as impossible after updating inversed
+
 ## 8.0.3 (04/04/2025)
 
 * Update non persisted `inversed_objects`

data/README.md

@@ -71,9 +71,14 @@ config.after_initialize do
   Bullet.rollbar = true
   Bullet.add_footer = true
   Bullet.skip_html_injection = false
+  Bullet.skip_http_headers = false
   Bullet.stacktrace_includes = [ 'your_gem', 'your_middleware' ]
   Bullet.stacktrace_excludes = [ 'their_gem', 'their_middleware', ['my_file.rb', 'my_method'], ['my_file.rb', 16..20] ]
   Bullet.slack = { webhook_url: 'http://some.slack.url', channel: '#default', username: 'notifier' }
+  Bullet.opentelemetry = true
+  Bullet.raise = false
+  Bullet.always_append_html_body = false
+  Bullet.skip_user_in_notification = false
 end
 ```
 
@@ -81,6 +86,7 @@ The notifier of Bullet is a wrap of [uniform_notifier](https://github.com/flyerh
 
 The code above will enable all of the Bullet notification systems:
 * `Bullet.enable`: enable Bullet gem, otherwise do nothing
+* `Bullet.sentry`: add notifications to sentry
 * `Bullet.alert`: pop up a JavaScript alert in the browser
 * `Bullet.bullet_logger`: log to the Bullet log file (Rails.root/log/bullet.log)
 * `Bullet.console`: log warnings to your browser's console.log (Safari/Webkit browsers or Firefox w/Firebug installed)
@@ -88,10 +94,9 @@ The code above will enable all of the Bullet notification systems:
 * `Bullet.rails_logger`: add warnings directly to the Rails log
 * `Bullet.honeybadger`: add notifications to Honeybadger
 * `Bullet.bugsnag`: add notifications to bugsnag
-* `Bullet.airbrake`: add notifications to airbrake
 * `Bullet.appsignal`: add notifications to AppSignal
+* `Bullet.airbrake`: add notifications to airbrake
 * `Bullet.rollbar`: add notifications to rollbar
-* `Bullet.sentry`: add notifications to sentry
 * `Bullet.add_footer`: adds the details in the bottom left corner of the page. Double click the footer or use close button to hide footer.
 * `Bullet.skip_html_injection`: prevents Bullet from injecting code into the returned HTML. This must be false for receiving alerts, showing the footer or console logging.
 * `Bullet.skip_http_headers`: don't add headers to API requests, and remove the javascript that relies on them. Note that this prevents bullet from logging warnings to the browser console or updating the footer.
@@ -100,6 +105,7 @@ The code above will enable all of the Bullet notification systems:
    Each item can be a string (match substring), a regex, or an array where the first item is a path to match, and the second
    item is a line number, a Range of line numbers, or a (bare) method name, to exclude only particular lines in a file.
 * `Bullet.slack`: add notifications to slack
+* `Bullet.opentelemetry`: add notifications to OpenTelemetry
 * `Bullet.raise`: raise errors, useful for making your specs fail unless they have optimized queries
 * `Bullet.always_append_html_body`: always append the html body even if no notifications are present. Note: `console` or `add_footer` must also be true. Useful for Single Page Applications where the initial page load might not have any notifications present.
 * `Bullet.skip_user_in_notification`: exclude the OS user (`whoami`) from notifications.
@@ -192,6 +198,11 @@ see [https://github.com/flyerhzm/uniform_notifier](https://github.com/flyerhzm/u
 
 Growl support is dropped from uniform_notifier 1.16.0, if you still want it, please use uniform_notifier 1.15.0.
 
+## URL query control
+
+You can add the URL query parameter `skip_html_injection` to make the current HTML request behave as if `Bullet.skip_html_injection` is enabled,
+e.g. `http://localhost:3000/posts?skip_html_injection=true`
+
 ## Important
 
 If you find Bullet does not work for you, *please disable your browser's cache*.

data/lib/bullet/active_record4.rb

@@ -49,7 +49,10 @@ module Bullet
 
       ::ActiveRecord::Persistence.class_eval do
         def _create_record_with_bullet(*args)
-          _create_record_without_bullet(*args).tap { Bullet::Detector::NPlusOneQuery.update_inversed_object(self) }
+          _create_record_without_bullet(*args).tap do
+            Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+            Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
+          end
         end
         alias_method_chain :_create_record, :bullet
       end

data/lib/bullet/active_record41.rb

@@ -52,7 +52,10 @@ module Bullet
 
       ::ActiveRecord::Persistence.class_eval do
         def _create_record_with_bullet(*args)
-          _create_record_without_bullet(*args).tap { Bullet::Detector::NPlusOneQuery.update_inversed_object(self) }
+          _create_record_without_bullet(*args).tap do
+            Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+            Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
+          end
         end
         alias_method_chain :_create_record, :bullet
       end

data/lib/bullet/active_record42.rb

@@ -45,7 +45,10 @@ module Bullet
 
       ::ActiveRecord::Persistence.class_eval do
         def _create_record_with_bullet(*args)
-          _create_record_without_bullet(*args).tap { Bullet::Detector::NPlusOneQuery.update_inversed_object(self) }
+          _create_record_without_bullet(*args).tap do
+            Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+            Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
+          end
         end
         alias_method_chain :_create_record, :bullet
       end

data/lib/bullet/active_record5.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record52.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record60.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record61.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record70.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record71.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record72.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record80.rb

@@ -5,6 +5,7 @@ module Bullet
     def _create_record(*)
       super do
         Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
         yield(self) if block_given?
       end
     end

data/lib/bullet/active_record81.rb

@@ -0,0 +1,319 @@
+# frozen_string_literal: true
+
+module Bullet
+  module SaveWithBulletSupport
+    def _create_record(*)
+      super do
+        Bullet::Detector::NPlusOneQuery.update_inversed_object(self)
+        Bullet::Detector::NPlusOneQuery.add_impossible_object(self)
+        yield(self) if block_given?
+      end
+    end
+  end
+
+  module ActiveRecord
+    def self.enable
+      require 'active_record'
+      ::ActiveRecord::Base.extend(
+        Module.new do
+          def find_by_sql(sql, binds = [], preparable: nil, allow_retry: false, &block)
+            result = super
+            if Bullet.start?
+              if result.is_a? Array
+                if result.size > 1
+                  Bullet::Detector::NPlusOneQuery.add_possible_objects(result)
+                  Bullet::Detector::CounterCache.add_possible_objects(result)
+                elsif result.size == 1
+                  Bullet::Detector::NPlusOneQuery.add_impossible_object(result.first)
+                  Bullet::Detector::CounterCache.add_impossible_object(result.first)
+                end
+              elsif result.is_a? ::ActiveRecord::Base
+                Bullet::Detector::NPlusOneQuery.add_impossible_object(result)
+                Bullet::Detector::CounterCache.add_impossible_object(result)
+              end
+            end
+            result
+          end
+        end
+      )
+
+      ::ActiveRecord::Base.prepend(SaveWithBulletSupport)
+
+      ::ActiveRecord::Relation.prepend(
+        Module.new do
+          # if select a collection of objects, then these objects have possible to cause N+1 query.
+          # if select only one object, then the only one object has impossible to cause N+1 query.
+          def records
+            result = super
+            if Bullet.start?
+              if result.first.class.name !~ /^HABTM_/
+                if result.size > 1
+                  Bullet::Detector::NPlusOneQuery.add_possible_objects(result)
+                  Bullet::Detector::CounterCache.add_possible_objects(result)
+                elsif result.size == 1
+                  Bullet::Detector::NPlusOneQuery.add_impossible_object(result.first)
+                  Bullet::Detector::CounterCache.add_impossible_object(result.first)
+                end
+              end
+            end
+            result
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::Preloader::Batch.prepend(
+        Module.new do
+          def call
+            if Bullet.start?
+              @preloaders.each do |preloader|
+                preloader.records.each { |record|
+                  Bullet::Detector::Association.add_object_associations(record, preloader.associations)
+                }
+                Bullet::Detector::UnusedEagerLoading.add_eager_loadings(preloader.records, preloader.associations)
+              end
+            end
+            super
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::Preloader::Branch.prepend(
+        Module.new do
+          def preloaders_for_reflection(reflection, reflection_records)
+            if Bullet.start?
+              reflection_records.compact!
+              if reflection_records.first.class.name !~ /^HABTM_/
+                reflection_records.each { |record|
+                  Bullet::Detector::Association.add_object_associations(record, reflection.name)
+                }
+                Bullet::Detector::UnusedEagerLoading.add_eager_loadings(reflection_records, reflection.name)
+              end
+            end
+            super
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::Preloader::ThroughAssociation.prepend(
+        Module.new do
+          def source_preloaders
+            if Bullet.start? && !defined?(@source_preloaders)
+              preloaders = super
+              preloaders.each do |preloader|
+                reflection_name = preloader.send(:reflection).name
+                preloader.send(:owners).each do |owner|
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection_name)
+                end
+              end
+            else
+              super
+            end
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::JoinDependency.prepend(
+        Module.new do
+          def instantiate(result_set, strict_loading_value, &block)
+            @bullet_eager_loadings = {}
+            records = super
+
+            if Bullet.start?
+              @bullet_eager_loadings.each do |_klazz, eager_loadings_hash|
+                objects = eager_loadings_hash.keys
+                Bullet::Detector::UnusedEagerLoading.add_eager_loadings(
+                  objects,
+                  eager_loadings_hash[objects.first].to_a
+                )
+              end
+            end
+            records
+          end
+
+          def construct(ar_parent, parent, row, seen, model_cache, strict_loading_value)
+            if Bullet.start?
+              unless ar_parent.nil?
+                parent.children.each do |node|
+                  key = aliases.column_alias(node, node.primary_key)
+                  id = row[key]
+                  next unless id.nil?
+
+                  associations = [node.reflection.name]
+                  if node.reflection.through_reflection?
+                    associations << node.reflection.through_reflection.name
+                  end
+                  associations.each do |association|
+                    Bullet::Detector::Association.add_object_associations(ar_parent, association)
+                    Bullet::Detector::NPlusOneQuery.call_association(ar_parent, association)
+                    @bullet_eager_loadings[ar_parent.class] ||= {}
+                    @bullet_eager_loadings[ar_parent.class][ar_parent] ||= Set.new
+                    @bullet_eager_loadings[ar_parent.class][ar_parent] << association
+                  end
+                end
+              end
+            end
+
+            super
+          end
+
+          # call join associations
+          def construct_model(record, node, row, model_cache, id, strict_loading_value)
+            result = super
+
+            if Bullet.start?
+              associations = [node.reflection.name]
+              if node.reflection.through_reflection?
+                associations << node.reflection.through_reflection.name
+              end
+              associations.each do |association|
+                Bullet::Detector::Association.add_object_associations(record, association)
+                Bullet::Detector::NPlusOneQuery.call_association(record, association)
+                @bullet_eager_loadings[record.class] ||= {}
+                @bullet_eager_loadings[record.class][record] ||= Set.new
+                @bullet_eager_loadings[record.class][record] << association
+              end
+            end
+
+            result
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::Association.prepend(
+        Module.new do
+          def inversed_from(record)
+            if Bullet.start?
+              Bullet::Detector::NPlusOneQuery.add_inversed_object(owner, reflection.name)
+            end
+            super
+          end
+
+          def inversed_from_queries(record)
+            if Bullet.start? && inversable?(record)
+              Bullet::Detector::NPlusOneQuery.add_inversed_object(owner, reflection.name)
+            end
+            super
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::CollectionAssociation.prepend(
+        Module.new do
+          def load_target
+            records = super
+
+            if Bullet.start?
+              if is_a? ::ActiveRecord::Associations::ThroughAssociation
+                association = owner.association(reflection.through_reflection.name)
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
+
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
+                end
+              end
+              Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name)
+              if records.first.class.name !~ /^HABTM_/
+                if records.size > 1
+                  Bullet::Detector::NPlusOneQuery.add_possible_objects(records)
+                  Bullet::Detector::CounterCache.add_possible_objects(records)
+                elsif records.size == 1
+                  Bullet::Detector::NPlusOneQuery.add_impossible_object(records.first)
+                  Bullet::Detector::CounterCache.add_impossible_object(records.first)
+                end
+              end
+            end
+            records
+          end
+
+          def empty?
+            if Bullet.start? && !reflection.has_cached_counter?
+              Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name)
+            end
+            super
+          end
+
+          def include?(object)
+            Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name) if Bullet.start?
+            super
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::SingularAssociation.prepend(
+        Module.new do
+          # call has_one and belongs_to associations
+          def reader
+            result = super
+
+            if Bullet.start?
+              if owner.class.name !~ /^HABTM_/
+                if is_a? ::ActiveRecord::Associations::ThroughAssociation
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  association = owner.association(reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
+
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
+                end
+                Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name)
+
+                if Bullet::Detector::NPlusOneQuery.impossible?(owner)
+                  Bullet::Detector::NPlusOneQuery.add_impossible_object(result) if result
+                else
+                  Bullet::Detector::NPlusOneQuery.add_possible_objects(result) if result
+                end
+              end
+            end
+            result
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::HasManyAssociation.prepend(
+        Module.new do
+          def empty?
+            result = super
+            if Bullet.start? && !reflection.has_cached_counter?
+              Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name)
+            end
+            result
+          end
+
+          def count_records
+            result = reflection.has_cached_counter?
+            if Bullet.start? && !result && !is_a?(::ActiveRecord::Associations::ThroughAssociation)
+              Bullet::Detector::CounterCache.add_counter_cache(owner, reflection.name)
+            end
+            super
+          end
+        end
+      )
+
+      ::ActiveRecord::Associations::CollectionProxy.prepend(
+        Module.new do
+          def count(column_name = nil)
+            if Bullet.start? && !proxy_association.is_a?(::ActiveRecord::Associations::ThroughAssociation)
+              Bullet::Detector::CounterCache.add_counter_cache(
+                proxy_association.owner,
+                proxy_association.reflection.name
+              )
+              Bullet::Detector::NPlusOneQuery.call_association(
+                proxy_association.owner,
+                proxy_association.reflection.name
+              )
+            end
+            super(column_name)
+          end
+        end
+      )
+    end
+  end
+end

data/lib/bullet/dependency.rb

@@ -37,6 +37,8 @@ module Bullet
             'active_record72'
           elsif active_record80?
             'active_record80'
+          elsif active_record81?
+            'active_record81'
           else
             raise "Bullet does not support active_record #{::ActiveRecord::VERSION::STRING} yet"
           end
@@ -132,6 +134,10 @@ module Bullet
       active_record8? && ::ActiveRecord::VERSION::MINOR == 0
     end
 
+    def active_record81?
+      active_record8? && ::ActiveRecord::VERSION::MINOR == 1
+    end
+
     def mongoid4x?
       mongoid? && ::Mongoid::VERSION =~ /\A4/
     end

data/lib/bullet/ext/object.rb

@@ -26,10 +26,10 @@ module Bullet
         private
 
         def bullet_join_potential_composite_primary_key(primary_keys)
-          return send(primary_keys) unless primary_keys.is_a?(Enumerable)
+          return read_attribute(primary_keys) unless primary_keys.is_a?(Enumerable)
 
-          primary_keys.map { |primary_key| send primary_key }
-                      .join(',')
+          primary_keys.map { |primary_key| read_attribute primary_key }
+                      .compact.join(',')
         end
       end
     end

data/lib/bullet/mongoid4x.rb

@@ -46,6 +46,8 @@ module Bullet
       ::Mongoid::Relations::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, metadata, object, reload = false)
           result = origin_get_relation(name, metadata, object, reload)
           Bullet::Detector::NPlusOneQuery.call_association(self, name) if metadata.macro !~ /embed/

data/lib/bullet/mongoid5x.rb

@@ -46,6 +46,8 @@ module Bullet
       ::Mongoid::Relations::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, metadata, object, reload = false)
           result = origin_get_relation(name, metadata, object, reload)
           Bullet::Detector::NPlusOneQuery.call_association(self, name) if metadata.macro !~ /embed/

data/lib/bullet/mongoid6x.rb

@@ -46,6 +46,8 @@ module Bullet
       ::Mongoid::Relations::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, metadata, object, reload = false)
           result = origin_get_relation(name, metadata, object, reload)
           Bullet::Detector::NPlusOneQuery.call_association(self, name) if metadata.macro !~ /embed/

data/lib/bullet/mongoid7x.rb

@@ -61,6 +61,8 @@ module Bullet
       ::Mongoid::Association::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, association, object, reload = false)
           result = origin_get_relation(name, association, object, reload)
           Bullet::Detector::NPlusOneQuery.call_association(self, name) unless association.embedded?

data/lib/bullet/mongoid8x.rb

@@ -46,6 +46,8 @@ module Bullet
       ::Mongoid::Association::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, association, object, reload = false)
           result = origin_get_relation(name, association, object, reload)
           unless association.embedded?

data/lib/bullet/mongoid9x.rb

@@ -61,6 +61,8 @@ module Bullet
       ::Mongoid::Association::Accessors.class_eval do
         alias_method :origin_get_relation, :get_relation
 
+        private
+
         def get_relation(name, association, object, reload = false)
           result = origin_get_relation(name, association, object, reload)
           Bullet::Detector::NPlusOneQuery.call_association(self, name) unless association.embedded?

data/lib/bullet/rack.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require 'rack/request'
+require 'json'
+require 'cgi'
+
 module Bullet
   class Rack
     include Dependency
 
-    NONCE_MATCHER = /script-src .*'nonce-(?<nonce>[A-Za-z0-9+\/]+={0,2})'/
+    NONCE_MATCHER = /(script|style)-src .*'nonce-(?<nonce>[A-Za-z0-9+\/]+={0,2})'/
 
     def initialize(app)
       @app = app
@@ -19,12 +23,13 @@ module Bullet
       response_body = nil
 
       if Bullet.notification? || Bullet.always_append_html_body
-        if Bullet.inject_into_page? && !file?(headers) && !sse?(headers) && !empty?(response) && status == 200
+        request = ::Rack::Request.new(env)
+        if Bullet.inject_into_page? && !skip_html_injection?(request) && !file?(headers) && !sse?(headers) && !empty?(response) && status == 200
           if html_request?(headers, response)
             response_body = response_body(response)
 
             with_security_policy_nonce(headers) do |nonce|
-              response_body = append_to_html_body(response_body, footer_note) if Bullet.add_footer
+              response_body = append_to_html_body(response_body, footer_note(nonce)) if Bullet.add_footer
               response_body = append_to_html_body(response_body, Bullet.gather_inline_notifications)
               if Bullet.add_footer && !Bullet.skip_http_headers
                 response_body = append_to_html_body(response_body, xhr_script(nonce))
@@ -65,16 +70,48 @@ module Bullet
       end
     end
 
-    def footer_note
-      "<details #{details_attributes}><summary #{summary_attributes}>Bullet Warnings</summary><div #{footer_content_attributes}>#{Bullet.footer_info.uniq.join('<br>')}#{footer_console_message}</div></details>"
+    def footer_note(nonce = nil)
+      %(<details id="bullet-footer" data-is-bullet-footer><summary>Bullet Warnings</summary><div>#{Bullet.footer_info.uniq.join('<br>')}#{footer_console_message(nonce)}</div>#{footer_style(nonce)}</details>)
+    end
+
+    # Make footer styles work with ContentSecurityPolicy style-src as self
+    def footer_style(nonce = nil)
+      css = <<~CSS
+        details#bullet-footer {cursor: pointer; position: fixed; left: 0px; bottom: 0px; z-index: 9999; background: #fdf2f2; color: #9b1c1c; font-size: 12px; border-radius: 0px 8px 0px 0px; border: 1px solid #9b1c1c;}
+        details#bullet-footer summary {font-weight: 600; padding: 2px 8px;}
+        details#bullet-footer div {padding: 8px; border-top: 1px solid #9b1c1c;}
+      CSS
+      if nonce
+        %(<style type="text/css" nonce="#{nonce}">#{css}</style>)
+      else
+        %(<style type="text/css">#{css}</style>)
+      end
     end
 
     def set_header(headers, header_name, header_array)
       # Many proxy applications such as Nginx and AWS ELB limit
       # the size a header to 8KB, so truncate the list of reports to
       # be under that limit
-      header_array.pop while header_array.to_json.length > 8 * 1024
-      headers[header_name] = header_array.to_json
+      header_array.pop while JSON.generate(header_array).length > 8 * 1024
+      headers[header_name] = JSON.generate(header_array)
+    end
+
+    def skip_html_injection?(request)
+      query_string = request.env['QUERY_STRING']
+      return false if query_string.nil? || query_string.empty?
+
+      params = simple_parse_query_string(query_string)
+      params['skip_html_injection'] == 'true'
+    end
+
+    # Simple query string parser
+    def simple_parse_query_string(query_string)
+      params = {}
+      query_string.split('&').each do |pair|
+        key, value = pair.split('=', 2).map { |s| CGI.unescape(s) }
+        params[key] = value if key && !key.empty?
+      end
+      params
     end
 
     def file?(headers)
@@ -99,28 +136,18 @@ module Bullet
 
     private
 
-    def details_attributes
-      <<~EOF
-        id="bullet-footer" data-is-bullet-footer
-        style="cursor: pointer; position: fixed; left: 0px; bottom: 0px; z-index: 9999; background: #fdf2f2; color: #9b1c1c; font-size: 12px; border-radius: 0px 8px 0px 0px; border: 1px solid #9b1c1c;"
-      EOF
-    end
-
-    def summary_attributes
-      <<~EOF
-        style="font-weight: 600; padding: 2px 8px"
-      EOF
-    end
-
-    def footer_content_attributes
-      <<~EOF
-        style="padding: 8px; border-top: 1px solid #9b1c1c;"
-      EOF
-    end
-
-    def footer_console_message
+    def footer_console_message(nonce = nil)
       if Bullet.console_enabled?
-        "<br/><span style='font-style: italic;'>See 'Uniform Notifier' in JS Console for Stacktrace</span>"
+        footer = %(<br/><span id="console-message">See 'Uniform Notifier' in JS Console for Stacktrace</span>)
+        css = "details#bullet-footer #console-message {font-style: italic;}"
+        style =
+          if nonce
+            %(<style type="text/css" nonce="#{nonce}">#{css}</style>)
+          else
+            %(<style type="text/css">#{css}</style>)
+          end
+
+        footer + style
       end
     end
 

data/lib/bullet/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bullet
-  VERSION = '8.0.3'
+  VERSION = '8.1.0'
 end

data/lib/bullet.rb

@@ -23,8 +23,8 @@ module Bullet
 
   if defined?(Rails::Railtie)
     class BulletRailtie < Rails::Railtie
-      initializer 'bullet.configure_rails_initialization' do |app|
-        if defined?(ActionDispatch::ContentSecurityPolicy::Middleware) && Rails.application.config.content_security_policy
+      initializer 'bullet.add_middleware', after: :load_config_initializers do |app|
+        if defined?(ActionDispatch::ContentSecurityPolicy::Middleware) && Rails.application.config.content_security_policy && !app.config.api_only
           app.middleware.insert_before ActionDispatch::ContentSecurityPolicy::Middleware, Bullet::Rack
         else
           app.middleware.use Bullet::Rack

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bullet
 version: !ruby/object:Gem::Version
-  version: 8.0.3
+  version: 8.1.0
 platform: ruby
 authors:
 - Richard Huang
 bindir: bin
 cert_chain: []
-date: 2025-04-04 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -60,6 +60,7 @@ files:
 - lib/bullet/active_record71.rb
 - lib/bullet/active_record72.rb
 - lib/bullet/active_record80.rb
+- lib/bullet/active_record81.rb
 - lib/bullet/bullet_xhr.js
 - lib/bullet/dependency.rb
 - lib/bullet/detector.rb
@@ -112,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: help to kill N+1 queries and unused eager loading.
 test_files: []