forever-turbolinks 3.0.0

data/lib/turbolinks.rb

@@ -0,0 +1,64 @@
+require 'turbolinks/version'
+require 'turbolinks/xhr_headers'
+require 'turbolinks/xhr_redirect'
+require 'turbolinks/xhr_url_for'
+require 'turbolinks/cookies'
+require 'turbolinks/x_domain_blocker'
+require 'turbolinks/redirection'
+
+module Turbolinks
+  module Controller
+    include XHRHeaders, Cookies, XDomainBlocker, Redirection
+
+    def self.included(base)
+      if base.respond_to?(:before_action)
+        base.before_action :set_xhr_redirected_to, :set_request_method_cookie
+        base.after_action :abort_xdomain_redirect
+      else
+        base.before_filter :set_xhr_redirected_to, :set_request_method_cookie
+        base.after_filter :abort_xdomain_redirect
+      end
+    end
+  end
+
+  class Engine < ::Rails::Engine
+    config.turbolinks = ActiveSupport::OrderedOptions.new
+    config.turbolinks.auto_include = true
+
+    initializer :turbolinks do |app|
+      ActiveSupport.on_load(:action_controller) do
+        next if self != ActionController::Base
+
+        if app.config.turbolinks.auto_include
+          include Controller
+        end
+
+        ActionDispatch::Request.class_eval do
+          def referer
+            self.headers['X-XHR-Referer'] || super
+          end
+          alias referrer referer
+        end
+
+        require 'action_dispatch/routing/redirection'
+        ActionDispatch::Routing::Redirect.class_eval do
+          if defined?(prepend)
+            prepend XHRRedirect
+          else
+            include LegacyXHRRedirect
+          end
+        end
+      end
+
+      ActiveSupport.on_load(:action_view) do
+        (ActionView::RoutingUrlFor rescue ActionView::Helpers::UrlHelper).module_eval do
+          if defined?(prepend) && Rails.version >= '4'
+            prepend XHRUrlFor
+          else
+            include LegacyXHRUrlFor
+          end
+        end
+      end
+    end
+  end
+end

data/lib/turbolinks/cookies.rb

@@ -0,0 +1,15 @@
+module Turbolinks
+  # For non-GET requests, sets a request_method cookie containing
+  # the request method of the current request. The Turbolinks script
+  # will not initialize if this cookie is set.
+  module Cookies
+    private
+      def set_request_method_cookie
+        if request.get?
+          cookies.delete(:request_method)
+        else
+          cookies[:request_method] = request.request_method
+        end
+      end
+  end
+end

data/lib/turbolinks/redirection.rb

@@ -0,0 +1,77 @@
+module Turbolinks
+  # Provides a means of using Turbolinks to perform renders and redirects.
+  # The server will respond with a JavaScript call to Turbolinks.visit/replace().
+  module Redirection
+    MUTATION_MODES = [:change, :append, :prepend].freeze
+
+    def redirect_to(url = {}, response_status = {})
+      turbolinks, options = _extract_turbolinks_options!(response_status)
+      turbolinks = (request.xhr? && (options.size > 0 || !request.get?)) if turbolinks.nil?
+
+      if turbolinks
+        response.content_type = Mime[:js]
+      end
+
+      return_value = super(url, response_status)
+
+      if turbolinks
+        self.status = 200
+        self.response_body = "Turbolinks.visit('#{location}'#{_turbolinks_js_options(options)});"
+      end
+
+      return_value
+    end
+
+    def render(*args, &block)
+      render_options = args.extract_options!
+      turbolinks, options = _extract_turbolinks_options!(render_options)
+      turbolinks = (request.xhr? && options.size > 0) if turbolinks.nil?
+
+      if turbolinks
+        response.content_type = Mime[:js]
+
+        render_options = _normalize_render(*args, render_options, &block)
+        body = render_to_body(render_options)
+
+        self.status = 200
+        self.response_body = "Turbolinks.replace('#{view_context.j(body)}'#{_turbolinks_js_options(options)});"
+      else
+        super(*args, render_options, &block)
+      end
+
+      self.response_body
+    end
+
+    def redirect_via_turbolinks_to(url = {}, response_status = {})
+      ActiveSupport::Deprecation.warn("`redirect_via_turbolinks_to` is deprecated and will be removed in Turbolinks 3.1. Use redirect_to(url, turbolinks: true) instead.")
+      redirect_to(url, response_status.merge!(turbolinks: true))
+    end
+
+    private
+      def _extract_turbolinks_options!(options)
+        turbolinks = options.delete(:turbolinks)
+        options = options.extract!(:keep, :change, :append, :prepend, :flush).delete_if { |_, value| value.nil? }
+
+        raise ArgumentError, "cannot combine :keep and :flush options" if options[:keep] && options[:flush]
+
+        MUTATION_MODES.each do |mutation_mode_option|
+          raise ArgumentError, "cannot combine :keep and :#{mutation_mode_option} options" if options[:keep] && options[mutation_mode_option]
+          raise ArgumentError, "cannot combine :flush and :#{mutation_mode_option} options" if options[:flush] && options[mutation_mode_option]
+        end if options[:keep] || options[:flush]
+
+        [turbolinks, options]
+      end
+
+      def _turbolinks_js_options(options)
+        js_options = {}
+
+        js_options[:change] = Array(options[:change]) if options[:change]
+        js_options[:append] = Array(options[:append]) if options[:append]
+        js_options[:prepend] = Array(options[:prepend]) if options[:prepend]
+        js_options[:keep] = Array(options[:keep]) if options[:keep]
+        js_options[:flush] = true if options[:flush]
+
+        ", #{js_options.to_json}" if js_options.present?
+      end
+  end
+end

data/lib/turbolinks/version.rb

@@ -0,0 +1,3 @@
+module Turbolinks
+  VERSION = '3.0.0'
+end

data/lib/turbolinks/x_domain_blocker.rb

@@ -0,0 +1,22 @@
+module Turbolinks
+  # Changes the response status to 403 Forbidden if all of these conditions are true:
+  # - The current request originated from Turbolinks
+  # - The request is being redirected to a different domain
+  module XDomainBlocker
+    private
+      def same_origin?(a, b)
+        a = URI.parse URI.escape(a)
+        b = URI.parse URI.escape(b)
+        [a.scheme, a.host, a.port] == [b.scheme, b.host, b.port]
+      end
+
+      def abort_xdomain_redirect
+        to_uri = response.headers['Location']
+        current = request.headers['X-XHR-Referer']
+        unless to_uri.blank? || current.blank? || same_origin?(current, to_uri)
+          self.status = 403
+        end
+      rescue URI::InvalidURIError
+      end
+  end
+end

data/lib/turbolinks/xhr_headers.rb

@@ -0,0 +1,44 @@
+module Turbolinks
+  # Intercepts calls to _compute_redirect_to_location (used by redirect_to) for two purposes.
+  #
+  # 1. Corrects the behavior of redirect_to with the :back option by using the X-XHR-Referer
+  # request header instead of the standard Referer request header.
+  #
+  # 2. Stores the return value (the redirect target url) to persist through to the redirect
+  # request, where it will be used to set the X-XHR-Redirected-To response header.  The
+  # Turbolinks script will detect the header and use replaceState to reflect the redirected
+  # url.
+  module XHRHeaders
+    def _compute_redirect_to_location(*args)
+      options, request = _normalize_redirect_params(args)
+
+      store_for_turbolinks begin
+        if options == :back && request.headers["X-XHR-Referer"]
+          super(*[(request if args.length == 2), request.headers["X-XHR-Referer"]].compact)
+        else
+          super(*args)
+        end
+      end
+    end
+
+    private
+      def store_for_turbolinks(url)
+        session[:_turbolinks_redirect_to] = url if session && request.headers["X-XHR-Referer"]
+        url
+      end
+
+      def set_xhr_redirected_to
+        if session && session[:_turbolinks_redirect_to]
+          response.headers['X-XHR-Redirected-To'] = session.delete :_turbolinks_redirect_to
+        end
+      end
+
+      # Ensure backwards compatibility
+      # Rails < 4.2:  _compute_redirect_to_location(options)
+      # Rails >= 4.2: _compute_redirect_to_location(request, options)
+      def _normalize_redirect_params(args)
+        options, req = args.reverse
+        [options, req || request]
+      end
+  end
+end

data/lib/turbolinks/xhr_redirect.rb

@@ -0,0 +1,30 @@
+module Turbolinks
+  module XHRRedirect
+    def call(env)
+      status, headers, body = super(env)
+
+      if env['rack.session'] && env['HTTP_X_XHR_REFERER']
+        env['rack.session'][:_turbolinks_redirect_to] = headers['Location']
+      end
+
+      [status, headers, body]
+    end
+  end
+
+  # TODO: Remove me when support for Ruby < 2 && Rails < 4 is dropped
+  module LegacyXHRRedirect
+    def self.included(base)
+      base.alias_method_chain :call, :turbolinks
+    end
+
+    def call_with_turbolinks(env)
+      status, headers, body = call_without_turbolinks(env)
+
+      if env['rack.session'] && env['HTTP_X_XHR_REFERER']
+        env['rack.session'][:_turbolinks_redirect_to] = headers['Location']
+      end
+
+      [status, headers, body]
+    end
+  end
+end

data/lib/turbolinks/xhr_url_for.rb

@@ -0,0 +1,23 @@
+module Turbolinks
+  # Corrects the behavior of url_for (and link_to, which uses url_for) with the :back
+  # option by using the X-XHR-Referer request header instead of the standard Referer
+  # request header.
+  module XHRUrlFor
+    def url_for(options = {})
+      options = (controller.request.headers["X-XHR-Referer"] || options) if options == :back
+      super
+    end
+  end
+
+  # TODO: Remove me when support for Ruby < 2 && Rails < 4 is dropped
+  module LegacyXHRUrlFor
+    def self.included(base)
+      base.alias_method_chain :url_for, :xhr_referer
+    end
+
+    def url_for_with_xhr_referer(options = {})
+      options = (controller.request.headers["X-XHR-Referer"] || options) if options == :back
+      url_for_without_xhr_referer options
+    end
+  end
+end

data/test/attachment.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+<script language="javascript">alert("you shouldn't see this");</script>
+</body>
+</html>

data/test/config.ru

@@ -0,0 +1,65 @@
+require 'sprockets'
+require 'coffee-script'
+
+Root = File.expand_path("../..", __FILE__)
+
+Assets = Sprockets::Environment.new do |env|
+  env.append_path File.join(Root, "lib", "assets", "javascripts")
+  env.append_path File.join(Root, "node_modules", "mocha")
+  env.append_path File.join(Root, "node_modules", "chai")
+  env.append_path File.join(Root, "node_modules", "jquery", "dist")
+  env.append_path File.join(Root, "test", "javascript")
+end
+
+class SlowResponse
+  CHUNKS = ['<html><body>', '.'*50, '.'*20, '<a href="/index.html">Home</a></body></html>']
+
+  def call(env)
+    [200, headers, self]
+  end
+
+  def each
+    CHUNKS.each do |part|
+      sleep rand(0.3..0.8)
+      yield part
+    end
+  end
+
+  def length
+    CHUNKS.join.length
+  end
+
+  def headers
+    { "Content-Length" => length.to_s, "Content-Type" => "text/html", "Cache-Control" => "no-cache, no-store, must-revalidate" }
+  end
+end
+
+map "/js" do
+  run Assets
+end
+
+map "/500" do
+  # throw Internal Server Error (500)
+end
+
+map "/withoutextension" do
+  run Rack::File.new(File.join(Root, "test", "withoutextension"), "Content-Type" => "text/html")
+end
+
+map "/slow-response" do
+  run SlowResponse.new
+end
+
+map "/bounce" do
+  run Proc.new{ [200, { "X-XHR-Redirected-To" => "redirect1.html", "Content-Type" => "text/html" }, File.open( File.join( Root, "test", "redirect1.html" ) ) ] }
+end
+
+map "/attachment.txt" do
+  run Rack::File.new(File.join(Root, "test", "attachment.html"), "Content-Type" => "text/plain")
+end
+
+map "/attachment.html" do
+  run Rack::File.new(File.join(Root, "test", "attachment.html"), "Content-Type" => "text/html", "Content-Disposition" => "attachment; filename=attachment.html")
+end
+
+run Rack::Directory.new(File.join(Root, "test"))

data/test/form.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+</head>
+<body class="page-other">
+  <form action="form.html" method="get">
+    <input type="text" name="value" value="42" />
+    <button type="submit">Submit</button>
+  </form>
+  <ul>
+    <li><a href="/index.html">Home</a></li>
+  </ul>
+</body>
+</html>

data/test/index.html

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+  <script type="text/javascript">
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+
+    document.addEventListener("page:update", function() {
+      console.log("page updated");
+    });
+
+    document.addEventListener("page:restore", function() {
+      console.log("page restored");
+    });
+  </script>
+</head>
+<body class="page-index">
+  <ul style="margin-top:20px;">
+    <li><a href="/other.html">Other page</a></li>
+    <li><a href="/form.html">Form</a></li>
+    <li><a href="/slow-response">Slow loading page for progress bar</a></li>
+    <li><a href="/other.html"><span>Wrapped link</span></a></li>
+    <li><a href="/withoutextension">Without extension</a></li>
+    <li><a href="/withoutextension?sort=user.name">Without extension with query params</a></li>
+    <li><a href="http://www.google.com/">Cross origin</a></li>
+    <li><a href="/other.html" onclick="if(!confirm('follow link?')) { return false}">Confirm Fire Order</a></li>
+    <li><a href="/reload.html"><span>New assets track </span></a></li>
+    <li><a href="/partial1.html" data-no-turbolink>Partial replacement</a></li>
+    <li><a href="/dummy.gif?12345">Query Param Image Link</a></li>
+    <li><a href="/bounce">Redirect</a></li>
+    <li><a href="#">Hash link</a></li>
+    <li><a href="/reload.html#foo">New assets track with hash link</a></li>
+    <li><a href="/attachment.txt">A text response should load normally</a></li>
+    <li><a href="/attachment.html">An html response with Content-Disposition: attachment should load normally</a></li>
+    <li><h5>If you stop the server or go into airplane/offline mode</h5></li>
+    <li><a href="/doesnotexist.html">A page with client error (4xx, rfc2616 sec. 10.4) should error out</a></li>
+    <li><a href="/500">Also server errors (5xx, rfc2616 sec. 10.5) should error out</a></li>
+    <li><a href="/fallback.html">A page that has a fallback in appcache should fallback</a></li>
+  </ul>
+
+  <div style="background:#ccc;height:5000px;width:200px;">
+  </div>
+  <iframe height='1' scrolling='no' src='/offline.html' style='display: none;' width='1'></iframe>
+
+  <script type="text/javascript" data-turbolinks-eval=false>
+    console.log("turbolinks-eval-false script fired. This should only happen on the initial page load.");
+  </script>
+</body>
+</html>

data/test/manifest.appcache

@@ -0,0 +1,10 @@
+CACHE MANIFEST
+
+CACHE:
+/offline.html
+
+NETWORK:
+*
+
+FALLBACK:
+/fallback.html /offline.html