gitlab-turbolinks-classic 2.5.4

data/lib/turbolinks.rb

@@ -0,0 +1,39 @@
+require 'turbolinks/version'
+require 'turbolinks/xhr_headers'
+require 'turbolinks/xhr_url_for'
+require 'turbolinks/cookies'
+require 'turbolinks/x_domain_blocker'
+require 'turbolinks/redirection'
+
+module Turbolinks
+  class Engine < ::Rails::Engine
+    initializer :turbolinks do |config|
+      ActiveSupport.on_load(:action_controller) do
+        ActionController::Base.class_eval do
+          include XHRHeaders, Cookies, XDomainBlocker, Redirection
+
+          if respond_to?(:before_action)
+            before_action :set_xhr_redirected_to, :set_request_method_cookie
+            after_action :abort_xdomain_redirect
+          else
+            before_filter :set_xhr_redirected_to, :set_request_method_cookie
+            after_filter :abort_xdomain_redirect
+          end
+        end
+
+        ActionDispatch::Request.class_eval do
+          def referer
+            self.headers['X-XHR-Referer'] || super
+          end
+          alias referrer referer
+        end
+      end
+
+      ActiveSupport.on_load(:action_view) do
+        (ActionView::RoutingUrlFor rescue ActionView::Helpers::UrlHelper).module_eval do
+          include XHRUrlFor
+        end
+      end unless RUBY_VERSION =~ /^1\.8/
+    end
+  end
+end

data/lib/turbolinks/cookies.rb

@@ -0,0 +1,15 @@
+module Turbolinks
+  # For non-GET requests, sets a request_method cookie containing
+  # the request method of the current request. The Turbolinks script
+  # will not initialize if this cookie is set.
+  module Cookies
+    private
+      def set_request_method_cookie
+        if request.get?
+          cookies.delete(:request_method)
+        else
+          cookies[:request_method] = request.request_method
+        end
+      end
+  end
+end

data/lib/turbolinks/redirection.rb

@@ -0,0 +1,15 @@
+module Turbolinks
+  # Provides a means of using Turbolinks to perform redirects.  The server
+  # will respond with a JavaScript call to Turbolinks.visit(url).
+  module Redirection
+    extend ActiveSupport::Concern
+    
+    def redirect_via_turbolinks_to(url = {}, response_status = {})
+      redirect_to(url, response_status)
+
+      self.status           = 200
+      self.response_body    = "Turbolinks.visit('#{location}');"
+      response.content_type = Mime::JS
+    end
+  end
+end

data/lib/turbolinks/version.rb

@@ -0,0 +1,3 @@
+module Turbolinks
+  VERSION = '2.5.4'
+end

data/lib/turbolinks/x_domain_blocker.rb

@@ -0,0 +1,21 @@
+module Turbolinks
+  # Changes the response status to 403 Forbidden if all of these conditions are true:
+  # - The current request originated from Turbolinks
+  # - The request is being redirected to a different domain
+  module XDomainBlocker
+    private
+      def same_origin?(a, b)
+        a = URI.parse URI.escape(a)
+        b = URI.parse URI.escape(b)
+        [a.scheme, a.host, a.port] == [b.scheme, b.host, b.port]
+      end
+
+      def abort_xdomain_redirect
+        to_uri = response.headers['Location'] || ""
+        current = request.headers['X-XHR-Referer'] || ""
+        unless to_uri.blank? || current.blank? || same_origin?(current, to_uri)
+          self.status = 403
+        end
+      end
+  end
+end

data/lib/turbolinks/xhr_headers.rb

@@ -0,0 +1,46 @@
+module Turbolinks
+  # Intercepts calls to _compute_redirect_to_location (used by redirect_to) for two purposes.
+  #
+  # 1. Corrects the behavior of redirect_to with the :back option by using the X-XHR-Referer
+  # request header instead of the standard Referer request header.
+  #
+  # 2. Stores the return value (the redirect target url) to persist through to the redirect 
+  # request, where it will be used to set the X-XHR-Redirected-To response header.  The 
+  # Turbolinks script will detect the header and use replaceState to reflect the redirected
+  # url. 
+  module XHRHeaders
+    extend ActiveSupport::Concern
+
+    def _compute_redirect_to_location(*args)
+      options, request = _normalize_redirect_params(args)
+
+      store_for_turbolinks begin
+        if options == :back && request.headers["X-XHR-Referer"]
+          super(*[(request if args.length == 2), request.headers["X-XHR-Referer"]].compact)
+        else
+          super(*args)
+        end
+      end
+    end
+
+    private
+      def store_for_turbolinks(url)
+        session[:_turbolinks_redirect_to] = url if session && request.headers["X-XHR-Referer"]
+        url
+      end
+
+      def set_xhr_redirected_to
+        if session && session[:_turbolinks_redirect_to]
+          response.headers['X-XHR-Redirected-To'] = session.delete :_turbolinks_redirect_to
+        end
+      end
+
+      # Ensure backwards compatibility
+      # Rails < 4.2:  _compute_redirect_to_location(options)
+      # Rails >= 4.2: _compute_redirect_to_location(request, options)
+      def _normalize_redirect_params(args)
+        options, req = args.reverse
+        [options, req || request]
+      end
+  end
+end

data/lib/turbolinks/xhr_url_for.rb

@@ -0,0 +1,15 @@
+module Turbolinks
+  # Corrects the behavior of url_for (and link_to, which uses url_for) with the :back 
+  # option by using the X-XHR-Referer request header instead of the standard Referer 
+  # request header.
+  module XHRUrlFor
+    def self.included(base)
+      base.alias_method_chain :url_for, :xhr_referer
+    end
+ 
+    def url_for_with_xhr_referer(options = {})
+      options = (controller.request.headers["X-XHR-Referer"] || options) if options == :back
+      url_for_without_xhr_referer options
+    end
+  end
+end

data/test/attachment.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+<script language="javascript">alert("you shouldn't see this");</script>
+</body>
+</html>

data/test/config.ru

@@ -0,0 +1,63 @@
+require 'sprockets'
+require 'coffee-script'
+
+Root = File.expand_path("../..", __FILE__)
+
+Assets = Sprockets::Environment.new do |env|
+  env.append_path File.join(Root, "lib", "assets", "javascripts")
+end
+
+class SlowResponse
+  CHUNKS = ['<html><body>', '.'*50, '.'*20, '<a href="/index.html">Home</a></body></html>']
+
+  def call(env)
+    [200, headers, self]
+  end
+
+  def each
+    CHUNKS.each do |part|
+      sleep rand(0.3..0.8)
+      yield part
+    end
+  end
+
+  def length
+    CHUNKS.join.length
+  end
+
+  def headers
+    { "Content-Length" => length.to_s, "Content-Type" => "text/html", "Cache-Control" => "no-cache, no-store, must-revalidate" }
+  end
+end
+
+map "/js" do
+  run Assets
+end
+
+map "/500" do
+  # throw Internal Server Error (500)
+end
+
+map "/withoutextension" do
+  run Rack::File.new(File.join(Root, "test", "withoutextension"), "Content-Type" => "text/html")
+end
+
+map "/slow-response" do
+  run SlowResponse.new
+end
+
+map "/bounce" do
+  run Proc.new{ [200, { "X-XHR-Redirected-To" => "redirect1.html", "Content-Type" => "text/html" }, File.open( File.join( Root, "test", "redirect1.html" ) ) ] }
+end
+
+map "/" do
+  run Rack::Directory.new(File.join(Root, "test"))
+end
+
+map "/attachment.txt" do
+  run Rack::File.new(File.join(Root, "test", "attachment.html"), "Content-Type" => "text/plain")
+end
+
+map "/attachment.html" do
+  run Rack::File.new(File.join(Root, "test", "attachment.html"), "Content-Type" => "text/html", "Content-Disposition" => "attachment; filename=attachment.html")
+end

data/test/index.html

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+  <script type="text/javascript">
+    Turbolinks.enableProgressBar();
+
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+
+    document.addEventListener("page:update", function() {
+      console.log("page updated");
+    });
+
+    document.addEventListener("page:restore", function() {
+      console.log("page restored");
+    });
+  </script>
+</head>
+<body class="page-index">
+  <ul style="margin-top:20px;">
+    <li><a href="/other.html">Other page</a></li>
+    <li><a href="/slow-response">Slow loading page for progress bar</a></li>
+    <li><a href="/other.html"><span>Wrapped link</span></a></li>
+    <li><a href="/withoutextension">Without extension</a></li>
+    <li><a href="/withoutextension?sort=user.name">Without extension with query params</a></li>
+    <li><a href="http://www.google.com/">Cross origin</a></li>
+    <li><a href="/other.html" onclick="if(!confirm('follow link?')) { return false}">Confirm Fire Order</a></li>
+    <li><a href="/reload.html"><span>New assets track </span></a></li>
+    <li><a href="/dummy.gif?12345">Query Param Image Link</a></li>
+    <li><a href="/bounce">Redirect</a></li>
+    <li><a href="#">Hash link</a></li>
+    <li><a href="/reload.html#foo">New assets track with hash link</a></li>
+    <li><a href="/attachment.txt">A text response should load normally</a></li>        
+    <li><a href="/attachment.html">An html response with Content-Disposition: attachment should load normally</a></li>    
+    <li><h5>If you stop the server or go into airplane/offline mode</h5></li>
+    <li><a href="/doesnotexist.html">A page with client error (4xx, rfc2616 sec. 10.4) should error out</a></li>
+    <li><a href="/500">Also server errors (5xx, rfc2616 sec. 10.5) should error out</a></li>
+    <li><a href="/fallback.html">A page that has a fallback in appcache should fallback</a></li>
+  </ul>
+
+  <div style="background:#ccc;height:5000px;width:200px;">
+  </div>
+  <iframe height='1' scrolling='no' src='/offline.html' style='display: none;' width='1'></iframe>
+
+  <script type="text/javascript" data-turbolinks-eval=false>
+    console.log("turbolinks-eval-false script fired. This should only happen on the initial page load.");
+  </script>
+</body>
+</html>

data/test/manifest.appcache

@@ -0,0 +1,10 @@
+CACHE MANIFEST
+
+CACHE:
+/offline.html
+
+NETWORK:
+*
+
+FALLBACK:
+/fallback.html /offline.html

data/test/offline.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en" manifest="/manifest.appcache">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+  <script type="text/javascript">
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+  </script>
+</head>
+<body class="page-offline">
+  <h1>Offline Mode Fallback</h1>
+  <ul>
+    <li><a href="/index.html">Home</a></li>
+  </ul>
+</body>
+</html>

data/test/other.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+  <script type="text/javascript">
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+
+    document.addEventListener("page:update", function() {
+      console.log("page updated");
+    });
+
+    document.addEventListener("page:restore", function() {
+      console.log("page restored");
+    });
+  </script>
+</head>
+<body class="page-other">
+  <ul>
+    <li><a href="/index.html">Home</a></li>
+  </ul>
+</body>
+</html>

data/test/redirect1.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+</head>
+<body class="page-other">
+  Should show /redirect1.html as path
+  <ul>
+    <li>Click <a href="/redirect2.html">Redirect 2</a></li>
+  </ul>
+
+</body>
+</html>

data/test/redirect2.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+</head>
+<body class="page-other">
+  Hit back button twice. It should go back to home page.
+</body>
+</html>

data/test/reload.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js?1" data-turbolinks-track='true'></script>
+  <script type="text/javascript">
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+  </script>
+</head>
+<body class="page-reload">
+  <ul>
+    <li><a href="/index.html">Home</a></li>
+  </ul>
+</body>
+</html>

data/test/withoutextension

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Home</title>
+  <script type="text/javascript" src="/js/turbolinks.js"></script>
+  <script type="text/javascript">
+    document.addEventListener("page:change", function() {
+      console.log("page changed");
+    });
+
+    document.addEventListener("page:update", function() {
+      console.log("page updated");
+    });
+
+    document.addEventListener("page:restore", function() {
+      console.log("page restored");
+    });
+  </script>
+</head>
+<body class="page-other">
+  <ul>
+    <li><a href="/index.html">Home</a></li>
+  </ul>
+</body>
+</html>

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-turbolinks-classic
+version: !ruby/object:Gem::Version
+  version: 2.5.4
+platform: ruby
+authors:
+- David Heinemeier Hansson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: coffee-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: david@loudthinking.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- lib/assets/javascripts/turbolinks.js.coffee
+- lib/turbolinks.rb
+- lib/turbolinks/cookies.rb
+- lib/turbolinks/redirection.rb
+- lib/turbolinks/version.rb
+- lib/turbolinks/x_domain_blocker.rb
+- lib/turbolinks/xhr_headers.rb
+- lib/turbolinks/xhr_url_for.rb
+- test/attachment.html
+- test/config.ru
+- test/dummy.gif
+- test/index.html
+- test/manifest.appcache
+- test/offline.html
+- test/other.html
+- test/redirect1.html
+- test/redirect2.html
+- test/reload.html
+- test/withoutextension
+homepage: https://gitlab.com/jamedjo/gitlab-turbolinks-classic/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Turbolinks makes following links in your web application faster (use with
+  Rails Asset Pipeline)
+test_files: []