hanami 2.2.1 → 2.3.0.beta2

data/lib/hanami/helpers/assets_helper.rb

@@ -2,6 +2,7 @@
 
 require "uri"
 require "hanami/view"
+require_relative "../constants"
 
 # rubocop:disable Metrics/ModuleLength
 
@@ -61,7 +62,10 @@ module Hanami
 
       # @since 0.3.0
       # @api private
-      ABSOLUTE_URL_MATCHER = URI::DEFAULT_PARSER.make_regexp
+      # TODO: we can drop the defined?-check and fallback once Ruby 3.3 becomes our minimum required version
+      ABSOLUTE_URL_MATCHER = (
+        defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::DEFAULT_PARSER
+      ).make_regexp
 
       # @since 1.1.0
       # @api private
@@ -85,7 +89,12 @@ module Hanami
       # name of the algorithm, then a hyphen, then the hash value of the file.
       # If more than one algorithm is used, they"ll be separated by a space.
       #
-      # @param source_paths [Array<String, #url>] one or more assets by name or absolute URL
+      # If the Content Security Policy uses 'nonce' and the source is not
+      # absolute, the nonce value of the current request is automatically added
+      # as an attribute. You can override this with the `nonce: false` option.
+      # See {#content_security_policy_nonce} for more.
+      #
+      # @param sources [Array<String, #url>] one or more assets by name or absolute URL
       #
       # @return [Hanami::View::HTML::SafeString] the markup
       #
@@ -136,6 +145,10 @@ module Hanami
       #
       #   # <script src="/assets/application.js" type="text/javascript" defer="defer"></script>
       #
+      # @example Disable nonce
+      #
+      #   <%= javascript_tag "application", nonce: false %>
+      #
       # @example Absolute URL
       #
       #   <%= javascript_tag "https://code.jquery.com/jquery-2.1.4.min.js" %>
@@ -154,13 +167,15 @@ module Hanami
       #
       #   # <script src="https://assets.bookshelf.org/assets/application-28a6b886de2372ee3922fcaf3f78f2d8.js"
       #   #         type="text/javascript"></script>
-      def javascript_tag(*source_paths, **options)
+      def javascript_tag(*sources, **options)
         options = options.reject { |k, _| k.to_sym == :src }
+        nonce_option = options.delete(:nonce)
 
-        _safe_tags(*source_paths) do |source|
+        _safe_tags(*sources) do |source|
           attributes = {
-            src: _typed_path(source, JAVASCRIPT_EXT),
-            type: JAVASCRIPT_MIME_TYPE
+            src: _typed_url(source, JAVASCRIPT_EXT),
+            type: JAVASCRIPT_MIME_TYPE,
+            nonce: _nonce(source, nonce_option)
           }
           attributes.merge!(options)
 
@@ -189,7 +204,12 @@ module Hanami
       # name of the algorithm, then a hyphen, then the hashed value of the file.
       # If more than one algorithm is used, they"ll be separated by a space.
       #
-      # @param source_paths [Array<String, #url>] one or more assets by name or absolute URL
+      # If the Content Security Policy uses 'nonce' and the source is not
+      # absolute, the nonce value of the current request is automatically added
+      # as an attribute. You can override this with the `nonce: false` option.
+      # See {#content_security_policy_nonce} for more.
+      #
+      # @param sources [Array<String, #url>] one or more assets by name or absolute URL
       #
       # @return [Hanami::View::HTML::SafeString] the markup
       #
@@ -214,6 +234,10 @@ module Hanami
       #   # <link href="/assets/application.css" type="text/css" rel="stylesheet">
       #   # <link href="/assets/dashboard.css" type="text/css" rel="stylesheet">
       #
+      # @example Disable nonce
+      #
+      #   <%= stylesheet_tag "application", nonce: false %>
+      #
       # @example Subresource Integrity
       #
       #   <%= stylesheet_tag "application" %>
@@ -247,19 +271,21 @@ module Hanami
       #
       #   # <link href="https://assets.bookshelf.org/assets/application-28a6b886de2372ee3922fcaf3f78f2d8.css"
       #   #       type="text/css" rel="stylesheet">
-      def stylesheet_tag(*source_paths, **options)
+      def stylesheet_tag(*sources, **options)
         options = options.reject { |k, _| k.to_sym == :href }
+        nonce_option = options.delete(:nonce)
 
-        _safe_tags(*source_paths) do |source_path|
+        _safe_tags(*sources) do |source|
           attributes = {
-            href: _typed_path(source_path, STYLESHEET_EXT),
+            href: _typed_url(source, STYLESHEET_EXT),
             type: STYLESHEET_MIME_TYPE,
-            rel: STYLESHEET_REL
+            rel: STYLESHEET_REL,
+            nonce: _nonce(source, nonce_option)
           }
           attributes.merge!(options)
 
           if _context.assets.subresource_integrity? || attributes.include?(:integrity)
-            attributes[:integrity] ||= _subresource_integrity_value(source_path, STYLESHEET_EXT)
+            attributes[:integrity] ||= _subresource_integrity_value(source, STYLESHEET_EXT)
             attributes[:crossorigin] ||= CROSSORIGIN_ANONYMOUS
           end
 
@@ -626,7 +652,7 @@ module Hanami
       #
       # If CDN mode is on, it returns the absolute URL of the asset.
       #
-      # @param source_path [String, #url] the asset name or asset object
+      # @param source [String, #url] the asset name or asset object
       #
       # @return [String] the asset path
       #
@@ -665,42 +691,71 @@ module Hanami
       #   <%= asset_url "application.js" %>
       #
       #   # "https://assets.bookshelf.org/assets/application-28a6b886de2372ee3922fcaf3f78f2d8.js"
-      def asset_url(source_path)
-        return source_path.url if source_path.respond_to?(:url)
-        return source_path if _absolute_url?(source_path)
+      def asset_url(source)
+        return source.url if source.respond_to?(:url)
+        return source if _absolute_url?(source)
 
-        _context.assets[source_path].url
+        _context.assets[source].url
+      end
+
+      # Random per request nonce value for Content Security Policy (CSP) rules.
+      #
+      # If the `Hanami::Middleware::ContentSecurityPolicyNonce` middleware is
+      # in use, this helper returns the nonce value for the current request
+      # or `nil` otherwise.
+      #
+      # For this policy to work in the browser, you have to add the `'nonce'`
+      # placeholder to the script and/or style source policy rule. It will be
+      # substituted by the current nonce value like `'nonce-A12OggyZ'.
+      #
+      # @return [String, nil] nonce value of the current request
+      #
+      # @since x.x.x
+      #
+      # @example App configuration
+      #
+      #   config.middleware.use Hanami::Middleware::ContentSecurityPolicyNonce
+      #   config.actions.content_security_policy[:script_src] = "'self' 'nonce'"
+      #   config.actions.content_security_policy[:style_src] = "'self' 'nonce'"
+      #
+      # @example View helper
+      #
+      #   <script nonce="<%= content_security_policy_nonce %>">
+      def content_security_policy_nonce
+        return unless _context.request?
+
+        _context.request.env[CONTENT_SECURITY_POLICY_NONCE_REQUEST_KEY]
       end
 
       private
 
       # @since 2.1.0
       # @api private
-      def _safe_tags(*source_paths, &blk)
+      def _safe_tags(*sources, &blk)
         ::Hanami::View::HTML::SafeString.new(
-          source_paths.map(&blk).join(NEW_LINE_SEPARATOR)
+          sources.map(&blk).join(NEW_LINE_SEPARATOR)
         )
       end
 
       # @since 2.1.0
       # @api private
-      def _typed_path(source, ext)
+      def _typed_url(source, ext)
         source = "#{source}#{ext}" if source.is_a?(String) && _append_extension?(source, ext)
         asset_url(source)
       end
 
       # @api private
-      def _subresource_integrity_value(source_path, ext)
-        return if _absolute_url?(source_path)
+      def _subresource_integrity_value(source, ext)
+        return if _absolute_url?(source)
 
-        source_path = "#{source_path}#{ext}" unless /#{Regexp.escape(ext)}\z/.match?(source_path)
-        _context.assets[source_path].sri
+        source = "#{source}#{ext}" unless /#{Regexp.escape(ext)}\z/.match?(source)
+        _context.assets[source].sri
       end
 
       # @since 2.1.0
       # @api private
       def _absolute_url?(source)
-        ABSOLUTE_URL_MATCHER.match(source)
+        ABSOLUTE_URL_MATCHER.match?(source.respond_to?(:url) ? source.url : source)
       end
 
       # @since 1.2.0
@@ -711,6 +766,18 @@ module Hanami
         _context.assets.crossorigin?(source)
       end
 
+      # @since x.x.x
+      # @api private
+      def _nonce(source, nonce_option)
+        if nonce_option == false
+          nil
+        elsif nonce_option == true || (nonce_option.nil? && !_absolute_url?(source))
+          content_security_policy_nonce
+        else
+          nonce_option
+        end
+      end
+
       # @since 2.1.0
       # @api private
       def _source_options(src, options, &blk)

data/lib/hanami/middleware/content_security_policy_nonce.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "rack"
+require "securerandom"
+require_relative "../constants"
+
+module Hanami
+  module Middleware
+    # Generates a random per request nonce value like `mSMnSwfVZVe+LyQy1SPCGw==`, stores it as
+    # `"hanami.content_security_policy_nonce"` in the Rack environment, and replaces all occurrences
+    # of `'nonce'` in the `Content-Security-Policy header with the actual nonce value for the
+    # request, e.g. `'nonce-mSMnSwfVZVe+LyQy1SPCGw=='`.
+    #
+    # @see Hanami::Middleware::ContentSecurityPolicyNonce
+    #
+    # @api private
+    # @since x.x.x
+    class ContentSecurityPolicyNonce
+      # @api private
+      # @since x.x.x
+      def initialize(app)
+        @app = app
+      end
+
+      # @api private
+      # @since x.x.x
+      def call(env)
+        return @app.call(env) unless Hanami.app.config.actions.content_security_policy?
+
+        args = nonce_generator.arity == 1 ? [Rack::Request.new(env)] : []
+        request_nonce = nonce_generator.call(*args)
+
+        env[CONTENT_SECURITY_POLICY_NONCE_REQUEST_KEY] = request_nonce
+
+        _, headers, _ = response = @app.call(env)
+
+        headers["Content-Security-Policy"] = sub_nonce(headers["Content-Security-Policy"], request_nonce)
+
+        response
+      end
+
+      private
+
+      def nonce_generator
+        Hanami.app.config.actions.content_security_policy_nonce_generator
+      end
+
+      def sub_nonce(string, nonce)
+        string&.gsub("'nonce'", "'nonce-#{nonce}'")
+      end
+    end
+  end
+end

data/lib/hanami/routes.rb

@@ -36,14 +36,14 @@ module Hanami
       def initialize(action_key, slice)
         action_path = action_key.gsub(CONTAINER_KEY_DELIMITER, PATH_DELIMITER)
         action_constant = slice.inflector.camelize(
-          "#{slice.inflector.underscore(slice.namespace.to_s)}#{PATH_DELIMITER}#{action_path}"
+          slice.inflector.underscore(slice.namespace.to_s) + PATH_DELIMITER + action_path
         )
-        action_file = slice.root.join("#{action_path}#{RB_EXT}")
+        action_file_path = slice.relative_source_path.join(action_path).to_s.concat(RB_EXT)
 
         super(<<~MSG)
           Could not find action with key #{action_key.inspect} in #{slice}
 
-          To fix this, define the action class #{action_constant} in #{action_file}
+          To fix this, define the action class #{action_constant} in #{action_file_path}
         MSG
       end
     end

data/lib/hanami/slice.rb

@@ -223,6 +223,18 @@ module Hanami
         app? ? root.join(APP_DIR) : root
       end
 
+      # Returns the slice's root component directory, as a path relative to the app's root.
+      #
+      # @return [Pathname]
+      #
+      # @see #source_path
+      #
+      # @api public
+      # @since 2.3.0
+      def relative_source_path
+        source_path.relative_path_from(app.root)
+      end
+
       # Returns the slice's configured inflector.
       #
       # Unless explicitly re-configured for the slice, this will be the app's inflector.
@@ -729,7 +741,9 @@ module Hanami
       # @api public
       # @since 2.0.0
       def routes
-        @routes ||= load_routes
+        return @routes if instance_variable_defined?(:@routes)
+
+        @routes = load_routes
       end
 
       # Returns the slice's router, if or nil if no routes are defined.
@@ -925,7 +939,7 @@ module Hanami
         # Check here for the `routes` definition only, not `router` itself, because the
         # `router` requires the slice to be prepared before it can be loaded, and at this
         # point we're still in the process of preparing.
-        if routes
+        if routes?
           require_relative "providers/routes"
           register_provider(:routes, source: Providers::Routes)
         end
@@ -954,9 +968,10 @@ module Hanami
       end
 
       def prepare_autoloader
-        # Component dirs are automatically pushed to the autoloader by dry-system's
-        # zeitwerk plugin. This method adds other dirs that are not otherwise configured
-        # as component dirs.
+        autoloader.tag = "hanami.slices.#{slice_name.to_s}"
+
+        # Component dirs are automatically pushed to the autoloader by dry-system's zeitwerk plugin.
+        # This method adds other dirs that are not otherwise configured as component dirs.
 
         # Everything in the slice root can be autoloaded except `config/` and `slices/`,
         # which are framework-managed directories
@@ -977,11 +992,19 @@ module Hanami
         slices.freeze
       end
 
+      def routes?
+        return false unless Hanami.bundled?("hanami-router")
+
+        return true if namespace.const_defined?(ROUTES_CLASS_NAME)
+
+        root.join("#{ROUTES_PATH}#{RB_EXT}").file?
+      end
+
       def load_routes
         return false unless Hanami.bundled?("hanami-router")
 
         if root.directory?
-          routes_require_path = File.join(root, ROUTES_PATH)
+          routes_require_path = root.join(ROUTES_PATH).to_s
 
           begin
             require_relative "./routes"
@@ -1050,6 +1073,11 @@ module Hanami
             if config.actions.sessions.enabled?
               use(*config.actions.sessions.middleware)
             end
+
+            if config.actions.content_security_policy && # rubocop:disable Style/SafeNavigation
+               config.actions.content_security_policy.nonce?
+              use(*config.actions.content_security_policy.middleware)
+            end
           end
 
           if Hanami.bundled?("hanami-assets") && config.assets.serve

data/lib/hanami/slice_registrar.rb

@@ -5,7 +5,7 @@ require_relative "constants"
 module Hanami
   # @api private
   class SliceRegistrar
-    VALID_SLICE_NAME_RE = /^[a-z][a-z0-9_]+$/
+    VALID_SLICE_NAME_RE = /^[a-z][a-z0-9_]*$/
     SLICE_DELIMITER = CONTAINER_KEY_DELIMITER
 
     attr_reader :parent, :slices

data/lib/hanami/version.rb

@@ -7,7 +7,7 @@ module Hanami
   # @api private
   module Version
     # @api public
-    VERSION = "2.2.1"
+    VERSION = "2.3.0.beta2"
 
     # @since 0.9.0
     # @api private

data/lib/hanami.rb

@@ -138,7 +138,15 @@ module Hanami
     end
   end
 
-  # Returns the Hanami app environment as loaded from the `HANAMI_ENV` environment variable.
+  # Returns the Hanami app environment as determined from the environment.
+  #
+  # Checks the following environment variables in order:
+  #
+  # - `HANAMI_ENV`
+  # - `APP_ENV`
+  # - `RACK_ENV`
+  #
+  # Defaults to `:development` if no environment variable is set.
   #
   # @example
   #   Hanami.env # => :development
@@ -148,7 +156,7 @@ module Hanami
   # @api public
   # @since 2.0.0
   def self.env(e: ENV)
-    e.fetch("HANAMI_ENV") { e.fetch("RACK_ENV", "development") }.to_sym
+    (e["HANAMI_ENV"] || e["APP_ENV"] || e["RACK_ENV"] || :development).to_sym
   end
 
   # Returns true if {.env} matches any of the given names

data/spec/integration/action/format_config_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe "App action / Format config", :app_integration do
         class App < Hanami::App
           config.logger.stream = StringIO.new
 
-          config.actions.format :json
+          config.actions.formats.accept :json
         end
       end
     RUBY
@@ -76,7 +76,10 @@ RSpec.describe "App action / Format config", :app_integration do
         class App < Hanami::App
           config.logger.stream = StringIO.new
 
-          config.actions.formats.add :json, ["application/json+scim", "application/json"]
+          config.actions.formats.register :json, "application/json",
+            accept_types: ["application/json", "application/json+scim"],
+            content_types: ["application/json", "application/json+scim"]
+          config.actions.formats.accept :json
         end
       end
     RUBY
@@ -141,7 +144,7 @@ RSpec.describe "App action / Format config", :app_integration do
         class App < Hanami::App
           config.logger.stream = StringIO.new
 
-          config.actions.format :json
+          config.actions.formats.accept :json
           config.middleware.use :body_parser, [json: "application/json+custom"]
         end
       end

data/spec/integration/action/slice_configuration_spec.rb

@@ -34,25 +34,25 @@ RSpec.describe "App action / Slice configuration", :app_integration do
       it "applies default actions config from the app", :aggregate_failures do
         prepare_app
 
-        expect(TestApp::Action.config.formats.values).to eq []
+        expect(TestApp::Action.config.formats.accepted).to eq []
       end
 
       it "applies actions config from the app" do
-        Hanami.app.config.actions.format :json
+        Hanami.app.config.actions.formats.accepted = [:json]
 
         prepare_app
 
-        expect(TestApp::Action.config.formats.values).to eq [:json]
+        expect(TestApp::Action.config.formats.accepted).to eq [:json]
       end
 
       it "does not override config in the base class" do
-        Hanami.app.config.actions.format :csv
+        Hanami.app.config.actions.formats.accepted = [:csv]
 
         prepare_app
 
-        TestApp::Action.config.format :json
+        TestApp::Action.config.formats.accepted = [:json]
 
-        expect(TestApp::Action.config.formats.values).to eq [:json]
+        expect(TestApp::Action.config.formats.accepted).to eq [:json]
       end
     end
 
@@ -75,23 +75,23 @@ RSpec.describe "App action / Slice configuration", :app_integration do
       it "applies default actions config from the app", :aggregate_failures do
         prepare_app
 
-        expect(TestApp::Actions::Articles::Index.config.formats.values).to eq []
+        expect(TestApp::Actions::Articles::Index.config.formats.accepted).to eq []
       end
 
       it "applies actions config from the app" do
-        Hanami.app.config.actions.format :json
+        Hanami.app.config.actions.formats.accepted = [:json]
 
         prepare_app
 
-        expect(TestApp::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(TestApp::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
 
       it "applies config from the base class" do
         prepare_app
 
-        TestApp::Action.config.format :json
+        TestApp::Action.config.formats.accepted = [:json]
 
-        expect(TestApp::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(TestApp::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
     end
 
@@ -114,23 +114,23 @@ RSpec.describe "App action / Slice configuration", :app_integration do
       it "applies default actions config from the app", :aggregate_failures do
         prepare_app
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq []
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq []
       end
 
       it "applies actions config from the app" do
-        Hanami.app.config.actions.format :json
+        Hanami.app.config.actions.formats.accepted = [:json]
 
         prepare_app
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
 
       it "applies config from the base class" do
         prepare_app
 
-        TestApp::Action.config.format :json
+        TestApp::Action.config.formats.accepted = [:json]
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
     end
   end
@@ -151,23 +151,23 @@ RSpec.describe "App action / Slice configuration", :app_integration do
       it "applies default actions config from the app", :aggregate_failures do
         prepare_app
 
-        expect(Admin::Action.config.formats.values).to eq []
+        expect(Admin::Action.config.formats.accepted).to eq []
       end
 
       it "applies actions config from the app" do
-        Hanami.app.config.actions.format :json
+        Hanami.app.config.actions.formats.accepted = [:json]
 
         prepare_app
 
-        expect(Admin::Action.config.formats.values).to eq [:json]
+        expect(Admin::Action.config.formats.accepted).to eq [:json]
       end
 
       it "applies config from the app base class" do
         prepare_app
 
-        TestApp::Action.config.format :json
+        TestApp::Action.config.formats.accepted = [:json]
 
-        expect(Admin::Action.config.formats.values).to eq [:json]
+        expect(Admin::Action.config.formats.accepted).to eq [:json]
       end
 
       context "slice actions config present" do
@@ -186,24 +186,24 @@ RSpec.describe "App action / Slice configuration", :app_integration do
         it "applies actions config from the slice" do
           prepare_app
 
-          expect(Admin::Action.config.formats.values).to eq [:csv]
+          expect(Admin::Action.config.formats.accepted).to eq [:csv]
         end
 
         it "prefers actions config from the slice over config from the app-level base class" do
           prepare_app
 
-          TestApp::Action.config.format :json
+          TestApp::Action.config.formats.accepted = [:json]
 
-          expect(Admin::Action.config.formats.values).to eq [:csv]
+          expect(Admin::Action.config.formats.accepted).to eq [:csv]
         end
 
         it "prefers config from the base class over actions config from the slice" do
           prepare_app
 
-          TestApp::Action.config.format :csv
-          Admin::Action.config.format :json
+          TestApp::Action.config.formats.accepted = [:csv]
+          Admin::Action.config.formats.accepted = [:json]
 
-          expect(Admin::Action.config.formats.values).to eq [:json]
+          expect(Admin::Action.config.formats.accepted).to eq [:json]
         end
       end
     end
@@ -227,15 +227,15 @@ RSpec.describe "App action / Slice configuration", :app_integration do
       it "applies default actions config from the app", :aggregate_failures do
         prepare_app
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq []
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq []
       end
 
       it "applies actions config from the app" do
-        Hanami.app.config.actions.format :json
+        Hanami.app.config.actions.formats.accepted = [:json]
 
         prepare_app
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
 
       it "applies actions config from the slice" do
@@ -243,7 +243,7 @@ RSpec.describe "App action / Slice configuration", :app_integration do
           write "config/slices/admin.rb", <<~'RUBY'
             module Admin
               class Slice < Hanami::Slice
-                config.actions.format :json
+                config.actions.formats.accepted = [:json]
               end
             end
           RUBY
@@ -251,15 +251,15 @@ RSpec.describe "App action / Slice configuration", :app_integration do
 
         prepare_app
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
 
       it "applies config from the slice base class" do
         prepare_app
 
-        Admin::Action.config.format :json
+        Admin::Action.config.formats.accepted = [:json]
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
 
       it "prefers config from the slice base class over actions config from the slice" do
@@ -275,9 +275,9 @@ RSpec.describe "App action / Slice configuration", :app_integration do
 
         prepare_app
 
-        Admin::Action.config.format :json
+        Admin::Action.config.formats.accepted = [:json]
 
-        expect(Admin::Actions::Articles::Index.config.formats.values).to eq [:json]
+        expect(Admin::Actions::Articles::Index.config.formats.accepted).to eq [:json]
       end
     end
   end

data/spec/integration/assets/cross_slice_assets_helpers_spec.rb

@@ -123,7 +123,6 @@ RSpec.describe "Cross-slice assets via helpers", :app_integration do
     compile_assets!
 
     output = Admin::Slice["views.posts.show"].call.to_s
-
     expect(output).to match(%r{<link href="/assets/app-[A-Z0-9]{8}.css" type="text/css" rel="stylesheet">})
     expect(output).to match(%r{<script src="/assets/app-[A-Z0-9]{8}.js" type="text/javascript"></script>})
   end