rack-contrib 2.0.1 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7784c9ef2deb5524c67848eec58934752c586e8d
-  data.tar.gz: 76bca1883c124f0c9143ef9b0d79cb550c261c03
+SHA256:
+  metadata.gz: 1b83b23d3e67c0a24d65f6da2406e8430b003100bae5b5e8f3b20486384804e0
+  data.tar.gz: 4e2b5a6b94dbd7be2b10a6dae026509166d236e0b0e842f0a127b59d28298ae9
 SHA512:
-  metadata.gz: b9a70c52bcf05c8c56a11f7822e8b297feafcccd4cf67e80f21f3a5ea64116aab9db8a57e942c5eaea92825476fa7f1f9b7ad4b4133b1f8632e1a78f59f71f38
-  data.tar.gz: bced2fb275258c226af75d670c6fac2eb5a2d10422ae0c9d9026f19330cf635dda62449e055923669a2c7495827ecb8035cdbcf849068e4a11f2ed46c980aa8d
+  metadata.gz: a12773ffdd9646740002b8124c2bd02bdc92d738ced7c4bb270e6003661a259d4dc8e34925bd909805bd1e40a0d381b9efa59c3d2d02d1fe5f9dcd57af8809c9
+  data.tar.gz: c9955bcfb8787a930d9590cc984ab16a25211e2f52b9fe76b7d357088bbc68503e1c2fc362c46ba0c8febb08aa73eb67ed04bd03ddbdea39bd489e336211d385

data/README.md

@@ -3,17 +3,16 @@
 This package includes a variety of add-on components for Rack, a Ruby web server
 interface:
 
-* `Rack::AcceptFormat` - Adds a format extension at the end of the URI when there is none, corresponding to the mime-type given in the Accept HTTP header.
 * `Rack::Access` - Limits access based on IP address
 * `Rack::Backstage` - Returns content of specified file if it exists, which makes it convenient for putting up maintenance pages.
 * `Rack::BounceFavicon` - Returns a 404 for requests to `/favicon.ico`
 * `Rack::CSSHTTPRequest` - Adds CSSHTTPRequest support by encoding responses as CSS for cross-site AJAX-style data loading
 * `Rack::Callbacks` - Implements DSL for pure before/after filter like Middlewares.
-* `Rack::Config` - Shared configuration for cooperative middleware.
 * `Rack::Cookies` - Adds simple cookie jar hash to env
 * `Rack::Deflect` - Helps protect against DoS attacks.
 * `Rack::Evil` - Lets the rack application return a response to the client from any place.
 * `Rack::HostMeta` - Configures `/host-meta` using a block
+* `Rack::JSONBodyParser` - Adds JSON request bodies to the Rack parameters hash.
 * `Rack::JSONP` - Adds JSON-P support by stripping out the callback param and padding the response with the appropriate callback format.
 * `Rack::LazyConditionalGet` - Caches a global `Last-Modified` date and updates it each time there is a request that is not `GET` or `HEAD`.
 * `Rack::LighttpdScriptNameFix` - Fixes how lighttpd sets the `SCRIPT_NAME` and `PATH_INFO` variables in certain configurations.
@@ -21,14 +20,13 @@ interface:
 * `Rack::MailExceptions` - Rescues exceptions raised from the app and sends a useful email with the exception, stacktrace, and contents of the environment.
 * `Rack::NestedParams` - parses form params with subscripts (e.g., * "`post[title]=Hello`") into a nested/recursive Hash structure (based on Rails' implementation).
 * `Rack::NotFound` - A default 404 application.
-* `Rack::PostBodyContentTypeParser` - Adds support for JSON request bodies. The Rack parameter hash is populated by deserializing the JSON data provided in the request body when the Content-Type is application/json.
+* `Rack::PostBodyContentTypeParser` - [Deprecated]: Adds support for JSON request bodies. The Rack parameter hash is populated by deserializing the JSON data provided in the request body when the Content-Type is application/json
 * `Rack::Printout` - Prints the environment and the response per request
 * `Rack::ProcTitle` - Displays request information in process title (`$0`) for monitoring/inspection with ps(1).
 * `Rack::Profiler` - Uses ruby-prof to measure request time.
 * `Rack::RelativeRedirect` - Transforms relative paths in redirects to absolute URLs.
-* `Rack::ResponseCache` - Caches responses to requests without query strings to Disk or a user provider Ruby object. Similar to Rails' page caching.
+* `Rack::ResponseCache` - Caches responses to requests without query strings to Disk or a user provided Ruby object. Similar to Rails' page caching.
 * `Rack::ResponseHeaders` - Manipulates response headers object at runtime
-* `Rack::Sendfile` - Enables `X-Sendfile` support for bodies that can be served from file.
 * `Rack::Signals` - Installs signal handlers that are safely processed after a request
 * `Rack::SimpleEndpoint` - Creates simple endpoints with routing rules, similar to Sinatra actions
 * `Rack::StaticCache` - Modifies the response headers to facilitiate client and proxy caching for static files that minimizes http requests and improves overall load times for second time visitors.
@@ -78,7 +76,7 @@ To contribute to the project, begin by cloning the repo and installing the neces
 
     gem install json rack ruby-prof test-spec test-unit
 
-To run the entire test suite, run 
+To run the entire test suite, run
 
     rake test
 
@@ -86,7 +84,7 @@ To run a specific component's tests run
 
     specrb -Ilib:test -w test/spec_rack_thecomponent.rb
 
-This works on ruby 1.8.7 but has problems under ruby 1.9.x. 
+This works on ruby 1.8.7 but has problems under ruby 1.9.x.
 
 TODO: instructions for 1.9.x and include bundler
 
@@ -100,10 +98,16 @@ The criteria for middleware being included in this project are roughly as follow
 These criteria were introduced several years after the start of the project, so some of the included middleware may not meet all of them. In particular, several middleware have external dependencies. It is possible that in some future release of rack-contrib, middleware with external depencies will be removed from the project.
 
 When submitting code keep the above criteria in mind and also see the code
-guidelines in CONTRIBUTING.md. 
+guidelines in CONTRIBUTING.md.
 
 ### Links
 
 * rack-contrib on GitHub:: <https://github.com/rack/rack-contrib>
 * Rack:: <https://rack.github.io/>
 * Rack On GitHub:: <https://github.com/rack/rack>
+
+
+### Security Reporting
+
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.

data/lib/rack/contrib/access.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "ipaddr"
 
 module Rack
@@ -38,7 +40,7 @@ module Rack
           raise ArgumentError, "paths need to start with /"
         end
         location = location.chomp('/')
-        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", nil, 'n')
+        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", Regexp::NOENCODING)
 
         ipmasks.collect! do |ipmask|
           ipmask.is_a?(IPAddr) ? ipmask : IPAddr.new(ipmask)
@@ -48,9 +50,9 @@ module Rack
     end
 
     def call(env)
-      @original_request = Request.new(env)
+      request = Request.new(env)
       ipmasks = ipmasks_for_path(env)
-      return forbidden! unless ip_authorized?(ipmasks)
+      return forbidden! unless ip_authorized?(request, ipmasks)
       status, headers, body = @app.call(env)
       [status, headers, body]
     end
@@ -70,14 +72,14 @@ module Rack
     end
 
     def forbidden!
-      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, []]
+      [403, { 'content-type' => 'text/html', 'content-length' => '0' }, []]
     end
 
-    def ip_authorized?(ipmasks)
+    def ip_authorized?(request, ipmasks)
       return true if ipmasks.nil?
 
       ipmasks.any? do |ip_mask|
-        ip_mask.include?(IPAddr.new(@original_request.ip))
+        ip_mask.include?(IPAddr.new(request.ip))
       end
     end
 

data/lib/rack/contrib/backstage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Backstage
     File = ::File
@@ -8,10 +10,10 @@ module Rack
     end
 
     def call(env)
-      if File.exists?(@file)
+      if File.exist?(@file)
         content = File.read(@file)
-        length = "".respond_to?(:bytesize) ? content.bytesize.to_s : content.size.to_s
-        [503, {'Content-Type' => 'text/html', 'Content-Length' => length}, [content]]
+        length = content.bytesize.to_s
+        [503, {'content-type' => 'text/html', 'content-length' => length}, [content]]
       else
         @app.call(env)
       end

data/lib/rack/contrib/bounce_favicon.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Bounce those annoying favicon.ico requests
   class BounceFavicon
@@ -7,7 +9,7 @@ module Rack
 
     def call(env)
       if env["PATH_INFO"] == "/favicon.ico"
-        [404, {"Content-Type" => "text/html", "Content-Length" => "0"}, []]
+        [404, {"content-type" => "text/html", "content-length" => "0"}, []]
       else
         @app.call(env)
       end

data/lib/rack/contrib/callbacks.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Callbacks
     def initialize(&block)

data/lib/rack/contrib/common_cookies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Rack middleware to use common cookies across domain and subdomains.
   class CommonCookies
@@ -5,26 +7,32 @@ module Rack
     LOCALHOST_OR_IP_REGEXP = /^([\d.]+|localhost)$/
     PORT = /:\d+$/
 
+    HEADERS_KLASS = Rack.release < "3" ? Utils::HeaderHash : Headers
+    private_constant :HEADERS_KLASS
+
     def initialize(app)
       @app = app
     end
 
     def call(env)
-      @app.call(env).tap do |(status, headers, response)|
-        @host = env['HTTP_HOST'].sub PORT, ''
-        share_cookie headers
-      end
+      status, headers, body = @app.call(env)
+      headers = HEADERS_KLASS.new.merge(headers)
+
+      host = env['HTTP_HOST'].sub PORT, ''
+      share_cookie(headers, host)
+
+      [status, headers, body]
     end
 
     private
 
-    def domain
-      @host =~ DOMAIN_REGEXP
+    def domain(host)
+      host =~ DOMAIN_REGEXP
       ".#{$1}.#{$2}"
     end
 
-    def share_cookie(headers)
-      headers['Set-Cookie'] &&= common_cookie(headers) if @host !~ LOCALHOST_OR_IP_REGEXP
+    def share_cookie(headers, host)
+      headers['Set-Cookie'] &&= common_cookie(headers, host) if host !~ LOCALHOST_OR_IP_REGEXP
     end
 
     def cookie(headers)
@@ -32,8 +40,8 @@ module Rack
       cookies.is_a?(Array) ? cookies.join("\n") : cookies
     end
 
-    def common_cookie(headers)
-      cookie(headers).gsub(/; domain=[^;]*/, '').gsub(/$/, "; domain=#{domain}")
+    def common_cookie(headers, host)
+      cookie(headers).gsub(/; domain=[^;]*/, '').gsub(/$/, "; domain=#{domain(host)}")
     end
   end
-end
+end

data/lib/rack/contrib/config.rb

@@ -1,16 +1,4 @@
-module Rack
+# frozen_string_literal: true
 
-  # Rack::Config modifies the environment using the block given during
-  # initialization.
-  class Config
-    def initialize(app, &block)
-      @app = app
-      @block = block
-    end
-
-    def call(env)
-      @block.call(env)
-      @app.call(env)
-    end
-  end
-end
+require 'rack'
+require 'rack/config'

data/lib/rack/contrib/cookies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Cookies
     class CookieJar < Hash

data/lib/rack/contrib/csshttprequest.rb

@@ -1,9 +1,13 @@
+# frozen_string_literal: true
+
 require 'csshttprequest'
 
 module Rack
 
   # A Rack middleware for providing CSSHTTPRequest responses.
   class CSSHTTPRequest
+    HEADERS_KLASS = Rack.release < "3" ? Utils::HeaderHash : Headers
+    private_constant :HEADERS_KLASS
 
     def initialize(app)
       @app = app
@@ -13,9 +17,12 @@ module Rack
     # the CSSHTTPRequest encoder
     def call(env)
       status, headers, response = @app.call(env)
+      headers = HEADERS_KLASS.new.merge(headers)
+
       if chr_request?(env)
-        response = encode(response)
-        modify_headers!(headers, response)
+        encoded_response = encode(response)
+        modify_headers!(headers, encoded_response)
+        response = [encoded_response]
       end
       [status, headers, response]
     end
@@ -25,13 +32,12 @@ module Rack
         !(/\.chr$/.match(env['PATH_INFO'])).nil? || Rack::Request.new(env).params['_format'] == 'chr'
     end
 
-    def encode(response, assembled_body="")
-      response.each { |s| assembled_body << s.to_s } # call down the stack
-      return ::CSSHTTPRequest.encode(assembled_body)
+    def encode(body)
+      ::CSSHTTPRequest.encode(body.to_enum.to_a.join)
     end
 
     def modify_headers!(headers, encoded_response)
-      headers['Content-Length'] = encoded_response.length.to_s
+      headers['Content-Length'] = encoded_response.bytesize.to_s
       headers['Content-Type'] = 'text/css'
       nil
     end

data/lib/rack/contrib/deflect.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'thread'
 
 # TODO: optional stats
@@ -63,14 +65,14 @@ module Rack
     end
 
     def deflect!
-      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, []]
+      [403, { 'content-type' => 'text/html', 'content-length' => '0' }, []]
     end
 
     def deflect? env
-      @remote_addr = env['REMOTE_ADDR']
-      return false if options[:whitelist].include? @remote_addr
-      return true  if options[:blacklist].include? @remote_addr
-      sync { watch }
+      remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? remote_addr
+      return true  if options[:blacklist].include? remote_addr
+      sync { watch(remote_addr) }
     end
 
     def log message
@@ -82,55 +84,55 @@ module Rack
       @mutex.synchronize(&block)
     end
 
-    def map
-      @remote_addr_map[@remote_addr] ||= {
+    def map(remote_addr)
+      @remote_addr_map[remote_addr] ||= {
         :expires => Time.now + options[:interval],
         :requests => 0
       }
     end
 
-    def watch
-      increment_requests
-      clear! if watch_expired? and not blocked?
-      clear! if blocked? and block_expired?
-      block! if watching? and exceeded_request_threshold?
-      blocked?
+    def watch(remote_addr)
+      increment_requests(remote_addr)
+      clear!(remote_addr) if watch_expired?(remote_addr) and not blocked?(remote_addr)
+      clear!(remote_addr) if blocked?(remote_addr) and block_expired?(remote_addr)
+      block!(remote_addr) if watching?(remote_addr) and exceeded_request_threshold?(remote_addr)
+      blocked?(remote_addr)
     end
 
-    def block!
-      return if blocked?
-      log "blocked #{@remote_addr}"
-      map[:block_expires] = Time.now + options[:block_duration]
+    def block!(remote_addr)
+      return if blocked?(remote_addr)
+      log "blocked #{remote_addr}"
+      map(remote_addr)[:block_expires] = Time.now + options[:block_duration]
     end
 
-    def blocked?
-      map.has_key? :block_expires
+    def blocked?(remote_addr)
+      map(remote_addr).has_key? :block_expires
     end
 
-    def block_expired?
-      map[:block_expires] < Time.now rescue false
+    def block_expired?(remote_addr)
+      map(remote_addr)[:block_expires] < Time.now rescue false
     end
 
-    def watching?
-      @remote_addr_map.has_key? @remote_addr
+    def watching?(remote_addr)
+      @remote_addr_map.has_key? remote_addr
     end
 
-    def clear!
-      return unless watching?
-      log "released #{@remote_addr}" if blocked?
-      @remote_addr_map.delete @remote_addr
+    def clear!(remote_addr)
+      return unless watching?(remote_addr)
+      log "released #{remote_addr}" if blocked?(remote_addr)
+      @remote_addr_map.delete remote_addr
     end
 
-    def increment_requests
-      map[:requests] += 1
+    def increment_requests(remote_addr)
+      map(remote_addr)[:requests] += 1
     end
 
-    def exceeded_request_threshold?
-      map[:requests] > options[:request_threshold]
+    def exceeded_request_threshold?(remote_addr)
+      map(remote_addr)[:requests] > options[:request_threshold]
     end
 
-    def watch_expired?
-      map[:expires] <= Time.now
+    def watch_expired?(remote_addr)
+      map(remote_addr)[:expires] <= Time.now
     end
 
   end

data/lib/rack/contrib/enforce_valid_encoding.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Ensure that the path and query string presented to the application
   # contains only valid characters.  If the validation fails, then a
@@ -16,7 +18,7 @@ module Rack
          Rack::Utils.unescape(full_path).valid_encoding?
         @app.call env
       else
-        [400, {'Content-Type'=>'text/plain'}, ['Bad Request']]
+        [400, {'content-type'=>'text/plain'}, ['Bad Request']]
       end
     end
   end

data/lib/rack/contrib/evil.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Evil
     # Lets you return a response to the client immediately from anywhere ( M V or C ) in the code.

data/lib/rack/contrib/expectation_cascade.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Rack
   class ExpectationCascade
-    Expect = "Expect".freeze
+    Expect = "HTTP_EXPECT".freeze
     ContinueExpectation = "100-continue".freeze
 
-    ExpectationFailed = [417, {"Content-Type" => "text/html"}, []].freeze
-    NotFound = [404, {"Content-Type" => "text/html"}, []].freeze
+    ExpectationFailed = [417, {"content-type" => "text/html"}, []]
+    NotFound = [404, {"content-type" => "text/html"}, []]
 
     attr_reader :apps
 

data/lib/rack/contrib/garbagecollector.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Forces garbage collection after each request.
   class GarbageCollector

data/lib/rack/contrib/host_meta.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
 
   # Rack middleware implementing the IETF draft: "Host Metadata for the Web"
@@ -28,7 +30,7 @@ module Rack
 
     def call(env)
       if env['PATH_INFO'] == '/host-meta'
-        [200, {'Content-Type' => 'application/host-meta'}, [@response]]
+        [200, {'content-type' => 'application/host-meta'}, [@response]]
       else
         @app.call(env)
       end

data/lib/rack/contrib/json_body_parser.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Rack
+  # A Rack middleware that makes JSON-encoded request bodies available in the
+  # request.params hash. By default it parses POST, PATCH, and PUT requests
+  # whose media type is <tt>application/json</tt>. You can configure it to match
+  # any verb or media type via the <tt>:verbs</tt> and <tt>:media</tt> options.
+  #
+  #
+  # == Examples:
+  #
+  # === Parse POST and GET requests only
+  #   use Rack::JSONBodyParser, verbs: ['POST', 'GET']
+  #
+  # === Parse POST|PATCH|PUT requests whose content-type matches 'json'
+  #   use Rack::JSONBodyParser, media: /json/
+  #
+  # === Parse POST requests whose content-type is 'application/json' or 'application/vnd+json'
+  #   use Rack::JSONBodyParser, verbs: ['POST'], media: ['application/json', 'application/vnd.api+json']
+  #
+  class JSONBodyParser
+    CONTENT_TYPE_MATCHERS = {
+      String => lambda { |option, header|
+        Rack::MediaType.type(header) == option
+      },
+      Array => lambda { |options, header|
+        media_type = Rack::MediaType.type(header)
+        options.any? { |opt| media_type == opt }
+      },
+      Regexp => lambda {
+        if //.respond_to?(:match?)
+          # Use Ruby's fast regex matcher when available
+          ->(option, header) { option.match? header }
+        else
+          # Fall back to the slower matcher for rubies older than 2.4
+          ->(option, header) { option.match header }
+        end
+      }.call(),
+    }.freeze
+
+    DEFAULT_PARSER = ->(body) { JSON.parse(body, create_additions: false) }
+
+    def initialize(
+      app,
+      verbs: %w[POST PATCH PUT],
+      media: 'application/json',
+      &block
+    )
+      @app = app
+      @verbs, @media = verbs, media
+      @matcher = CONTENT_TYPE_MATCHERS.fetch(@media.class)
+      @parser = block || DEFAULT_PARSER
+    end
+
+    def call(env)
+      begin
+        if @verbs.include?(env[Rack::REQUEST_METHOD]) &&
+           @matcher.call(@media, env['CONTENT_TYPE'])
+
+          update_form_hash_with_json_body(env)
+        end
+      rescue ParserError
+        body = { error: 'Failed to parse body as JSON' }.to_json
+        header = { 'content-type' => 'application/json' }
+        return Rack::Response.new(body, 400, header).finish
+      end
+      @app.call(env)
+    end
+
+    private
+
+    class ParserError < StandardError; end
+
+    def update_form_hash_with_json_body(env)
+      body = env[Rack::RACK_INPUT]
+      return unless (body_content = body.read) && !body_content.empty?
+
+      body.rewind if body.respond_to?(:rewind) # somebody might try to read this stream
+
+      begin
+        parsed_body = @parser.call(body_content)
+      rescue StandardError
+        raise ParserError
+      end
+
+      env.update(
+        Rack::RACK_REQUEST_FORM_HASH => parsed_body,
+        Rack::RACK_REQUEST_FORM_INPUT => body
+      )
+    end
+  end
+end

data/lib/rack/contrib/jsonp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
 
   # A Rack middleware for providing JSON-P support.
@@ -21,6 +23,9 @@ module Rack
     # "\342\200\251" # => "\u2029"
     U2028, U2029 = ("\u2028" == 'u2028') ? ["\342\200\250", "\342\200\251"] : ["\u2028", "\u2029"]
 
+    HEADERS_KLASS = Rack.release < "3" ? Utils::HeaderHash : Headers
+    private_constant :HEADERS_KLASS
+
     def initialize(app)
       @app = app
     end
@@ -40,7 +45,7 @@ module Rack
         return status, headers, response
       end
 
-      headers = HeaderHash.new(headers)
+      headers = HEADERS_KLASS.new.merge(headers)
 
       if is_json?(headers) && has_callback?(request)
         callback = request.params['callback']
@@ -53,7 +58,7 @@ module Rack
 
         # Set new Content-Length, if it was set before we mutated the response body
         if headers['Content-Length']
-          length = response.to_ary.inject(0) { |len, part| len + part.bytesize }
+          length = response.map(&:bytesize).reduce(0, :+)
           headers['Content-Length'] = length.to_s
         end
       end
@@ -87,8 +92,8 @@ module Rack
     # method of combining all of the data into a single string makes sense
     # since JSON is returned as a full string.
     #
-    def pad(callback, response, body = "")
-      response.each do |s|
+    def pad(callback, response)
+      body = response.to_enum.map do |s|
         # U+2028 and U+2029 are allowed inside strings in JSON (as all literal
         # Unicode characters) but JavaScript defines them as newline
         # seperators. Because no literal newlines are allowed in a string, this
@@ -96,8 +101,8 @@ module Rack
         # replacing them with the escaped version. This should be safe because
         # according to the JSON spec, these characters are *only* valid inside
         # a string and should therefore not be present any other places.
-        body << s.to_s.gsub(U2028, '\u2028').gsub(U2029, '\u2029')
-      end
+        s.gsub(U2028, '\u2028').gsub(U2029, '\u2029')
+      end.join
 
       # https://github.com/rack/rack-contrib/issues/46
       response.close if response.respond_to?(:close)
@@ -106,7 +111,7 @@ module Rack
     end
 
     def bad_request(body = "Bad Request")
-      [ 400, { 'Content-Type' => 'text/plain', 'Content-Length' => body.size.to_s }, [body] ]
+      [ 400, { 'content-type' => 'text/plain', 'content-length' => body.bytesize.to_s }, [body] ]
     end
 
   end