rack-mini-profiler 1.0.1 → 2.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7c0f5a071d07b17ed627b9c25ca3fa6a60f9670178e990fa8d84e7f826c05ff
-  data.tar.gz: 94c852d1876cf526cf1f771bb609d6f6993f5d1827da16861128351b59ee0f83
+  metadata.gz: 2984e9dec3cda4d5b86a4ed3b8300725207ba826b6a064402b23dcf04b0d5a51
+  data.tar.gz: 4a05074c124ac23085c08f4ae5389b71ef7b85687c40c5e5594dee4884d87632
 SHA512:
-  metadata.gz: f53c37831ae521bfc0f79dc375595f76165499b76ca60191f5ba88cf811f68abe2c787e548010c68fd209b0b156e06ba6f54b40d10dd24b1297622aefeb80c58
-  data.tar.gz: 471f7506b95eefc6e9f182a88baa8ef9bd8f613557619d3c34ce7f4d1831026f48ba61da7160dcb3ae7adca4dbf5d33766bbba48880a84633ee7692a2ae9ad1f
+  metadata.gz: b29d4a47e99d03489251752bfe57a2b64235400b5ffb9f867738bfb9d165f63ddeeb559fc4edf9a60c91fe2d579b04ee473db1b2c7846ab823580d8b9b5e88c1
+  data.tar.gz: 3a0768401c048801bf4adb22792fbdb2643d5b5e0174f92149df96c8ae2ab79d0c504e9e2146d72cc45068df6b88ebc675ef11431d47c17a5b929f375a1e6d74

data/CHANGELOG.md

@@ -1,6 +1,101 @@
 # CHANGELOG
 
-## 1.0.1 2018-12-10
+## 2.3.2 - 2021-04-30
+
+- [FEATURE] Introduce `pp=async-flamegraph` for asynchronous flamegraphs
+
+## 2.3.1 - 2021-01-29
+
+- [FIX] compatability with Ruby 3.0
+- [FIX] compatability with peek-mysql2
+
+## 2.3.0 - 2020-12-29
+
+- [FEATURE] flamegraphs are now based off speedscope
+
+## 2.2.1 - 2020-12-23
+
+- [FIX] Turbolinks integration causing increasing number of GET requests
+- [FEATURE] enahanced log transporter with compression and exponential backoff
+- [FEATURE] sameSite=Lax added to MiniProfiler cookie
+
+## 2.2.0 - 2020-10-19
+
+- [UX] Enhancements to snapshots UI
+- [FEATURE] Mini Profiler cookie is now sameSite=lax
+- [FEATURE] Snapshots transporter
+- [FEATURE] Redact SQL queries in snapshots by default
+
+## 2.1.0 - 2020-09-17
+
+- [FEATURE] Allow assets to be precompiled with Sprockets
+- [FEATURE] Snapshots sampling (see README in repo)
+- [FEATURE] Allow `skip_paths` config to contain regular expressions
+
+## 2.0.4 - 2020-08-04
+
+- [FIX] webpacker may exist with no config, allow for that
+
+## 2.0.3 - 2020-07-29
+
+- [FIX] support for deprecation free Redis 4.2
+- [FEATURE] skip /packs when serving static assets
+- [FEATURE] allow Net::HTTP patch to be applied with either prerpend or alias
+
+## 2.0.2 - 2020-05-25
+
+- [FIX] client timings were not showing up when you clicked show trivial
+
+## 2.0.1 - 2020-03-17
+
+- [REVERT] Prepend Net::HTTP patch instead of class_eval and aliasing (#429) (technique clashes with New Relic and Skylight agents)
+
+## 2.0.0 - 2020-03-11
+
+- [FEATURE] Prepend Net::HTTP patch instead of class_eval and aliasing (#429)
+- [FEATURE] Stop patching Rails and use `ActiveSupport::Notifications` by default (see README.md for details)
+
+## 1.1.6 - 2020-01-30
+
+- [FIX] edge condition on page transition function could lead to exceptions
+
+## 1.1.5 - 2020-01-28
+
+- [FIX] correct custom counter regression
+- [FIX] respect max_traces_to_show
+- [FIX] handle storage engine failures in whitelist mode
+
+## 1.1.4 - 2019-12-12
+
+- [SECURITY] carefully crafted SQL could cause an XSS on sites that do not use CSPs
+
+## 1.1.3 - 2019-10-28
+
+- [FEATURE] precompile all templates to avoid need for unsafe-eval
+
+## 1.1.2 - 2019-10-24
+
+- [FIX] JS payload was not working on IE11 and leading to errors
+- [FIX] Remove global singleton_class which was injected
+- [FIX] Regressions post removal of jQuery
+
+## 1.1.1 - 2019-10-22
+
+- [FIX] correct JavaScript fetch support header iteration (Jorge Manrubia)
+
+## 1.1.0 - 2019-10-01
+
+- [FEATURE] remove jQuery dependency, switch template library to dot.js
+- [FEATURE] disable all sensitive debugging methods by default (env, memory profiling) can be enabled with enable_advanced_debugging_tools.
+- [FIX] when conditionally requiring rack mini profiler, asset precompile could fail
+- [FEATURE] `/rack-mini-profiler/requests` can be used to monitor all requests for apps that do not have a UI (like API apps)
+- [SECURITY] XSS injection in `?pp=help` via rogue uri
+
+## 1.0.2 - 2019-02-05
+
+- [FIX] correct script injection to work with Rails 6 and above
+
+## 1.0.1 - 2018-12-10
 
 - [FIX] add support for exec_params instrumentation in PG, this method as of PG 1.1.0 no longer
  routes calls to exec / async_exec
@@ -10,7 +105,7 @@
 - [FIX] getEntriesByName is missing in iOS, workaround
 - [FEATURE] drop support for Ruby 2.2.0 we require 2.3.0 and up (EOL Ruby no longer supported)
 
-## 1.0.0 2017-03-29
+## 1.0.0 - 2018-03-29
 
 - [BREAKING CHANGE] Ruby version 2.2.0 or later is required
 - [FEATURE] use new web performance API to avoid warning @MikeRogers0
@@ -18,16 +113,16 @@
 - [FIX] correct jQuery 3.0 deprecations @TiSer
 - [FIX] JS in IFRAME @naiyt
 
-## 0.10.8 2017-12-01
+## 0.10.8 - 2017-12-01
 
 - [FEATURE] Add `# frozen_string_literal: true` to all `lib/**/*.rb` files
 
-## 0.10.7 2017-11-24
+## 0.10.7 - 2017-11-24
 
 - [FEATURE] Replace Time.now with Process.clock_gettime(Process::CLOCK_MONOTONIC)
 - [FIX] Error with webrick and empty cache control
 
-## 0.10.6 2017-10-30
+## 0.10.6 - 2017-10-30
 
 - [FEATURE] Support for vertical positions (top/bottom)
 - [FEATURE] Suppress profiler results in print media @Mike Dillon
@@ -35,11 +130,11 @@
 - [FEATURE] install generator @yhirano
 - [FEATURE] store initial cache control headers in X-MiniProfiler-Original-Cache-Control @mrasu
 
-## 0.10.5 2017-05-22
+## 0.10.5 - 2017-05-22
 
 - [FIX] revert PG bind sniffing until it is properly tested
 
-## 0.10.4 2017-05-17
+## 0.10.4 - 2017-05-17
 
 - [FEATURE] log binds for pg @neznauy
 - [FIX] use async exec pg monkey patch instead of exec
@@ -48,25 +143,25 @@
 - [FIX] ensure redis get_unviewed_ids returns only ids that exist
 - [FIX] correctly respect SCRIPT in env if it is sniffed by middleware
 
-## 0.10.2 2017-02-08
+## 0.10.2 - 2017-02-08
 
 - [FIX] improve turbolinks support
 - [FEATURE] make location of mini_profiler injection customizable
 
-## 0.10.1 2016-05-18
+## 0.10.1 - 2016-05-18
 
 - [FEATURE] push forward the security checks so no work is ever done if a valid production
     cookie is not available (@sam)
 
-## 0.9.9.2 2016-03-06
+## 0.9.9.2 - 2016-03-06
 
 - [FEATURE] on pageTransition collapse previously expanded timings
 
-## 0.9.9.1 2016-03-06
+## 0.9.9.1 - 2016-03-06
 
 - [FEATURE] expost MiniProfiler.pageTransition() for use by SPA web apps (@sam)
 
-## 0.9.9 2016-03-06
+## 0.9.9 - 2016-03-06
 
 - [FIX] removes alias_method_chain in favor of alias_method until Ruby 1.9.3 (@ayfredlund)
 - [FIX] Dont block mongo when already patched for another db (@rrooding @kbrock)
@@ -122,7 +217,7 @@
 - [FIXED] Possible XSS (admin only)
 - [FIXED] Corrected Sql patching to avoid setting instance vars on nil which is frozen (thanks Andy, huoxito)
 
-## 0.9.0.pre - 2013-12-12 (Sam Saffron)
+## 0.9.0.pre - 2013-12-05 (Sam Saffron)
 - Bumped up version to reflect the stability of the project
 - [IMPROVED] Reports for pp=profile-gc
 - [IMPROVED] pp=flamegraph&flamegraph_sample_rate=1 , allow you to specify sampling rates
@@ -132,7 +227,7 @@
   config.assets.prefix path since developers can rename the path to serve Asset Pipeline
   files from
 
-## 2013-09-03
+## 0.1.31 - 2013-09-03
 - [IMPROVED] Flamegraph now has much increased fidelity
 - [REMOVED] Ripped out flamegraph so it can be isolated into a gem
 - [REMOVED] Ripped out pp=sample it just was never really used
@@ -188,13 +283,13 @@
 - [ADDED] New MemchacedStore
 - [ADDED] Rails 4 support
 
-## 2012-09-12 (Sam Saffron)
+## 0.1.20 - 2012-09-12 (Sam Saffron)
 - [ADDED] pp=profile-gc: allows you to profile the GC in Ruby 1.9.3
 
 ## 0.1.19 - 2012-09-10 (Sam Saffron)
 - [FIXED] Compatibility issue with Ruby 1.8.7
 
-## 0.1.17 - 2012-09-09 (Sam Saffron)
+## 0.1.17 - 2012-09-07 (Sam Saffron)
 - [FIXED] pp=sample was bust unless stacktrace was installed
 
 ## 0.1.16 - 2012-09-05 (Sam Saffron)
@@ -218,10 +313,10 @@
 ## 0.1.12.pre - 2012-08-20 (Sam Saffron)
 - [IMPROVED] Cap X-MiniProfiler-Ids at 10, otherwise the header can get killed
 
-## 2012-08-10 (Sam Saffron)
+## 0.1.11.pre - 2012-08-10 (Sam Saffron)
 - [ADDED] Basic prepared statement profiling for Postgres
 
-## 2012-08-07 (Sam Saffron)
+## 0.1.10 - 2012-08-07 (Sam Saffron)
 - [ADDED] Option to disable profiler for the current session (pp=disable / pp=enable)
 - [ADDED] yajl compatability contributed by Sven Riedel
 
@@ -235,7 +330,7 @@
 - [ADDED] First Paint time for Google Chrome
 - [FIXED] Ensure non Rails installs have mini profiler
 
-## 2012-07-12 (Sam Saffron)
+## 0.1.6 - 2012-07-12 (Sam Saffron)
 - [ADDED] Native PG and MySql2 interceptors, this gives way more accurate times
 - [ADDED] some more client probing built in to rails
 - [IMPROVED] Refactored context so its a proper class and not a hash
@@ -249,7 +344,7 @@
   production
 - [IMPROVED] Cleaned up railties, got rid of the post authorize callback
 
-## 2012-06-28 (Sam Saffron)
+## 0.1.1 - 2012-06-28 (Sam Saffron)
 - [ADDED] Started change log
 - [ADDED] added MemcacheStore
 - [IMPROVED] Corrected profiler so it properly captures POST requests (was supressing non 200s)

data/README.md

@@ -1,7 +1,5 @@
 # rack-mini-profiler
 
-[![Code Climate](https://codeclimate.com/github/MiniProfiler/rack-mini-profiler/badges/gpa.svg)](https://codeclimate.com/github/MiniProfiler/rack-mini-profiler) [![Build Status](https://travis-ci.org/MiniProfiler/rack-mini-profiler.svg)](https://travis-ci.org/MiniProfiler/rack-mini-profiler)
-
 Middleware that displays speed badge for every html page. Designed to work both in production and in development.
 
 #### Features
@@ -19,18 +17,17 @@ Middleware that displays speed badge for every html page. Designed to work both
 
 ## rack-mini-profiler needs your help
 
-We have decided to restructure our repository so there is a central UI repo and the various language implementation have their own.
+We have decided to restructure our repository so there is a central UI repo and the various language implementations have their own.
 
 **WE NEED HELP.**
 
-- Setting up a build that reuses https://github.com/MiniProfiler/ui
-- Migrating the internal data structures [per the spec](https://github.com/MiniProfiler/ui)
+- Help [triage issues](https://www.codetriage.com/miniprofiler/rack-mini-profiler) [![Open Source Helpers](https://www.codetriage.com/miniprofiler/rack-mini-profiler/badges/users.svg)](https://www.codetriage.com/miniprofiler/rack-mini-profiler)
 
 If you feel like taking on any of this start an issue and update us on your progress.
 
 ## Installation
 
-Install/add to Gemfile in Ruby 2.3+
+Install/add to Gemfile in Ruby 2.4+
 
 ```ruby
 gem 'rack-mini-profiler'
@@ -44,7 +41,6 @@ You can also include optional libraries to enable additional features.
 gem 'memory_profiler'
 
 # For call-stack profiling flamegraphs
-gem 'flamegraph'
 gem 'stackprof'
 ```
 
@@ -52,9 +48,49 @@ gem 'stackprof'
 
 All you have to do is to include the Gem and you're good to go in development. See notes below for use in production.
 
+#### Upgrading to version 2.0.0
+
+Prior to version 2.0.0, Mini Profiler patched various Rails methods to get the information it needed such as template rendering time. Starting from version 2.0.0, Mini Profiler doesn't patch any Rails methods by default and relies on `ActiveSupport::Notifications` to get the information it needs from Rails. If you want Mini Profiler to keep using its patches in version 2.0.0 and later, change the gem line in your `Gemfile` to the following:
+
+If you want to manually require Mini Profiler:
+```ruby
+gem 'rack-mini-profiler', require: ['enable_rails_patches']
+```
+
+If you don't want to manually require Mini Profiler:
+```ruby
+gem 'rack-mini-profiler', require: ['enable_rails_patches', 'rack-mini-profiler']
+```
+
+#### `Net::HTTP` stack level too deep errors
+
+If you start seeing `SystemStackError: stack level too deep` errors from `Net::HTTP` after installing Mini Profiler, this means there is another patch for `Net::HTTP#request` that conflicts with Mini Profiler's patch in your application. To fix this, change `rack-mini-profiler` gem line in your `Gemfile` to the following:
+
+```ruby
+gem 'rack-mini-profiler', require: ['prepend_net_http_patch', 'rack-mini-profiler']
+```
+
+If you currently have `require: false`, remove the `'rack-mini-profiler'` string from the `require` array above so the gem line becomes like this:
+
+```ruby
+gem 'rack-mini-profiler', require: ['prepend_net_http_patch']
+```
+
+This conflict happens when a ruby method is patched twice, once using module prepend, and once using method aliasing. See this [ruby issue](https://bugs.ruby-lang.org/issues/11120) for details. The fix is to apply all patches the same way. Mini Profiler by default will apply its patch using method aliasing, but you can change that to module prepend by adding `require: ['prepend_net_http_patch']` to the gem line as shown above.
+
+#### `peek-mysql2` stack level too deep errors
+
+If you use peek-mysql2 with Rails >= 5, you'll need to use this gem spec in your Gemfile:
+
+```ruby
+gem 'rack-mini-profiler', require: ['prepend_mysql2_patch', 'rack-mini-profiler']
+```
+
+This should not be necessary with Rails < 5 because peek-mysql2 hooks into mysql2 gem in different ways depending on your Rails version.
+
 #### Rails and manual initialization
 
-In case you need to make sure rack_mini_profiler initialized is after all other gems, or you want to execute some code before rack_mini_profiler required:
+In case you need to make sure rack_mini_profiler is initialized after all other gems, or you want to execute some code before rack_mini_profiler required:
 
 ```ruby
 gem 'rack-mini-profiler', require: false
@@ -132,9 +168,13 @@ export RACK_MINI_PROFILER_PATCH="false"
 
 To generate [flamegraphs](http://samsaffron.com/archive/2013/03/19/flame-graphs-in-ruby-miniprofiler):
 
-* add the [**flamegraph**](https://github.com/SamSaffron/flamegraph) gem to your Gemfile
+* add the [**stackprof**](https://rubygems.org/gems/stackprof) gem to your Gemfile
 * visit a page in your app with `?pp=flamegraph`
 
+To store flamegraph data for later viewing, append the `?pp=async-flamegraph` parameter. The request will return as normal.
+Flamegraph data for this request, and all subsequent requests made by this page (based on the `REFERER` header) will be stored.
+'flamegraph' links will appear for these requests in the MiniProfiler UI.
+
 ### Memory Profiling
 
 Memory allocations can be measured (using the [memory_profiler](https://github.com/SamSaffron/memory_profiler) gem)
@@ -157,6 +197,30 @@ There are two additional `pp` options that can be used to analyze memory which d
 * Use `?pp=profile-gc` to report on Garbage Collection statistics
 * Use `?pp=analyze-memory` to report on ObjectSpace statistics
 
+### Snapshots Sampling
+
+In a complex web application, it's possible for a request to trigger rare conditions that result in poor performance. Mini Profiler ships with a feature to help detect those rare conditions and fix them. It works by enabling invisible profiling on one request every N requests, and saving the performance metrics that are collected during the request (a.k.a snapshot of the request) so that they can be viewed later. To turn this feature on, set the `snapshot_every_n_requests` config to a value larger than 0. The larger the value is, the less frequently requests are profiled.
+
+Mini Profiler will exclude requests that are made to skipped paths (see `skip_paths` config below) from being sampled. Additionally, if profiling is enabled for a request that later finishes with a non-2xx status code, Mini Profiler will discard the snapshot and not save it (this behavior may change in the future).
+
+After enabling snapshots sampling, you can see the snapshots that have been collected at `/mini-profiler-resources/snapshots` (or if you changed the `base_url_path` config, substitute `mini-profiler-resources` with your value of the config). You'll see on that page a table where each row represents a group of snapshots with the duration of the worst snapshot in that group. The worst snapshot in a group is defined as the snapshot whose request took longer than all of the snapshots in the same group. Snapshots grouped by HTTP method and path of the request, and if your application is a Rails app, Mini Profiler will try to convert the path to `controller#action` and group by that instead of request path. Clicking on a group will display the snapshots of that group sorted from worst to best. From there, you can click on a snapshot's ID to see the snapshot with all the performance metrics that were collected.
+
+Access to the snapshots page is restricted to only those who can see the speed badge on their own requests, see the section below this one about access control.
+
+Mini Profiler will keep a maximum of 1000 snapshots by default, and you can change that via the `snapshots_limit` config. When snapshots reach the configured limit, Mini Profiler will save a new snapshot only if it's worse than at least one of the existing snapshots and delete the best one (i.e. the snapshot whose request took the least time compared to other snapshots).
+
+#### Snapshots Transporter
+
+Mini Profiler can be configured so that it sends snapshots over HTTP using the snapshots transporter. The main use-case of the transporter is to allow the aggregation of snapshots from multiple applications/sources in a single place. To enable the snapshots transporter, you need to provide a destination URL to the `snapshots_transport_destination_url` config, and a secure key to the `snapshots_transport_auth_key` config (will be used for authorization). Both of these configs are required for the transporter to be enabled.
+
+The transporter uses a buffer to temporarily hold snapshots in memory with a limit of 100 snapshots. Every 30 seconds, *if* the buffer is not empty, the transporter will make a `POST` request with the buffer content to the destination URL. Requests made by the transporter will have a `Mini-Profiler-Transport-Auth` header with the value of the `snapshots_transport_auth_key` config. The destination should only accept requests that include this header AND the header's value matches the key you set to the `snapshots_transport_auth_key` config.
+
+If the specified destination responds with a non-200 status code, the transporter will increase the interval between requests by `2^n` seconds where `n` is the number of failed requests since the last successful request. The base interval between requests is 30 seconds. So if a request fails, the next request will be `30 + 2^1 = 32` seconds later. If the next request fails too, the next one will be `30 + 2^2 = 34` seconds later and so on until a request succeeds at which point the interval will return to 30 seconds. The interval will not go beyond 1 hour.
+
+Requests made by the transporter can be optionally gzip-compressed by setting the `snapshots_transport_gzip_requests` config to true. The body of the requests (after decompression, if you opt for compression) is a JSON string with a single top-level key called `snapshots` and it has an array of snapshots. The structure of a snapshot is too complex to be explained here, but it has the same structure that Mini Profiler client expects. So if your use-case is to simply be able to view snapshots from multiple sources in one place, you should simply store the snapshots as-is, and then serve them to Mini Profiler client to consume. If the destination application also has Mini Profiler, you can simply use the API of the storage backends to store the incoming snapshots and Mini Profiler will treat them the same as local snapshots (e.g. they'll be grouped and displayed in the same manner described in the previous section).
+
+Mini Profiler offers an API to add extra fields (a.k.a custom fields) to snapshots. For example, you may want to add whether the request was made by a logged-in or anonymous user, the version of your application or any other things that are specific to your application. To add custom fields to a snapshot, call the `Rack::MiniProfiler.add_snapshot_custom_field(<key>, <value>)` method anywhere during the lifetime of a request, and the snapshot of that request will include the fields you added. If you have a Rails app, you can call that method in an `after_action` callback. Custom fields are cleared between requests.
+
 ## Access control in non-development environments
 
 rack-mini-profiler is designed with production profiling in mind. To enable that run `Rack::MiniProfiler.authorize_request` once you know a request is allowed to profile.
@@ -175,18 +239,25 @@ rack-mini-profiler is designed with production profiling in mind. To enable that
 
 Note:
 
-Out-of-the-box we will initialize the `authorization_mode` to `:whitelist` in production. However, in some cases we may not be able to do it:
+Out-of-the-box we will initialize the `authorization_mode` to `:allow_authorized` in production. However, in some cases we may not be able to do it:
 
-- If you are running in development or test we will not enable whitelist mode
+- If you are running in development or test we will not enable the explicit authorization mode
 - If you use `require: false` on rack_mini_profiler we are unlikely to be able to run the railtie
 - If you are running outside of rails we will not run the railtie
 
 In those cases use:
 
 ```ruby
-Rack::MiniProfiler.config.authorization_mode = :whitelist
+Rack::MiniProfiler.config.authorization_mode = :allow_authorized
 ```
 
+When deciding to fully profile a page mini profiler consults with the `authorization_mode`
+
+By default in production we attempt to set the authorization mode to `:allow_authorized` meaning that end user will only be able to see requests where somewhere `Rack::MiniProfiler.authorize_request` is invoked.
+
+In development we run in the `:allow_all` authorization mode meaning every request is profiled and displayed to the end user.
+
+
 ## Configuration
 
 Various aspects of rack-mini-profiler's behavior can be configured when your app boots.
@@ -221,8 +292,7 @@ Rack::MiniProfiler.config.storage = Rack::MiniProfiler::MemoryStore
 
 # set RedisStore
 if Rails.env.production?
-  uri = URI.parse(ENV["REDIS_SERVER_URL"])
-  Rack::MiniProfiler.config.storage_options = { :host => uri.host, :port => uri.port, :password => uri.password }
+  Rack::MiniProfiler.config.storage_options = { url: ENV["REDIS_SERVER_URL"] }
   Rack::MiniProfiler.config.storage = Rack::MiniProfiler::RedisStore
 end
 ```
@@ -291,6 +361,18 @@ You need to inject the following in your SPA to load MiniProfiler's speed badge
 
 _Note:_ The GUID (`data-version` and the `?v=` parameter on the `src`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
 
+#### Using MiniProfiler's built in route for apps without HTML responses
+MiniProfiler also ships with a `/rack-mini-profiler/requests` route that displays the speed badge on a blank HTML page. This can be useful when profiling an application that does not render HTML.
+
+#### Register MiniProfiler's assets in the Rails assets pipeline
+MiniProfiler can be configured so it registers its assets in the assets pipeline. To do that, you'll need to provide a lambda (or proc) to the `assets_url` config (see the below section). The callback will receive 3 arguments which are: `name` represents asset name (currently it's either `rack-mini-profiling.js` or `rack-mini-profiling.css`), `assets_version` is a 32 characters long hash of MiniProfiler's assets, and `env` which is the `env` object of the request. MiniProfiler expects the `assets_url` callback to return a URL from which the asset can be loaded (the return value will be used as a `href`/`src` attribute in the DOM). If the `assets_url` callback is not set (the default) or it returns a non-truthy value, MiniProfiler will fallback to loading assets from its own middleware (`/mini-profiler-resources/*`). The following callback should work for most applications:
+
+```ruby
+Rack::MiniProfiler.config.assets_url = ->(name, version, env) {
+  ActionController::Base.helpers.asset_path(name)
+}
+```
+
 ### Configuration Options
 
 You can set configuration options using the configuration accessor on `Rack::MiniProfiler`.
@@ -306,49 +388,38 @@ Option|Default|Description
 -------|---|--------
 pre_authorize_cb|Rails: dev only<br>Rack: always on|A lambda callback that returns true to make mini_profiler visible on a given request.
 position|`'top-left'`|Display mini_profiler on `'top-right'`, `'top-left'`, `'bottom-right'` or `'bottom-left'`.
-skip_paths|`[]`|Paths that skip profiling.
-skip_schema_queries|Rails dev: `'true'`<br>Othwerwise: `'false'`|`'true'` to log schema queries.
+skip_paths|`[]`|An array of paths that skip profiling. Both `String` and `Regexp` are acceptable in the array.
+skip_schema_queries|Rails dev: `true`<br>Othwerwise: `false`|`true` to skip schema queries.
 auto_inject|`true`|`true` to inject the miniprofiler script in the page.
 backtrace_ignores|`[]`|Regexes of lines to be removed from backtraces.
-backtrace_includes|Rails: `[/^\/?(app|config|lib|test)/]`<br>Rack: `[]`|Regexes of lines to keep in backtraces.
+backtrace_includes|Rails: `[/^\/?(app\|config\|lib\|test)/]`<br>Rack: `[]`|Regexes of lines to keep in backtraces.
 backtrace_remove|rails: `Rails.root`<br>Rack: `nil`|A string or regex to remove part of each line in the backtrace.
 toggle_shortcut|Alt+P|Keyboard shortcut to toggle the mini_profiler's visibility. See [jquery.hotkeys](https://github.com/jeresig/jquery.hotkeys).
 start_hidden|`false`|`false` to make mini_profiler visible on page load.
 backtrace_threshold_ms|`0`|Minimum SQL query elapsed time before a backtrace is recorded.
 flamegraph_sample_rate|`0.5`|How often to capture stack traces for flamegraphs in milliseconds.
-disable_env_dump|`false`|`true` disables `?pp=env`, which prevents sending ENV vars over HTTP.
 base_url_path|`'/mini-profiler-resources/'`|Path for assets; added as a prefix when naming assets and sought when responding to requests.
 collapse_results|`true`|If multiple timing results exist in a single page, collapse them till clicked.
 max_traces_to_show|20|Maximum number of mini profiler timing blocks to show on one page
 html_container|`body`|The HTML container (as a jQuery selector) to inject the mini_profiler UI into
 show_total_sql_count|`false`|Displays the total number of SQL executions.
-
-### Custom middleware ordering (required if using `Rack::Deflate` with Rails)
-
-If you are using `Rack::Deflate` with rails and rack-mini-profiler in its default configuration,
-`Rack::MiniProfiler` will be injected (as always) at position 0 in the middleware stack. This
-will result in it attempting to inject html into the already-compressed response body. To fix this,
-the middleware ordering must be overriden.
-
-To do this, first add `, require: false` to the gemfile entry for rack-mini-profiler.
-This will prevent the railtie from running. Then, customize the initialization
-in the initializer like so:
-
-```ruby
-require 'rack-mini-profiler'
-
-Rack::MiniProfilerRails.initialize!(Rails.application)
-
-Rails.application.middleware.delete(Rack::MiniProfiler)
-Rails.application.middleware.insert_after(Rack::Deflater, Rack::MiniProfiler)
-```
-
-Deleting the middleware and then reinserting it is a bit inelegant, but
-a sufficient and costless solution. It is possible that rack-mini-profiler might
-support this scenario more directly if it is found that
-there is significant need for this confriguration or that
-the above recipe causes problems.
-
+enable_advanced_debugging_tools|`false`|Enables sensitive debugging tools that can be used via the UI. In production we recommend keeping this disabled as memory and environment debugging tools can expose contents of memory that may contain passwords.
+assets_url|`nil`|See the "Register MiniProfiler's assets in the Rails assets pipeline" section above.
+snapshot_every_n_requests|`-1`|Determines how frequently snapshots are taken. See the "Snapshots Sampling" above for more details.
+snapshots_limit|`1000`|Determines how many snapshots Mini Profiler is allowed to keep.
+snapshot_hidden_custom_fields|`[]`|Each snapshot custom field will have a dedicated column in the UI by default. Use this config to exclude certain custom fields from having their own columns.
+snapshots_transport_destination_url|`nil`|Set this config to a valid URL to enable snapshots transporter which will `POST` snapshots to the given URL. The transporter requires `snapshots_transport_auth_key` config to be set as well.
+snapshots_transport_auth_key|`nil`|`POST` requests made by the snapshots transporter to the destination URL will have a `Mini-Profiler-Transport-Auth` header with the value of this config. Make sure you use a secure and random key for this config.
+snapshots_redact_sql_queries|`true`|When this is true, SQL queries will be redacted from sampling snapshots, but the backtrace and duration of each SQL query will be saved with the snapshot to keep debugging performance issues possible.
+snapshots_transport_gzip_requests|`false`|Make the snapshots transporter gzip the requests it makes to `snapshots_transport_destination_url`.
+
+### Using MiniProfiler with `Rack::Deflate` middleware
+
+If you are using `Rack::Deflate` with Rails and `rack-mini-profiler` in its default configuration,
+`Rack::MiniProfiler` will be injected (as always) at position 0 in the middleware stack,
+which means it will run after `Rack::Deflate` on response processing. To prevent attempting to inject
+HTML in already compressed response body MiniProfiler will suppress compression by setting 
+`identity` encoding in `Accept-Encoding` request header.
 
 ## Special query strings
 
@@ -385,6 +456,16 @@ if JSON.const_defined?(:Pure)
 end
 ```
 
+## Development
+
+If you want to contribute to this project, that's great, thank you! You can run the following rake task:
+
+```
+$ bundle exec rake client_dev
+```
+
+which will start a local Sinatra server at `http://localhost:9292` where you'll be able to preview your changes. Refreshing the page should be enough to see any changes you make to files in the `lib/html` directory.
+
 ## Running the Specs
 
 ```