rack-mini-profiler 2.3.3 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ff9200889e574b3f90f901b90b88fe05f0c48993c945fc5dac37c2f1d86e693
-  data.tar.gz: bdca4fb3ada1b7c56525753b9eaa6430389f309a76152e3f8a7e0c9297463bea
+  metadata.gz: 7544df4d22f5f615b146fb0d63f18098ffd702ac9dec966d8040187f2e8302b9
+  data.tar.gz: 7c39c41a96205c8c7fbd69765ab5f1e0a3a3a37950055fc58d0f27f4a0591e0f
 SHA512:
-  metadata.gz: 43b8c69b37ba90c80c31d8d410b05dda421322d5c6d1f45654807b526f7d990bec54eaa711aa34bbf43141831453a75543b3a27189103ea3f3bcbac7f3f4101a
-  data.tar.gz: bed607b319c32d85838767f7de608031411d7513fcbd8866d2d67feb44253b997e389671a903b192be07e04d1c018069ab835536de47ada14ad3af8bf89739d9
+  metadata.gz: 6e3f5f9a51fc5395dda4a7e793903f998513499d850aeb291fe036171a78617d11c3d8cd6fef57d1144359aa4992055ad54ba878075896c3d0280c426a84e3be
+  data.tar.gz: c4e353c8442db93f29d11d04e2724e6c3f8dacaaf082210acbbb7d47655ffc3a6b5297079750e305fe9f1cd3e7efb1d806aef0ec68bbc1a8e40a0f958de0ec52

data/CHANGELOG.md

@@ -1,5 +1,25 @@
 # CHANGELOG
 
+## 3.1.0 - 2023-04-11
+
+- [FEATURE] The query parameter that RMP uses (by default, pp) is now configurable [#553](https://github.com/MiniProfiler/rack-mini-profiler/pull/553)
+- [FEATURE] You can now opt-out of the Net::HTTP patch by using RACK_MINI_PROFILER_PATCH_NET_HTTP="false"
+- [FIX] Error responses now include header values from the app, and stackprof not installed message now has correct content [#547](https://github.com/MiniProfiler/rack-mini-profiler/pull/547)
+- [FIX] RMP pages now have more valid HTML, with title elements [#562](https://github.com/MiniProfiler/rack-mini-profiler/pull/562)
+- [BREAKING CHANGE] Ruby 2.4 and Ruby 2.5 are no longer supported.
+- [FIX] Now works with apps that don't otherwise require erb [#531](https://github.com/MiniProfiler/rack-mini-profiler/pull/531)
+- [DOCS] Added Heroku Redis instructions
+- [DEPRECATION] We are changing the name of the generators to `rack_mini_profiler`, e.g. `rack_mini_profiler:install` [#550](https://github.com/MiniProfiler/rack-mini-profiler/pull/550)
+
+## 3.0.0 - 2022-02-24
+
+- PERF: Improve snapshots page performance (#518) (introduces breaking changes to the API of `AbstractStore`, `MemoryStore` and `RedisStore`, and removes the `snapshots_limit` config option.)
+
+## 2.3.4 - 2022-02-23
+
+- [FEATURE] Add cookie path support for subfolder sites
+- [FIX] Remove deprecated uses of Redis#pipelined
+
 ## 2.3.3 - 2021-08-30
 
 - [FEATURE] Introduce `pp=flamegraph_mode`

data/README.md

@@ -1,6 +1,8 @@
 # rack-mini-profiler
 
-Middleware that displays speed badge for every html page. Designed to work both in production and in development.
+Middleware that displays speed badge for every HTML page, along with (optional) flamegraphs and memory profiling. Designed to work both in production and in development.
+
+![Screenshot 2023-04-05 at 3 13 52 PM](https://user-images.githubusercontent.com/845662/229996538-0f2d9c48-23d9-4d53-a1de-8b4c84c87fbd.png)
 
 #### Features
 
@@ -27,7 +29,7 @@ If you feel like taking on any of this start an issue and update us on your prog
 
 ## Installation
 
-Install/add to Gemfile in Ruby 2.4+
+Install/add to Gemfile in Ruby 2.6+
 
 ```ruby
 gem 'rack-mini-profiler'
@@ -101,7 +103,7 @@ be loaded outright, and an attempt to re-initialize it manually will raise an ex
 Then run the generator which will set up rack-mini-profiler in development:
 
 ```bash
-bundle exec rails g rack_profiler:install
+bundle exec rails g rack_mini_profiler:install
 ```
 
 #### Rack Builder
@@ -164,16 +166,21 @@ export RACK_MINI_PROFILER_PATCH="false"
 # initializers/rack_profiler.rb: SqlPatches.patch %w(mongo)
 ```
 
+#### Patching Net::HTTP
+
+Other than databases, `rack-mini-profiler` applies a patch to `Net::HTTP`. You may want to disable this patch:
+
+```bash
+export RACK_MINI_PROFILER_PATCH_NET_HTTP="false"
+```
+
 ### Flamegraphs
 
-To generate [flamegraphs](http://samsaffron.com/archive/2013/03/19/flame-graphs-in-ruby-miniprofiler):
+To generate [flamegraphs](http://samsaffron.com/archive/2013/03/19/flame-graphs-in-ruby-miniprofiler), add the [**stackprof**](https://rubygems.org/gems/stackprof) gem to your Gemfile.
 
-* add the [**stackprof**](https://rubygems.org/gems/stackprof) gem to your Gemfile
-* visit a page in your app with `?pp=flamegraph`
+Then, to view the flamegraph as a direct HTML response from your request, just visit any page in your app with `?pp=flamegraph` appended to the URL.
 
-To store flamegraph data for later viewing, append the `?pp=async-flamegraph` parameter. The request will return as normal.
-Flamegraph data for this request, and all subsequent requests made by this page (based on the `REFERER` header) will be stored.
-'flamegraph' links will appear for these requests in the MiniProfiler UI.
+Conversely, if you want your regular response instead (which is specially useful for JSON and/or XHR requests), just append the `?pp=async-flamegraph` parameter to your request/fetch URL; the request will then return as normal, and the flamegraph data will be stored for later *async* viewing, both for this request and for all subsequent requests made by this page (based on the `REFERER` header). For viewing these async flamegraphs, use the 'flamegraph' link that will appear inside the MiniProfiler UI for these requests.
 
 Note: Mini Profiler will not record SQL timings for a request if it asks for a flamegraph. The rationale behind this is to keep
 Mini Profiler's methods that are responsible for generating the timings data out of the flamegraph.
@@ -210,7 +217,7 @@ After enabling snapshots sampling, you can see the snapshots that have been coll
 
 Access to the snapshots page is restricted to only those who can see the speed badge on their own requests, see the section below this one about access control.
 
-Mini Profiler will keep a maximum of 1000 snapshots by default, and you can change that via the `snapshots_limit` config. When snapshots reach the configured limit, Mini Profiler will save a new snapshot only if it's worse than at least one of the existing snapshots and delete the best one (i.e. the snapshot whose request took the least time compared to other snapshots).
+Mini Profiler will keep a maximum of 50 snapshot groups and a maximum of 15 snapshots per group making the default maximum number of snapshots in the system 750. The default group and per group limits can be changed via the `max_snapshot_groups` and `max_snapshots_per_group` configuration options, see the configurations table below.
 
 #### Snapshots Transporter
 
@@ -350,19 +357,41 @@ Single page applications built using Ember, Angular or other frameworks need som
 On route transition always call:
 
 ```
-window.MiniProfiler.pageTransition();
+if (window.MiniProfiler !== undefined) {
+  window.MiniProfiler.pageTransition();
+}
 ```
 
 This method will remove profiling information that was related to previous page and clear aggregate statistics.
 
 #### MiniProfiler's speed badge on pages that are not generated via Rails
-You need to inject the following in your SPA to load MiniProfiler's speed badge ([extra details surrounding this script](https://github.com/MiniProfiler/rack-mini-profiler/issues/139#issuecomment-192880706)):
+You need to inject the following in your SPA to load MiniProfiler's speed badge ([extra details surrounding this script](https://github.com/MiniProfiler/rack-mini-profiler/issues/139#issuecomment-192880706) and [credit for the script tag](https://github.com/MiniProfiler/rack-mini-profiler/issues/479#issue-782488320) to [@ivanyv](https://github.com/ivanyv)):
 
 ```html
- <script async type="text/javascript" id="mini-profiler" src="/mini-profiler-resources/includes.js?v=12b4b45a3c42e6e15503d7a03810ff33" data-version="12b4b45a3c42e6e15503d7a03810ff33" data-path="/mini-profiler-resources/" data-current-id="redo66j4g1077kto8uh3" data-ids="redo66j4g1077kto8uh3" data-horizontal-position="left" data-vertical-position="top" data-trivial="false" data-children="false" data-max-traces="10" data-controls="false" data-authorized="true" data-toggle-shortcut="Alt+P" data-start-hidden="false" data-collapse-results="true"></script>
-```
-
-_Note:_ The GUID (`data-version` and the `?v=` parameter on the `src`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
+ <script type="text/javascript" id="mini-profiler"
+        src="/mini-profiler-resources/includes.js?v=12b4b45a3c42e6e15503d7a03810ff33"
+        data-css-url="/mini-profiler-resources/includes.css?v=12b4b45a3c42e6e15503d7a03810ff33"
+        data-version="12b4b45a3c42e6e15503d7a03810ff33"
+        data-path="/mini-profiler-resources/"
+        data-horizontal-position="left"
+        data-vertical-position="top"
+        data-ids=""
+        data-trivial="false"
+        data-children="false"
+        data-max-traces="20"
+        data-controls="false"
+        data-total-sql-count="false"
+        data-authorized="true"
+        data-toggle-shortcut="alt+p"
+        data-start-hidden="false"
+        data-collapse-results="true"
+        data-html-container="body"
+        data-hidden-custom-fields></script>
+```
+
+See an [example of how to do this in a React useEffect](https://gist.github.com/katelovescode/01cfc2b962c165193b160fd10af6c4d5).
+
+_Note:_ The GUID (`data-version` and the `?v=` parameter on the `src` and `data-css-url`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
 
 #### Using MiniProfiler's built in route for apps without HTML responses
 MiniProfiler also ships with a `/rack-mini-profiler/requests` route that displays the speed badge on a blank HTML page. This can be useful when profiling an application that does not render HTML.
@@ -387,37 +416,40 @@ Rack::MiniProfiler.config.start_hidden = true
 ```
 The available configuration options are:
 
-Option|Default|Description
--------|---|--------
-pre_authorize_cb|Rails: dev only<br>Rack: always on|A lambda callback that returns true to make mini_profiler visible on a given request.
-position|`'top-left'`|Display mini_profiler on `'top-right'`, `'top-left'`, `'bottom-right'` or `'bottom-left'`.
-skip_paths|`[]`|An array of paths that skip profiling. Both `String` and `Regexp` are acceptable in the array.
-skip_schema_queries|Rails dev: `true`<br>Othwerwise: `false`|`true` to skip schema queries.
-auto_inject|`true`|`true` to inject the miniprofiler script in the page.
-backtrace_ignores|`[]`|Regexes of lines to be removed from backtraces.
-backtrace_includes|Rails: `[/^\/?(app\|config\|lib\|test)/]`<br>Rack: `[]`|Regexes of lines to keep in backtraces.
-backtrace_remove|rails: `Rails.root`<br>Rack: `nil`|A string or regex to remove part of each line in the backtrace.
-toggle_shortcut|Alt+P|Keyboard shortcut to toggle the mini_profiler's visibility. See [jquery.hotkeys](https://github.com/jeresig/jquery.hotkeys).
-start_hidden|`false`|`false` to make mini_profiler visible on page load.
-backtrace_threshold_ms|`0`|Minimum SQL query elapsed time before a backtrace is recorded.
-flamegraph_sample_rate|`0.5`|How often to capture stack traces for flamegraphs in milliseconds.
-flamegraph_mode|`:wall`|The [StackProf mode](https://github.com/tmm1/stackprof#all-options) to pass to `StackProf.run`.
-base_url_path|`'/mini-profiler-resources/'`|Path for assets; added as a prefix when naming assets and sought when responding to requests.
-collapse_results|`true`|If multiple timing results exist in a single page, collapse them till clicked.
-max_traces_to_show|20|Maximum number of mini profiler timing blocks to show on one page
-html_container|`body`|The HTML container (as a jQuery selector) to inject the mini_profiler UI into
-show_total_sql_count|`false`|Displays the total number of SQL executions.
-enable_advanced_debugging_tools|`false`|Enables sensitive debugging tools that can be used via the UI. In production we recommend keeping this disabled as memory and environment debugging tools can expose contents of memory that may contain passwords.
-assets_url|`nil`|See the "Register MiniProfiler's assets in the Rails assets pipeline" section above.
-snapshot_every_n_requests|`-1`|Determines how frequently snapshots are taken. See the "Snapshots Sampling" above for more details.
-snapshots_limit|`1000`|Determines how many snapshots Mini Profiler is allowed to keep.
-snapshot_hidden_custom_fields|`[]`|Each snapshot custom field will have a dedicated column in the UI by default. Use this config to exclude certain custom fields from having their own columns.
-snapshots_transport_destination_url|`nil`|Set this config to a valid URL to enable snapshots transporter which will `POST` snapshots to the given URL. The transporter requires `snapshots_transport_auth_key` config to be set as well.
-snapshots_transport_auth_key|`nil`|`POST` requests made by the snapshots transporter to the destination URL will have a `Mini-Profiler-Transport-Auth` header with the value of this config. Make sure you use a secure and random key for this config.
-snapshots_redact_sql_queries|`true`|When this is true, SQL queries will be redacted from sampling snapshots, but the backtrace and duration of each SQL query will be saved with the snapshot to keep debugging performance issues possible.
-snapshots_transport_gzip_requests|`false`|Make the snapshots transporter gzip the requests it makes to `snapshots_transport_destination_url`.
-content_security_policy_nonce|Rails: Current nonce<br>Rack: nil|Set the content security policy nonce to use when inserting MiniProfiler's script block.
-enable_hotwire_turbo_drive_support| `false` | Enable support for Hotwire TurboDrive page transitions.
+Option                              | Default                                                 | Description
+------------------------------------|---------------------------------------------------------|------------------------
+pre_authorize_cb                    | Rails: dev only<br>Rack: always on                      | A lambda callback that returns true to make mini_profiler visible on a given request.
+position                            | `'top-left'`                                            | Display mini_profiler on `'top-right'`, `'top-left'`, `'bottom-right'` or `'bottom-left'`.
+skip_paths                          | `[]`                                                    | An array of paths that skip profiling. Both `String` and `Regexp` are acceptable in the array.
+skip_schema_queries                 | Rails dev: `true`<br>Othwerwise: `false`                | `true` to skip schema queries.
+auto_inject                         | `true`                                                  | `true` to inject the miniprofiler script in the page.
+backtrace_ignores                   | `[]`                                                    | Regexes of lines to be removed from backtraces.
+backtrace_includes                  | Rails: `[/^\/?(app\|config\|lib\|test)/]`<br>Rack: `[]` | Regexes of lines to keep in backtraces.
+backtrace_remove                    | rails: `Rails.root`<br>Rack: `nil`                      | A string or regex to remove part of each line in the backtrace.
+toggle_shortcut                     | Alt+P                                                   | Keyboard shortcut to toggle the mini_profiler's visibility. See [jquery.hotkeys](https://github.com/jeresig/jquery.hotkeys).
+start_hidden                        | `false`                                                 | `false` to make mini_profiler visible on page load.
+backtrace_threshold_ms              | `0`                                                     | Minimum SQL query elapsed time before a backtrace is recorded.
+flamegraph_sample_rate              | `0.5`                                                   | How often to capture stack traces for flamegraphs in milliseconds.
+flamegraph_mode                     | `:wall`                                                 | The [StackProf mode](https://github.com/tmm1/stackprof#all-options) to pass to `StackProf.run`.
+base_url_path                       | `'/mini-profiler-resources/'`                           | Path for assets; added as a prefix when naming assets and sought when responding to requests.
+cookie_path                         | `'/'`                                                   | Set-Cookie header path for profile cookie
+collapse_results                    | `true`                                                  | If multiple timing results exist in a single page, collapse them till clicked.
+max_traces_to_show                  | 20                                                      | Maximum number of mini profiler timing blocks to show on one page
+html_container                      | `body`                                                  | The HTML container (as a jQuery selector) to inject the mini_profiler UI into
+show_total_sql_count                | `false`                                                 | Displays the total number of SQL executions.
+enable_advanced_debugging_tools     | `false`                                                 | Enables sensitive debugging tools that can be used via the UI. In production we recommend keeping this disabled as memory and environment debugging tools can expose contents of memory that may contain passwords. Defaults to `true` in development.
+assets_url                          | `nil`                                                   | See the "Register MiniProfiler's assets in the Rails assets pipeline" section above.
+snapshot_every_n_requests           | `-1`                                                    | Determines how frequently snapshots are taken. See the "Snapshots Sampling" above for more details.
+max_snapshot_groups                 | `50`                                                    | Determines how many snapshot groups Mini Profiler is allowed to keep.
+max_snapshots_per_group             | `15`                                                    | Determines how many snapshots per group Mini Profiler is allowed to keep.
+snapshot_hidden_custom_fields       | `[]`                                                    | Each snapshot custom field will have a dedicated column in the UI by default. Use this config to exclude certain custom fields from having their own columns.
+snapshots_transport_destination_url | `nil`                                                   | Set this config to a valid URL to enable snapshots transporter which will `POST` snapshots to the given URL. The transporter requires `snapshots_transport_auth_key` config to be set as well.
+snapshots_transport_auth_key        | `nil`                                                   | `POST` requests made by the snapshots transporter to the destination URL will have a `Mini-Profiler-Transport-Auth` header with the value of this config. Make sure you use a secure and random key for this config.
+snapshots_redact_sql_queries        | `true`                                                  | When this is true, SQL queries will be redacted from sampling snapshots, but the backtrace and duration of each SQL query will be saved with the snapshot to keep debugging performance issues possible.
+snapshots_transport_gzip_requests   | `false`                                                 | Make the snapshots transporter gzip the requests it makes to `snapshots_transport_destination_url`.
+content_security_policy_nonce       | Rails: Current nonce<br>Rack: nil                       | Set the content security policy nonce to use when inserting MiniProfiler's script block.
+enable_hotwire_turbo_drive_support  | `false`                                                 | Enable support for Hotwire TurboDrive page transitions.
+profile_parameter                   | `'pp'`                                                  | The query parameter used to interact with this gem.
 
 ### Using MiniProfiler with `Rack::Deflate` middleware
 
@@ -427,41 +459,26 @@ which means it will run after `Rack::Deflate` on response processing. To prevent
 HTML in already compressed response body MiniProfiler will suppress compression by setting
 `identity` encoding in `Accept-Encoding` request header.
 
-## Special query strings
-
-If you include the query string `pp=help` at the end of your request you will see the various options available. You can use these options to extend or contract the amount of diagnostics rack-mini-profiler gathers.
-
+### Using MiniProfiler with Heroku Redis
 
-## Rails 2.X support
-
-To get MiniProfiler working with Rails 2.3.X you need to do the initialization manually as well as monkey patch away an incompatibility between activesupport and json_pure.
-
-Add the following code to your environment.rb (or just in a specific environment such as development.rb) for initialization and configuration of MiniProfiler.
+If you are using Heroku Redis, you may need to add the following to your `config/initializers/mini_profiler.rb`, in order to get Mini Profiler to work:
 
 ```ruby
-# configure and initialize MiniProfiler
-require 'rack-mini-profiler'
-c = ::Rack::MiniProfiler.config
-c.pre_authorize_cb = lambda { |env|
-  Rails.env.development? || Rails.env.production?
-}
-tmp = Rails.root.to_s + "/tmp/miniprofiler"
-FileUtils.mkdir_p(tmp) unless File.exist?(tmp)
-c.storage_options = {:path => tmp}
-c.storage = ::Rack::MiniProfiler::FileStore
-config.middleware.use(::Rack::MiniProfiler)
-::Rack::MiniProfiler.profile_method(ActionController::Base, :process) {|action| "Executing action: #{action}"}
-::Rack::MiniProfiler.profile_method(ActionView::Template, :render) {|x,y| "Rendering: #{path_without_format_and_extension}"}
-
-# monkey patch away an activesupport and json_pure incompatability
-# http://pivotallabs.com/users/alex/blog/articles/1332-monkey-patch-of-the-day-activesupport-vs-json-pure-vs-ruby-1-8
-if JSON.const_defined?(:Pure)
-  class JSON::Pure::Generator::State
-    include ActiveSupport::CoreExtensions::Hash::Except
-  end
+if Rails.env.production?
+  Rack::MiniProfiler.config.storage_options = { 
+    url: ENV["REDIS_URL"],
+    ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }
+  }
+  Rack::MiniProfiler.config.storage = Rack::MiniProfiler::RedisStore
 end
 ```
 
+The above code snippet is [Heroku's officially suggested workaround](https://help.heroku.com/HC0F8CUS/redis-connection-issues).
+
+## Special query strings
+
+If you include the query string `pp=help` at the end of your request you will see the various options available. You can use these options to extend or contract the amount of diagnostics rack-mini-profiler gathers.
+
 ## Development
 
 If you want to contribute to this project, that's great, thank you! You can run the following rake task:
@@ -480,8 +497,8 @@ Make sure to prepend `bundle exec` before any Rake tasks you run.
 You need Memcached and Redis services running for the specs.
 
 ```
-$ rake build
-$ rake spec
+$ bundle exec rake build
+$ bundle exec rake spec
 ```
 
 ## Licence

data/lib/generators/rack_mini_profiler/USAGE

@@ -0,0 +1,9 @@
+Description:
+    Generates an initializer for rack-mini-profiler. Use an initializer when manually
+    requiring rack-mini-profiler in your application (using require: false in your Gemfile).
+
+Example:
+    `bin/rails generate rack_mini_profiler:install`
+
+    This generates a an initializer that requires and initializes
+    rack-mini-profiler in development mode.

data/lib/generators/rack_mini_profiler/install_generator.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module RackMiniProfiler
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      def create_initializer_file
+        copy_file "rack_mini_profiler.rb", "config/initializers/rack_mini_profiler.rb"
+      end
+    end
+  end
+end

data/lib/generators/{rack_profiler/templates/rack_profiler.rb → rack_mini_profiler/templates/rack_mini_profiler.rb}

@@ -3,6 +3,6 @@
 if Rails.env.development?
   require "rack-mini-profiler"
 
-  # initialization is skipped so trigger it
+  # The initializer was required late, so initialize it manually.
   Rack::MiniProfilerRails.initialize!(Rails.application)
 end

data/lib/generators/rack_profiler/install_generator.rb

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 
+require "generators/rack_mini_profiler/install_generator"
+
 module RackProfiler
   module Generators
-    class InstallGenerator < ::Rails::Generators::Base
-      source_root File.expand_path("templates", __dir__)
+    class InstallGenerator < RackMiniProfiler::Generators::InstallGenerator
+      source_root File.expand_path("../rack_mini_profiler/templates", __dir__)
 
       def create_initializer_file
-        copy_file "rack_profiler.rb", "config/initializers/rack_profiler.rb"
+        warn("bin/rails generate rack_profiler:install is deprecated. Please use rack_mini_profiler:install instead.")
+        super
       end
     end
   end

data/lib/mini_profiler/client_settings.rb

@@ -74,7 +74,7 @@ module Rack
           settings["bt"] = @backtrace_level     if @backtrace_level
           settings["a"] = @allowed_tokens.join("|") if @allowed_tokens && MiniProfiler.request_authorized?
           settings_string = settings.map { |k, v| "#{k}=#{v}" }.join(",")
-          cookie = { value: settings_string, path: '/', httponly: true }
+          cookie = { value: settings_string, path: MiniProfiler.config.cookie_path, httponly: true }
           cookie[:secure] = true if @request.ssl?
           cookie[:same_site] = 'Lax'
           Rack::Utils.set_cookie_header!(headers, COOKIE_NAME, cookie)
@@ -83,7 +83,7 @@ module Rack
 
       def discard_cookie!(headers)
         if @cookie
-          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: '/')
+          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: MiniProfiler.config.cookie_path)
         end
       end
 

data/lib/mini_profiler/config.rb

@@ -17,6 +17,7 @@ module Rack
         new.instance_eval {
           @auto_inject      = true # automatically inject on every html page
           @base_url_path    = "/mini-profiler-resources/".dup
+          @cookie_path      = "/".dup
           @disable_caching  = true
           # called prior to rack chain, to ensure we are allowed to profile
           @pre_authorize_cb = lambda { |env| true }
@@ -39,7 +40,8 @@ module Rack
           @skip_sql_param_names = /password/ # skips parameters with the name password by default
           @enable_advanced_debugging_tools = false
           @snapshot_every_n_requests = -1
-          @snapshots_limit = 1000
+          @max_snapshot_groups = 50
+          @max_snapshots_per_group = 15
 
           # ui parameters
           @autorized            = true
@@ -60,19 +62,21 @@ module Rack
           @snapshots_transport_gzip_requests = false
           @enable_hotwire_turbo_drive_support = false
 
+          @profile_parameter = "pp"
+
           self
         }
       end
 
       attr_accessor :authorization_mode, :auto_inject, :backtrace_ignores,
         :backtrace_includes, :backtrace_remove, :backtrace_threshold_ms,
-        :base_url_path, :disable_caching, :enabled,
+        :base_url_path, :cookie_path, :disable_caching, :enabled,
         :flamegraph_sample_rate, :logger, :pre_authorize_cb, :skip_paths,
         :skip_schema_queries, :storage, :storage_failure, :storage_instance,
         :storage_options, :user_provider, :enable_advanced_debugging_tools,
         :skip_sql_param_names, :suppress_encoding, :max_sql_param_length,
         :content_security_policy_nonce, :enable_hotwire_turbo_drive_support,
-        :flamegraph_mode
+        :flamegraph_mode, :profile_parameter
 
       # ui accessors
       attr_accessor :collapse_results, :max_traces_to_show, :position,
@@ -80,10 +84,10 @@ module Rack
         :start_hidden, :toggle_shortcut, :html_container
 
       # snapshot related config
-      attr_accessor :snapshot_every_n_requests, :snapshots_limit,
+      attr_accessor :snapshot_every_n_requests, :max_snapshots_per_group,
         :snapshot_hidden_custom_fields, :snapshots_transport_destination_url,
         :snapshots_transport_auth_key, :snapshots_redact_sql_queries,
-        :snapshots_transport_gzip_requests
+        :snapshots_transport_gzip_requests, :max_snapshot_groups
 
       # Deprecated options
       attr_accessor :use_existing_jquery

data/lib/mini_profiler/storage/abstract_store.rb

@@ -45,80 +45,53 @@ module Rack
         raise NotImplementedError.new("should_take_snapshot? is not implemented")
       end
 
-      def push_snapshot(page_struct, config)
+      def push_snapshot(page_struct, group_name, config)
         raise NotImplementedError.new("push_snapshot is not implemented")
       end
 
-      def fetch_snapshots(batch_size: 200, &blk)
-        raise NotImplementedError.new("fetch_snapshots is not implemented")
+      # returns a hash where the keys are group names and the values
+      # are hashes that contain 3 keys:
+      #   1. `:worst_score` => the duration of the worst/slowest snapshot in the group (float)
+      #   2. `:best_score` => the duration of the best/fastest snapshot in the group (float)
+      #   3. `:snapshots_count` => the number of snapshots in the group (integer)
+      def fetch_snapshots_overview
+        raise NotImplementedError.new("fetch_snapshots_overview is not implemented")
       end
 
-      def snapshot_groups_overview
-        groups = {}
-        fetch_snapshots do |batch|
-          batch.each do |snapshot|
-            group_name = default_snapshot_grouping(snapshot)
-            hash = groups[group_name] ||= {}
-            hash[:snapshots_count] ||= 0
-            hash[:snapshots_count] += 1
-            if !hash[:worst_score] || hash[:worst_score] < snapshot.duration_ms
-              groups[group_name][:worst_score] = snapshot.duration_ms
-            end
-            if !hash[:best_score] || hash[:best_score] > snapshot.duration_ms
-              groups[group_name][:best_score] = snapshot.duration_ms
-            end
-          end
-        end
-        groups = groups.to_a
+      # @param group_name [String]
+      # @return [Array<Rack::MiniProfiler::TimerStruct::Page>] list of snapshots of the group. Blank array if the group doesn't exist.
+      def fetch_snapshots_group(group_name)
+        raise NotImplementedError.new("fetch_snapshots_group is not implemented")
+      end
+
+      def load_snapshot(id, group_name)
+        raise NotImplementedError.new("load_snapshot is not implemented")
+      end
+
+      def snapshots_overview
+        groups = fetch_snapshots_overview.to_a
         groups.sort_by! { |name, hash| hash[:worst_score] }
         groups.reverse!
         groups.map! { |name, hash| hash.merge(name: name) }
         groups
       end
 
-      def find_snapshots_group(group_name)
+      def snapshots_group(group_name)
+        snapshots = fetch_snapshots_group(group_name)
         data = []
-        fetch_snapshots do |batch|
-          batch.each do |snapshot|
-            snapshot_group_name = default_snapshot_grouping(snapshot)
-            if group_name == snapshot_group_name
-              data << {
-                id: snapshot[:id],
-                duration: snapshot.duration_ms,
-                sql_count: snapshot[:sql_count],
-                timestamp: snapshot[:started_at],
-                custom_fields: snapshot[:custom_fields]
-              }
-            end
-          end
+        snapshots.each do |snapshot|
+          data << {
+            id: snapshot[:id],
+            duration: snapshot.duration_ms,
+            sql_count: snapshot[:sql_count],
+            timestamp: snapshot[:started_at],
+            custom_fields: snapshot[:custom_fields]
+          }
         end
         data.sort_by! { |s| s[:duration] }
         data.reverse!
         data
       end
-
-      def load_snapshot(id)
-        raise NotImplementedError.new("load_snapshot is not implemented")
-      end
-
-      private
-
-      def default_snapshot_grouping(snapshot)
-        group_name = rails_route_from_path(snapshot[:request_path], snapshot[:request_method])
-        group_name ||= snapshot[:request_path]
-        "#{snapshot[:request_method]} #{group_name}"
-      end
-
-      def rails_route_from_path(path, method)
-        if defined?(Rails) && defined?(ActionController::RoutingError)
-          hash = Rails.application.routes.recognize_path(path, method: method)
-          if hash && hash[:controller] && hash[:action]
-            "#{hash[:controller]}##{hash[:action]}"
-          end
-        end
-      rescue ActionController::RoutingError
-        nil
-      end
     end
   end
 end

data/lib/mini_profiler/storage/file_store.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'securerandom'
+
 module Rack
   class MiniProfiler
     class FileStore < AbstractStore
@@ -17,7 +19,9 @@ module Rack
         def [](key)
           begin
             data = ::File.open(path(key), "rb") { |f| f.read }
+            # rubocop:disable Security/MarshalLoad
             Marshal.load data
+            # rubocop:enable Security/MarshalLoad
           rescue
             nil
           end

data/lib/mini_profiler/storage/memcache_store.rb

@@ -24,7 +24,9 @@ module Rack
 
       def load(id)
         raw = @client.get("#{@prefix}#{id}")
-        Marshal::load(raw) if raw
+        # rubocop:disable Security/MarshalLoad
+        Marshal.load(raw) if raw
+        # rubocop:enable Security/MarshalLoad
       end
 
       def set_unviewed(user, id)
@@ -65,14 +67,16 @@ module Rack
         key1, key2, cycle_at = nil
 
         if token_info
-          key1, key2, cycle_at = Marshal::load(token_info)
+          # rubocop:disable Security/MarshalLoad
+          key1, key2, cycle_at = Marshal.load(token_info)
+          # rubocop:enable Security/MarshalLoad
 
-           key1 = nil unless key1 && key1.length == 32
-           key2 = nil unless key2 && key2.length == 32
+          key1 = nil unless key1 && key1.length == 32
+          key2 = nil unless key2 && key2.length == 32
 
-           if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
-             return [key1, key2].compact
-           end
+          if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
+            return [key1, key2].compact
+          end
         end
 
         timeout = Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE