rack 1.6.11 → 2.2.3

data/lib/rack/lint.rb

@@ -1,4 +1,5 @@
-require 'rack/utils'
+# frozen_string_literal: true
+
 require 'forwardable'
 
 module Rack
@@ -15,8 +16,8 @@ module Rack
 
     class LintError < RuntimeError; end
     module Assertion
-      def assert(message, &block)
-        unless block.call
+      def assert(message)
+        unless yield
           raise LintError, message
         end
       end
@@ -33,7 +34,7 @@ module Rack
 
     ## A Rack application is a Ruby object (not a class) that
     ## responds to +call+.
-    def call(env=nil)
+    def call(env = nil)
       dup._call(env)
     end
 
@@ -42,33 +43,47 @@ module Rack
       assert("No env given") { env }
       check_env env
 
-      env['rack.input'] = InputWrapper.new(env['rack.input'])
-      env['rack.errors'] = ErrorWrapper.new(env['rack.errors'])
+      env[RACK_INPUT] = InputWrapper.new(env[RACK_INPUT])
+      env[RACK_ERRORS] = ErrorWrapper.new(env[RACK_ERRORS])
 
       ## and returns an Array of exactly three values:
-      status, headers, @body = @app.call(env)
+      ary = @app.call(env)
+      assert("response #{ary.inspect} is not an Array , but #{ary.class}") {
+        ary.kind_of? Array
+      }
+      assert("response array #{ary.inspect} has #{ary.size} elements instead of 3") {
+        ary.size == 3
+      }
+
+      status, headers, @body = ary
       ## The *status*,
       check_status status
       ## the *headers*,
       check_headers headers
 
-      check_hijack_response headers, env
+      hijack_proc = check_hijack_response headers, env
+      if hijack_proc && headers.is_a?(Hash)
+        headers[RACK_HIJACK] = hijack_proc
+      end
 
       ## and the *body*.
       check_content_type status, headers
       check_content_length status, headers
-      @head_request = env[REQUEST_METHOD] == "HEAD"
+      @head_request = env[REQUEST_METHOD] == HEAD
       [status, headers, self]
     end
 
     ## == The Environment
     def check_env(env)
-      ## The environment must be an instance of Hash that includes
+      ## The environment must be an unfrozen instance of Hash that includes
       ## CGI-like headers.  The application is free to modify the
       ## environment.
       assert("env #{env.inspect} is not a Hash, but #{env.class}") {
         env.kind_of? Hash
       }
+      assert("env should not be frozen, but is") {
+        !env.frozen?
+      }
 
       ##
       ## The environment is required to include these variables
@@ -95,24 +110,26 @@ module Rack
       ##                      empty string, if the request URL targets
       ##                      the application root and does not have a
       ##                      trailing slash. This value may be
-      ##                      percent-encoded when I originating from
+      ##                      percent-encoded when originating from
       ##                      a URL.
 
       ## <tt>QUERY_STRING</tt>:: The portion of the request URL that
       ##                         follows the <tt>?</tt>, if any. May be
       ##                         empty, but is always required!
 
-      ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
-      ##                        When combined with <tt>SCRIPT_NAME</tt> and
+      ## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
       ##                        <tt>PATH_INFO</tt>, these variables can be
       ##                        used to complete the URL. Note, however,
       ##                        that <tt>HTTP_HOST</tt>, if present,
       ##                        should be used in preference to
       ##                        <tt>SERVER_NAME</tt> for reconstructing
       ##                        the request URL.
-      ##                        <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
-      ##                        can never be empty strings, and so
-      ##                        are always required.
+      ##                        <tt>SERVER_NAME</tt> can never be an empty
+      ##                        string, and so is always required.
+
+      ## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
+      ##                        server is running on. Should be specified if
+      ##                        the server is running on a non-standard port.
 
       ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
       ##                            client-supplied HTTP request
@@ -123,9 +140,8 @@ module Rack
       ##                            the presence or absence of the
       ##                            appropriate HTTP header in the
       ##                            request. See
-      ##                            <a href="https://tools.ietf.org/html/rfc3875#section-4.1.18">
-      ##                            RFC3875 section 4.1.18</a> for
-      ##                            specific behavior.
+      ##                            {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
+      ##                            for specific behavior.
 
       ## In addition to this, the Rack environment must include these
       ## Rack-specific variables:
@@ -177,7 +193,7 @@ module Rack
       ## <tt>rack.session</tt>:: A hash like interface for storing
       ##                         request session data.
       ##                         The store must implement:
-      if session = env['rack.session']
+      if session = env[RACK_SESSION]
         ##                         store(key, value)         (aliased as []=);
         assert("session #{session.inspect} must respond to store and []=") {
           session.respond_to?(:store) && session.respond_to?(:[]=)
@@ -197,11 +213,16 @@ module Rack
         assert("session #{session.inspect} must respond to clear") {
           session.respond_to?(:clear)
         }
+
+        ##                         to_hash (returning unfrozen Hash instance);
+        assert("session #{session.inspect} must respond to to_hash and return unfrozen Hash instance") {
+          session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
+        }
       end
 
       ## <tt>rack.logger</tt>:: A common object interface for logging messages.
       ##                        The object must implement:
-      if logger = env['rack.logger']
+      if logger = env[RACK_LOGGER]
         ##                         info(message, &block)
         assert("logger #{logger.inspect} must respond to info") {
           logger.respond_to?(:info)
@@ -229,16 +250,16 @@ module Rack
       end
 
       ## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the multipart parser as to what chunk size to use for reads and writes.
-      if bufsize = env['rack.multipart.buffer_size']
+      if bufsize = env[RACK_MULTIPART_BUFFER_SIZE]
         assert("rack.multipart.buffer_size must be an Integer > 0 if specified") {
           bufsize.is_a?(Integer) && bufsize > 0
         }
       end
 
       ## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to #call with two arguments, the filename and content_type given for the multipart form field, and returning an IO-like object that responds to #<< and optionally #rewind. This factory will be used to instantiate the tempfile for each multipart form file upload field, rather than the default class of Tempfile.
-      if tempfile_factory = env['rack.multipart.tempfile_factory']
+      if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY]
         assert("rack.multipart.tempfile_factory must respond to #call") { tempfile_factory.respond_to?(:call) }
-        env['rack.multipart.tempfile_factory'] = lambda do |filename, content_type|
+        env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename, content_type|
           io = tempfile_factory.call(filename, content_type)
           assert("rack.multipart.tempfile_factory return value must respond to #<<") { io.respond_to?(:<<) }
           io
@@ -252,64 +273,85 @@ module Rack
       ## accepted specifications and must not be used otherwise.
       ##
 
-      %w[REQUEST_METHOD SERVER_NAME SERVER_PORT
-         QUERY_STRING
+      %w[REQUEST_METHOD SERVER_NAME QUERY_STRING
          rack.version rack.input rack.errors
          rack.multithread rack.multiprocess rack.run_once].each { |header|
         assert("env missing required key #{header}") { env.include? header }
       }
 
+      ## The <tt>SERVER_PORT</tt> must be an Integer if set.
+      assert("env[SERVER_PORT] is not an Integer") do
+        server_port = env["SERVER_PORT"]
+        server_port.nil? || (Integer(server_port) rescue false)
+      end
+
+      ## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[SERVER_NAME]} must be a valid authority") do
+        URI.parse("http://#{env[SERVER_NAME]}/") rescue false
+      end
+
+      ## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[HTTP_HOST]} must be a valid authority") do
+        URI.parse("http://#{env[HTTP_HOST]}/") rescue false
+      end
+
       ## The environment must not contain the keys
       ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
       ## (use the versions without <tt>HTTP_</tt>).
       %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
-        assert("env contains #{header}, must use #{header[5,-1]}") {
+        assert("env contains #{header}, must use #{header[5, -1]}") {
           not env.include? header
         }
       }
 
       ## The CGI keys (named without a period) must have String values.
+      ## If the string values for CGI keys contain non-ASCII characters,
+      ## they should use ASCII-8BIT encoding.
       env.each { |key, value|
         next  if key.include? "."   # Skip extensions
         assert("env variable #{key} has non-string value #{value.inspect}") {
           value.kind_of? String
         }
+        next if value.encoding == Encoding::ASCII_8BIT
+        assert("env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}") {
+          value.b !~ /[\x80-\xff]/n
+        }
       }
 
       ## There are the following restrictions:
 
       ## * <tt>rack.version</tt> must be an array of Integers.
-      assert("rack.version must be an Array, was #{env["rack.version"].class}") {
-        env["rack.version"].kind_of? Array
+      assert("rack.version must be an Array, was #{env[RACK_VERSION].class}") {
+        env[RACK_VERSION].kind_of? Array
       }
       ## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
-      assert("rack.url_scheme unknown: #{env["rack.url_scheme"].inspect}") {
-        %w[http https].include? env["rack.url_scheme"]
+      assert("rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}") {
+        %w[http https].include?(env[RACK_URL_SCHEME])
       }
 
       ## * There must be a valid input stream in <tt>rack.input</tt>.
-      check_input env["rack.input"]
+      check_input env[RACK_INPUT]
       ## * There must be a valid error stream in <tt>rack.errors</tt>.
-      check_error env["rack.errors"]
+      check_error env[RACK_ERRORS]
       ## * There may be a valid hijack stream in <tt>rack.hijack_io</tt>
       check_hijack env
 
       ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
       assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD]}") {
-        env["REQUEST_METHOD"] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
+        env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
       }
 
       ## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
       assert("SCRIPT_NAME must start with /") {
-        !env.include?("SCRIPT_NAME") ||
-        env["SCRIPT_NAME"] == "" ||
-        env["SCRIPT_NAME"] =~ /\A\//
+        !env.include?(SCRIPT_NAME) ||
+        env[SCRIPT_NAME] == "" ||
+        env[SCRIPT_NAME] =~ /\A\//
       }
       ## * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
       assert("PATH_INFO must start with /") {
-        !env.include?("PATH_INFO") ||
-        env["PATH_INFO"] == "" ||
-        env["PATH_INFO"] =~ /\A\//
+        !env.include?(PATH_INFO) ||
+        env[PATH_INFO] == "" ||
+        env[PATH_INFO] =~ /\A\//
       }
       ## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
       assert("Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}") {
@@ -320,11 +362,11 @@ module Rack
       ##   set.  <tt>PATH_INFO</tt> should be <tt>/</tt> if
       ##   <tt>SCRIPT_NAME</tt> is empty.
       assert("One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)") {
-        env["SCRIPT_NAME"] || env["PATH_INFO"]
+        env[SCRIPT_NAME] || env[PATH_INFO]
       }
       ##   <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
       assert("SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'") {
-        env["SCRIPT_NAME"] != "/"
+        env[SCRIPT_NAME] != "/"
       }
     end
 
@@ -336,7 +378,7 @@ module Rack
       ## When applicable, its external encoding must be "ASCII-8BIT" and it
       ## must be opened in binary mode, for Ruby 1.9 compatibility.
       assert("rack.input #{input} does not have ASCII-8BIT as its external encoding") {
-        input.external_encoding.name == "ASCII-8BIT"
+        input.external_encoding == Encoding::ASCII_8BIT
       } if input.respond_to?(:external_encoding)
       assert("rack.input #{input} is not opened in binary mode") {
         input.binmode?
@@ -518,11 +560,11 @@ module Rack
     #
     ## ==== Request (before status)
     def check_hijack(env)
-      if env['rack.hijack?']
+      if env[RACK_IS_HIJACK]
         ## If rack.hijack? is true then rack.hijack must respond to #call.
-        original_hijack = env['rack.hijack']
+        original_hijack = env[RACK_HIJACK]
         assert("rack.hijack must respond to call") { original_hijack.respond_to?(:call) }
-        env['rack.hijack'] = proc do
+        env[RACK_HIJACK] = proc do
           ## rack.hijack must return the io that will also be assigned (or is
           ## already present, in rack.hijack_io.
           io = original_hijack.call
@@ -548,16 +590,16 @@ module Rack
           ## hijack_io to provide additional features to users. The purpose of
           ## rack.hijack is for Rack to "get out of the way", as such, Rack only
           ## provides the minimum of specification and support.
-          env['rack.hijack_io'] = HijackWrapper.new(env['rack.hijack_io'])
+          env[RACK_HIJACK_IO] = HijackWrapper.new(env[RACK_HIJACK_IO])
           io
         end
       else
         ##
         ## If rack.hijack? is false, then rack.hijack should not be set.
-        assert("rack.hijack? is false, but rack.hijack is present") { env['rack.hijack'].nil? }
+        assert("rack.hijack? is false, but rack.hijack is present") { env[RACK_HIJACK].nil? }
         ##
         ## If rack.hijack? is false, then rack.hijack_io should not be set.
-        assert("rack.hijack? is false, but rack.hijack_io is present") { env['rack.hijack_io'].nil? }
+        assert("rack.hijack? is false, but rack.hijack_io is present") { env[RACK_HIJACK_IO].nil? }
       end
     end
 
@@ -568,7 +610,7 @@ module Rack
 
       # this check uses headers like a hash, but the spec only requires
       # headers respond to #each
-      headers = Rack::Utils::HeaderHash.new(headers)
+      headers = Rack::Utils::HeaderHash[headers]
 
       ## In order to do this, an application may set the special header
       ## <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
@@ -587,12 +629,12 @@ module Rack
       ## Servers must ignore the <tt>body</tt> part of the response tuple when
       ## the <tt>rack.hijack</tt> response API is in use.
 
-      if env['rack.hijack?'] && headers['rack.hijack']
+      if env[RACK_IS_HIJACK] && headers[RACK_HIJACK]
         assert('rack.hijack header must respond to #call') {
-          headers['rack.hijack'].respond_to? :call
+          headers[RACK_HIJACK].respond_to? :call
         }
-        original_hijack = headers['rack.hijack']
-        headers['rack.hijack'] = proc do |io|
+        original_hijack = headers[RACK_HIJACK]
+        proc do |io|
           original_hijack.call HijackWrapper.new(io)
         end
       else
@@ -600,8 +642,10 @@ module Rack
         ## The special response header <tt>rack.hijack</tt> must only be set
         ## if the request env has <tt>rack.hijack?</tt> <tt>true</tt>.
         assert('rack.hijack header must not be present if server does not support hijacking') {
-          headers['rack.hijack'].nil?
+          headers[RACK_HIJACK].nil?
         }
+
+        nil
       end
     end
     ## ==== Conventions
@@ -626,15 +670,17 @@ module Rack
       assert("headers object should respond to #each, but doesn't (got #{header.class} as headers)") {
          header.respond_to? :each
       }
-      header.each { |key, value|
-        ## Special headers starting "rack." are for communicating with the
-        ## server, and must not be sent back to the client.
-        next if key =~ /^rack\..+$/
 
+      header.each { |key, value|
         ## The header keys must be Strings.
         assert("header key must be a string, was #{key.class}") {
           key.kind_of? String
         }
+
+        ## Special headers starting "rack." are for communicating with the
+        ## server, and must not be sent back to the client.
+        next if key =~ /^rack\..+$/
+
         ## The header must not contain a +Status+ key.
         assert("header must not contain Status") { key.downcase != "status" }
         ## The header must conform to RFC7230 token specification, i.e. cannot
@@ -659,10 +705,10 @@ module Rack
     def check_content_type(status, headers)
       headers.each { |key, value|
         ## There must not be a <tt>Content-Type</tt>, when the +Status+ is 1xx,
-        ## 204, 205 or 304.
+        ## 204 or 304.
         if key.downcase == "content-type"
           assert("Content-Type header found in #{status} response, not allowed") {
-            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
           }
           return
         end
@@ -674,9 +720,9 @@ module Rack
       headers.each { |key, value|
         if key.downcase == 'content-length'
           ## There must not be a <tt>Content-Length</tt> header when the
-          ## +Status+ is 1xx, 204, 205 or 304.
+          ## +Status+ is 1xx, 204 or 304.
           assert("Content-Length header found in #{status} response, not allowed") {
-            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
           }
           @content_length = value
         end
@@ -710,7 +756,7 @@ module Rack
         assert("Body yielded non-string value #{part.inspect}") {
           part.kind_of? String
         }
-        bytes += Rack::Utils.bytesize(part)
+        bytes += part.bytesize
         yield part
       }
       verify_content_length(bytes)

data/lib/rack/lobster.rb

@@ -1,7 +1,6 @@
-require 'zlib'
+# frozen_string_literal: true
 
-require 'rack/request'
-require 'rack/response'
+require 'zlib'
 
 module Rack
   # Paste has a Pony, Rack has a Lobster!
@@ -25,8 +24,8 @@ module Rack
       content = ["<title>Lobstericious!</title>",
                  "<pre>", lobster, "</pre>",
                  "<a href='#{href}'>flip!</a>"]
-      length = content.inject(0) { |a,e| a+e.size }.to_s
-      [200, {CONTENT_TYPE => "text/html", CONTENT_LENGTH => length}, content]
+      length = content.inject(0) { |a, e| a + e.size }.to_s
+      [200, { CONTENT_TYPE => "text/html", CONTENT_LENGTH => length }, content]
     }
 
     def call(env)
@@ -37,8 +36,8 @@ module Rack
             gsub('\\', 'TEMP').
             gsub('/', '\\').
             gsub('TEMP', '/').
-            gsub('{','}').
-            gsub('(',')')
+            gsub('{', '}').
+            gsub('(', ')')
         end.join("\n")
         href = "?flip=right"
       elsif req.GET["flip"] == "crash"
@@ -62,9 +61,10 @@ module Rack
 end
 
 if $0 == __FILE__
-  require 'rack'
-  require 'rack/showexceptions'
+  # :nocov:
+  require_relative '../rack'
   Rack::Server.start(
-    :app => Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), :Port => 9292
+    app: Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), Port: 9292
   )
+  # :nocov:
 end

data/lib/rack/lock.rb

@@ -1,26 +1,32 @@
+# frozen_string_literal: true
+
 require 'thread'
-require 'rack/body_proxy'
 
 module Rack
   # Rack::Lock locks every request inside a mutex, so that every request
   # will effectively be executed synchronously.
   class Lock
-    FLAG = 'rack.multithread'.freeze
-
     def initialize(app, mutex = Mutex.new)
       @app, @mutex = app, mutex
     end
 
     def call(env)
-      old, env[FLAG] = env[FLAG], false
       @mutex.lock
-      response = @app.call(env)
-      body = BodyProxy.new(response[2]) { @mutex.unlock }
-      response[2] = body
-      response
-    ensure
-      @mutex.unlock unless body
-      env[FLAG] = old
+      @env = env
+      @old_rack_multithread = env[RACK_MULTITHREAD]
+      begin
+        response = @app.call(env.merge!(RACK_MULTITHREAD => false))
+        returned = response << BodyProxy.new(response.pop) { unlock }
+      ensure
+        unlock unless returned
+      end
+    end
+
+    private
+
+    def unlock
+      @mutex.unlock
+      @env[RACK_MULTITHREAD] = @old_rack_multithread
     end
   end
 end

data/lib/rack/logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'logger'
 
 module Rack
@@ -8,10 +10,10 @@ module Rack
     end
 
     def call(env)
-      logger = ::Logger.new(env['rack.errors'])
+      logger = ::Logger.new(env[RACK_ERRORS])
       logger.level = @level
 
-      env['rack.logger'] = logger
+      env[RACK_LOGGER] = logger
       @app.call(env)
     end
   end

data/lib/rack/media_type.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Rack
+  # Rack::MediaType parse media type and parameters out of content_type string
+
+  class MediaType
+    SPLIT_PATTERN = %r{\s*[;,]\s*}
+
+    class << self
+      # The media type (type/subtype) portion of the CONTENT_TYPE header
+      # without any media type parameters. e.g., when CONTENT_TYPE is
+      # "text/plain;charset=utf-8", the media-type is "text/plain".
+      #
+      # For more information on the use of media types in HTTP, see:
+      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
+      def type(content_type)
+        return nil unless content_type
+        content_type.split(SPLIT_PATTERN, 2).first.tap &:downcase!
+      end
+
+      # The media type parameters provided in CONTENT_TYPE as a Hash, or
+      # an empty Hash if no CONTENT_TYPE or media-type parameters were
+      # provided.  e.g., when the CONTENT_TYPE is "text/plain;charset=utf-8",
+      # this method responds with the following Hash:
+      #   { 'charset' => 'utf-8' }
+      def params(content_type)
+        return {} if content_type.nil?
+
+        content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
+          k, v = s.split('=', 2)
+
+          hsh[k.tap(&:downcase!)] = strip_doublequotes(v)
+        end
+      end
+
+      private
+
+        def strip_doublequotes(str)
+          (str.start_with?('"') && str.end_with?('"')) ? str[1..-2] : str
+        end
+    end
+  end
+end

data/lib/rack/{methodoverride.rb → method_override.rb}

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Rack
   class MethodOverride
-    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK)
+    HTTP_METHODS = %w[GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK]
 
-    METHOD_OVERRIDE_PARAM_KEY = "_method".freeze
-    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE".freeze
-    ALLOWED_METHODS = ["POST"]
+    METHOD_OVERRIDE_PARAM_KEY = "_method"
+    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE"
+    ALLOWED_METHODS = %w[POST]
 
     def initialize(app)
       @app = app
@@ -14,7 +16,7 @@ module Rack
       if allowed_methods.include?(env[REQUEST_METHOD])
         method = method_override(env)
         if HTTP_METHODS.include?(method)
-          env["rack.methodoverride.original_method"] = env[REQUEST_METHOD]
+          env[RACK_METHODOVERRIDE_ORIGINAL_METHOD] = env[REQUEST_METHOD]
           env[REQUEST_METHOD] = method
         end
       end
@@ -29,7 +31,7 @@ module Rack
       begin
         method.to_s.upcase
       rescue ArgumentError
-        env["rack.errors"].puts "Invalid string for method"
+        env[RACK_ERRORS].puts "Invalid string for method"
       end
     end
 
@@ -42,9 +44,9 @@ module Rack
     def method_override_param(req)
       req.POST[METHOD_OVERRIDE_PARAM_KEY]
     rescue Utils::InvalidParameterError, Utils::ParameterTypeError
-      req.env["rack.errors"].puts "Invalid or incomplete POST params"
+      req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params"
     rescue EOFError
-      req.env["rack.errors"].puts "Bad request content body"
+      req.get_header(RACK_ERRORS).puts "Bad request content body"
     end
   end
 end