rack 1.6.13 → 2.2.3

data/CONTRIBUTING.md

@@ -0,0 +1,136 @@
+Contributing to Rack
+=====================
+
+Rack is work of [hundreds of contributors](https://github.com/rack/rack/graphs/contributors). You're encouraged to submit [pull requests](https://github.com/rack/rack/pulls), [propose features and discuss issues](https://github.com/rack/rack/issues). When in doubt, post to the [rack-devel](http://groups.google.com/group/rack-devel) mailing list.
+
+#### Fork the Project
+
+Fork the [project on Github](https://github.com/rack/rack) and check out your copy.
+
+```
+git clone https://github.com/contributor/rack.git
+cd rack
+git remote add upstream https://github.com/rack/rack.git
+```
+
+#### Create a Topic Branch
+
+Make sure your fork is up-to-date and create a topic branch for your feature or bug fix.
+
+```
+git checkout master
+git pull upstream master
+git checkout -b my-feature-branch
+```
+
+#### Bundle Install and Quick Test
+
+Ensure that you can build the project and run quick tests.
+
+```
+bundle install --without extra
+bundle exec rake test
+```
+
+#### Running All Tests
+
+Install all dependencies.
+
+```
+bundle install
+```
+
+Run all tests.
+
+```
+rake test
+```
+
+The test suite has no dependencies outside of the core Ruby installation and bacon.
+
+Some tests will be skipped if a dependency is not found.
+
+To run the test suite completely, you need:
+
+  * fcgi
+  * dalli
+  * thin
+
+To test Memcache sessions, you need memcached (will be run on port 11211) and dalli installed.
+
+#### Write Tests
+
+Try to write a test that reproduces the problem you're trying to fix or describes a feature that you want to build.
+
+We definitely appreciate pull requests that highlight or reproduce a problem, even without a fix.
+
+#### Write Code
+
+Implement your feature or bug fix.
+
+Make sure that `bundle exec rake fulltest` completes without errors.
+
+#### Write Documentation
+
+Document any external behavior in the [README](README.rdoc).
+
+#### Update Changelog
+
+Add a line to [CHANGELOG](CHANGELOG.md).
+
+#### Commit Changes
+
+Make sure git knows your name and email address:
+
+```
+git config --global user.name "Your Name"
+git config --global user.email "contributor@example.com"
+```
+
+Writing good commit logs is important. A commit log should describe what changed and why.
+
+```
+git add ...
+git commit
+```
+
+#### Push
+
+```
+git push origin my-feature-branch
+```
+
+#### Make a Pull Request
+
+Go to https://github.com/contributor/rack and select your feature branch. Click the 'Pull Request' button and fill out the form. Pull requests are usually reviewed within a few days.
+
+#### Rebase
+
+If you've been working on a change for a while, rebase with upstream/master.
+
+```
+git fetch upstream
+git rebase upstream/master
+git push origin my-feature-branch -f
+```
+
+#### Make Required Changes
+
+Amend your previous commit and force push the changes.
+
+```
+git commit --amend
+git push origin my-feature-branch -f
+```
+
+#### Check on Your Pull Request
+
+Go back to your pull request after a few minutes and see whether it passed muster with Travis-CI. Everything should look green, otherwise fix issues and amend your commit as described above.
+
+#### Be Patient
+
+It's likely that your change will not be merged and that the nitpicky maintainers will ask you to do more, or fix seemingly benign problems. Hang on there!
+
+#### Thank You
+
+Please do know that we really appreciate and value your time and work. We love you, really.

data/{COPYING → MIT-LICENSE}

@@ -1,4 +1,6 @@
-Copyright (c) 2007-2015 Christian Neukirchen <purl.org/net/chneukirchen>
+The MIT License (MIT)
+
+Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to
@@ -13,6 +15,6 @@ all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -1,110 +1,145 @@
-= Rack, a modular Ruby webserver interface {<img src="https://secure.travis-ci.org/rack/rack.svg" alt="Build Status" />}[http://travis-ci.org/rack/rack] {<img src="https://gemnasium.com/rack/rack.svg" alt="Dependency Status" />}[https://gemnasium.com/rack/rack]
+= \Rack, a modular Ruby webserver interface
 
-Rack provides a minimal, modular and adaptable interface for developing
-web applications in Ruby.  By wrapping HTTP requests and responses in
+{<img src="https://rack.github.io/logo.png" width="400" alt="rack powers web applications" />}[https://rack.github.io/]
+
+{<img src="https://circleci.com/gh/rack/rack.svg?style=svg" alt="CircleCI" />}[https://circleci.com/gh/rack/rack]
+{<img src="https://badge.fury.io/rb/rack.svg" alt="Gem Version" />}[http://badge.fury.io/rb/rack]
+{<img src="https://api.dependabot.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&version-scheme=semver" alt="SemVer Stability" />}[https://dependabot.com/compatibility-score.html?dependency-name=rack&package-manager=bundler&version-scheme=semver]
+{<img src="http://inch-ci.org/github/rack/rack.svg?branch=master" alt="Inline docs" />}[http://inch-ci.org/github/rack/rack]
+
+\Rack provides a minimal, modular, and adaptable interface for developing
+web applications in Ruby. By wrapping HTTP requests and responses in
 the simplest way possible, it unifies and distills the API for web
 servers, web frameworks, and software in between (the so-called
 middleware) into a single method call.
 
-The exact details of this are described in the Rack specification,
-which all Rack applications should conform to.
+The exact details of this are described in the \Rack specification,
+which all \Rack applications should conform to.
 
 == Supported web servers
 
-The included *handlers* connect all kinds of web servers to Rack:
-* Mongrel
-* EventedMongrel
-* SwiftipliedMongrel
-* WEBrick
+The included *handlers* connect all kinds of web servers to \Rack:
+
+* WEBrick[https://github.com/ruby/webrick]
 * FCGI
 * CGI
 * SCGI
-* LiteSpeed
-* Thin
-
-These web servers include Rack handlers in their distributions:
-* Ebb
-* Fuzed
-* Glassfish v3
-* Phusion Passenger (which is mod_rack for Apache and for nginx)
-* Puma
-* Rainbows!
-* Reel
-* Unicorn
-* unixrack
-* uWSGI
-* yahns
-* Zbatery
-
-Any valid Rack app will run the same on all these handlers, without
+* LiteSpeed[https://www.litespeedtech.com/]
+* Thin[https://rubygems.org/gems/thin]
+
+These web servers include \Rack handlers in their distributions:
+
+* Agoo[https://github.com/ohler55/agoo]
+* Falcon[https://github.com/socketry/falcon]
+* Iodine[https://github.com/boazsegev/iodine]
+* {NGINX Unit}[https://unit.nginx.org/]
+* {Phusion Passenger}[https://www.phusionpassenger.com/] (which is mod_rack for Apache and for nginx)
+* Puma[https://puma.io/]
+* Unicorn[https://yhbt.net/unicorn/]
+* uWSGI[https://uwsgi-docs.readthedocs.io/en/latest/]
+
+Any valid \Rack app will run the same on all these handlers, without
 changing anything.
 
 == Supported web frameworks
 
-These frameworks include Rack adapters in their distributions:
-* Camping
-* Coset
-* Espresso
-* Halcyon
-* Mack
-* Maveric
-* Merb
-* Racktools::SimpleApplication
-* Ramaze
-* Ruby on Rails
-* Rum
-* Sinatra
-* Sin
-* Vintage
-* Waves
-* Wee
-* ... and many others.
-
-== Available middleware
-
-Between the server and the framework, Rack can be customized to your
-applications needs using middleware, for example:
-* Rack::URLMap, to route to multiple applications inside the same process.
+These frameworks and many others support the \Rack API:
+
+* Camping[http://www.ruby-camping.com/]
+* Coset[http://leahneukirchen.org/repos/coset/]
+* Hanami[https://hanamirb.org/]
+* Padrino[http://padrinorb.com/]
+* Ramaze[http://ramaze.net/]
+* Roda[https://github.com/jeremyevans/roda]
+* {Ruby on Rails}[https://rubyonrails.org/]
+* Rum[https://github.com/leahneukirchen/rum]
+* Sinatra[http://sinatrarb.com/]
+* Utopia[https://github.com/socketry/utopia]
+* WABuR[https://github.com/ohler55/wabur]
+
+== Available middleware shipped with \Rack
+
+Between the server and the framework, \Rack can be customized to your
+applications needs using middleware. \Rack itself ships with the following
+middleware:
+
+* Rack::Chunked, for streaming responses using chunked encoding.
 * Rack::CommonLogger, for creating Apache-style logfiles.
+* Rack::ConditionalGet, for returning not modified responses when the response
+  has not changed.
+* Rack::Config, for modifying the environment before processing the request.
+* Rack::ContentLength, for setting Content-Length header based on body size.
+* Rack::ContentType, for setting default Content-Type header for responses.
+* Rack::Deflater, for compressing responses with gzip.
+* Rack::ETag, for setting ETag header on string bodies.
+* Rack::Events, for providing easy hooks when a request is received
+  and when the response is sent.
+* Rack::Files, for serving static files.
+* Rack::Head, for returning an empty body for HEAD requests.
+* Rack::Lint, for checking conformance to the \Rack API.
+* Rack::Lock, for serializing requests using a mutex.
+* Rack::Logger, for setting a logger to handle logging errors.
+* Rack::MethodOverride, for modifying the request method based on a submitted
+  parameter.
+* Rack::Recursive, for including data from other paths in the application,
+  and for performing internal redirects.
+* Rack::Reloader, for reloading files if they have been modified.
+* Rack::Runtime, for including a response header with the time taken to
+  process the request.
+* Rack::Sendfile, for working with web servers that can use optimized
+  file serving for file system paths.
 * Rack::ShowException, for catching unhandled exceptions and
   presenting them in a nice and helpful way with clickable backtrace.
-* Rack::File, for serving static files.
-* ...many others!
+* Rack::ShowStatus, for using nice error pages for empty client error
+  responses.
+* Rack::Static, for more configurable serving of static files.
+* Rack::TempfileReaper, for removing temporary files creating during a
+  request.
 
 All these components use the same interface, which is described in
-detail in the Rack specification.  These optional components can be
+detail in the \Rack specification.  These optional components can be
 used in any way you wish.
 
 == Convenience
 
 If you want to develop outside of existing frameworks, implement your
-own ones, or develop middleware, Rack provides many helpers to create
-Rack applications quickly and without doing the same web stuff all
+own ones, or develop middleware, \Rack provides many helpers to create
+\Rack applications quickly and without doing the same web stuff all
 over:
+
 * Rack::Request, which also provides query string parsing and
   multipart handling.
 * Rack::Response, for convenient generation of HTTP replies and
   cookie handling.
 * Rack::MockRequest and Rack::MockResponse for efficient and quick
-  testing of Rack application without real HTTP round-trips.
+  testing of \Rack application without real HTTP round-trips.
+* Rack::Cascade, for trying additional \Rack applications if an
+  application returns a not found or method not supported response.
+* Rack::Directory, for serving files under a given directory, with
+  directory indexes.
+* Rack::MediaType, for parsing Content-Type headers.
+* Rack::Mime, for determining Content-Type based on file extension.
+* Rack::RewindableInput, for making any IO object rewindable, using
+  a temporary file buffer.
+* Rack::URLMap, to route to multiple applications inside the same process.
 
 == rack-contrib
 
 The plethora of useful middleware created the need for a project that
-collects fresh Rack middleware.  rack-contrib includes a variety of
-add-on components for Rack and it is easy to contribute new modules.
+collects fresh \Rack middleware.  rack-contrib includes a variety of
+add-on components for \Rack and it is easy to contribute new modules.
 
 * https://github.com/rack/rack-contrib
 
 == rackup
 
-rackup is a useful tool for running Rack applications, which uses the
+rackup is a useful tool for running \Rack applications, which uses the
 Rack::Builder DSL to configure middleware and build up applications
 easily.
 
 rackup automatically figures out the environment it is run in, and
-runs your application as FastCGI, CGI, or standalone with Mongrel or
-WEBrick---all from the same configuration.
+runs your application as FastCGI, CGI, or WEBrick---all from the
+same configuration.
 
 == Quick start
 
@@ -122,79 +157,50 @@ By default, the lobster is found at http://localhost:9292.
 
 == Installing with RubyGems
 
-A Gem of Rack is available at rubygems.org.  You can install it with:
+A Gem of \Rack is available at {rubygems.org}[https://rubygems.org/gems/rack]. You can install it with:
 
     gem install rack
 
-I also provide a local mirror of the gems (and development snapshots)
-at my site:
-
-    gem install rack --source http://chneukirchen.org/releases/gems/
-
-== Running the tests
-
-Testing Rack requires the bacon testing framework:
-
-    bundle install --without extra # to be able to run the fast tests
-
-Or:
-
-    bundle install # this assumes that you have installed native extensions!
+== Usage
 
-There are two rake-based test tasks:
+You should require the library:
 
-    rake test       tests all the fast tests (no Handlers or Adapters)
-    rake fulltest   runs all the tests
+    require 'rack'
 
-The fast testsuite has no dependencies outside of the core Ruby
-installation and bacon.
+\Rack uses autoload to automatically load other files \Rack ships with on demand,
+so you should not need require paths under +rack+.  If you require paths under
++rack+ without requiring +rack+ itself, things may not work correctly.
 
-To run the test suite completely, you need:
-
-  * fcgi
-  * memcache-client
-  * mongrel
-  * thin
-
-The full set of tests test FCGI access with lighttpd (on port
-9203) so you will need lighttpd installed as well as the FCGI
-libraries and the fcgi gem:
+== Configuration
 
-Download and install lighttpd:
+Several parameters can be modified on Rack::Utils to configure \Rack behaviour.
 
-    http://www.lighttpd.net/download
+e.g:
 
-Installing the FCGI libraries:
+    Rack::Utils.key_space_limit = 128
 
-    curl -O http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
-    tar xzvf fcgi-2.4.0.tar.gz
-    cd fcgi-2.4.0
-    ./configure --prefix=/usr/local
-    make
-    sudo make install
-    cd ..
+=== key_space_limit
 
-Installing the Ruby fcgi gem:
+The default number of bytes to allow all parameters keys in a given parameter hash to take up.
+Does not affect nested parameter hashes, so doesn't actually prevent an attacker from using
+more than this many bytes for parameter keys.
 
-    gem install fcgi
+Defaults to 65536 characters.
 
-Furthermore, to test Memcache sessions, you need memcached (will be
-run on port 11211) and memcache-client installed.
+=== param_depth_limit
 
-== Configuration
+The maximum amount of nesting allowed in parameters.
+For example, if set to 3, this query string would be allowed:
 
-Several parameters can be modified on Rack::Utils to configure Rack behaviour.
+    ?a[b][c]=d
 
-e.g:
+but this query string would not be allowed:
 
-    Rack::Utils.key_space_limit = 128
+    ?a[b][c][d]=e
 
-=== key_space_limit
+Limiting the depth prevents a possible stack overflow when parsing parameters.
 
-The default number of bytes to allow a single parameter key to take up.
-This helps prevent a rogue client from flooding a Request.
-
-Default to 65536 characters (4 kiB in worst case).
+Defaults to 100.
 
 === multipart_part_limit
 
@@ -205,49 +211,58 @@ The default is 128, which means that a single request can't upload more than 128
 
 Set to 0 for no limit.
 
-Can also be set via the RACK_MULTIPART_PART_LIMIT environment variable.
+Can also be set via the +RACK_MULTIPART_PART_LIMIT+ environment variable.
+
+== Changelog
+
+See {CHANGELOG.md}[https://github.com/rack/rack/blob/master/CHANGELOG.md].
 
-== History
+== Contributing
 
-See <https://github.com/rack/HISTORY.md>.
+See {CONTRIBUTING.md}[https://github.com/rack/rack/blob/master/CONTRIBUTING.md].
 
 == Contact
 
 Please post bugs, suggestions and patches to
-the bug tracker at <https://github.com/rack/rack/issues>.
+the bug tracker at {issues}[https://github.com/rack/rack/issues].
 
 Please post security related bugs and suggestions to the core team at
-<https://groups.google.com/group/rack-core> or rack-core@googlegroups.com. This
+<https://groups.google.com/forum/#!forum/rack-core> or rack-core@googlegroups.com. This
 list is not public. Due to wide usage of the library, it is strongly preferred
 that we manage timing in order to provide viable patches at the time of
 disclosure. Your assistance in this matter is greatly appreciated.
 
 Mailing list archives are available at
-<https://groups.google.com/group/rack-devel>.
+<https://groups.google.com/forum/#!forum/rack-devel>.
 
 Git repository (send Git patches to the mailing list):
+
 * https://github.com/rack/rack
-* http://git.vuxu.org/cgi-bin/gitweb.cgi?p=rack-github.git
 
 You are also welcome to join the #rack channel on irc.freenode.net.
 
 == Thanks
 
-The Rack Core Team, consisting of
+The \Rack Core Team, consisting of
 
-* Christian Neukirchen (chneukirchen)
-* James Tucker (raggi)
-* Josh Peek (josh)
-* José Valim (josevalim)
-* Michael Fellinger (manveru)
-* Aaron Patterson (tenderlove)
-* Santiago Pastorino (spastorino)
-* Konstantin Haase (rkh)
+* Aaron Patterson (tenderlove[https://github.com/tenderlove])
+* Samuel Williams (ioquatix[https://github.com/ioquatix])
+* Jeremy Evans (jeremyevans[https://github.com/jeremyevans])
+* Eileen Uchitelle (eileencodes[https://github.com/eileencodes])
+* Matthew Draper (matthewd[https://github.com/matthewd])
+* Rafael França (rafaelfranca[https://github.com/rafaelfranca])
 
-and the Rack Alumnis
+and the \Rack Alumni
 
-* Ryan Tomayko (rtomayko)
-* Scytrin dai Kinthra (scytrin)
+* Ryan Tomayko (rtomayko[https://github.com/rtomayko])
+* Scytrin dai Kinthra (scytrin[https://github.com/scytrin])
+* Leah Neukirchen (leahneukirchen[https://github.com/leahneukirchen])
+* James Tucker (raggi[https://github.com/raggi])
+* Josh Peek (josh[https://github.com/josh])
+* José Valim (josevalim[https://github.com/josevalim])
+* Michael Fellinger (manveru[https://github.com/manveru])
+* Santiago Pastorino (spastorino[https://github.com/spastorino])
+* Konstantin Haase (rkh[https://github.com/rkh])
 
 would like to thank:
 
@@ -276,37 +291,16 @@ would like to thank:
 * Alexander Kellett for testing the Gem and reviewing the announcement.
 * Marcus Rückert, for help with configuring and debugging lighttpd.
 * The WSGI team for the well-done and documented work they've done and
-  Rack builds up on.
+  \Rack builds up on.
 * All bug reporters and patch contributors not mentioned above.
 
-== Copyright
-
-Copyright (C) 2007, 2008, 2009, 2010 Christian Neukirchen <http://purl.org/net/chneukirchen>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to
-deal in the Software without restriction, including without limitation the
-rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-sell copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
 == Links
 
-Rack:: <http://rack.github.io/>
-Official Rack repositories:: <https://github.com/rack>
-Rack Bug Tracking:: <https://github.com/rack/rack/issues>
-rack-devel mailing list:: <https://groups.google.com/group/rack-devel>
-Rack's Rubyforge project:: <http://rubyforge.org/projects/rack>
+\Rack:: <https://rack.github.io/>
+Official \Rack repositories:: <https://github.com/rack>
+\Rack Bug Tracking:: <https://github.com/rack/rack/issues>
+rack-devel mailing list:: <https://groups.google.com/forum/#!forum/rack-devel>
 
-Christian Neukirchen:: <http://chneukirchen.org/>
+== License
 
+\Rack is released under the {MIT License}[https://opensource.org/licenses/MIT].