RubyGems - rack - Versions diffs - 2.2.17 → 3.0.18 - Mend

rack 2.2.17 → 3.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (87) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +292 -74
data/CONTRIBUTING.md +53 -47
data/MIT-LICENSE +1 -1
data/README.md +336 -0
data/SPEC.rdoc +174 -126
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +3 -1
data/lib/rack/auth/basic.rb +2 -3
data/lib/rack/auth/digest/md5.rb +1 -131
data/lib/rack/auth/digest/nonce.rb +1 -53
data/lib/rack/auth/digest/params.rb +1 -54
data/lib/rack/auth/digest/request.rb +1 -43
data/lib/rack/auth/digest.rb +256 -0
data/lib/rack/body_proxy.rb +21 -3
data/lib/rack/builder.rb +83 -63
data/lib/rack/cascade.rb +2 -0
data/lib/rack/chunked.rb +16 -13
data/lib/rack/common_logger.rb +22 -17
data/lib/rack/conditional_get.rb +18 -15
data/lib/rack/constants.rb +64 -0
data/lib/rack/content_length.rb +12 -16
data/lib/rack/content_type.rb +8 -5
data/lib/rack/deflater.rb +40 -26
data/lib/rack/directory.rb +9 -3
data/lib/rack/etag.rb +17 -23
data/lib/rack/events.rb +4 -0
data/lib/rack/file.rb +2 -0
data/lib/rack/files.rb +15 -17
data/lib/rack/head.rb +9 -8
data/lib/rack/headers.rb +154 -0
data/lib/rack/lint.rb +758 -646
data/lib/rack/lock.rb +2 -5
data/lib/rack/logger.rb +2 -0
data/lib/rack/media_type.rb +3 -8
data/lib/rack/method_override.rb +5 -1
data/lib/rack/mime.rb +8 -0
data/lib/rack/mock.rb +1 -300
data/lib/rack/mock_request.rb +166 -0
data/lib/rack/mock_response.rb +155 -0
data/lib/rack/multipart/generator.rb +7 -5
data/lib/rack/multipart/parser.rb +127 -69
data/lib/rack/multipart/uploaded_file.rb +4 -0
data/lib/rack/multipart.rb +20 -40
data/lib/rack/null_logger.rb +9 -0
data/lib/rack/query_parser.rb +78 -46
data/lib/rack/recursive.rb +2 -0
data/lib/rack/reloader.rb +0 -2
data/lib/rack/request.rb +224 -106
data/lib/rack/response.rb +138 -61
data/lib/rack/rewindable_input.rb +24 -5
data/lib/rack/runtime.rb +7 -6
data/lib/rack/sendfile.rb +30 -25
data/lib/rack/show_exceptions.rb +15 -2
data/lib/rack/show_status.rb +17 -7
data/lib/rack/static.rb +8 -8
data/lib/rack/tempfile_reaper.rb +15 -4
data/lib/rack/urlmap.rb +3 -1
data/lib/rack/utils.rb +206 -180
data/lib/rack/version.rb +9 -4
data/lib/rack.rb +13 -87
metadata +15 -35
data/README.rdoc +0 -347
data/Rakefile +0 -130
data/bin/rackup +0 -5
data/contrib/rack.png +0 -0
data/contrib/rack.svg +0 -150
data/contrib/rack_logo.svg +0 -164
data/contrib/rdoc.css +0 -412
data/example/lobster.ru +0 -6
data/example/protectedlobster.rb +0 -16
data/example/protectedlobster.ru +0 -10
data/lib/rack/core_ext/regexp.rb +0 -14
data/lib/rack/handler/cgi.rb +0 -59
data/lib/rack/handler/fastcgi.rb +0 -100
data/lib/rack/handler/lsws.rb +0 -61
data/lib/rack/handler/scgi.rb +0 -71
data/lib/rack/handler/thin.rb +0 -36
data/lib/rack/handler/webrick.rb +0 -129
data/lib/rack/handler.rb +0 -104
data/lib/rack/lobster.rb +0 -70
data/lib/rack/server.rb +0 -466
data/lib/rack/session/abstract/id.rb +0 -523
data/lib/rack/session/cookie.rb +0 -203
data/lib/rack/session/memcache.rb +0 -10
data/lib/rack/session/pool.rb +0 -90
data/rack.gemspec +0 -46

data/lib/rack/static.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
+require_relative 'constants'
+require_relative 'files'
+require_relative 'mime'
 module Rack
   # The Rack::Static middleware intercepts requests for static files
@@ -78,16 +82,14 @@ module Rack
   #         :header_rules => [
   #           # Cache all static files in public caches (e.g. Rack::Cache)
   #           #  as well as in the browser
-  #           [:all, {'Cache-Control' => 'public, max-age=31536000'}],
+  #           [:all, {'cache-control' => 'public, max-age=31536000'}],
   #
   #           # Provide web fonts with cross-origin access-control-headers
   #           #  Firefox requires this when serving assets using a Content Delivery Network
-  #           [:fonts, {'Access-Control-Allow-Origin' => '*'}]
+  #           [:fonts, {'access-control-allow-origin' => '*'}]
   #         ]
   #
   class Static
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
     def initialize(app, options = {})
       @app = app
       @urls = options[:urls] || ["/favicon.ico"]
@@ -138,10 +140,8 @@ module Rack
           elsif response[0] == 304
             # Do nothing, leave headers as is
           else
-            if mime_type = Mime.mime_type(::File.extname(path), 'text/plain')
-              response[1][CONTENT_TYPE] = mime_type
-            end
-            response[1]['Content-Encoding'] = 'gzip'
+            response[1][CONTENT_TYPE] = Mime.mime_type(::File.extname(path), 'text/plain')
+            response[1]['content-encoding'] = 'gzip'
           end
         end

data/lib/rack/tempfile_reaper.rb CHANGED Viewed

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
+require_relative 'constants'
+require_relative 'body_proxy'
 module Rack
   # Middleware tracks and cleans Tempfiles created throughout a request (i.e. Rack::Multipart)
@@ -12,11 +15,19 @@ module Rack
     def call(env)
       env[RACK_TEMPFILES] ||= []
-      status, headers, body = @app.call(env)
-      body_proxy = BodyProxy.new(body) do
-        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?
+      begin
+        _, _, body = response = @app.call(env)
+      rescue Exception
+        env[RACK_TEMPFILES]&.each(&:close!)
+        raise
       end
-      [status, headers, body_proxy]
+      response[2] = BodyProxy.new(body) do
+        env[RACK_TEMPFILES]&.each(&:close!)
+      end
+      response
     end
   end
 end

data/lib/rack/urlmap.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 require 'set'
+require_relative 'constants'
 module Rack
   # Rack::URLMap takes a hash mapping urls or paths to apps, and
   # dispatches accordingly.  Support for HTTP/1.1 host names exists if
@@ -74,7 +76,7 @@ module Rack
         return app.call(env)
       end
-      [404, { CONTENT_TYPE => "text/plain", "X-Cascade" => "pass" }, ["Not Found: #{path}"]]
+      [404, { CONTENT_TYPE => "text/plain", "x-cascade" => "pass" }, ["Not Found: #{path}"]]
     ensure
       env[PATH_INFO]   = path

data/lib/rack/utils.rb CHANGED Viewed

@@ -8,30 +8,29 @@ require 'tempfile'
 require 'time'
 require_relative 'query_parser'
+require_relative 'mime'
+require_relative 'headers'
+require_relative 'constants'
 module Rack
   # Rack::Utils contains a grab-bag of useful methods for writing web
   # applications adopted from all kinds of Ruby libraries.
   module Utils
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
     ParameterTypeError = QueryParser::ParameterTypeError
     InvalidParameterError = QueryParser::InvalidParameterError
+    ParamsTooDeepError = QueryParser::ParamsTooDeepError
     DEFAULT_SEP = QueryParser::DEFAULT_SEP
     COMMON_SEP = QueryParser::COMMON_SEP
     KeySpaceConstrainedParams = QueryParser::Params
-    RFC2822_DAY_NAME = [ 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' ]
-    RFC2822_MONTH_NAME = [ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ]
-    RFC2396_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
     class << self
       attr_accessor :default_query_parser
     end
-    # The default number of bytes to allow parameter keys to take up.
-    # This helps prevent a rogue client from flooding a Request.
-    self.default_query_parser = QueryParser.make_default(65536, 100)
+    # The default amount of nesting to allowed by hash parameters.
+    # This helps prevent a rogue client from triggering a possible stack overflow
+    # when parsing parameters.
+    self.default_query_parser = QueryParser.make_default(32)
     module_function
@@ -43,13 +42,13 @@ module Rack
     # Like URI escaping, but with %20 instead of +. Strictly speaking this is
     # true URI escaping.
     def escape_path(s)
-      RFC2396_PARSER.escape s
+      ::URI::DEFAULT_PARSER.escape s
     end
     # Unescapes the **path** component of a URI.  See Rack::Utils.unescape for
     # unescaping query parameters or form components.
     def unescape_path(s)
-      RFC2396_PARSER.unescape s
+      ::URI::DEFAULT_PARSER.unescape s
     end
     # Unescapes a URI escaped string with +encoding+. +encoding+ will be the
@@ -87,11 +86,12 @@ module Rack
     end
     def self.key_space_limit
-      default_query_parser.key_space_limit
+      warn("`Rack::Utils.key_space_limit` is deprecated as this value no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
+      65536
     end
     def self.key_space_limit=(v)
-      self.default_query_parser = self.default_query_parser.new_space_limit(v)
+      warn("`Rack::Utils.key_space_limit=` is deprecated and no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
     end
     if defined?(Process::CLOCK_MONOTONIC)
@@ -132,13 +132,13 @@ module Rack
         }.join("&")
       when Hash
         value.map { |k, v|
-          build_nested_query(v, prefix ? "#{prefix}[#{escape(k)}]" : escape(k))
+          build_nested_query(v, prefix ? "#{prefix}[#{k}]" : k)
         }.delete_if(&:empty?).join('&')
       when nil
-        prefix
+        escape(prefix)
       else
         raise ArgumentError, "value must be a Hash" if prefix.nil?
-        "#{prefix}=#{escape(value)}"
+        "#{escape(prefix)}=#{escape(value)}"
       end
     end
@@ -153,6 +153,20 @@ module Rack
       end
     end
+    def forwarded_values(forwarded_header)
+      return nil unless forwarded_header
+      forwarded_header = forwarded_header.to_s.gsub("\n", ";")
+      forwarded_header.split(';').each_with_object({}) do |field, values|
+        field.split(',').each do |pair|
+          pair = pair.split('=').map(&:strip).join('=')
+          return nil unless pair =~ /\A(by|for|host|proto)="?([^"]+)"?\Z/i
+          (values[$1.downcase.to_sym] ||= []) << $2
+        end
+      end
+    end
+    module_function :forwarded_values
     # Return best accept value to use, based on the algorithm
     # in RFC 2616 Section 14.  If there are multiple best
     # matches (same specificity and quality), the value returned
@@ -167,7 +181,7 @@ module Rack
       end.compact.sort_by do |match, quality|
         (match.split('/', 2).count('*') * -10) + quality
       end.last
-      matches && matches.first
+      matches&.first
     end
     ESCAPE_HTML = {
@@ -218,17 +232,20 @@ module Rack
       (encoding_candidates & available_encodings)[0]
     end
-    def parse_cookies(env)
-      parse_cookies_header env[HTTP_COOKIE]
-    end
+    # :call-seq:
+    #   parse_cookies_header(value) -> hash
+    #
+    # Parse cookies from the provided header +value+ according to RFC6265. The
+    # syntax for cookie headers only supports semicolons. Returns a map of
+    # cookie +key+ to cookie +value+.
+    #
+    #   parse_cookies_header('myname=myvalue; max-age=0')
+    #   # => {"myname"=>"myvalue", "max-age"=>"0"}
+    #
+    def parse_cookies_header(value)
+      return {} unless value
-    def parse_cookies_header(header)
-      # According to RFC 6265:
-      # The syntax for cookie headers only supports semicolons
-      # User Agent -> Server ==
-      # Cookie: SID=31d4d96e407aad42; lang=en-US
-      return {} unless header
-      header.split(/[;] */n).each_with_object({}) do |cookie, cookies|
+      value.split(/; */n).each_with_object({}) do |cookie, cookies|
         next if cookie.empty?
         key, value = cookie.split('=', 2)
         cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)
@@ -236,14 +253,66 @@ module Rack
     end
     def add_cookie_to_header(header, key, value)
+      warn("add_cookie_to_header is deprecated and will be removed in Rack 3.1", uplevel: 1)
+      case header
+      when nil, ''
+        return set_cookie_header(key, value)
+      when String
+        [header, set_cookie_header(key, value)]
+      when Array
+        header + [set_cookie_header(key, value)]
+      else
+        raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
+      end
+    end
+    # :call-seq:
+    #   parse_cookies(env) -> hash
+    #
+    # Parse cookies from the provided request environment using
+    # parse_cookies_header. Returns a map of cookie +key+ to cookie +value+.
+    #
+    #   parse_cookies({'HTTP_COOKIE' => 'myname=myvalue'})
+    #   # => {'myname' => 'myvalue'}
+    #
+    def parse_cookies(env)
+      parse_cookies_header env[HTTP_COOKIE]
+    end
+    # :call-seq:
+    #   set_cookie_header(key, value) -> encoded string
+    #
+    # Generate an encoded string using the provided +key+ and +value+ suitable
+    # for the +set-cookie+ header according to RFC6265. The +value+ may be an
+    # instance of either +String+ or +Hash+.
+    #
+    # If the cookie +value+ is an instance of +Hash+, it considers the following
+    # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
+    # of +Time+), +secure+, +http_only+, +same_site+ and +value+. For more
+    # details about the interpretation of these fields, consult
+    # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
+    #
+    # An extra cookie attribute +escape_key+ can be provided to control whether
+    # or not the cookie key is URL encoded. If explicitly set to +false+, the
+    # cookie key name will not be url encoded (escaped). The default is +true+.
+    #
+    #   set_cookie_header("myname", "myvalue")
+    #   # => "myname=myvalue"
+    #
+    #   set_cookie_header("myname", {value: "myvalue", max_age: 10})
+    #   # => "myname=myvalue; max-age=10"
+    #
+    def set_cookie_header(key, value)
       case value
       when Hash
+        key = escape(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
         expires = "; expires=#{value[:expires].httpdate}" if value[:expires]
         secure = "; secure"  if value[:secure]
-        httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
+        httponly = "; httponly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
         same_site =
           case value[:same_site]
           when false, nil
@@ -258,100 +327,109 @@ module Rack
             raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
           end
         value = value[:value]
+      else
+        key = escape(key)
       end
       value = [value] unless Array === value
-      cookie = "#{escape(key)}=#{value.map { |v| escape v }.join('&')}#{domain}" \
+      return "#{key}=#{value.map { |v| escape v }.join('&')}#{domain}" \
         "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
+    end
-      case header
-      when nil, ''
-        cookie
-      when String
-        [header, cookie].join("\n")
-      when Array
-        (header + [cookie]).join("\n")
+    # :call-seq:
+    #   set_cookie_header!(headers, key, value) -> header value
+    #
+    # Append a cookie in the specified headers with the given cookie +key+ and
+    # +value+ using set_cookie_header.
+    #
+    # If the headers already contains a +set-cookie+ key, it will be converted
+    # to an +Array+ if not already, and appended to.
+    def set_cookie_header!(headers, key, value)
+      if header = headers[SET_COOKIE]
+        if header.is_a?(Array)
+          header << set_cookie_header(key, value)
+        else
+          headers[SET_COOKIE] = [header, set_cookie_header(key, value)]
+        end
       else
-        raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
+        headers[SET_COOKIE] = set_cookie_header(key, value)
       end
     end
-    def set_cookie_header!(header, key, value)
-      header[SET_COOKIE] = add_cookie_to_header(header[SET_COOKIE], key, value)
-      nil
+    # :call-seq:
+    #   delete_set_cookie_header(key, value = {}) -> encoded string
+    #
+    # Generate an encoded string based on the given +key+ and +value+ using
+    # set_cookie_header for the purpose of causing the specified cookie to be
+    # deleted. The +value+ may be an instance of +Hash+ and can include
+    # attributes as outlined by set_cookie_header. The encoded cookie will have
+    # a +max_age+ of 0 seconds, an +expires+ date in the past and an empty
+    # +value+. When used with the +set-cookie+ header, it will cause the client
+    # to *remove* any matching cookie.
+    #
+    #   delete_set_cookie_header("myname")
+    #   # => "myname=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"
+    #
+    def delete_set_cookie_header(key, value = {})
+      set_cookie_header(key, value.merge(max_age: '0', expires: Time.at(0), value: ''))
     end
     def make_delete_cookie_header(header, key, value)
-      case header
-      when nil, ''
-        cookies = []
-      when String
-        cookies = header.split("\n")
-      when Array
-        cookies = header
-      end
-      key = escape(key)
-      domain = value[:domain]
-      path = value[:path]
-      regexp = if domain
-                 if path
-                   /\A#{key}=.*(?:domain=#{domain}(?:;|$).*path=#{path}(?:;|$)|path=#{path}(?:;|$).*domain=#{domain}(?:;|$))/
-                 else
-                   /\A#{key}=.*domain=#{domain}(?:;|$)/
-                 end
-               elsif path
-                 /\A#{key}=.*path=#{path}(?:;|$)/
-               else
-                 /\A#{key}=/
-               end
-      cookies.reject! { |cookie| regexp.match? cookie }
+      warn("make_delete_cookie_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-      cookies.join("\n")
+      delete_set_cookie_header!(header, key, value)
     end
-    def delete_cookie_header!(header, key, value = {})
-      header[SET_COOKIE] = add_remove_cookie_to_header(header[SET_COOKIE], key, value)
-      nil
+    def delete_cookie_header!(headers, key, value = {})
+      headers[SET_COOKIE] = delete_set_cookie_header!(headers[SET_COOKIE], key, value)
+      return nil
     end
-    # Adds a cookie that will *remove* a cookie from the client.  Hence the
-    # strange method name.
     def add_remove_cookie_to_header(header, key, value = {})
-      new_header = make_delete_cookie_header(header, key, value)
+      warn("add_remove_cookie_to_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-      add_cookie_to_header(new_header, key,
-                 { value: '', path: nil, domain: nil,
-                   max_age: '0',
-                   expires: Time.at(0) }.merge(value))
+      delete_set_cookie_header!(header, key, value)
+    end
+    # :call-seq:
+    #   delete_set_cookie_header!(header, key, value = {}) -> header value
+    #
+    # Set an expired cookie in the specified headers with the given cookie
+    # +key+ and +value+ using delete_set_cookie_header. This causes
+    # the client to immediately delete the specified cookie.
+    #
+    #   delete_set_cookie_header!(nil, "mycookie")
+    #   # => "mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"
+    #
+    # If the header is non-nil, it will be modified in place.
+    #
+    #   header = []
+    #   delete_set_cookie_header!(header, "mycookie")
+    #   # => ["mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"]
+    #   header
+    #   # => ["mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"]
+    #
+    def delete_set_cookie_header!(header, key, value = {})
+      if header
+        header = Array(header)
+        header << delete_set_cookie_header(key, value)
+      else
+        header = delete_set_cookie_header(key, value)
+      end
+      return header
     end
     def rfc2822(time)
       time.rfc2822
     end
-    # Modified version of stdlib time.rb Time#rfc2822 to use '%d-%b-%Y' instead
-    # of '% %b %Y'.
-    # It assumes that the time is in GMT to comply to the RFC 2109.
-    #
-    # NOTE: I'm not sure the RFC says it requires GMT, but is ambiguous enough
-    # that I'm certain someone implemented only that option.
-    # Do not use %a and %b from Time.strptime, it would use localized names for
-    # weekday and month.
-    #
-    def rfc2109(time)
-      wday = RFC2822_DAY_NAME[time.wday]
-      mon = RFC2822_MONTH_NAME[time.mon - 1]
-      time.strftime("#{wday}, %d-#{mon}-%Y %H:%M:%S GMT")
-    end
     # Parses the "Range:" header, if present, into an array of Range objects.
     # Returns nil if the header is missing or syntactically invalid.
     # Returns an empty array if none of the ranges are satisfiable.
     def byte_ranges(env, size)
-      warn "`byte_ranges` is deprecated, please use `get_byte_ranges`" if $VERBOSE
       get_byte_ranges env['HTTP_RANGE'], size
     end
@@ -382,25 +460,35 @@ module Rack
         ranges << (r0..r1)  if r0 <= r1
       end
-      return [] if ranges.map(&:size).inject(0, :+) > size
+      return [] if ranges.map(&:size).sum > size
       ranges
     end
-    # Constant time string comparison.
-    #
-    # NOTE: the values compared should be of fixed length, such as strings
-    # that have already been processed by HMAC. This should not be used
-    # on variable length plaintext strings because it could leak length info
-    # via timing attacks.
-    def secure_compare(a, b)
-      return false unless a.bytesize == b.bytesize
+    # :nocov:
+    if defined?(OpenSSL.fixed_length_secure_compare)
+      # Constant time string comparison.
+      #
+      # NOTE: the values compared should be of fixed length, such as strings
+      # that have already been processed by HMAC. This should not be used
+      # on variable length plaintext strings because it could leak length info
+      # via timing attacks.
+      def secure_compare(a, b)
+        return false unless a.bytesize == b.bytesize
+        OpenSSL.fixed_length_secure_compare(a, b)
+      end
+    # :nocov:
+    else
+      def secure_compare(a, b)
+        return false unless a.bytesize == b.bytesize
-      l = a.unpack("C*")
+        l = a.unpack("C*")
-      r, i = 0, -1
-      b.each_byte { |v| r |= v ^ l[i += 1] }
-      r == 0
+        r, i = 0, -1
+        b.each_byte { |v| r |= v ^ l[i += 1] }
+        r == 0
+      end
     end
     # Context allows the use of a compatible middleware at different points
@@ -429,94 +517,32 @@ module Rack
       end
     end
-    # A case-insensitive Hash that preserves the original case of a
+    # A wrapper around Headers
     # header when set.
     #
     # @api private
     class HeaderHash < Hash # :nodoc:
       def self.[](headers)
-        if headers.is_a?(HeaderHash) && !headers.frozen?
+        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
+        if headers.is_a?(Headers) && !headers.frozen?
           return headers
-        else
-          return self.new(headers)
         end
-      end
-      def initialize(hash = {})
-        super()
-        @names = {}
-        hash.each { |k, v| self[k] = v }
+        new_headers = Headers.new
+        headers.each{|k,v| new_headers[k] = v}
+        new_headers
       end
-      # on dup/clone, we need to duplicate @names hash
-      def initialize_copy(other)
-        super
-        @names = other.names.dup
+      def self.new(hash = {})
+        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
+        headers = Headers.new
+        hash.each{|k,v| headers[k] = v}
+        headers
       end
-      # on clear, we need to clear @names hash
-      def clear
-        super
-        @names.clear
+      def self.allocate
+        raise TypeError, "cannot allocate HeaderHash"
       end
-      def each
-        super do |k, v|
-          yield(k, v.respond_to?(:to_ary) ? v.to_ary.join("\n") : v)
-        end
-      end
-      def to_hash
-        hash = {}
-        each { |k, v| hash[k] = v }
-        hash
-      end
-      def [](k)
-        super(k) || super(@names[k.downcase])
-      end
-      def []=(k, v)
-        canonical = k.downcase.freeze
-        delete k if @names[canonical] && @names[canonical] != k # .delete is expensive, don't invoke it unless necessary
-        @names[canonical] = k
-        super k, v
-      end
-      def delete(k)
-        canonical = k.downcase
-        result = super @names.delete(canonical)
-        result
-      end
-      def include?(k)
-        super || @names.include?(k.downcase)
-      end
-      alias_method :has_key?, :include?
-      alias_method :member?, :include?
-      alias_method :key?, :include?
-      def merge!(other)
-        other.each { |k, v| self[k] = v }
-        self
-      end
-      def merge(other)
-        hash = dup
-        hash.merge! other
-      end
-      def replace(other)
-        clear
-        other.each { |k, v| self[k] = v }
-        self
-      end
-      protected
-        def names
-          @names
-        end
     end
     # Every standard HTTP code mapped to the appropriate message.

data/lib/rack/version.rb CHANGED Viewed

@@ -13,14 +13,19 @@
 module Rack
   # The Rack protocol version number implemented.
-  VERSION = [1, 3]
+  VERSION = [1, 3].freeze
+  deprecate_constant :VERSION
-  # Return the Rack protocol version as a dotted string.
+  VERSION_STRING = "1.3".freeze
+  deprecate_constant :VERSION_STRING
+  # The Rack protocol version number implemented.
   def self.version
-    VERSION.join(".")
+    warn "Rack.version is deprecated and will be removed in Rack 3.1!", uplevel: 1
+    VERSION
   end
-  RELEASE = "2.2.17"
+  RELEASE = "3.0.18"
   # Return the Rack release as a dotted string.
   def self.release