rack 2.2.4 → 3.0.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +152 -71
- data/CONTRIBUTING.md +53 -47
- data/MIT-LICENSE +1 -1
- data/README.md +287 -0
- data/Rakefile +40 -7
- data/SPEC.rdoc +175 -130
- data/contrib/LICENSE.md +7 -0
- data/contrib/logo.webp +0 -0
- data/lib/rack/auth/abstract/handler.rb +3 -1
- data/lib/rack/auth/abstract/request.rb +3 -1
- data/lib/rack/auth/digest/md5.rb +1 -131
- data/lib/rack/auth/digest/nonce.rb +1 -54
- data/lib/rack/auth/digest/params.rb +1 -54
- data/lib/rack/auth/digest/request.rb +1 -43
- data/lib/rack/auth/digest.rb +256 -0
- data/lib/rack/body_proxy.rb +3 -1
- data/lib/rack/builder.rb +60 -42
- data/lib/rack/cascade.rb +2 -0
- data/lib/rack/chunked.rb +16 -13
- data/lib/rack/common_logger.rb +23 -18
- data/lib/rack/conditional_get.rb +18 -15
- data/lib/rack/constants.rb +62 -0
- data/lib/rack/content_length.rb +12 -16
- data/lib/rack/content_type.rb +8 -5
- data/lib/rack/deflater.rb +40 -26
- data/lib/rack/directory.rb +9 -3
- data/lib/rack/etag.rb +14 -23
- data/lib/rack/events.rb +4 -0
- data/lib/rack/file.rb +2 -0
- data/lib/rack/files.rb +15 -17
- data/lib/rack/head.rb +9 -8
- data/lib/rack/headers.rb +154 -0
- data/lib/rack/lint.rb +764 -684
- data/lib/rack/lock.rb +2 -5
- data/lib/rack/logger.rb +2 -0
- data/lib/rack/media_type.rb +1 -1
- data/lib/rack/method_override.rb +4 -0
- data/lib/rack/mime.rb +8 -0
- data/lib/rack/mock.rb +1 -271
- data/lib/rack/mock_request.rb +166 -0
- data/lib/rack/mock_response.rb +124 -0
- data/lib/rack/multipart/generator.rb +7 -5
- data/lib/rack/multipart/parser.rb +118 -61
- data/lib/rack/multipart/uploaded_file.rb +4 -0
- data/lib/rack/multipart.rb +20 -40
- data/lib/rack/null_logger.rb +9 -0
- data/lib/rack/query_parser.rb +76 -44
- data/lib/rack/recursive.rb +2 -0
- data/lib/rack/reloader.rb +0 -2
- data/lib/rack/request.rb +187 -89
- data/lib/rack/response.rb +131 -61
- data/lib/rack/rewindable_input.rb +24 -5
- data/lib/rack/runtime.rb +7 -6
- data/lib/rack/sendfile.rb +30 -25
- data/lib/rack/show_exceptions.rb +15 -2
- data/lib/rack/show_status.rb +17 -7
- data/lib/rack/static.rb +8 -8
- data/lib/rack/tempfile_reaper.rb +15 -4
- data/lib/rack/urlmap.rb +3 -1
- data/lib/rack/utils.rb +199 -173
- data/lib/rack/version.rb +9 -4
- data/lib/rack.rb +5 -76
- data/rack.gemspec +6 -6
- metadata +22 -34
- data/README.rdoc +0 -306
- data/bin/rackup +0 -5
- data/contrib/rack.png +0 -0
- data/contrib/rack.svg +0 -150
- data/contrib/rack_logo.svg +0 -164
- data/lib/rack/core_ext/regexp.rb +0 -14
- data/lib/rack/handler/cgi.rb +0 -59
- data/lib/rack/handler/fastcgi.rb +0 -100
- data/lib/rack/handler/lsws.rb +0 -61
- data/lib/rack/handler/scgi.rb +0 -71
- data/lib/rack/handler/thin.rb +0 -36
- data/lib/rack/handler/webrick.rb +0 -129
- data/lib/rack/handler.rb +0 -104
- data/lib/rack/lobster.rb +0 -70
- data/lib/rack/server.rb +0 -466
- data/lib/rack/session/abstract/id.rb +0 -523
- data/lib/rack/session/cookie.rb +0 -203
- data/lib/rack/session/memcache.rb +0 -10
- data/lib/rack/session/pool.rb +0 -85
data/lib/rack/static.rb
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require_relative 'constants'
|
4
|
+
require_relative 'files'
|
5
|
+
require_relative 'mime'
|
6
|
+
|
3
7
|
module Rack
|
4
8
|
|
5
9
|
# The Rack::Static middleware intercepts requests for static files
|
@@ -78,16 +82,14 @@ module Rack
|
|
78
82
|
# :header_rules => [
|
79
83
|
# # Cache all static files in public caches (e.g. Rack::Cache)
|
80
84
|
# # as well as in the browser
|
81
|
-
# [:all, {'
|
85
|
+
# [:all, {'cache-control' => 'public, max-age=31536000'}],
|
82
86
|
#
|
83
87
|
# # Provide web fonts with cross-origin access-control-headers
|
84
88
|
# # Firefox requires this when serving assets using a Content Delivery Network
|
85
|
-
# [:fonts, {'
|
89
|
+
# [:fonts, {'access-control-allow-origin' => '*'}]
|
86
90
|
# ]
|
87
91
|
#
|
88
92
|
class Static
|
89
|
-
(require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
|
90
|
-
|
91
93
|
def initialize(app, options = {})
|
92
94
|
@app = app
|
93
95
|
@urls = options[:urls] || ["/favicon.ico"]
|
@@ -137,10 +139,8 @@ module Rack
|
|
137
139
|
elsif response[0] == 304
|
138
140
|
# Do nothing, leave headers as is
|
139
141
|
else
|
140
|
-
|
141
|
-
|
142
|
-
end
|
143
|
-
response[1]['Content-Encoding'] = 'gzip'
|
142
|
+
response[1][CONTENT_TYPE] = Mime.mime_type(::File.extname(path), 'text/plain')
|
143
|
+
response[1]['content-encoding'] = 'gzip'
|
144
144
|
end
|
145
145
|
end
|
146
146
|
|
data/lib/rack/tempfile_reaper.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require_relative 'constants'
|
4
|
+
require_relative 'body_proxy'
|
5
|
+
|
3
6
|
module Rack
|
4
7
|
|
5
8
|
# Middleware tracks and cleans Tempfiles created throughout a request (i.e. Rack::Multipart)
|
@@ -12,11 +15,19 @@ module Rack
|
|
12
15
|
|
13
16
|
def call(env)
|
14
17
|
env[RACK_TEMPFILES] ||= []
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
+
|
19
|
+
begin
|
20
|
+
_, _, body = response = @app.call(env)
|
21
|
+
rescue Exception
|
22
|
+
env[RACK_TEMPFILES]&.each(&:close!)
|
23
|
+
raise
|
18
24
|
end
|
19
|
-
|
25
|
+
|
26
|
+
response[2] = BodyProxy.new(body) do
|
27
|
+
env[RACK_TEMPFILES]&.each(&:close!)
|
28
|
+
end
|
29
|
+
|
30
|
+
response
|
20
31
|
end
|
21
32
|
end
|
22
33
|
end
|
data/lib/rack/urlmap.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
require 'set'
|
4
4
|
|
5
|
+
require_relative 'constants'
|
6
|
+
|
5
7
|
module Rack
|
6
8
|
# Rack::URLMap takes a hash mapping urls or paths to apps, and
|
7
9
|
# dispatches accordingly. Support for HTTP/1.1 host names exists if
|
@@ -74,7 +76,7 @@ module Rack
|
|
74
76
|
return app.call(env)
|
75
77
|
end
|
76
78
|
|
77
|
-
[404, { CONTENT_TYPE => "text/plain", "
|
79
|
+
[404, { CONTENT_TYPE => "text/plain", "x-cascade" => "pass" }, ["Not Found: #{path}"]]
|
78
80
|
|
79
81
|
ensure
|
80
82
|
env[PATH_INFO] = path
|
data/lib/rack/utils.rb
CHANGED
@@ -8,29 +8,29 @@ require 'tempfile'
|
|
8
8
|
require 'time'
|
9
9
|
|
10
10
|
require_relative 'query_parser'
|
11
|
+
require_relative 'mime'
|
12
|
+
require_relative 'headers'
|
13
|
+
require_relative 'constants'
|
11
14
|
|
12
15
|
module Rack
|
13
16
|
# Rack::Utils contains a grab-bag of useful methods for writing web
|
14
17
|
# applications adopted from all kinds of Ruby libraries.
|
15
18
|
|
16
19
|
module Utils
|
17
|
-
(require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
|
18
|
-
|
19
20
|
ParameterTypeError = QueryParser::ParameterTypeError
|
20
21
|
InvalidParameterError = QueryParser::InvalidParameterError
|
22
|
+
ParamsTooDeepError = QueryParser::ParamsTooDeepError
|
21
23
|
DEFAULT_SEP = QueryParser::DEFAULT_SEP
|
22
24
|
COMMON_SEP = QueryParser::COMMON_SEP
|
23
25
|
KeySpaceConstrainedParams = QueryParser::Params
|
24
26
|
|
25
|
-
RFC2822_DAY_NAME = [ 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' ]
|
26
|
-
RFC2822_MONTH_NAME = [ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ]
|
27
|
-
|
28
27
|
class << self
|
29
28
|
attr_accessor :default_query_parser
|
30
29
|
end
|
31
|
-
# The default
|
32
|
-
# This helps prevent a rogue client from
|
33
|
-
|
30
|
+
# The default amount of nesting to allowed by hash parameters.
|
31
|
+
# This helps prevent a rogue client from triggering a possible stack overflow
|
32
|
+
# when parsing parameters.
|
33
|
+
self.default_query_parser = QueryParser.make_default(32)
|
34
34
|
|
35
35
|
module_function
|
36
36
|
|
@@ -75,11 +75,12 @@ module Rack
|
|
75
75
|
end
|
76
76
|
|
77
77
|
def self.key_space_limit
|
78
|
-
|
78
|
+
warn("`Rack::Utils.key_space_limit` is deprecated as this value no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
|
79
|
+
65536
|
79
80
|
end
|
80
81
|
|
81
82
|
def self.key_space_limit=(v)
|
82
|
-
|
83
|
+
warn("`Rack::Utils.key_space_limit=` is deprecated and no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
|
83
84
|
end
|
84
85
|
|
85
86
|
if defined?(Process::CLOCK_MONOTONIC)
|
@@ -141,6 +142,19 @@ module Rack
|
|
141
142
|
end
|
142
143
|
end
|
143
144
|
|
145
|
+
def forwarded_values(forwarded_header)
|
146
|
+
return nil unless forwarded_header
|
147
|
+
forwarded_header = forwarded_header.to_s.gsub("\n", ";")
|
148
|
+
|
149
|
+
forwarded_header.split(/\s*;\s*/).each_with_object({}) do |field, values|
|
150
|
+
field.split(/\s*,\s*/).each do |pair|
|
151
|
+
return nil unless pair =~ /\A\s*(by|for|host|proto)\s*=\s*"?([^"]+)"?\s*\Z/i
|
152
|
+
(values[$1.downcase.to_sym] ||= []) << $2
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
module_function :forwarded_values
|
157
|
+
|
144
158
|
# Return best accept value to use, based on the algorithm
|
145
159
|
# in RFC 2616 Section 14. If there are multiple best
|
146
160
|
# matches (same specificity and quality), the value returned
|
@@ -155,7 +169,7 @@ module Rack
|
|
155
169
|
end.compact.sort_by do |match, quality|
|
156
170
|
(match.split('/', 2).count('*') * -10) + quality
|
157
171
|
end.last
|
158
|
-
matches
|
172
|
+
matches&.first
|
159
173
|
end
|
160
174
|
|
161
175
|
ESCAPE_HTML = {
|
@@ -206,17 +220,20 @@ module Rack
|
|
206
220
|
(encoding_candidates & available_encodings)[0]
|
207
221
|
end
|
208
222
|
|
209
|
-
|
210
|
-
|
211
|
-
|
223
|
+
# :call-seq:
|
224
|
+
# parse_cookies_header(value) -> hash
|
225
|
+
#
|
226
|
+
# Parse cookies from the provided header +value+ according to RFC6265. The
|
227
|
+
# syntax for cookie headers only supports semicolons. Returns a map of
|
228
|
+
# cookie +key+ to cookie +value+.
|
229
|
+
#
|
230
|
+
# parse_cookies_header('myname=myvalue; max-age=0')
|
231
|
+
# # => {"myname"=>"myvalue", "max-age"=>"0"}
|
232
|
+
#
|
233
|
+
def parse_cookies_header(value)
|
234
|
+
return {} unless value
|
212
235
|
|
213
|
-
|
214
|
-
# According to RFC 6265:
|
215
|
-
# The syntax for cookie headers only supports semicolons
|
216
|
-
# User Agent -> Server ==
|
217
|
-
# Cookie: SID=31d4d96e407aad42; lang=en-US
|
218
|
-
return {} unless header
|
219
|
-
header.split(/[;] */n).each_with_object({}) do |cookie, cookies|
|
236
|
+
value.split(/; */n).each_with_object({}) do |cookie, cookies|
|
220
237
|
next if cookie.empty?
|
221
238
|
key, value = cookie.split('=', 2)
|
222
239
|
cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)
|
@@ -224,14 +241,66 @@ module Rack
|
|
224
241
|
end
|
225
242
|
|
226
243
|
def add_cookie_to_header(header, key, value)
|
244
|
+
warn("add_cookie_to_header is deprecated and will be removed in Rack 3.1", uplevel: 1)
|
245
|
+
|
246
|
+
case header
|
247
|
+
when nil, ''
|
248
|
+
return set_cookie_header(key, value)
|
249
|
+
when String
|
250
|
+
[header, set_cookie_header(key, value)]
|
251
|
+
when Array
|
252
|
+
header + [set_cookie_header(key, value)]
|
253
|
+
else
|
254
|
+
raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
258
|
+
# :call-seq:
|
259
|
+
# parse_cookies(env) -> hash
|
260
|
+
#
|
261
|
+
# Parse cookies from the provided request environment using
|
262
|
+
# parse_cookies_header. Returns a map of cookie +key+ to cookie +value+.
|
263
|
+
#
|
264
|
+
# parse_cookies({'HTTP_COOKIE' => 'myname=myvalue'})
|
265
|
+
# # => {'myname' => 'myvalue'}
|
266
|
+
#
|
267
|
+
def parse_cookies(env)
|
268
|
+
parse_cookies_header env[HTTP_COOKIE]
|
269
|
+
end
|
270
|
+
|
271
|
+
# :call-seq:
|
272
|
+
# set_cookie_header(key, value) -> encoded string
|
273
|
+
#
|
274
|
+
# Generate an encoded string using the provided +key+ and +value+ suitable
|
275
|
+
# for the +set-cookie+ header according to RFC6265. The +value+ may be an
|
276
|
+
# instance of either +String+ or +Hash+.
|
277
|
+
#
|
278
|
+
# If the cookie +value+ is an instance of +Hash+, it considers the following
|
279
|
+
# cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
|
280
|
+
# of +Time+), +secure+, +http_only+, +same_site+ and +value+. For more
|
281
|
+
# details about the interpretation of these fields, consult
|
282
|
+
# [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
|
283
|
+
#
|
284
|
+
# An extra cookie attribute +escape_key+ can be provided to control whether
|
285
|
+
# or not the cookie key is URL encoded. If explicitly set to +false+, the
|
286
|
+
# cookie key name will not be url encoded (escaped). The default is +true+.
|
287
|
+
#
|
288
|
+
# set_cookie_header("myname", "myvalue")
|
289
|
+
# # => "myname=myvalue"
|
290
|
+
#
|
291
|
+
# set_cookie_header("myname", {value: "myvalue", max_age: 10})
|
292
|
+
# # => "myname=myvalue; max-age=10"
|
293
|
+
#
|
294
|
+
def set_cookie_header(key, value)
|
227
295
|
case value
|
228
296
|
when Hash
|
297
|
+
key = escape(key) unless value[:escape_key] == false
|
229
298
|
domain = "; domain=#{value[:domain]}" if value[:domain]
|
230
299
|
path = "; path=#{value[:path]}" if value[:path]
|
231
300
|
max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
|
232
301
|
expires = "; expires=#{value[:expires].httpdate}" if value[:expires]
|
233
302
|
secure = "; secure" if value[:secure]
|
234
|
-
httponly = ";
|
303
|
+
httponly = "; httponly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
|
235
304
|
same_site =
|
236
305
|
case value[:same_site]
|
237
306
|
when false, nil
|
@@ -246,100 +315,109 @@ module Rack
|
|
246
315
|
raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
|
247
316
|
end
|
248
317
|
value = value[:value]
|
318
|
+
else
|
319
|
+
key = escape(key)
|
249
320
|
end
|
321
|
+
|
250
322
|
value = [value] unless Array === value
|
251
323
|
|
252
|
-
|
324
|
+
return "#{key}=#{value.map { |v| escape v }.join('&')}#{domain}" \
|
253
325
|
"#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
|
326
|
+
end
|
254
327
|
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
328
|
+
# :call-seq:
|
329
|
+
# set_cookie_header!(headers, key, value) -> header value
|
330
|
+
#
|
331
|
+
# Append a cookie in the specified headers with the given cookie +key+ and
|
332
|
+
# +value+ using set_cookie_header.
|
333
|
+
#
|
334
|
+
# If the headers already contains a +set-cookie+ key, it will be converted
|
335
|
+
# to an +Array+ if not already, and appended to.
|
336
|
+
def set_cookie_header!(headers, key, value)
|
337
|
+
if header = headers[SET_COOKIE]
|
338
|
+
if header.is_a?(Array)
|
339
|
+
header << set_cookie_header(key, value)
|
340
|
+
else
|
341
|
+
headers[SET_COOKIE] = [header, set_cookie_header(key, value)]
|
342
|
+
end
|
262
343
|
else
|
263
|
-
|
344
|
+
headers[SET_COOKIE] = set_cookie_header(key, value)
|
264
345
|
end
|
265
346
|
end
|
266
347
|
|
267
|
-
|
268
|
-
|
269
|
-
|
348
|
+
# :call-seq:
|
349
|
+
# delete_set_cookie_header(key, value = {}) -> encoded string
|
350
|
+
#
|
351
|
+
# Generate an encoded string based on the given +key+ and +value+ using
|
352
|
+
# set_cookie_header for the purpose of causing the specified cookie to be
|
353
|
+
# deleted. The +value+ may be an instance of +Hash+ and can include
|
354
|
+
# attributes as outlined by set_cookie_header. The encoded cookie will have
|
355
|
+
# a +max_age+ of 0 seconds, an +expires+ date in the past and an empty
|
356
|
+
# +value+. When used with the +set-cookie+ header, it will cause the client
|
357
|
+
# to *remove* any matching cookie.
|
358
|
+
#
|
359
|
+
# delete_set_cookie_header("myname")
|
360
|
+
# # => "myname=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"
|
361
|
+
#
|
362
|
+
def delete_set_cookie_header(key, value = {})
|
363
|
+
set_cookie_header(key, value.merge(max_age: '0', expires: Time.at(0), value: ''))
|
270
364
|
end
|
271
365
|
|
272
366
|
def make_delete_cookie_header(header, key, value)
|
273
|
-
|
274
|
-
when nil, ''
|
275
|
-
cookies = []
|
276
|
-
when String
|
277
|
-
cookies = header.split("\n")
|
278
|
-
when Array
|
279
|
-
cookies = header
|
280
|
-
end
|
281
|
-
|
282
|
-
key = escape(key)
|
283
|
-
domain = value[:domain]
|
284
|
-
path = value[:path]
|
285
|
-
regexp = if domain
|
286
|
-
if path
|
287
|
-
/\A#{key}=.*(?:domain=#{domain}(?:;|$).*path=#{path}(?:;|$)|path=#{path}(?:;|$).*domain=#{domain}(?:;|$))/
|
288
|
-
else
|
289
|
-
/\A#{key}=.*domain=#{domain}(?:;|$)/
|
290
|
-
end
|
291
|
-
elsif path
|
292
|
-
/\A#{key}=.*path=#{path}(?:;|$)/
|
293
|
-
else
|
294
|
-
/\A#{key}=/
|
295
|
-
end
|
296
|
-
|
297
|
-
cookies.reject! { |cookie| regexp.match? cookie }
|
367
|
+
warn("make_delete_cookie_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
|
298
368
|
|
299
|
-
|
369
|
+
delete_set_cookie_header!(header, key, value)
|
300
370
|
end
|
301
371
|
|
302
|
-
def delete_cookie_header!(
|
303
|
-
|
304
|
-
|
372
|
+
def delete_cookie_header!(headers, key, value = {})
|
373
|
+
headers[SET_COOKIE] = delete_set_cookie_header!(headers[SET_COOKIE], key, value)
|
374
|
+
|
375
|
+
return nil
|
305
376
|
end
|
306
377
|
|
307
|
-
# Adds a cookie that will *remove* a cookie from the client. Hence the
|
308
|
-
# strange method name.
|
309
378
|
def add_remove_cookie_to_header(header, key, value = {})
|
310
|
-
|
379
|
+
warn("add_remove_cookie_to_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
|
311
380
|
|
312
|
-
|
313
|
-
|
314
|
-
max_age: '0',
|
315
|
-
expires: Time.at(0) }.merge(value))
|
381
|
+
delete_set_cookie_header!(header, key, value)
|
382
|
+
end
|
316
383
|
|
384
|
+
# :call-seq:
|
385
|
+
# delete_set_cookie_header!(header, key, value = {}) -> header value
|
386
|
+
#
|
387
|
+
# Set an expired cookie in the specified headers with the given cookie
|
388
|
+
# +key+ and +value+ using delete_set_cookie_header. This causes
|
389
|
+
# the client to immediately delete the specified cookie.
|
390
|
+
#
|
391
|
+
# delete_set_cookie_header!(nil, "mycookie")
|
392
|
+
# # => "mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"
|
393
|
+
#
|
394
|
+
# If the header is non-nil, it will be modified in place.
|
395
|
+
#
|
396
|
+
# header = []
|
397
|
+
# delete_set_cookie_header!(header, "mycookie")
|
398
|
+
# # => ["mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"]
|
399
|
+
# header
|
400
|
+
# # => ["mycookie=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"]
|
401
|
+
#
|
402
|
+
def delete_set_cookie_header!(header, key, value = {})
|
403
|
+
if header
|
404
|
+
header = Array(header)
|
405
|
+
header << delete_set_cookie_header(key, value)
|
406
|
+
else
|
407
|
+
header = delete_set_cookie_header(key, value)
|
408
|
+
end
|
409
|
+
|
410
|
+
return header
|
317
411
|
end
|
318
412
|
|
319
413
|
def rfc2822(time)
|
320
414
|
time.rfc2822
|
321
415
|
end
|
322
416
|
|
323
|
-
# Modified version of stdlib time.rb Time#rfc2822 to use '%d-%b-%Y' instead
|
324
|
-
# of '% %b %Y'.
|
325
|
-
# It assumes that the time is in GMT to comply to the RFC 2109.
|
326
|
-
#
|
327
|
-
# NOTE: I'm not sure the RFC says it requires GMT, but is ambiguous enough
|
328
|
-
# that I'm certain someone implemented only that option.
|
329
|
-
# Do not use %a and %b from Time.strptime, it would use localized names for
|
330
|
-
# weekday and month.
|
331
|
-
#
|
332
|
-
def rfc2109(time)
|
333
|
-
wday = RFC2822_DAY_NAME[time.wday]
|
334
|
-
mon = RFC2822_MONTH_NAME[time.mon - 1]
|
335
|
-
time.strftime("#{wday}, %d-#{mon}-%Y %H:%M:%S GMT")
|
336
|
-
end
|
337
|
-
|
338
417
|
# Parses the "Range:" header, if present, into an array of Range objects.
|
339
418
|
# Returns nil if the header is missing or syntactically invalid.
|
340
419
|
# Returns an empty array if none of the ranges are satisfiable.
|
341
420
|
def byte_ranges(env, size)
|
342
|
-
warn "`byte_ranges` is deprecated, please use `get_byte_ranges`" if $VERBOSE
|
343
421
|
get_byte_ranges env['HTTP_RANGE'], size
|
344
422
|
end
|
345
423
|
|
@@ -371,20 +449,30 @@ module Rack
|
|
371
449
|
ranges
|
372
450
|
end
|
373
451
|
|
374
|
-
#
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
452
|
+
# :nocov:
|
453
|
+
if defined?(OpenSSL.fixed_length_secure_compare)
|
454
|
+
# Constant time string comparison.
|
455
|
+
#
|
456
|
+
# NOTE: the values compared should be of fixed length, such as strings
|
457
|
+
# that have already been processed by HMAC. This should not be used
|
458
|
+
# on variable length plaintext strings because it could leak length info
|
459
|
+
# via timing attacks.
|
460
|
+
def secure_compare(a, b)
|
461
|
+
return false unless a.bytesize == b.bytesize
|
462
|
+
|
463
|
+
OpenSSL.fixed_length_secure_compare(a, b)
|
464
|
+
end
|
465
|
+
# :nocov:
|
466
|
+
else
|
467
|
+
def secure_compare(a, b)
|
468
|
+
return false unless a.bytesize == b.bytesize
|
382
469
|
|
383
|
-
|
470
|
+
l = a.unpack("C*")
|
384
471
|
|
385
|
-
|
386
|
-
|
387
|
-
|
472
|
+
r, i = 0, -1
|
473
|
+
b.each_byte { |v| r |= v ^ l[i += 1] }
|
474
|
+
r == 0
|
475
|
+
end
|
388
476
|
end
|
389
477
|
|
390
478
|
# Context allows the use of a compatible middleware at different points
|
@@ -413,94 +501,32 @@ module Rack
|
|
413
501
|
end
|
414
502
|
end
|
415
503
|
|
416
|
-
# A
|
504
|
+
# A wrapper around Headers
|
417
505
|
# header when set.
|
418
506
|
#
|
419
507
|
# @api private
|
420
508
|
class HeaderHash < Hash # :nodoc:
|
421
509
|
def self.[](headers)
|
422
|
-
|
510
|
+
warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
|
511
|
+
if headers.is_a?(Headers) && !headers.frozen?
|
423
512
|
return headers
|
424
|
-
else
|
425
|
-
return self.new(headers)
|
426
513
|
end
|
427
|
-
end
|
428
514
|
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
hash.each { |k, v| self[k] = v }
|
515
|
+
new_headers = Headers.new
|
516
|
+
headers.each{|k,v| new_headers[k] = v}
|
517
|
+
new_headers
|
433
518
|
end
|
434
519
|
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
|
520
|
+
def self.new(hash = {})
|
521
|
+
warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
|
522
|
+
headers = Headers.new
|
523
|
+
hash.each{|k,v| headers[k] = v}
|
524
|
+
headers
|
439
525
|
end
|
440
526
|
|
441
|
-
|
442
|
-
|
443
|
-
super
|
444
|
-
@names.clear
|
527
|
+
def self.allocate
|
528
|
+
raise TypeError, "cannot allocate HeaderHash"
|
445
529
|
end
|
446
|
-
|
447
|
-
def each
|
448
|
-
super do |k, v|
|
449
|
-
yield(k, v.respond_to?(:to_ary) ? v.to_ary.join("\n") : v)
|
450
|
-
end
|
451
|
-
end
|
452
|
-
|
453
|
-
def to_hash
|
454
|
-
hash = {}
|
455
|
-
each { |k, v| hash[k] = v }
|
456
|
-
hash
|
457
|
-
end
|
458
|
-
|
459
|
-
def [](k)
|
460
|
-
super(k) || super(@names[k.downcase])
|
461
|
-
end
|
462
|
-
|
463
|
-
def []=(k, v)
|
464
|
-
canonical = k.downcase.freeze
|
465
|
-
delete k if @names[canonical] && @names[canonical] != k # .delete is expensive, don't invoke it unless necessary
|
466
|
-
@names[canonical] = k
|
467
|
-
super k, v
|
468
|
-
end
|
469
|
-
|
470
|
-
def delete(k)
|
471
|
-
canonical = k.downcase
|
472
|
-
result = super @names.delete(canonical)
|
473
|
-
result
|
474
|
-
end
|
475
|
-
|
476
|
-
def include?(k)
|
477
|
-
super || @names.include?(k.downcase)
|
478
|
-
end
|
479
|
-
|
480
|
-
alias_method :has_key?, :include?
|
481
|
-
alias_method :member?, :include?
|
482
|
-
alias_method :key?, :include?
|
483
|
-
|
484
|
-
def merge!(other)
|
485
|
-
other.each { |k, v| self[k] = v }
|
486
|
-
self
|
487
|
-
end
|
488
|
-
|
489
|
-
def merge(other)
|
490
|
-
hash = dup
|
491
|
-
hash.merge! other
|
492
|
-
end
|
493
|
-
|
494
|
-
def replace(other)
|
495
|
-
clear
|
496
|
-
other.each { |k, v| self[k] = v }
|
497
|
-
self
|
498
|
-
end
|
499
|
-
|
500
|
-
protected
|
501
|
-
def names
|
502
|
-
@names
|
503
|
-
end
|
504
530
|
end
|
505
531
|
|
506
532
|
# Every standard HTTP code mapped to the appropriate message.
|
data/lib/rack/version.rb
CHANGED
@@ -13,14 +13,19 @@
|
|
13
13
|
|
14
14
|
module Rack
|
15
15
|
# The Rack protocol version number implemented.
|
16
|
-
VERSION = [1, 3]
|
16
|
+
VERSION = [1, 3].freeze
|
17
|
+
deprecate_constant :VERSION
|
17
18
|
|
18
|
-
|
19
|
+
VERSION_STRING = "1.3".freeze
|
20
|
+
deprecate_constant :VERSION_STRING
|
21
|
+
|
22
|
+
# The Rack protocol version number implemented.
|
19
23
|
def self.version
|
20
|
-
|
24
|
+
warn "Rack.version is deprecated and will be removed in Rack 3.1!", uplevel: 1
|
25
|
+
VERSION
|
21
26
|
end
|
22
27
|
|
23
|
-
RELEASE = "
|
28
|
+
RELEASE = "3.0.0.beta1"
|
24
29
|
|
25
30
|
# Return the Rack release as a dotted string.
|
26
31
|
def self.release
|