rack 3.0.1 → 3.0.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 188a0efbbd783c3fb499725bf81b141a40fbf5a6e47b41b401bdbfd270beba96
4
- data.tar.gz: fbbb869dab4d6946155e977bb2814768dc245a1c1a37472f072df9d5d9d638bd
3
+ metadata.gz: 1ef3f40b22f1176082dbf385b1370a4453d6f2547bb821b86464b2e282d599f0
4
+ data.tar.gz: cbdc48698cce4a62c73e202f75f9226663c484395576188800e3a063aac9c341
5
5
  SHA512:
6
- metadata.gz: 22d9827dfb149e42232b10fccceb117d25513776e017e0221d81e980e30ab06285a55f05297808958c830dd023b43c38f098a1245a24ba8b11362d6ede4fe03b
7
- data.tar.gz: 30cf292f7c1a19dba1988d4637afedb68acd97c9adb60040f157c7eedc3ac20a0a79ef1330759d5c09da77c17aed818885c19665840b26a0b68089f9722a529d
6
+ metadata.gz: 15759c4ffbf202d6697e4eb440e470e49e2d81a211e29b5a3eb8580765ff93c77cdbda66927f42f098246a3b7ba2e62c2971703b9a2be51ff3f4cc7fcadb5f8e
7
+ data.tar.gz: f0bb7abd2f11b80c3ac6286ac6db9395e635cdd90cc621a35a248fdf987b2e03174502c769093790c4a128429feefc6ee8beca2ec3f138a5615c0c79443af876
data/CHANGELOG.md CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
4
4
 
5
+ ## [3.0.2] -2022-12-05
6
+
7
+ ### Fixed
8
+
9
+ - `Utils.build_nested_query` URL-encodes nested field names including the square brackets.
10
+ - Allow `Rack::Response` to pass through streaming bodies. ([#1993](https://github.com/rack/rack/pull/1993), [@ioquatix])
11
+
5
12
  ## [3.0.1] - 2022-11-18
6
13
 
7
14
  ### Fixed
@@ -41,7 +48,7 @@ All notable changes to this project will be documented in this file. For info on
41
48
  - `SERVER_PROTOCOL` is now a required environment key, matching the HTTP protocol used in the request.
42
49
  - `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional.
43
50
  - `rack.hijack_io` has been removed completely.
44
- - `rack.response_finished` is an optional environment key which contains an array of callable objects that must accept `#call(env, status, headers, error)` and are invoked after the response is finished (either successfully or unsucessfully).
51
+ - `rack.response_finished` is an optional environment key which contains an array of callable objects that must accept `#call(env, status, headers, error)` and are invoked after the response is finished (either successfully or unsuccessfully).
45
52
  - It is okay to call `#close` on `rack.input` to indicate that you no longer need or care about the input.
46
53
  - The stream argument supplied to the streaming body and hijack must support `#<<` for writing output.
47
54
 
@@ -10,8 +10,6 @@ module Rack
10
10
  #
11
11
  # Initialize with the Rack application that you want protecting,
12
12
  # and a block that checks if a username and password pair are valid.
13
- #
14
- # See also: <tt>example/protectedlobster.rb</tt>
15
13
 
16
14
  class Basic < AbstractHandler
17
15
 
data/lib/rack/builder.rb CHANGED
@@ -10,26 +10,23 @@ module Rack
10
10
  #
11
11
  # Example:
12
12
  #
13
- # require 'rack/lobster'
14
- # app = Rack::Builder.new do
15
- # use Rack::CommonLogger
16
- # use Rack::ShowExceptions
17
- # map "/lobster" do
18
- # use Rack::Lint
19
- # run Rack::Lobster.new
20
- # end
21
- # end
13
+ # app = Rack::Builder.new do
14
+ # use Rack::CommonLogger
15
+ # map "/ok" do
16
+ # run lambda { |env| [200, {'content-type' => 'text/plain'}, ['OK']] }
17
+ # end
18
+ # end
22
19
  #
23
- # run app
20
+ # run app
24
21
  #
25
22
  # Or
26
23
  #
27
- # app = Rack::Builder.app do
28
- # use Rack::CommonLogger
29
- # run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['OK']] }
30
- # end
24
+ # app = Rack::Builder.app do
25
+ # use Rack::CommonLogger
26
+ # run lambda { |env| [200, {'content-type' => 'text/plain'}, ['OK']] }
27
+ # end
31
28
  #
32
- # run app
29
+ # run app
33
30
  #
34
31
  # +use+ adds middleware to the stack, +run+ dispatches to an application.
35
32
  # You can use +map+ to construct a Rack::URLMap in a convenient way.
@@ -180,15 +177,6 @@ module Rack
180
177
  #
181
178
  # run Heartbeat.new
182
179
  #
183
- # It could also be a module:
184
- #
185
- # module HelloWorld
186
- # def call(env)
187
- # [200, { "content-type" => "text/plain" }, ["Hello World"]]
188
- # end
189
- # end
190
- #
191
- # run HelloWorld
192
180
  def run(app = nil, &block)
193
181
  raise ArgumentError, "Both app and block given!" if app && block_given?
194
182
 
@@ -213,21 +201,35 @@ module Rack
213
201
  # the Rack application specified by run inside the block. Other requests will be sent to the
214
202
  # default application specified by run outside the block.
215
203
  #
216
- # Rack::Builder.app do
204
+ # class App
205
+ # def call(env)
206
+ # [200, {'content-type' => 'text/plain'}, ["Hello World"]]
207
+ # end
208
+ # end
209
+ #
210
+ # class Heartbeat
211
+ # def call(env)
212
+ # [200, { "content-type" => "text/plain" }, ["OK"]]
213
+ # end
214
+ # end
215
+ #
216
+ # app = Rack::Builder.app do
217
217
  # map '/heartbeat' do
218
- # run Heartbeat
218
+ # run Heartbeat.new
219
219
  # end
220
- # run App
220
+ # run App.new
221
221
  # end
222
222
  #
223
+ # run app
224
+ #
223
225
  # The +use+ method can also be used inside the block to specify middleware to run under a specific path:
224
226
  #
225
- # Rack::Builder.app do
227
+ # app = Rack::Builder.app do
226
228
  # map '/heartbeat' do
227
229
  # use Middleware
228
- # run Heartbeat
230
+ # run Heartbeat.new
229
231
  # end
230
- # run App
232
+ # run App.new
231
233
  # end
232
234
  #
233
235
  # This example includes a piece of middleware which will run before +/heartbeat+ requests hit +Heartbeat+.
@@ -14,7 +14,7 @@ module Rack
14
14
  SERVER_NAME = 'SERVER_NAME'
15
15
  SERVER_PORT = 'SERVER_PORT'
16
16
  HTTP_COOKIE = 'HTTP_COOKIE'
17
-
17
+
18
18
  # Response Header Keys
19
19
  CACHE_CONTROL = 'cache-control'
20
20
  CONTENT_LENGTH = 'content-length'
data/lib/rack/headers.rb CHANGED
@@ -31,7 +31,7 @@ module Rack
31
31
  super(key.downcase.freeze, value)
32
32
  end
33
33
  alias store []=
34
-
34
+
35
35
  def assoc(key)
36
36
  super(downcase_key(key))
37
37
  end
@@ -43,7 +43,7 @@ module Rack
43
43
  def delete(key)
44
44
  super(downcase_key(key))
45
45
  end
46
-
46
+
47
47
  def dig(key, *a)
48
48
  super(downcase_key(key), *a)
49
49
  end
@@ -52,7 +52,7 @@ module Rack
52
52
  key = downcase_key(key)
53
53
  super
54
54
  end
55
-
55
+
56
56
  def fetch_values(*a)
57
57
  super(*a.map!{|key| downcase_key(key)})
58
58
  end
@@ -63,34 +63,34 @@ module Rack
63
63
  alias include? has_key?
64
64
  alias key? has_key?
65
65
  alias member? has_key?
66
-
66
+
67
67
  def invert
68
68
  hash = self.class.new
69
69
  each{|key, value| hash[value] = key}
70
70
  hash
71
71
  end
72
-
72
+
73
73
  def merge(hash, &block)
74
74
  dup.merge!(hash, &block)
75
75
  end
76
-
76
+
77
77
  def reject(&block)
78
78
  hash = dup
79
79
  hash.reject!(&block)
80
80
  hash
81
81
  end
82
-
82
+
83
83
  def replace(hash)
84
84
  clear
85
85
  update(hash)
86
86
  end
87
-
87
+
88
88
  def select(&block)
89
89
  hash = dup
90
90
  hash.select!(&block)
91
91
  hash
92
92
  end
93
-
93
+
94
94
  def to_proc
95
95
  lambda{|x| self[x]}
96
96
  end
@@ -100,10 +100,10 @@ module Rack
100
100
  end
101
101
 
102
102
  def update(hash, &block)
103
- hash.each do |key, value|
103
+ hash.each do |key, value|
104
104
  self[key] = if block_given? && include?(key)
105
105
  block.call(key, self[key], value)
106
- else
106
+ else
107
107
  value
108
108
  end
109
109
  end
@@ -114,7 +114,7 @@ module Rack
114
114
  def values_at(*keys)
115
115
  keys.map{|key| self[key]}
116
116
  end
117
-
117
+
118
118
  # :nocov:
119
119
  if RUBY_VERSION >= '2.5'
120
120
  # :nocov:
data/lib/rack/lint.rb CHANGED
@@ -629,7 +629,7 @@ module Rack
629
629
  unless headers.kind_of?(Hash)
630
630
  raise LintError, "headers object should be a hash, but isn't (got #{headers.class} as headers)"
631
631
  end
632
-
632
+
633
633
  if headers.frozen?
634
634
  raise LintError, "headers object should not be frozen, but is"
635
635
  end
@@ -889,7 +889,7 @@ module Rack
889
889
 
890
890
  def initialize(stream)
891
891
  @stream = stream
892
-
892
+
893
893
  REQUIRED_METHODS.each do |method_name|
894
894
  raise LintError, "Stream must respond to #{method_name}" unless stream.respond_to?(method_name)
895
895
  end
data/lib/rack/request.rb CHANGED
@@ -44,7 +44,7 @@ module Rack
44
44
  @x_forwarded_proto_priority = [:proto, :scheme]
45
45
 
46
46
  valid_ipv4_octet = /\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/
47
-
47
+
48
48
  trusted_proxies = Regexp.union(
49
49
  /\A127#{valid_ipv4_octet}{3}\z/, # localhost IPv4 range 127.x.x.x, per RFC-3330
50
50
  /\A::1\z/, # localhost IPv6 ::1
@@ -54,7 +54,7 @@ module Rack
54
54
  /\A192\.168#{valid_ipv4_octet}{2}\z/, # private IPv4 range 192.168.x.x
55
55
  /\Alocalhost\z|\Aunix(\z|:)/i, # localhost hostname, and unix domain sockets
56
56
  )
57
-
57
+
58
58
  self.ip_filter = lambda { |ip| trusted_proxies.match?(ip) }
59
59
 
60
60
  ALLOWED_SCHEMES = %w(https http wss ws).freeze
data/lib/rack/response.rb CHANGED
@@ -43,7 +43,7 @@ module Rack
43
43
  #
44
44
  # If the +body+ is +nil+, construct an empty response object with internal
45
45
  # buffering.
46
- #
46
+ #
47
47
  # If the +body+ responds to +to_str+, assume it's a string-like object and
48
48
  # construct a buffered response object containing using that string as the
49
49
  # initial contents of the buffer.
@@ -102,11 +102,16 @@ module Rack
102
102
  CHUNKED == get_header(TRANSFER_ENCODING)
103
103
  end
104
104
 
105
+ def no_entity_body?
106
+ # The response body is an enumerable body and it is not allowed to have an entity body.
107
+ @body.respond_to?(:each) && STATUS_WITH_NO_ENTITY_BODY[@status]
108
+ end
109
+
105
110
  # Generate a response array consistent with the requirements of the SPEC.
106
111
  # @return [Array] a 3-tuple suitable of `[status, headers, body]`
107
112
  # which is suitable to be returned from the middleware `#call(env)` method.
108
113
  def finish(&block)
109
- if STATUS_WITH_NO_ENTITY_BODY[@status]
114
+ if no_entity_body?
110
115
  delete_header CONTENT_TYPE
111
116
  delete_header CONTENT_LENGTH
112
117
  close
@@ -333,7 +338,7 @@ module Rack
333
338
  end
334
339
 
335
340
  body.close if body.respond_to?(:close)
336
-
341
+
337
342
  @buffered = true
338
343
  else
339
344
  @buffered = false
data/lib/rack/utils.rb CHANGED
@@ -121,13 +121,13 @@ module Rack
121
121
  }.join("&")
122
122
  when Hash
123
123
  value.map { |k, v|
124
- build_nested_query(v, prefix ? "#{prefix}[#{escape(k)}]" : escape(k))
124
+ build_nested_query(v, prefix ? "#{prefix}[#{k}]" : k)
125
125
  }.delete_if(&:empty?).join('&')
126
126
  when nil
127
- prefix
127
+ escape(prefix)
128
128
  else
129
129
  raise ArgumentError, "value must be a Hash" if prefix.nil?
130
- "#{prefix}=#{escape(value)}"
130
+ "#{escape(prefix)}=#{escape(value)}"
131
131
  end
132
132
  end
133
133
 
@@ -278,7 +278,7 @@ module Rack
278
278
  # If the cookie +value+ is an instance of +Hash+, it considers the following
279
279
  # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
280
280
  # of +Time+), +secure+, +http_only+, +same_site+ and +value+. For more
281
- # details about the interpretation of these fields, consult
281
+ # details about the interpretation of these fields, consult
282
282
  # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
283
283
  #
284
284
  # An extra cookie attribute +escape_key+ can be provided to control whether
data/lib/rack/version.rb CHANGED
@@ -25,7 +25,7 @@ module Rack
25
25
  VERSION
26
26
  end
27
27
 
28
- RELEASE = "3.0.1"
28
+ RELEASE = "3.0.2"
29
29
 
30
30
  # Return the Rack release as a dotted string.
31
31
  def self.release
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-18 00:00:00.000000000 Z
11
+ date: 2022-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest