rack 3.0.15 → 3.2.6

data/lib/rack/builder.rb

@@ -2,6 +2,9 @@
 
 require_relative 'urlmap'
 
+module Rack; end
+Rack::BUILDER_TOPLEVEL_BINDING = ->(builder){builder.instance_eval{binding}}
+
 module Rack
   # Rack::Builder provides a domain-specific language (DSL) to construct Rack
   # applications. It is primarily used to parse +config.ru+ files which
@@ -53,15 +56,15 @@ module Rack
     #   Rack::Builder.parse_file('app.rb')
     #   # requires app.rb, which can be anywhere in Ruby's
     #   # load path. After requiring, assumes App constant
-    #   # contains Rack application
+    #   # is a Rack application
     #
     #   Rack::Builder.parse_file('./my_app.rb')
     #   # requires ./my_app.rb, which should be in the
     #   # process's current directory.  After requiring,
-    #   # assumes MyApp constant contains Rack application
-    def self.parse_file(path)
+    #   # assumes MyApp constant is a Rack application
+    def self.parse_file(path, **options)
       if path.end_with?('.ru')
-        return self.load_file(path)
+        return self.load_file(path, **options)
       else
         require path
         return Object.const_get(::File.basename(path, '.rb').split('_').map(&:capitalize).join(''))
@@ -81,7 +84,7 @@ module Rack
     #   use Rack::ContentLength
     #   require './app.rb'
     #   run App
-    def self.load_file(path)
+    def self.load_file(path, **options)
       config = ::File.read(path)
       config.slice!(/\A#{UTF_8_BOM}/) if config.encoding == Encoding::UTF_8
 
@@ -91,16 +94,18 @@ module Rack
 
       config.sub!(/^__END__\n.*\Z/m, '')
 
-      return new_from_string(config, path)
+      return new_from_string(config, path, **options)
     end
 
     # Evaluate the given +builder_script+ string in the context of
     # a Rack::Builder block, returning a Rack application.
-    def self.new_from_string(builder_script, file = "(rackup)")
+    def self.new_from_string(builder_script, path = "(rackup)", **options)
+      builder = self.new(**options)
+
       # We want to build a variant of TOPLEVEL_BINDING with self as a Rack::Builder instance.
       # We cannot use instance_eval(String) as that would resolve constants differently.
-      binding, builder = TOPLEVEL_BINDING.eval('Rack::Builder.new.instance_eval { [binding, self] }')
-      eval builder_script, binding, file
+      binding = BUILDER_TOPLEVEL_BINDING.call(builder)
+      eval(builder_script, binding, path)
 
       return builder.to_app
     end
@@ -108,16 +113,24 @@ module Rack
     # Initialize a new Rack::Builder instance.  +default_app+ specifies the
     # default application if +run+ is not called later.  If a block
     # is given, it is evaluated in the context of the instance.
-    def initialize(default_app = nil, &block)
+    def initialize(default_app = nil, **options, &block)
       @use = []
       @map = nil
       @run = default_app
       @warmup = nil
       @freeze_app = false
+      @options = options
 
       instance_eval(&block) if block_given?
     end
 
+    # Any options provided to the Rack::Builder instance at initialization.
+    # These options can be server-specific. Some general options are:
+    #
+    # * +:isolation+: One of +process+, +thread+ or +fiber+. The execution
+    #   isolation model to use.
+    attr :options
+
     # Create a new Rack::Builder instance and return the Rack application
     # generated from it.
     def self.app(default_app = nil, &block)
@@ -149,6 +162,8 @@ module Rack
         @use << proc { |app| generate_map(app, mapping) }
       end
       @use << proc { |app| middleware.new(app, *args, &block) }
+
+      nil
     end
     # :nocov:
     ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
@@ -181,6 +196,8 @@ module Rack
       raise ArgumentError, "Both app and block given!" if app && block_given?
 
       @run = app || block
+
+      nil
     end
 
     # Takes a lambda or block that is used to warm-up the application. This block is called
@@ -239,6 +256,8 @@ module Rack
     def map(path, &block)
       @map ||= {}
       @map[path] = block
+
+      nil
     end
 
     # Freeze the app (set using run) and all middleware instances when building the application

data/lib/rack/cascade.rb

@@ -9,9 +9,6 @@ module Rack
   # status codes, return the last response.
 
   class Cascade
-    # deprecated, no longer used
-    NotFound = [404, { CONTENT_TYPE => "text/plain" }, []]
-
     # An array of applications to try in order.
     attr_reader :apps
 

data/lib/rack/conditional_get.rb

@@ -34,9 +34,10 @@ module Rack
           response[0] = 304
           headers.delete(CONTENT_TYPE)
           headers.delete(CONTENT_LENGTH)
-          response[2] = Rack::BodyProxy.new([]) do
-            body.close if body.respond_to?(:close)
-          end
+
+          # We are done with the body:
+          body.close if body.respond_to?(:close)
+          response[2] = []
         end
         response
       else

data/lib/rack/constants.rb

@@ -32,6 +32,7 @@ module Rack
   DELETE  = 'DELETE'
   HEAD    = 'HEAD'
   OPTIONS = 'OPTIONS'
+  CONNECT = 'CONNECT'
   LINK    = 'LINK'
   UNLINK  = 'UNLINK'
   TRACE   = 'TRACE'
@@ -39,6 +40,7 @@ module Rack
   # Rack environment variables
   RACK_VERSION                        = 'rack.version'
   RACK_TEMPFILES                      = 'rack.tempfiles'
+  RACK_EARLY_HINTS                    = 'rack.early_hints'
   RACK_ERRORS                         = 'rack.errors'
   RACK_LOGGER                         = 'rack.logger'
   RACK_INPUT                          = 'rack.input'
@@ -52,8 +54,10 @@ module Rack
   RACK_MULTIPART_BUFFER_SIZE          = 'rack.multipart.buffer_size'
   RACK_MULTIPART_TEMPFILE_FACTORY     = 'rack.multipart.tempfile_factory'
   RACK_RESPONSE_FINISHED              = 'rack.response_finished'
+  RACK_PROTOCOL                       = 'rack.protocol'
   RACK_REQUEST_FORM_INPUT             = 'rack.request.form_input'
   RACK_REQUEST_FORM_HASH              = 'rack.request.form_hash'
+  RACK_REQUEST_FORM_PAIRS             = 'rack.request.form_pairs'
   RACK_REQUEST_FORM_VARS              = 'rack.request.form_vars'
   RACK_REQUEST_FORM_ERROR             = 'rack.request.form_error'
   RACK_REQUEST_COOKIE_HASH            = 'rack.request.cookie_hash'

data/lib/rack/directory.rb

@@ -17,7 +17,7 @@ module Rack
   # If +app+ is not specified, a Rack::Files of the same +root+ will be used.
 
   class Directory
-    DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>\n"
+    DIR_FILE = "<tr><td class='name'><a href='./%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>\n"
     DIR_PAGE_HEADER = <<-PAGE
 <html><head>
   <title>%s</title>
@@ -51,7 +51,7 @@ table { width:100%%; }
     class DirectoryBody < Struct.new(:root, :path, :files)
       # Yield strings for each part of the directory entry
       def each
-        show_path = Utils.escape_html(path.sub(/^#{root}/, ''))
+        show_path = Utils.escape_html(path.sub(/\A#{Regexp.escape(root)}/, ''))
         yield(DIR_PAGE_HEADER % [ show_path, show_path ])
 
         unless path.chomp('/') == root
@@ -82,6 +82,7 @@ table { width:100%%; }
     # Set the root directory and application for serving files.
     def initialize(root, app = nil)
       @root = ::File.expand_path(root)
+      @root_with_separator = @root.end_with?(::File::SEPARATOR) ? @root : "#{@root}#{::File::SEPARATOR}"
       @app = app || Files.new(@root)
       @head = Head.new(method(:get))
     end
@@ -118,7 +119,9 @@ table { width:100%%; }
     # Rack response to use for requests with paths outside the root, or nil if path is inside the root.
     def check_forbidden(path_info)
       return unless path_info.include? ".."
-      return if ::File.expand_path(::File.join(@root, path_info)).start_with?(@root)
+
+      expanded_path = ::File.expand_path(::File.join(@root, path_info))
+      return if expanded_path == @root || expanded_path.start_with?(@root_with_separator)
 
       body = "Forbidden\n"
       [403, { CONTENT_TYPE => "text/plain",

data/lib/rack/events.rb

@@ -29,12 +29,13 @@ module Rack
   #
   # * on_send(request, response)
   #
-  #   The webserver has started iterating over the response body and presumably
-  #   has started sending data over the wire. This method is always called with
-  #   a request object and the response object.  The response object is
-  #   constructed from the rack triple that the application returned.  Changes
-  #   SHOULD NOT be made to the response object as the webserver has already
-  #   started sending data.  Any mutations will likely result in an exception.
+  #   The webserver has started iterating over the response body, or has called
+  #   the streaming body, and presumably has started sending data over the
+  #   wire. This method is always called with a request object and the response
+  #   object. The response object is constructed from the rack triple that the
+  #   application returned.  Changes SHOULD NOT be made to the response object
+  #   as the webserver has already started sending data.  Any mutations will
+  #   likely result in an exception.
   #
   # * on_finish(request, response)
   #
@@ -90,6 +91,20 @@ module Rack
         @handlers.reverse_each { |handler| handler.on_send request, response }
         super
       end
+
+      def call(stream)
+        @handlers.reverse_each { |handler| handler.on_send request, response }
+        super
+      end
+
+      def respond_to?(method_name, include_all = false)
+        case method_name
+        when :each, :call
+          @body.respond_to?(method_name, include_all)
+        else
+          super
+        end
+      end
     end
 
     class BufferedResponse < Rack::Response::Raw # :nodoc:

data/lib/rack/files.rb

@@ -194,7 +194,7 @@ EOF
         status,
         {
           CONTENT_TYPE   => "text/plain",
-          CONTENT_LENGTH => body.size.to_s,
+          CONTENT_LENGTH => body.bytesize.to_s,
           "x-cascade" => "pass"
         }.merge!(headers),
         [body]

data/lib/rack/head.rb

@@ -15,9 +15,8 @@ module Rack
       _, _, body = response = @app.call(env)
 
       if env[REQUEST_METHOD] == HEAD
-        response[2] = Rack::BodyProxy.new([]) do
-          body.close if body.respond_to? :close
-        end
+        body.close if body.respond_to?(:close)
+        response[2] = []
       end
 
       response

data/lib/rack/headers.rb

@@ -1,9 +1,93 @@
+# frozen_string_literal: true
+
 module Rack
   # Rack::Headers is a Hash subclass that downcases all keys.  It's designed
   # to be used by rack applications that don't implement the Rack 3 SPEC
   # (by using non-lowercase response header keys), automatically handling
   # the downcasing of keys.
   class Headers < Hash
+    KNOWN_HEADERS = {}
+    %w(
+      Accept-CH
+      Accept-Patch
+      Accept-Ranges
+      Access-Control-Allow-Credentials
+      Access-Control-Allow-Headers
+      Access-Control-Allow-Methods
+      Access-Control-Allow-Origin
+      Access-Control-Expose-Headers
+      Access-Control-Max-Age
+      Age
+      Allow
+      Alt-Svc
+      Cache-Control
+      Connection
+      Content-Disposition
+      Content-Encoding
+      Content-Language
+      Content-Length
+      Content-Location
+      Content-MD5
+      Content-Range
+      Content-Security-Policy
+      Content-Security-Policy-Report-Only
+      Content-Type
+      Date
+      Delta-Base
+      ETag
+      Expect-CT
+      Expires
+      Feature-Policy
+      IM
+      Last-Modified
+      Link
+      Location
+      NEL
+      P3P
+      Permissions-Policy
+      Pragma
+      Preference-Applied
+      Proxy-Authenticate
+      Public-Key-Pins
+      Referrer-Policy
+      Refresh
+      Report-To
+      Retry-After
+      Server
+      Set-Cookie
+      Status
+      Strict-Transport-Security
+      Timing-Allow-Origin
+      Tk
+      Trailer
+      Transfer-Encoding
+      Upgrade
+      Vary
+      Via
+      WWW-Authenticate
+      Warning
+      X-Cascade
+      X-Content-Duration
+      X-Content-Security-Policy
+      X-Content-Type-Options
+      X-Correlation-ID
+      X-Correlation-Id
+      X-Download-Options
+      X-Frame-Options
+      X-Permitted-Cross-Domain-Policies
+      X-Powered-By
+      X-Redirect-By
+      X-Request-ID
+      X-Request-Id
+      X-Runtime
+      X-UA-Compatible
+      X-WebKit-CS
+      X-XSS-Protection
+    ).each do |str|
+      downcased = str.downcase.freeze
+      KNOWN_HEADERS[str] = KNOWN_HEADERS[downcased] = downcased
+    end
+
     def self.[](*items)
       if items.length % 2 != 0
         if items.length == 1 && items.first.is_a?(Hash)
@@ -28,7 +112,7 @@ module Rack
     end
 
     def []=(key, value)
-      super(key.downcase.freeze, value)
+      super(KNOWN_HEADERS[key] || key.downcase.freeze, value)
     end
     alias store []=
 
@@ -148,7 +232,7 @@ module Rack
     private
 
     def downcase_key(key)
-      key.is_a?(String) ? key.downcase : key
+      key.is_a?(String) ? KNOWN_HEADERS[key] || key.downcase : key
     end
   end
 end