rack 3.0.18 → 3.1.0

data/lib/rack/response.rb

@@ -25,19 +25,11 @@ module Rack
       self.new(body, status, headers)
     end
 
-    CHUNKED = 'chunked'
     STATUS_WITH_NO_ENTITY_BODY = Utils::STATUS_WITH_NO_ENTITY_BODY
 
     attr_accessor :length, :status, :body
     attr_reader :headers
 
-    # Deprecated, use headers instead.
-    def header
-      warn 'Rack::Response#header is deprecated and will be removed in Rack 3.1, use #headers instead', uplevel: 1
-
-      headers
-    end
-
     # Initialize the response object with the specified +body+, +status+
     # and +headers+.
     #
@@ -62,7 +54,7 @@ module Rack
       @status = status.to_i
 
       unless headers.is_a?(Hash)
-        warn "Providing non-hash headers to Rack::Response is deprecated and will be removed in Rack 3.1", uplevel: 1
+        raise ArgumentError, "Headers must be a Hash!"
       end
 
       @headers = Headers.new
@@ -97,16 +89,12 @@ module Rack
       self.status = status
       self.location = target
     end
-
-    def chunked?
-      CHUNKED == get_header(TRANSFER_ENCODING)
-    end
-
+ 
     def no_entity_body?
       # The response body is an enumerable body and it is not allowed to have an entity body.
       @body.respond_to?(:each) && STATUS_WITH_NO_ENTITY_BODY[@status]
     end
-    
+
     # Generate a response array consistent with the requirements of the SPEC.
     # @return [Array] a 3-tuple suitable of `[status, headers, body]`
     # which is suitable to be returned from the middleware `#call(env)` method.
@@ -117,6 +105,10 @@ module Rack
         close
         return [@status, @headers, []]
       else
+        if @length && @length > 0
+          set_header CONTENT_LENGTH, @length.to_s
+        end
+
         if block_given?
           @block = block
           return [@status, @headers, self]
@@ -320,20 +312,26 @@ module Rack
 
     protected
 
+      # Convert the body of this response into an internally buffered Array if possible.
+      #
+      # `@buffered` is a ternary value which indicates whether the body is buffered. It can be:
+      # * `nil` - The body has not been buffered yet.
+      # * `true` - The body is buffered as an Array instance.
+      # * `false` - The body is not buffered and cannot be buffered.
+      #
+      # @return [Boolean] whether the body is buffered as an Array instance.
       def buffered_body!
         if @buffered.nil?
           if @body.is_a?(Array)
             # The user supplied body was an array:
             @body = @body.compact
-            @body.each do |part|
-              @length += part.to_s.bytesize
-            end
-
+            @length = @body.sum{|part| part.bytesize}
             @buffered = true
           elsif @body.respond_to?(:each)
             # Turn the user supplied body into a buffered array:
             body = @body
             @body = Array.new
+            @length = 0
 
             body.each do |part|
               @writer.call(part.to_s)
@@ -341,8 +339,10 @@ module Rack
 
             body.close if body.respond_to?(:close)
 
+            # We have converted the body into an Array:
             @buffered = true
           else
+            # We don't know how to buffer the user-supplied body:
             @buffered = false
           end
         end
@@ -351,12 +351,10 @@ module Rack
       end
 
       def append(chunk)
+        chunk = chunk.dup unless chunk.frozen?
         @body << chunk
 
-        unless chunked?
-          @length += chunk.bytesize
-          set_header(CONTENT_LENGTH, @length.to_s)
-        end
+        @length += chunk.bytesize
 
         return chunk
       end

data/lib/rack/sendfile.rb

@@ -138,7 +138,7 @@ module Rack
           end
         when '', nil
         else
-          env[RACK_ERRORS].puts "Unknown x-sendfile variation: #{type.inspect}"
+          env[RACK_ERRORS].puts "Unknown x-sendfile variation: '#{type}'.\n"
         end
       end
       response

data/lib/rack/show_exceptions.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'ostruct'
 require 'erb'
 
 require_relative 'constants'
@@ -19,6 +18,11 @@ module Rack
   class ShowExceptions
     CONTEXT = 7
 
+    Frame = Struct.new(:filename, :lineno, :function,
+                       :pre_context_lineno, :pre_context,
+                       :context_line, :post_context_lineno,
+                       :post_context)
+
     def initialize(app)
       @app = app
     end
@@ -79,7 +83,7 @@ module Rack
       # This double assignment is to prevent an "unused variable" warning.
       # Yes, it is dumb, but I don't like Ruby yelling at me.
       frames = frames = exception.backtrace.map { |line|
-        frame = OpenStruct.new
+        frame = Frame.new
         if line =~ /(.*?):(\d+)(:in `(.*)')?/
           frame.filename = $1
           frame.lineno = $2.to_i

data/lib/rack/static.rb

@@ -124,9 +124,8 @@ module Rack
 
     def call(env)
       path = env[PATH_INFO]
-      actual_path = Utils.clean_path_info(Utils.unescape_path(path))
 
-      if can_serve(actual_path)
+      if can_serve(path)
         if overwrite_file_path(path)
           env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
         elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING'])

data/lib/rack/utils.rb

@@ -6,6 +6,7 @@ require 'fileutils'
 require 'set'
 require 'tempfile'
 require 'time'
+require 'cgi/escape'
 
 require_relative 'query_parser'
 require_relative 'mime'
@@ -85,15 +86,6 @@ module Rack
       self.default_query_parser = self.default_query_parser.new_depth_limit(v)
     end
 
-    def self.key_space_limit
-      warn("`Rack::Utils.key_space_limit` is deprecated as this value no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
-      65536
-    end
-
-    def self.key_space_limit=(v)
-      warn("`Rack::Utils.key_space_limit=` is deprecated and no longer has an effect. It will be removed in Rack 3.1", uplevel: 1)
-    end
-
     if defined?(Process::CLOCK_MONOTONIC)
       def clock_time
         Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -184,21 +176,8 @@ module Rack
       matches&.first
     end
 
-    ESCAPE_HTML = {
-      "&" => "&",
-      "<" => "&lt;",
-      ">" => "&gt;",
-      "'" => "&#x27;",
-      '"' => "&quot;",
-      "/" => "&#x2F;"
-    }
-
-    ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
-
     # Escape ampersands, brackets and quotes to their HTML/XML entities.
-    def escape_html(string)
-      string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] }
-    end
+    define_method(:escape_html, CGI.method(:escapeHTML))
 
     def select_best_encoding(available_encodings, accept_encoding)
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
@@ -252,21 +231,6 @@ module Rack
       end
     end
 
-    def add_cookie_to_header(header, key, value)
-      warn("add_cookie_to_header is deprecated and will be removed in Rack 3.1", uplevel: 1)
-
-      case header
-      when nil, ''
-        return set_cookie_header(key, value)
-      when String
-        [header, set_cookie_header(key, value)]
-      when Array
-        header + [set_cookie_header(key, value)]
-      else
-        raise ArgumentError, "Unrecognized cookie header value. Expected String, Array, or nil, got #{header.inspect}"
-      end
-    end
-
     # :call-seq:
     #   parse_cookies(env) -> hash
     #
@@ -280,6 +244,20 @@ module Rack
       parse_cookies_header env[HTTP_COOKIE]
     end
 
+    # A valid cookie key according to RFC2616.
+    # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
+    VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
+    private_constant :VALID_COOKIE_KEY
+
+    private def escape_cookie_key(key)
+      if key =~ VALID_COOKIE_KEY
+        key
+      else
+        warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
+        escape(key)
+      end
+    end
+
     # :call-seq:
     #   set_cookie_header(key, value) -> encoded string
     #
@@ -306,7 +284,7 @@ module Rack
     def set_cookie_header(key, value)
       case value
       when Hash
-        key = escape(key) unless value[:escape_key] == false
+        key = escape_cookie_key(key) unless value[:escape_key] == false
         domain  = "; domain=#{value[:domain]}"   if value[:domain]
         path    = "; path=#{value[:path]}"       if value[:path]
         max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -318,23 +296,24 @@ module Rack
           when false, nil
             nil
           when :none, 'None', :None
-            '; SameSite=None'
+            '; samesite=none'
           when :lax, 'Lax', :Lax
-            '; SameSite=Lax'
+            '; samesite=lax'
           when true, :strict, 'Strict', :Strict
-            '; SameSite=Strict'
+            '; samesite=strict'
           else
-            raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
+            raise ArgumentError, "Invalid :same_site value: #{value[:same_site].inspect}"
           end
+        partitioned = "; partitioned" if value[:partitioned]
         value = value[:value]
       else
-        key = escape(key)
+        key = escape_cookie_key(key)
       end
 
       value = [value] unless Array === value
 
       return "#{key}=#{value.map { |v| escape v }.join('&')}#{domain}" \
-        "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
+        "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}#{partitioned}"
     end
 
     # :call-seq:
@@ -375,24 +354,12 @@ module Rack
       set_cookie_header(key, value.merge(max_age: '0', expires: Time.at(0), value: ''))
     end
 
-    def make_delete_cookie_header(header, key, value)
-      warn("make_delete_cookie_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-
-      delete_set_cookie_header!(header, key, value)
-    end
-
     def delete_cookie_header!(headers, key, value = {})
       headers[SET_COOKIE] = delete_set_cookie_header!(headers[SET_COOKIE], key, value)
 
       return nil
     end
 
-    def add_remove_cookie_to_header(header, key, value = {})
-      warn("add_remove_cookie_to_header is deprecated and will be removed in Rack 3.1, use delete_set_cookie_header! instead", uplevel: 1)
-
-      delete_set_cookie_header!(header, key, value)
-    end
-
     # :call-seq:
     #   delete_set_cookie_header!(header, key, value = {}) -> header value
     #
@@ -435,6 +402,8 @@ module Rack
 
     def get_byte_ranges(http_range, size)
       # See <http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35>
+      # Ignore Range when file size is 0 to avoid a 416 error.
+      return nil if size.zero?
       return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
       $1.split(/,\s*/).each do |range_spec|
@@ -517,39 +486,12 @@ module Rack
       end
     end
 
-    # A wrapper around Headers
-    # header when set.
-    #
-    # @api private
-    class HeaderHash < Hash # :nodoc:
-      def self.[](headers)
-        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
-        if headers.is_a?(Headers) && !headers.frozen?
-          return headers
-        end
-
-        new_headers = Headers.new
-        headers.each{|k,v| new_headers[k] = v}
-        new_headers
-      end
-
-      def self.new(hash = {})
-        warn "Rack::Utils::HeaderHash is deprecated and will be removed in Rack 3.1, switch to Rack::Headers", uplevel: 1
-        headers = Headers.new
-        hash.each{|k,v| headers[k] = v}
-        headers
-      end
-
-      def self.allocate
-        raise TypeError, "cannot allocate HeaderHash"
-      end
-    end
-
     # Every standard HTTP code mapped to the appropriate message.
     # Generated with:
-    #   curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv | \
-    #     ruby -ne 'm = /^(\d{3}),(?!Unassigned|\(Unused\))([^,]+)/.match($_) and \
-    #               puts "#{m[1]} => \x27#{m[2].strip}\x27,"'
+    #   curl -s https://www.iana.org/assignments/http-status-codes/http-status-codes-1.csv \
+    #     | ruby -rcsv -e "puts CSV.parse(STDIN, headers: true) \
+    #     .reject {|v| v['Description'] == 'Unassigned' or v['Description'].include? '(' } \
+    #     .map {|v| %Q/#{v['Value']} => '#{v['Description']}'/ }.join(','+?\n)"
     HTTP_STATUS_CODES = {
       100 => 'Continue',
       101 => 'Switching Protocols',
@@ -571,7 +513,6 @@ module Rack
       303 => 'See Other',
       304 => 'Not Modified',
       305 => 'Use Proxy',
-      306 => '(Unused)',
       307 => 'Temporary Redirect',
       308 => 'Permanent Redirect',
       400 => 'Bad Request',
@@ -587,13 +528,13 @@ module Rack
       410 => 'Gone',
       411 => 'Length Required',
       412 => 'Precondition Failed',
-      413 => 'Payload Too Large',
+      413 => 'Content Too Large',
       414 => 'URI Too Long',
       415 => 'Unsupported Media Type',
       416 => 'Range Not Satisfiable',
       417 => 'Expectation Failed',
       421 => 'Misdirected Request',
-      422 => 'Unprocessable Entity',
+      422 => 'Unprocessable Content',
       423 => 'Locked',
       424 => 'Failed Dependency',
       425 => 'Too Early',
@@ -601,7 +542,7 @@ module Rack
       428 => 'Precondition Required',
       429 => 'Too Many Requests',
       431 => 'Request Header Fields Too Large',
-      451 => 'Unavailable for Legal Reasons',
+      451 => 'Unavailable For Legal Reasons',
       500 => 'Internal Server Error',
       501 => 'Not Implemented',
       502 => 'Bad Gateway',
@@ -611,8 +552,6 @@ module Rack
       506 => 'Variant Also Negotiates',
       507 => 'Insufficient Storage',
       508 => 'Loop Detected',
-      509 => 'Bandwidth Limit Exceeded',
-      510 => 'Not Extended',
       511 => 'Network Authentication Required'
     }
 
@@ -620,12 +559,34 @@ module Rack
     STATUS_WITH_NO_ENTITY_BODY = Hash[((100..199).to_a << 204 << 304).product([true])]
 
     SYMBOL_TO_STATUS_CODE = Hash[*HTTP_STATUS_CODES.map { |code, message|
-      [message.downcase.gsub(/\s|-|'/, '_').to_sym, code]
+      [message.downcase.gsub(/\s|-/, '_').to_sym, code]
     }.flatten]
 
+    OBSOLETE_SYMBOLS_TO_STATUS_CODES = {
+      payload_too_large: 413,
+      unprocessable_entity: 422,
+      bandwidth_limit_exceeded: 509,
+      not_extended: 510
+    }.freeze
+    private_constant :OBSOLETE_SYMBOLS_TO_STATUS_CODES
+
+    OBSOLETE_SYMBOL_MAPPINGS = {
+      payload_too_large: :content_too_large,
+      unprocessable_entity: :unprocessable_content
+    }.freeze
+    private_constant :OBSOLETE_SYMBOL_MAPPINGS
+
     def status_code(status)
       if status.is_a?(Symbol)
-        SYMBOL_TO_STATUS_CODE.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
+        SYMBOL_TO_STATUS_CODE.fetch(status) do
+          fallback_code = OBSOLETE_SYMBOLS_TO_STATUS_CODES.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
+          message = "Status code #{status.inspect} is deprecated and will be removed in a future version of Rack."
+          if canonical_symbol = OBSOLETE_SYMBOL_MAPPINGS[status]
+            message = "#{message} Please use #{canonical_symbol.inspect} instead."
+          end
+          warn message, uplevel: 1
+          fallback_code
+        end
       else
         status.to_i
       end

data/lib/rack/version.rb

@@ -12,20 +12,7 @@
 # so it should be enough just to <tt>require 'rack'</tt> in your code.
 
 module Rack
-  # The Rack protocol version number implemented.
-  VERSION = [1, 3].freeze
-  deprecate_constant :VERSION
-
-  VERSION_STRING = "1.3".freeze
-  deprecate_constant :VERSION_STRING
-
-  # The Rack protocol version number implemented.
-  def self.version
-    warn "Rack.version is deprecated and will be removed in Rack 3.1!", uplevel: 1
-    VERSION
-  end
-
-  RELEASE = "3.0.18"
+  RELEASE = "3.1.0"
 
   # Return the Rack release as a dotted string.
   def self.release

data/lib/rack.rb

@@ -15,10 +15,10 @@ require_relative 'rack/version'
 require_relative 'rack/constants'
 
 module Rack
+  autoload :BadRequest, "rack/bad_request"
   autoload :BodyProxy, "rack/body_proxy"
   autoload :Builder, "rack/builder"
   autoload :Cascade, "rack/cascade"
-  autoload :Chunked, "rack/chunked"
   autoload :CommonLogger, "rack/common_logger"
   autoload :ConditionalGet, "rack/conditional_get"
   autoload :Config, "rack/config"
@@ -28,7 +28,6 @@ module Rack
   autoload :Directory, "rack/directory"
   autoload :ETag, "rack/etag"
   autoload :Events, "rack/events"
-  autoload :File, "rack/file"
   autoload :Files, "rack/files"
   autoload :ForwardRequest, "rack/recursive"
   autoload :Head, "rack/head"
@@ -60,7 +59,6 @@ module Rack
 
   module Auth
     autoload :Basic, "rack/auth/basic"
-    autoload :Digest, "rack/auth/digest"
     autoload :AbstractHandler, "rack/auth/abstract/handler"
     autoload :AbstractRequest, "rack/auth/abstract/request"
   end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.0.18
+  version: 3.1.0
 platform: ruby
 authors:
 - Leah Neukirchen
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-22 00:00:00.000000000 Z
+date: 2024-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -88,15 +89,10 @@ files:
 - lib/rack/auth/abstract/handler.rb
 - lib/rack/auth/abstract/request.rb
 - lib/rack/auth/basic.rb
-- lib/rack/auth/digest.rb
-- lib/rack/auth/digest/md5.rb
-- lib/rack/auth/digest/nonce.rb
-- lib/rack/auth/digest/params.rb
-- lib/rack/auth/digest/request.rb
+- lib/rack/bad_request.rb
 - lib/rack/body_proxy.rb
 - lib/rack/builder.rb
 - lib/rack/cascade.rb
-- lib/rack/chunked.rb
 - lib/rack/common_logger.rb
 - lib/rack/conditional_get.rb
 - lib/rack/config.rb
@@ -107,7 +103,6 @@ files:
 - lib/rack/directory.rb
 - lib/rack/etag.rb
 - lib/rack/events.rb
-- lib/rack/file.rb
 - lib/rack/files.rb
 - lib/rack/head.rb
 - lib/rack/headers.rb
@@ -148,6 +143,7 @@ metadata:
   changelog_uri: https://github.com/rack/rack/blob/main/CHANGELOG.md
   documentation_uri: https://rubydoc.info/github/rack/rack
   source_code_uri: https://github.com/rack/rack
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -162,7 +158,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.9
+signing_key:
 specification_version: 4
 summary: A modular Ruby webserver interface.
 test_files: []

data/lib/rack/auth/digest/md5.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/nonce.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/params.rb

@@ -1 +0,0 @@
-require_relative '../digest'

data/lib/rack/auth/digest/request.rb

@@ -1 +0,0 @@
-require_relative '../digest'