rack 3.1.0 → 3.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f7f3809c29e2dad213f5abbdace8e3b7633072c2d3741ef484346ca07b8a9e0d
4
- data.tar.gz: a05cea9deeb8173edc7a5e5a0647abbf0f8ff1906f74543ad6970311ab4d3a52
3
+ metadata.gz: 69ab6baf4f413f1f46aeb79754e00a1785621084eeb2e1f8d0c80bd75374c23b
4
+ data.tar.gz: 2bb3a1d5a3d081e581ad707f7156538c87d814cf6e7e0768b6e848fc1f199b15
5
5
  SHA512:
6
- metadata.gz: 357615f5163669e77b81660145353bf29d926ab5d92e36e958ae65063c993d9c9411b868090bc99fa6e72a8bd7e82ba5cb430343556a399e2d75acdb45000b62
7
- data.tar.gz: 840039910ee854ec1bccff2d3078fb5b187f093480836d6023e290c49925e36e953a1a37372d619a5d3118f1d52fb7b904fed7623688c9b41ea7a7803960fcbb
6
+ metadata.gz: 43e2f54ea2cf8a76ec66ff2170e11c933c6d40fbf45b12d8dd2bbc3c96753393e21bc0c280b10e3b4ba27256fb64d11f8ff54a08ddbab076e29da3e1a154c8c7
7
+ data.tar.gz: b5f614e1bacf90c269237c86709562d590ac7b5d5ab4b81a668c19d6f5e073b3d569c9c77372efe070537954733f70786b77f4a870ef8d6a27a6e7c16ff001ce
data/CHANGELOG.md CHANGED
@@ -2,35 +2,70 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
4
4
 
5
+ ## Unreleased
6
+
7
+ ## [3.1.1] - 2024-06-11
8
+
9
+ ### Added
10
+
11
+ - Introduce `Rack::VERSION` constant. ([#2199](https://github.com/rack/rack/pull/2199), [@ioquatix])
12
+
13
+ ### Changed
14
+
15
+ - Invalid cookie keys will now raise an error. ([#2192](https://github.com/rack/rack/pull/2192), [@ioquatix])
16
+ - `Rack::Response` will take in to consideration chunked encoding responses ([#2204](https://github.com/rack/rack/pull/2204), [@tenderlove])
17
+
18
+ ### Removed
19
+
20
+ - `Rack::Request#values_at` is removed. ([#2200](https://github.com/rack/rack/pull/2200), [@ioquatix])
21
+ - `Rack::Logger` is removed with no replacement. ([#2196](https://github.com/rack/rack/pull/2196), [@ioquatix])
22
+
5
23
  ## [3.1.0] - 2024-06-11
6
24
 
25
+ Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.
26
+
7
27
  ### SPEC Changes
8
28
 
9
- - `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [@ioquatix])
10
- - `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [@ioquatix])
11
- - `rack.protocol` is an optional environment key and response header for handling connection upgrades.
29
+ - `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
30
+ - `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [#2181](https://github.com/rack/rack/pull/2181), [@ioquatix])
31
+ - `OPTIONS *` is now accepted. ([#2114](https://github.com/rack/rack/pull/2114), [@doriantaylor](https://github.com/doriantaylor))
32
+ - Introduce optional `rack.protocol` request and response header for handling connection upgrades. ([#1954](https://github.com/rack/rack/pull/1954), [@ioquatix])
12
33
 
13
34
  ### Added
14
35
 
36
+ - Introduce `Rack::Multipart::MissingInputError` for improved handling of missing input in `#parse_multipart`. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
15
37
  - Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#2019](https://github.com/rack/rack/pull/2019), [@ioquatix])
16
- - Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas])
17
- - `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b])
18
- - `rack.early_hints` is now officially supported as an optional feature (already implemented by Unicorn, Puma, and Falcon). ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine, @jeremyevans])
38
+ - Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas](https://github.com/axilleas))
39
+ - `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b](https://github.com/flavio-b))
40
+ - Introduce `rack.early_hints` for sending `103 Early Hints` informational responses. ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine](https://github.com/casperisfine), [@jeremyevans])
19
41
 
20
42
  ### Changed
21
43
 
22
- - `rack.input` is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
23
- - MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8))
44
+ - MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8), [@ioquatix])
24
45
  - Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#2065](https://github.com/rack/rack/pull/2065), [@davidstosik])
25
46
  - `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#39;` instead of `#x27;`. (decimal vs hexadecimal) ([#2099](https://github.com/rack/rack/pull/2099), [@JunichiIto](https://github.com/JunichiIto))
47
+ - Clarify use of `@buffered` and only update `content-length` when `Rack::Response#finish` is invoked. ([#2149](https://github.com/rack/rack/pull/2149), [@ioquatix])
48
+
49
+ ### Deprecated
50
+
51
+ - Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073), [@jeremyevans])
26
52
  - Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#2191](https://github.com/rack/rack/pull/2191), [@ioquatix])
53
+ - `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
54
+ - Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
27
55
 
28
56
  ### Removed
29
57
 
30
- - Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
31
- - Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
32
- - Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073) ([@jeremyevans])
33
- - `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
58
+ - Remove deprecated `Rack::Auth::Digest` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
59
+ - Remove deprecated `Rack::Cascade::NotFound` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
60
+ - Remove deprecated `Rack::Chunked` with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
61
+ - Remove deprecated `Rack::File`, use `Rack::Files` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
62
+ - Remove deprecated `Rack::QueryParser` `key_space_limit` parameter with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
63
+ - Remove deprecated `Rack::Response#header`, use `Rack::Response#headers` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
64
+ - Remove deprecated cookie methods from `Rack::Utils`: `add_cookie_to_header`, `make_delete_cookie_header`, `add_remove_cookie_to_header`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
65
+ - Remove deprecated `Rack::Utils::HeaderHash`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
66
+ - Remove deprecated `Rack::VERSION`, `Rack::VERSION_STRING`, `Rack.version`, use `Rack.release` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
67
+ - Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
68
+ - Remove any dependency on `transfer-encoding: chunked`. ([#2195](https://github.com/rack/rack/pull/2195), [@ioquatix])
34
69
 
35
70
  ### Fixed
36
71
 
@@ -22,6 +22,7 @@ module Rack
22
22
  ETAG = 'etag'
23
23
  EXPIRES = 'expires'
24
24
  SET_COOKIE = 'set-cookie'
25
+ TRANSFER_ENCODING = 'transfer-encoding'
25
26
 
26
27
  # HTTP method verbs
27
28
  GET = 'GET'
@@ -21,6 +21,7 @@ module Rack
21
21
 
22
22
  if !STATUS_WITH_NO_ENTITY_BODY.key?(status.to_i) &&
23
23
  !headers[CONTENT_LENGTH] &&
24
+ !headers[TRANSFER_ENCODING] &&
24
25
  body.respond_to?(:to_ary)
25
26
 
26
27
  response[2] = body = body.to_ary
data/lib/rack/request.rb CHANGED
@@ -616,13 +616,6 @@ module Rack
616
616
  Rack::Request.ip_filter.call(ip)
617
617
  end
618
618
 
619
- # like Hash#values_at
620
- def values_at(*keys)
621
- warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
622
-
623
- keys.map { |key| params[key] }
624
- end
625
-
626
619
  private
627
620
 
628
621
  def default_session; {}; end
data/lib/rack/response.rb CHANGED
@@ -25,6 +25,7 @@ module Rack
25
25
  self.new(body, status, headers)
26
26
  end
27
27
 
28
+ CHUNKED = 'chunked'
28
29
  STATUS_WITH_NO_ENTITY_BODY = Utils::STATUS_WITH_NO_ENTITY_BODY
29
30
 
30
31
  attr_accessor :length, :status, :body
@@ -89,7 +90,11 @@ module Rack
89
90
  self.status = status
90
91
  self.location = target
91
92
  end
92
-
93
+
94
+ def chunked?
95
+ CHUNKED == get_header(TRANSFER_ENCODING)
96
+ end
97
+
93
98
  def no_entity_body?
94
99
  # The response body is an enumerable body and it is not allowed to have an entity body.
95
100
  @body.respond_to?(:each) && STATUS_WITH_NO_ENTITY_BODY[@status]
@@ -105,7 +110,7 @@ module Rack
105
110
  close
106
111
  return [@status, @headers, []]
107
112
  else
108
- if @length && @length > 0
113
+ if @length && @length > 0 && !chunked?
109
114
  set_header CONTENT_LENGTH, @length.to_s
110
115
  end
111
116
 
data/lib/rack/utils.rb CHANGED
@@ -244,26 +244,18 @@ module Rack
244
244
  parse_cookies_header env[HTTP_COOKIE]
245
245
  end
246
246
 
247
- # A valid cookie key according to RFC2616.
247
+ # A valid cookie key according to RFC6265 and RFC2616.
248
248
  # A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
249
249
  VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
250
250
  private_constant :VALID_COOKIE_KEY
251
251
 
252
- private def escape_cookie_key(key)
253
- if key =~ VALID_COOKIE_KEY
254
- key
255
- else
256
- warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
257
- escape(key)
258
- end
259
- end
260
-
261
252
  # :call-seq:
262
253
  # set_cookie_header(key, value) -> encoded string
263
254
  #
264
255
  # Generate an encoded string using the provided +key+ and +value+ suitable
265
256
  # for the +set-cookie+ header according to RFC6265. The +value+ may be an
266
- # instance of either +String+ or +Hash+.
257
+ # instance of either +String+ or +Hash+. If the cookie key is invalid (as
258
+ # defined by RFC6265), an +ArgumentError+ will be raised.
267
259
  #
268
260
  # If the cookie +value+ is an instance of +Hash+, it considers the following
269
261
  # cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
@@ -271,10 +263,6 @@ module Rack
271
263
  # details about the interpretation of these fields, consult
272
264
  # [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
273
265
  #
274
- # An extra cookie attribute +escape_key+ can be provided to control whether
275
- # or not the cookie key is URL encoded. If explicitly set to +false+, the
276
- # cookie key name will not be url encoded (escaped). The default is +true+.
277
- #
278
266
  # set_cookie_header("myname", "myvalue")
279
267
  # # => "myname=myvalue"
280
268
  #
@@ -282,9 +270,12 @@ module Rack
282
270
  # # => "myname=myvalue; max-age=10"
283
271
  #
284
272
  def set_cookie_header(key, value)
273
+ unless key =~ VALID_COOKIE_KEY
274
+ raise ArgumentError, "invalid cookie key: #{key.inspect}"
275
+ end
276
+
285
277
  case value
286
278
  when Hash
287
- key = escape_cookie_key(key) unless value[:escape_key] == false
288
279
  domain = "; domain=#{value[:domain]}" if value[:domain]
289
280
  path = "; path=#{value[:path]}" if value[:path]
290
281
  max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
@@ -306,8 +297,6 @@ module Rack
306
297
  end
307
298
  partitioned = "; partitioned" if value[:partitioned]
308
299
  value = value[:value]
309
- else
310
- key = escape_cookie_key(key)
311
300
  end
312
301
 
313
302
  value = [value] unless Array === value
data/lib/rack/version.rb CHANGED
@@ -5,17 +5,13 @@
5
5
  # Rack is freely distributable under the terms of an MIT-style license.
6
6
  # See MIT-LICENSE or https://opensource.org/licenses/MIT.
7
7
 
8
- # The Rack main module, serving as a namespace for all core Rack
9
- # modules and classes.
10
- #
11
- # All modules meant for use in your application are <tt>autoload</tt>ed here,
12
- # so it should be enough just to <tt>require 'rack'</tt> in your code.
13
-
14
8
  module Rack
15
- RELEASE = "3.1.0"
9
+ VERSION = "3.1.1"
10
+
11
+ RELEASE = VERSION
16
12
 
17
13
  # Return the Rack release as a dotted string.
18
14
  def self.release
19
- RELEASE
15
+ VERSION
20
16
  end
21
17
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen
@@ -108,7 +108,6 @@ files:
108
108
  - lib/rack/headers.rb
109
109
  - lib/rack/lint.rb
110
110
  - lib/rack/lock.rb
111
- - lib/rack/logger.rb
112
111
  - lib/rack/media_type.rb
113
112
  - lib/rack/method_override.rb
114
113
  - lib/rack/mime.rb
@@ -158,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
158
157
  - !ruby/object:Gem::Version
159
158
  version: '0'
160
159
  requirements: []
161
- rubygems_version: 3.5.9
160
+ rubygems_version: 3.5.3
162
161
  signing_key:
163
162
  specification_version: 4
164
163
  summary: A modular Ruby webserver interface.
data/lib/rack/logger.rb DELETED
@@ -1,23 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'logger'
4
- require_relative 'constants'
5
-
6
- warn "Rack::Logger is deprecated and will be removed in Rack 3.2.", uplevel: 1
7
-
8
- module Rack
9
- # Sets up rack.logger to write to rack.errors stream
10
- class Logger
11
- def initialize(app, level = ::Logger::INFO)
12
- @app, @level = app, level
13
- end
14
-
15
- def call(env)
16
- logger = ::Logger.new(env[RACK_ERRORS])
17
- logger.level = @level
18
-
19
- env[RACK_LOGGER] = logger
20
- @app.call(env)
21
- end
22
- end
23
- end