rack 3.1.1 → 3.1.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -38
- data/lib/rack/logger.rb +23 -0
- data/lib/rack/mock_response.rb +2 -2
- data/lib/rack/request.rb +7 -0
- data/lib/rack/utils.rb +34 -12
- data/lib/rack/version.rb +8 -4
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1cb578b6c5608012f69e9e89637fe2b53f31d5aa15f9d546e1c756384119c762
|
|
4
|
+
data.tar.gz: 4201b8eb5e202b3832cf1e576bfa13106866da483d9e0395a58bb482a04da30a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 71f559cc4ffb927a6297ad5d1e9794d740270c670148f100feb40b0a465303e20aeea7d82c953cf3e2af9b9651facb9dbd814bb152f83c6e4042e4a89ac67b7b
|
|
7
|
+
data.tar.gz: 7ae4c87c4b74f111f0bae47d6ba80aacbbd3d5d6424f0231922676e3e0898ad895a3816098622b83cb73e2668cf4bd991ae5d8d4669b177557dab155b0fb80df
|
data/CHANGELOG.md
CHANGED
|
@@ -2,70 +2,52 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
-
##
|
|
5
|
+
## [3.1.3] - 2024-06-12
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
### Fixed
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
- Fix passing non-strings to `Rack::Utils.escape_html`. ([#2202](https://github.com/rack/rack/pull/2202), [@earlopain])
|
|
10
|
+
- `Rack::MockResponse` gracefully handles empty cookies ([#2203](https://github.com/rack/rack/pull/2203) [@wynksaiddestroy](https://github.com/wynksaiddestroy))
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
## [3.1.2] - 2024-06-11
|
|
12
13
|
|
|
13
|
-
|
|
14
|
+
## Changed
|
|
14
15
|
|
|
15
|
-
- Invalid cookie keys will now raise an error. ([#2192](https://github.com/rack/rack/pull/2192), [@ioquatix])
|
|
16
16
|
- `Rack::Response` will take in to consideration chunked encoding responses ([#2204](https://github.com/rack/rack/pull/2204), [@tenderlove])
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
## [3.1.1] - 2024-06-11
|
|
19
19
|
|
|
20
|
-
-
|
|
21
|
-
- `Rack::Logger` is removed with no replacement. ([#2196](https://github.com/rack/rack/pull/2196), [@ioquatix])
|
|
20
|
+
- Oops, I shouldn't have shipped this
|
|
22
21
|
|
|
23
22
|
## [3.1.0] - 2024-06-11
|
|
24
23
|
|
|
25
|
-
Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.
|
|
26
|
-
|
|
27
24
|
### SPEC Changes
|
|
28
25
|
|
|
29
|
-
- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [
|
|
30
|
-
- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [
|
|
31
|
-
|
|
32
|
-
- Introduce optional `rack.protocol` request and response header for handling connection upgrades. ([#1954](https://github.com/rack/rack/pull/1954), [@ioquatix])
|
|
26
|
+
- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [@ioquatix])
|
|
27
|
+
- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [@ioquatix])
|
|
28
|
+
- `rack.protocol` is an optional environment key and response header for handling connection upgrades.
|
|
33
29
|
|
|
34
30
|
### Added
|
|
35
31
|
|
|
36
|
-
- Introduce `Rack::Multipart::MissingInputError` for improved handling of missing input in `#parse_multipart`. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
|
|
37
32
|
- Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#2019](https://github.com/rack/rack/pull/2019), [@ioquatix])
|
|
38
|
-
- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas]
|
|
39
|
-
- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b]
|
|
40
|
-
-
|
|
33
|
+
- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas])
|
|
34
|
+
- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b])
|
|
35
|
+
- `rack.early_hints` is now officially supported as an optional feature (already implemented by Unicorn, Puma, and Falcon). ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine, @jeremyevans])
|
|
41
36
|
|
|
42
37
|
### Changed
|
|
43
38
|
|
|
44
|
-
-
|
|
39
|
+
- `rack.input` is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
|
|
40
|
+
- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8))
|
|
45
41
|
- Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#2065](https://github.com/rack/rack/pull/2065), [@davidstosik])
|
|
46
42
|
- `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#39;` instead of `#x27;`. (decimal vs hexadecimal) ([#2099](https://github.com/rack/rack/pull/2099), [@JunichiIto](https://github.com/JunichiIto))
|
|
47
|
-
- Clarify use of `@buffered` and only update `content-length` when `Rack::Response#finish` is invoked. ([#2149](https://github.com/rack/rack/pull/2149), [@ioquatix])
|
|
48
|
-
|
|
49
|
-
### Deprecated
|
|
50
|
-
|
|
51
|
-
- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073), [@jeremyevans])
|
|
52
43
|
- Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#2191](https://github.com/rack/rack/pull/2191), [@ioquatix])
|
|
53
|
-
- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
|
|
54
|
-
- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
|
|
55
44
|
|
|
56
45
|
### Removed
|
|
57
46
|
|
|
58
|
-
- Remove
|
|
59
|
-
-
|
|
60
|
-
-
|
|
61
|
-
-
|
|
62
|
-
- Remove deprecated `Rack::QueryParser` `key_space_limit` parameter with no replacement. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
|
|
63
|
-
- Remove deprecated `Rack::Response#header`, use `Rack::Response#headers` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
|
|
64
|
-
- Remove deprecated cookie methods from `Rack::Utils`: `add_cookie_to_header`, `make_delete_cookie_header`, `add_remove_cookie_to_header`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
|
|
65
|
-
- Remove deprecated `Rack::Utils::HeaderHash`. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
|
|
66
|
-
- Remove deprecated `Rack::VERSION`, `Rack::VERSION_STRING`, `Rack.version`, use `Rack.release` instead. ([#1966](https://github.com/rack/rack/pull/1966), [@ioquatix])
|
|
67
|
-
- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn](https://github.com/wtn))
|
|
68
|
-
- Remove any dependency on `transfer-encoding: chunked`. ([#2195](https://github.com/rack/rack/pull/2195), [@ioquatix])
|
|
47
|
+
- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
|
|
48
|
+
- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
|
|
49
|
+
- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073) ([@jeremyevans])
|
|
50
|
+
- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
|
|
69
51
|
|
|
70
52
|
### Fixed
|
|
71
53
|
|
data/lib/rack/logger.rb
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'logger'
|
|
4
|
+
require_relative 'constants'
|
|
5
|
+
|
|
6
|
+
warn "Rack::Logger is deprecated and will be removed in Rack 3.2.", uplevel: 1
|
|
7
|
+
|
|
8
|
+
module Rack
|
|
9
|
+
# Sets up rack.logger to write to rack.errors stream
|
|
10
|
+
class Logger
|
|
11
|
+
def initialize(app, level = ::Logger::INFO)
|
|
12
|
+
@app, @level = app, level
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def call(env)
|
|
16
|
+
logger = ::Logger.new(env[RACK_ERRORS])
|
|
17
|
+
logger.level = @level
|
|
18
|
+
|
|
19
|
+
env[RACK_LOGGER] = logger
|
|
20
|
+
@app.call(env)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/rack/mock_response.rb
CHANGED
|
@@ -78,8 +78,8 @@ module Rack
|
|
|
78
78
|
|
|
79
79
|
def parse_cookies_from_header
|
|
80
80
|
cookies = Hash.new
|
|
81
|
-
|
|
82
|
-
|
|
81
|
+
set_cookie_header = headers['set-cookie']
|
|
82
|
+
if set_cookie_header && !set_cookie_header.empty?
|
|
83
83
|
Array(set_cookie_header).each do |cookie|
|
|
84
84
|
cookie_name, cookie_filling = cookie.split('=', 2)
|
|
85
85
|
cookie_attributes = identify_cookie_attributes cookie_filling
|
data/lib/rack/request.rb
CHANGED
|
@@ -616,6 +616,13 @@ module Rack
|
|
|
616
616
|
Rack::Request.ip_filter.call(ip)
|
|
617
617
|
end
|
|
618
618
|
|
|
619
|
+
# like Hash#values_at
|
|
620
|
+
def values_at(*keys)
|
|
621
|
+
warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
|
|
622
|
+
|
|
623
|
+
keys.map { |key| params[key] }
|
|
624
|
+
end
|
|
625
|
+
|
|
619
626
|
private
|
|
620
627
|
|
|
621
628
|
def default_session; {}; end
|
data/lib/rack/utils.rb
CHANGED
|
@@ -6,7 +6,7 @@ require 'fileutils'
|
|
|
6
6
|
require 'set'
|
|
7
7
|
require 'tempfile'
|
|
8
8
|
require 'time'
|
|
9
|
-
require '
|
|
9
|
+
require 'erb'
|
|
10
10
|
|
|
11
11
|
require_relative 'query_parser'
|
|
12
12
|
require_relative 'mime'
|
|
@@ -176,8 +176,17 @@ module Rack
|
|
|
176
176
|
matches&.first
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
-
#
|
|
180
|
-
|
|
179
|
+
# Introduced in ERB 4.0. ERB::Escape is an alias for ERB::Utils which
|
|
180
|
+
# doesn't get monkey-patched by rails
|
|
181
|
+
if defined?(ERB::Escape) && ERB::Escape.instance_method(:html_escape)
|
|
182
|
+
define_method(:escape_html, ERB::Escape.instance_method(:html_escape))
|
|
183
|
+
else
|
|
184
|
+
require 'cgi/escape'
|
|
185
|
+
# Escape ampersands, brackets and quotes to their HTML/XML entities.
|
|
186
|
+
def escape_html(string)
|
|
187
|
+
CGI.escapeHTML(string.to_s)
|
|
188
|
+
end
|
|
189
|
+
end
|
|
181
190
|
|
|
182
191
|
def select_best_encoding(available_encodings, accept_encoding)
|
|
183
192
|
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
|
|
@@ -244,18 +253,26 @@ module Rack
|
|
|
244
253
|
parse_cookies_header env[HTTP_COOKIE]
|
|
245
254
|
end
|
|
246
255
|
|
|
247
|
-
# A valid cookie key according to
|
|
256
|
+
# A valid cookie key according to RFC2616.
|
|
248
257
|
# A <cookie-name> can be any US-ASCII characters, except control characters, spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / [ ] ? = { }.
|
|
249
258
|
VALID_COOKIE_KEY = /\A[!#$%&'*+\-\.\^_`|~0-9a-zA-Z]+\z/.freeze
|
|
250
259
|
private_constant :VALID_COOKIE_KEY
|
|
251
260
|
|
|
261
|
+
private def escape_cookie_key(key)
|
|
262
|
+
if key =~ VALID_COOKIE_KEY
|
|
263
|
+
key
|
|
264
|
+
else
|
|
265
|
+
warn "Cookie key #{key.inspect} is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.", uplevel: 2
|
|
266
|
+
escape(key)
|
|
267
|
+
end
|
|
268
|
+
end
|
|
269
|
+
|
|
252
270
|
# :call-seq:
|
|
253
271
|
# set_cookie_header(key, value) -> encoded string
|
|
254
272
|
#
|
|
255
273
|
# Generate an encoded string using the provided +key+ and +value+ suitable
|
|
256
274
|
# for the +set-cookie+ header according to RFC6265. The +value+ may be an
|
|
257
|
-
# instance of either +String+ or +Hash+.
|
|
258
|
-
# defined by RFC6265), an +ArgumentError+ will be raised.
|
|
275
|
+
# instance of either +String+ or +Hash+.
|
|
259
276
|
#
|
|
260
277
|
# If the cookie +value+ is an instance of +Hash+, it considers the following
|
|
261
278
|
# cookie attribute keys: +domain+, +max_age+, +expires+ (must be instance
|
|
@@ -263,6 +280,10 @@ module Rack
|
|
|
263
280
|
# details about the interpretation of these fields, consult
|
|
264
281
|
# [RFC6265 Section 5.2](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2).
|
|
265
282
|
#
|
|
283
|
+
# An extra cookie attribute +escape_key+ can be provided to control whether
|
|
284
|
+
# or not the cookie key is URL encoded. If explicitly set to +false+, the
|
|
285
|
+
# cookie key name will not be url encoded (escaped). The default is +true+.
|
|
286
|
+
#
|
|
266
287
|
# set_cookie_header("myname", "myvalue")
|
|
267
288
|
# # => "myname=myvalue"
|
|
268
289
|
#
|
|
@@ -270,12 +291,9 @@ module Rack
|
|
|
270
291
|
# # => "myname=myvalue; max-age=10"
|
|
271
292
|
#
|
|
272
293
|
def set_cookie_header(key, value)
|
|
273
|
-
unless key =~ VALID_COOKIE_KEY
|
|
274
|
-
raise ArgumentError, "invalid cookie key: #{key.inspect}"
|
|
275
|
-
end
|
|
276
|
-
|
|
277
294
|
case value
|
|
278
295
|
when Hash
|
|
296
|
+
key = escape_cookie_key(key) unless value[:escape_key] == false
|
|
279
297
|
domain = "; domain=#{value[:domain]}" if value[:domain]
|
|
280
298
|
path = "; path=#{value[:path]}" if value[:path]
|
|
281
299
|
max_age = "; max-age=#{value[:max_age]}" if value[:max_age]
|
|
@@ -297,6 +315,8 @@ module Rack
|
|
|
297
315
|
end
|
|
298
316
|
partitioned = "; partitioned" if value[:partitioned]
|
|
299
317
|
value = value[:value]
|
|
318
|
+
else
|
|
319
|
+
key = escape_cookie_key(key)
|
|
300
320
|
end
|
|
301
321
|
|
|
302
322
|
value = [value] unless Array === value
|
|
@@ -571,9 +591,11 @@ module Rack
|
|
|
571
591
|
fallback_code = OBSOLETE_SYMBOLS_TO_STATUS_CODES.fetch(status) { raise ArgumentError, "Unrecognized status code #{status.inspect}" }
|
|
572
592
|
message = "Status code #{status.inspect} is deprecated and will be removed in a future version of Rack."
|
|
573
593
|
if canonical_symbol = OBSOLETE_SYMBOL_MAPPINGS[status]
|
|
574
|
-
message = "#{message} Please use #{canonical_symbol.inspect} instead."
|
|
594
|
+
# message = "#{message} Please use #{canonical_symbol.inspect} instead."
|
|
595
|
+
# For now, let's not emit any warning when there is a mapping.
|
|
596
|
+
else
|
|
597
|
+
warn message, uplevel: 3
|
|
575
598
|
end
|
|
576
|
-
warn message, uplevel: 1
|
|
577
599
|
fallback_code
|
|
578
600
|
end
|
|
579
601
|
else
|
data/lib/rack/version.rb
CHANGED
|
@@ -5,13 +5,17 @@
|
|
|
5
5
|
# Rack is freely distributable under the terms of an MIT-style license.
|
|
6
6
|
# See MIT-LICENSE or https://opensource.org/licenses/MIT.
|
|
7
7
|
|
|
8
|
-
module Rack
|
|
9
|
-
|
|
8
|
+
# The Rack main module, serving as a namespace for all core Rack
|
|
9
|
+
# modules and classes.
|
|
10
|
+
#
|
|
11
|
+
# All modules meant for use in your application are <tt>autoload</tt>ed here,
|
|
12
|
+
# so it should be enough just to <tt>require 'rack'</tt> in your code.
|
|
10
13
|
|
|
11
|
-
|
|
14
|
+
module Rack
|
|
15
|
+
RELEASE = "3.1.3"
|
|
12
16
|
|
|
13
17
|
# Return the Rack release as a dotted string.
|
|
14
18
|
def self.release
|
|
15
|
-
|
|
19
|
+
RELEASE
|
|
16
20
|
end
|
|
17
21
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-06-
|
|
11
|
+
date: 2024-06-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|
|
@@ -108,6 +108,7 @@ files:
|
|
|
108
108
|
- lib/rack/headers.rb
|
|
109
109
|
- lib/rack/lint.rb
|
|
110
110
|
- lib/rack/lock.rb
|
|
111
|
+
- lib/rack/logger.rb
|
|
111
112
|
- lib/rack/media_type.rb
|
|
112
113
|
- lib/rack/method_override.rb
|
|
113
114
|
- lib/rack/mime.rb
|
|
@@ -157,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
157
158
|
- !ruby/object:Gem::Version
|
|
158
159
|
version: '0'
|
|
159
160
|
requirements: []
|
|
160
|
-
rubygems_version: 3.5.
|
|
161
|
+
rubygems_version: 3.5.9
|
|
161
162
|
signing_key:
|
|
162
163
|
specification_version: 4
|
|
163
164
|
summary: A modular Ruby webserver interface.
|