react_on_rails_pro 16.4.0.rc.8 → 16.4.0.rc.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 717ead6ca9b9c1f7354820f063551a8403cabb9fafeb095bd46f35e3d368a483
-  data.tar.gz: 5062b202868b9106090becb6dd5f040761a2dd37ec2a1323053e43df111044ed
+  metadata.gz: c63303b689f4adb5d1be96c2415522aeb05fd210258535c2a8fe3421414870a9
+  data.tar.gz: d0e63c69ac3c6ca63021ed54fc6f8f1fa6c574f0a261e74d6d6b4b9970a05c8a
 SHA512:
-  metadata.gz: b2fc8c9ad613776be17f834f8a7c2d7ff07b123e6e703b8dd21ffdc4687ee51d0037b49c813c7f7b9596266bfa15885336b1f6ce9df6530e995c68d58557d745
-  data.tar.gz: 025cf054e18a200c61ad22199617ce0374889b1f825290ee13952f02bb993532cf8b1738c0df4a7295c4b9bf576782bf42abe04395f9071dd46b0686697c8c5b
+  metadata.gz: 920e935410da89b4bbd5951c70e1b4f528e7525bba8f2d27094fbe1ce0676ac17f1277a100d235d6d74186a3414765e40f471de7dd0b7bb7e4faa68d04c61426
+  data.tar.gz: a4d980d3b3bdb5ace4a9d18902dbfabb35c2c2c99a3c354e5cbc39bda05853500d466d34c748e612dea4e0f0886849ed255be92082274befbaabc971af6b327e

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    react_on_rails (16.4.0.rc.8)
+    react_on_rails (16.4.0.rc.9)
       addressable
       connection_pool
       execjs (~> 2.5)
@@ -20,7 +20,7 @@ PATH
 PATH
   remote: .
   specs:
-    react_on_rails_pro (16.4.0.rc.8)
+    react_on_rails_pro (16.4.0.rc.9)
       addressable
       async (>= 2.6)
       connection_pool
@@ -29,7 +29,7 @@ PATH
       httpx (~> 1.5)
       jwt (~> 2.7)
       rainbow
-      react_on_rails (= 16.4.0.rc.8)
+      react_on_rails (= 16.4.0.rc.9)
 
 GEM
   remote: https://rubygems.org/

data/LICENSE_SETUP.md

@@ -75,13 +75,16 @@ heroku config:set REACT_ON_RAILS_PRO_LICENSE="your_token"
 Configure your license token via the `REACT_ON_RAILS_PRO_LICENSE` environment variable.
 Never commit license tokens to version control.
 
-## License Validation
+## License Validation and Signals
 
-The license is validated at multiple points:
+License-related checks and signals occur at multiple points:
 
 1. **Ruby Gem**: When Rails application starts
 2. **Node Renderer**: When the Node renderer process starts
-3. **Browser Package**: Trusts server-side validation (via `railsContext.rorPro`)
+3. **Browser Package**: Receives Pro-installed signal via `railsContext.rorPro` (not license-valid state)
+
+The browser package does not perform independent license validation. A valid paid license is still required for
+production deployments.
 
 When no license is present, the application runs in **unlicensed mode**. This is fine for development, testing, and CI/CD. Production deployments should always have a valid paid license.
 
@@ -148,7 +151,7 @@ The task exits with code 0 on success and code 1 if the license is missing, inva
 | Field                  | Type            | Description                                         |
 | ---------------------- | --------------- | --------------------------------------------------- |
 | `status`               | string          | `"valid"`, `"expired"`, `"invalid"`, or `"missing"` |
-| `organization`         | string or null  | Organization name from the license                  |
+| `organization`         | string or null  | Organization name from the JWT `org` claim          |
 | `plan`                 | string or null  | License plan (`"paid"`, `"startup"`, etc.)          |
 | `expiration`           | string or null  | ISO 8601 expiration date                            |
 | `attribution_required` | boolean         | Whether attribution is required                     |
@@ -302,11 +305,13 @@ The license is a JWT (JSON Web Token) signed with RSA-256, containing:
   "iat": 1234567890, // Issued at timestamp (REQUIRED)
   "exp": 1234567890, // Expiration timestamp (REQUIRED)
   "plan": "paid", // License plan (Optional — only "paid" is valid for production)
-  "organization": "Your Company", // Organization name (Optional)
+  "org": "Your Company", // Organization name (Optional)
   "iss": "api" // Issuer identifier (Optional, standard JWT claim)
 }
 ```
 
+> Note: The JWT claim is `org`. The verify task output uses the field name `organization` for readability.
+
 ### Security
 
 - **Offline validation**: No internet connection required

data/lib/react_on_rails_pro/compression_middleware_guard.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+require "stringio"
+require "timeout"
+
+module ReactOnRailsPro
+  class CompressionMiddlewareGuard
+    COMPATIBILITY_GUIDE_PATH =
+      "https://www.shakacode.com/react-on-rails/docs/building-features/" \
+      "streaming-server-rendering/#compression-middleware-compatibility"
+    PROBLEMATIC_MIDDLEWARES = %w[Rack::Deflater Rack::Brotli].freeze
+    PROBE_TIMEOUT_SECONDS = 1
+
+    Finding = Struct.new(:middleware_name, :source_location, keyword_init: true)
+
+    def initialize(middlewares:, logger: nil)
+      @middlewares = normalize_middlewares(middlewares)
+      @logger = logger
+    end
+
+    def findings
+      @findings ||= @middlewares.filter_map do |middleware|
+        next unless problematic_middleware?(middleware)
+
+        condition = middleware_condition(middleware)
+        next unless condition.respond_to?(:call)
+        next unless destructively_iterates_stream?(condition)
+
+        Finding.new(
+          middleware_name: middleware_name(middleware),
+          source_location: source_location_for(condition)
+        )
+      end
+    end
+
+    def warning_messages(root:)
+      findings.map do |finding|
+        "[React on Rails Pro] #{finding.middleware_name} has a custom `:if` callback" \
+          "#{formatted_source_location(finding, root: root)} that calls `body.each`. " \
+          "This is incompatible with streaming SSR/RSC and can deadlock `ActionController::Live` responses. " \
+          "Remove the custom `:if`, or guard it with " \
+          "`return true unless body.respond_to?(:to_ary)` before iterating. " \
+          "See #{COMPATIBILITY_GUIDE_PATH}."
+      end
+    end
+
+    private
+
+    def normalize_middlewares(middlewares)
+      if defined?(ActionDispatch::MiddlewareStack) && middlewares.is_a?(ActionDispatch::MiddlewareStack)
+        return middlewares.middlewares
+      end
+
+      Array(middlewares)
+    end
+
+    def problematic_middleware?(middleware)
+      PROBLEMATIC_MIDDLEWARES.include?(middleware_name(middleware))
+    end
+
+    def middleware_name(middleware)
+      middleware.klass.respond_to?(:name) ? middleware.klass.name : middleware.klass.to_s
+    end
+
+    def middleware_condition(middleware)
+      Array(middleware.args).filter_map do |arg|
+        next unless arg.is_a?(Hash)
+
+        arg[:if] || arg["if"]
+      end.first
+    end
+
+    def destructively_iterates_stream?(condition)
+      probe = StreamingBodyProbe.new
+
+      Timeout.timeout(PROBE_TIMEOUT_SECONDS) do
+        condition.call(probe_env, 200, probe_headers, probe)
+      end
+      probe.iterated?
+    rescue StreamingBodyProbe::BodyIteratedError
+      true
+    rescue Timeout::Error => e
+      return true if probe.iterated?
+
+      log_probe_failure(condition, e, reason: "timed out after #{PROBE_TIMEOUT_SECONDS}s")
+      false
+    rescue StandardError => e
+      return true if probe.iterated?
+
+      log_probe_failure(condition, e)
+      false
+    end
+
+    # Minimal Rack env used to probe `:if` callbacks.
+    # Callbacks that depend on application-specific keys can still raise here;
+    # those probe failures are logged at debug level and treated as non-findings.
+    # Path-gated callbacks can bypass this probe and yield false negatives.
+    def probe_env
+      {
+        "CONTENT_TYPE" => "text/html; charset=utf-8",
+        "HTTP_ACCEPT" => "text/html",
+        "REQUEST_METHOD" => "GET",
+        "PATH_INFO" => "/__react_on_rails_pro_stream_probe__",
+        "HTTP_ACCEPT_ENCODING" => "br, gzip, identity",
+        "HTTP_HOST" => "example.test",
+        "SERVER_NAME" => "example.test",
+        "rack.url_scheme" => "https",
+        "rack.errors" => StringIO.new,
+        "rack.input" => StringIO.new
+      }
+    end
+
+    def probe_headers
+      {
+        "Content-Type" => "text/html; charset=utf-8"
+      }
+    end
+
+    def formatted_source_location(finding, root:)
+      return "" unless finding.source_location
+
+      path, line = finding.source_location
+      root_prefix = "#{root}/"
+      display_path = path.start_with?(root_prefix) ? path.delete_prefix(root_prefix) : path
+
+      " (#{display_path}:#{line})"
+    end
+
+    def source_location_for(condition)
+      condition.respond_to?(:source_location) ? condition.source_location : nil
+    end
+
+    def log_probe_failure(condition, error, reason: nil)
+      return unless @logger.respond_to?(:debug)
+
+      identifier = source_location_for(condition)&.join(":") || condition.class.name || condition.inspect
+      backtrace_hint = error.backtrace&.first
+
+      @logger.debug do
+        message = "[React on Rails Pro] CompressionMiddlewareGuard could not probe `:if` callback " \
+                  "(#{identifier}): "
+        message += "#{reason}: " if reason
+        message += "#{error.class}: #{error.message}"
+        message += " (#{backtrace_hint})" if backtrace_hint
+        message
+      end
+    end
+
+    class StreamingBodyProbe
+      include Enumerable
+
+      class BodyIteratedError < StandardError; end
+
+      def iterated?
+        @iterated == true
+      end
+
+      def each
+        @iterated = true
+        raise BodyIteratedError, "Compression middleware `:if` callback called `body.each` on a streaming body."
+      end
+    end
+  end
+end

data/lib/react_on_rails_pro/engine.rb

@@ -7,10 +7,8 @@ module ReactOnRailsPro
     LICENSE_URL = "https://www.shakacode.com/react-on-rails-pro/"
     # TODO: Remove this legacy migration warning path after 16.5.0 stable release (target: 2026-05-31).
     LEGACY_LICENSE_FILE = "config/react_on_rails_pro_license.key"
-    RSC_STREAMING_MIDDLEWARE_WARNING_TARGETS = ["Rack::Deflater"].freeze
     private_constant :LICENSE_URL
     private_constant :LEGACY_LICENSE_FILE
-    private_constant :RSC_STREAMING_MIDDLEWARE_WARNING_TARGETS
 
     initializer "react_on_rails_pro.routes" do
       ActionDispatch::Routing::Mapper.include ReactOnRailsPro::Routes
@@ -22,8 +20,8 @@ module ReactOnRailsPro
       config.after_initialize { ReactOnRailsPro::Engine.log_license_status }
     end
 
-    initializer "react_on_rails_pro.check_rsc_streaming_middleware" do
-      config.after_initialize { ReactOnRailsPro::Engine.log_rsc_streaming_middleware_warning }
+    initializer "react_on_rails_pro.warn_on_problematic_compression_middleware" do
+      config.after_initialize { ReactOnRailsPro::Engine.log_problematic_compression_middleware_warnings }
     end
 
     class << self
@@ -46,22 +44,12 @@ module ReactOnRailsPro
         end
       end
 
-      def log_rsc_streaming_middleware_warning
-        return unless ReactOnRailsPro.configuration.enable_rsc_support
-        return if Rails.env.test?
-
-        middleware_names = middleware_stack_names
-        problematic = RSC_STREAMING_MIDDLEWARE_WARNING_TARGETS & middleware_names
-        return if problematic.empty?
-
-        route_path = ReactOnRailsPro.configuration.rsc_payload_generation_url_path
-        Rails.logger.warn(
-          "[React on Rails Pro] React Server Components support is enabled and the middleware " \
-          "stack includes #{problematic.join(', ')}. Compression and other response-transforming " \
-          "middleware can interfere with ActionController::Live NDJSON streaming. If your " \
-          "`#{route_path}` payload route is not already exempt, consider bypassing " \
-          "#{problematic.join(', ')} for that endpoint if you see stalled or corrupted RSC payloads."
-        )
+      def log_problematic_compression_middleware_warnings(logger: Rails.logger,
+                                                          middlewares: Rails.application.middleware,
+                                                          root: Rails.root)
+        CompressionMiddlewareGuard.new(middlewares: middlewares, logger: logger)
+                                  .warning_messages(root: root)
+                                  .each { |message| logger.warn(message) }
       end
 
       private
@@ -129,40 +117,6 @@ module ReactOnRailsPro
           Rails.logger.info message
         end
       end
-
-      def middleware_stack_names
-        middleware_stack = Rails.application&.middleware
-        return [] unless middleware_stack
-
-        entries =
-          if middleware_stack.respond_to?(:middlewares)
-            middleware_stack.middlewares
-          elsif middleware_stack.respond_to?(:to_a)
-            middleware_stack.to_a
-          else
-            Array(middleware_stack)
-          end
-
-        entries.filter_map { |entry| middleware_entry_name(entry) }.uniq
-      end
-
-      def middleware_entry_name(entry)
-        candidate =
-          if entry.respond_to?(:klass) && entry.klass
-            entry.klass
-          elsif entry.is_a?(Array)
-            entry.first
-          else
-            entry
-          end
-
-        case candidate
-        when Module
-          candidate.name
-        else
-          candidate.to_s.presence
-        end
-      end
     end
   end
 end

data/lib/react_on_rails_pro/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module ReactOnRailsPro
-  VERSION = "16.4.0.rc.8"
+  VERSION = "16.4.0.rc.9"
   PROTOCOL_VERSION = "2.0.0"
 end

data/lib/react_on_rails_pro.rb

@@ -6,6 +6,7 @@ require "react_on_rails"
 require "react_on_rails_pro/request"
 require "react_on_rails_pro/version"
 require "react_on_rails_pro/constants"
+require "react_on_rails_pro/compression_middleware_guard"
 require "react_on_rails_pro/engine"
 require "react_on_rails_pro/error"
 require "react_on_rails_pro/utils"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: react_on_rails_pro
 version: !ruby/object:Gem::Version
-  version: 16.4.0.rc.8
+  version: 16.4.0.rc.9
 platform: ruby
 authors:
 - Justin Gordon
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-03-11 00:00:00.000000000 Z
+date: 2026-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.4.0.rc.8
+        version: 16.4.0.rc.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 16.4.0.rc.8
+        version: 16.4.0.rc.9
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -230,6 +230,7 @@ files:
 - lib/react_on_rails_pro/assets_precompile.rb
 - lib/react_on_rails_pro/async_value.rb
 - lib/react_on_rails_pro/cache.rb
+- lib/react_on_rails_pro/compression_middleware_guard.rb
 - lib/react_on_rails_pro/concerns/async_rendering.rb
 - lib/react_on_rails_pro/concerns/rsc_payload_renderer.rb
 - lib/react_on_rails_pro/concerns/stream.rb