roda 3.82.0 → 3.84.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (97) hide show
  1. checksums.yaml +4 -4
  2. data/lib/roda/plugins/assume_ssl.rb +28 -0
  3. data/lib/roda/plugins/hsts.rb +35 -0
  4. data/lib/roda/plugins/multi_public.rb +3 -3
  5. data/lib/roda/plugins/public.rb +1 -1
  6. data/lib/roda/plugins/timestamp_public.rb +1 -1
  7. data/lib/roda/plugins/typecast_params.rb +1 -1
  8. data/lib/roda/response.rb +1 -1
  9. data/lib/roda/version.rb +1 -1
  10. metadata +5 -177
  11. data/CHANGELOG +0 -687
  12. data/README.rdoc +0 -1136
  13. data/doc/conventions.rdoc +0 -177
  14. data/doc/release_notes/3.0.0.txt +0 -84
  15. data/doc/release_notes/3.1.0.txt +0 -24
  16. data/doc/release_notes/3.10.0.txt +0 -132
  17. data/doc/release_notes/3.11.0.txt +0 -54
  18. data/doc/release_notes/3.12.0.txt +0 -19
  19. data/doc/release_notes/3.13.0.txt +0 -38
  20. data/doc/release_notes/3.14.0.txt +0 -36
  21. data/doc/release_notes/3.14.1.txt +0 -43
  22. data/doc/release_notes/3.15.0.txt +0 -21
  23. data/doc/release_notes/3.16.0.txt +0 -52
  24. data/doc/release_notes/3.17.0.txt +0 -62
  25. data/doc/release_notes/3.18.0.txt +0 -170
  26. data/doc/release_notes/3.19.0.txt +0 -229
  27. data/doc/release_notes/3.2.0.txt +0 -22
  28. data/doc/release_notes/3.20.0.txt +0 -7
  29. data/doc/release_notes/3.21.0.txt +0 -5
  30. data/doc/release_notes/3.22.0.txt +0 -24
  31. data/doc/release_notes/3.23.0.txt +0 -28
  32. data/doc/release_notes/3.24.0.txt +0 -14
  33. data/doc/release_notes/3.25.0.txt +0 -12
  34. data/doc/release_notes/3.26.0.txt +0 -15
  35. data/doc/release_notes/3.27.0.txt +0 -15
  36. data/doc/release_notes/3.28.0.txt +0 -13
  37. data/doc/release_notes/3.29.0.txt +0 -15
  38. data/doc/release_notes/3.3.0.txt +0 -291
  39. data/doc/release_notes/3.30.0.txt +0 -14
  40. data/doc/release_notes/3.31.0.txt +0 -11
  41. data/doc/release_notes/3.32.0.txt +0 -42
  42. data/doc/release_notes/3.33.0.txt +0 -8
  43. data/doc/release_notes/3.34.0.txt +0 -17
  44. data/doc/release_notes/3.35.0.txt +0 -12
  45. data/doc/release_notes/3.36.0.txt +0 -17
  46. data/doc/release_notes/3.37.0.txt +0 -42
  47. data/doc/release_notes/3.38.0.txt +0 -5
  48. data/doc/release_notes/3.39.0.txt +0 -16
  49. data/doc/release_notes/3.4.0.txt +0 -24
  50. data/doc/release_notes/3.40.0.txt +0 -24
  51. data/doc/release_notes/3.41.0.txt +0 -9
  52. data/doc/release_notes/3.42.0.txt +0 -21
  53. data/doc/release_notes/3.43.0.txt +0 -34
  54. data/doc/release_notes/3.44.0.txt +0 -23
  55. data/doc/release_notes/3.45.0.txt +0 -22
  56. data/doc/release_notes/3.46.0.txt +0 -19
  57. data/doc/release_notes/3.47.0.txt +0 -13
  58. data/doc/release_notes/3.48.0.txt +0 -10
  59. data/doc/release_notes/3.49.0.txt +0 -18
  60. data/doc/release_notes/3.5.0.txt +0 -31
  61. data/doc/release_notes/3.50.0.txt +0 -21
  62. data/doc/release_notes/3.51.0.txt +0 -20
  63. data/doc/release_notes/3.52.0.txt +0 -20
  64. data/doc/release_notes/3.53.0.txt +0 -14
  65. data/doc/release_notes/3.54.0.txt +0 -48
  66. data/doc/release_notes/3.55.0.txt +0 -12
  67. data/doc/release_notes/3.56.0.txt +0 -33
  68. data/doc/release_notes/3.57.0.txt +0 -34
  69. data/doc/release_notes/3.58.0.txt +0 -16
  70. data/doc/release_notes/3.59.0.txt +0 -17
  71. data/doc/release_notes/3.6.0.txt +0 -21
  72. data/doc/release_notes/3.60.0.txt +0 -56
  73. data/doc/release_notes/3.61.0.txt +0 -24
  74. data/doc/release_notes/3.62.0.txt +0 -41
  75. data/doc/release_notes/3.63.0.txt +0 -36
  76. data/doc/release_notes/3.64.0.txt +0 -26
  77. data/doc/release_notes/3.65.0.txt +0 -12
  78. data/doc/release_notes/3.66.0.txt +0 -23
  79. data/doc/release_notes/3.67.0.txt +0 -25
  80. data/doc/release_notes/3.68.0.txt +0 -21
  81. data/doc/release_notes/3.69.0.txt +0 -33
  82. data/doc/release_notes/3.7.0.txt +0 -123
  83. data/doc/release_notes/3.70.0.txt +0 -19
  84. data/doc/release_notes/3.71.0.txt +0 -33
  85. data/doc/release_notes/3.72.0.txt +0 -48
  86. data/doc/release_notes/3.73.0.txt +0 -33
  87. data/doc/release_notes/3.74.0.txt +0 -28
  88. data/doc/release_notes/3.75.0.txt +0 -19
  89. data/doc/release_notes/3.76.0.txt +0 -18
  90. data/doc/release_notes/3.77.0.txt +0 -8
  91. data/doc/release_notes/3.78.0.txt +0 -99
  92. data/doc/release_notes/3.79.0.txt +0 -148
  93. data/doc/release_notes/3.8.0.txt +0 -27
  94. data/doc/release_notes/3.80.0.txt +0 -31
  95. data/doc/release_notes/3.81.0.txt +0 -24
  96. data/doc/release_notes/3.82.0.txt +0 -43
  97. data/doc/release_notes/3.9.0.txt +0 -67
@@ -1,24 +0,0 @@
1
- = New Features
2
-
3
- * The hmac_paths plugin now supports :until and :seconds options for
4
- hmac_path, to create a path that is only valid for a specific amount of
5
- time. :until sets a specific time that the path will be valid until,
6
- and :seconds makes the path only valid for the given number of seconds.
7
-
8
- hmac_path('/widget/1', until: Time.utc(2100))
9
- # => "/dc8b6e56e4cbe7815df7880d42f0e02956b2e4c49881b6060ceb0e49745a540d/t/4102444800/widget/1"
10
-
11
- Requests for the path after the given time will not be matched by
12
- r.hmac_path.
13
-
14
- = Other Improvements
15
-
16
- * The early_hints plugin now correctly follows the Rack 3 SPEC when
17
- using Rack 3. This was not caught previously because Rack only
18
- added official support for early_hints in the last month.
19
-
20
- * Ruby 3.4 backtraces are now parsed correctly in the exception_page
21
- plugin.
22
-
23
- * Some plugins that accept a block no longer issue an unused block
24
- warning on Ruby 3.4.
@@ -1,43 +0,0 @@
1
- = New Features
2
-
3
- * A :zstd option has been added to the public and multi_public
4
- plugins to support serving zstd-compressed files with a .zst
5
- extension. This option is similar to the existing :gzip and
6
- :brotli plugin options. Chrome started supporting zstd encoding
7
- in March.
8
-
9
- * An :encodings option has been added to the public and multi_public
10
- plugins, for more control over how encodings are handled. This
11
- allows for changing the order in which encodings are attempted, the
12
- use of custom encodings, and the use of different file extensions
13
- for encodings. Example:
14
-
15
- plugin :public, encodings: {'zstd'=>'.zst', 'deflate'=>'.deflate'}
16
-
17
- If the :encodings option is not provided, the :zstd, :brotli, and
18
- :gzip options are used to build an equivalent :encodings option.
19
-
20
- = Other Improvements
21
-
22
- * The capture_erb plugin now integrates better when using
23
- erubi/capture_block for <%= method do %> support in ERB templates,
24
- using the native capture method provided by the buffer object.
25
-
26
- * Encoding handling has been more optimized in the public plugin.
27
- Regexps for the encodings are precomputed, avoiding a regexp
28
- allocation per request per encoding attempted. On Ruby 2.4+
29
- Regexp#match? is used for better performance. If the
30
- Accept-Encoding header is not present, no encoding matching
31
- is attemped.
32
-
33
- = Backwards Compatibility
34
-
35
- * The private public_serve_compressed request method in the public
36
- plugin now assumes it is called after the encoding is already
37
- valid. If you are calling this method in your own code, you now
38
- need to perform checks to make sure the client can accept the
39
- encoding before calling this method.
40
-
41
- * The :public_gzip and :public_brotli application options are no
42
- longer set by the public plugin. The :public_encodings option
43
- is now set.
@@ -1,67 +0,0 @@
1
- = New Features
2
-
3
- * A route_csrf plugin has been added. This plugin allows for more
4
- control over CSRF protection, since the user can choose where in
5
- the routing tree to enforce the protection. Additionally, the
6
- route_csrf plugin offers better security than the CSRF protection
7
- used by the csrf plugin (which uses the rack_csrf library).
8
-
9
- The route_csrf plugin defaults to allowing only CSRF tokens
10
- specific to a given request method and request path, and not
11
- allowing generic CSRF tokens (though it does offer optional support
12
- for such tokens). Both request-specific and generic CSRF tokens
13
- are designed to never leak the CSRF secret key, making it more
14
- difficult to forge valid CSRF tokens. Additionally, the plugin
15
- offers optional support for accepting rack_csrf tokens, which
16
- should only be enabled during a short transition period.
17
-
18
- Some differences between the route_csrf plugin and the older
19
- csrf plugin:
20
-
21
- * route_csrf supports and by default only allows CSRF tokens
22
- specific to request method and request path, as mentioned
23
- above. You can use the require_request_specific_tokens: false
24
- option to allow generic CSRF tokens.
25
-
26
- * route_csrf does not check the HTTP header by default, it
27
- only checks the header if the :check_header option is set.
28
- The :check_header option can be set to true to check both
29
- the parameter and the header, or set to :only to only check
30
- the header.
31
-
32
- * route_csrf raises by default for invalid CSRF tokens. rack_csrf
33
- returns an empty 403 response in that case. You can use the
34
- error_handler plugin to handle the
35
- Roda::RodaPlugins::RouteCsrf::InvalidToken exceptions, or you
36
- can use the csrf_failure: :empty_403 option if you would like
37
- the csrf plugin default behavior. The plugin also accepts a
38
- block for configurable failure behavior.
39
-
40
- * route_csrf does not use a middleware, as it is designed to give
41
- more control. In order to enforce the CSRF protection, you need
42
- to call check_csrf! in your routing tree at the appropriate
43
- place. If you are not sure where to add it, add it to the top
44
- of the routing tree, after the public or assets routes if you
45
- are using those plugins:
46
-
47
- route do
48
- r.public
49
- r.assets
50
- check_csrf!
51
-
52
- # ...
53
- end
54
-
55
- The check_csrf! method accepts an options hash, which can be used
56
- to override the plugin options on a per-call basis.
57
-
58
- * The csrf_token/csrf_tag methods take an optional path and method
59
- arguments. If a path is given, the method defaults to POST, and
60
- the resulting CSRF token can only be used to submit forms for the
61
- path and method. If a path is not given, the resulting CSRF token
62
- will be generic, but it will only work if the plugin has been
63
- configured to allow generic CSRF tokens.
64
-
65
- * A csrf_path method is available for easily taking a form action
66
- string and returning an appropriate path to pass to the csrf_token
67
- or csrf_tag methods.