roda 3.83.0 → 3.85.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (104) hide show
  1. checksums.yaml +4 -4
  2. data/lib/roda/plugins/Integer_matcher_max.rb +9 -8
  3. data/lib/roda/plugins/_optimized_matching.rb +2 -2
  4. data/lib/roda/plugins/_symbol_class_matchers.rb +107 -0
  5. data/lib/roda/plugins/capture_erb.rb +6 -5
  6. data/lib/roda/plugins/class_matchers.rb +91 -14
  7. data/lib/roda/plugins/hsts.rb +35 -0
  8. data/lib/roda/plugins/placeholder_string_matchers.rb +4 -0
  9. data/lib/roda/plugins/public.rb +1 -1
  10. data/lib/roda/plugins/render.rb +1 -1
  11. data/lib/roda/plugins/symbol_matchers.rb +70 -15
  12. data/lib/roda/request.rb +16 -13
  13. data/lib/roda/response.rb +1 -1
  14. data/lib/roda/version.rb +1 -1
  15. data/lib/roda.rb +7 -0
  16. metadata +5 -179
  17. data/CHANGELOG +0 -691
  18. data/README.rdoc +0 -1136
  19. data/doc/conventions.rdoc +0 -177
  20. data/doc/release_notes/3.0.0.txt +0 -84
  21. data/doc/release_notes/3.1.0.txt +0 -24
  22. data/doc/release_notes/3.10.0.txt +0 -132
  23. data/doc/release_notes/3.11.0.txt +0 -54
  24. data/doc/release_notes/3.12.0.txt +0 -19
  25. data/doc/release_notes/3.13.0.txt +0 -38
  26. data/doc/release_notes/3.14.0.txt +0 -36
  27. data/doc/release_notes/3.14.1.txt +0 -43
  28. data/doc/release_notes/3.15.0.txt +0 -21
  29. data/doc/release_notes/3.16.0.txt +0 -52
  30. data/doc/release_notes/3.17.0.txt +0 -62
  31. data/doc/release_notes/3.18.0.txt +0 -170
  32. data/doc/release_notes/3.19.0.txt +0 -229
  33. data/doc/release_notes/3.2.0.txt +0 -22
  34. data/doc/release_notes/3.20.0.txt +0 -7
  35. data/doc/release_notes/3.21.0.txt +0 -5
  36. data/doc/release_notes/3.22.0.txt +0 -24
  37. data/doc/release_notes/3.23.0.txt +0 -28
  38. data/doc/release_notes/3.24.0.txt +0 -14
  39. data/doc/release_notes/3.25.0.txt +0 -12
  40. data/doc/release_notes/3.26.0.txt +0 -15
  41. data/doc/release_notes/3.27.0.txt +0 -15
  42. data/doc/release_notes/3.28.0.txt +0 -13
  43. data/doc/release_notes/3.29.0.txt +0 -15
  44. data/doc/release_notes/3.3.0.txt +0 -291
  45. data/doc/release_notes/3.30.0.txt +0 -14
  46. data/doc/release_notes/3.31.0.txt +0 -11
  47. data/doc/release_notes/3.32.0.txt +0 -42
  48. data/doc/release_notes/3.33.0.txt +0 -8
  49. data/doc/release_notes/3.34.0.txt +0 -17
  50. data/doc/release_notes/3.35.0.txt +0 -12
  51. data/doc/release_notes/3.36.0.txt +0 -17
  52. data/doc/release_notes/3.37.0.txt +0 -42
  53. data/doc/release_notes/3.38.0.txt +0 -5
  54. data/doc/release_notes/3.39.0.txt +0 -16
  55. data/doc/release_notes/3.4.0.txt +0 -24
  56. data/doc/release_notes/3.40.0.txt +0 -24
  57. data/doc/release_notes/3.41.0.txt +0 -9
  58. data/doc/release_notes/3.42.0.txt +0 -21
  59. data/doc/release_notes/3.43.0.txt +0 -34
  60. data/doc/release_notes/3.44.0.txt +0 -23
  61. data/doc/release_notes/3.45.0.txt +0 -22
  62. data/doc/release_notes/3.46.0.txt +0 -19
  63. data/doc/release_notes/3.47.0.txt +0 -13
  64. data/doc/release_notes/3.48.0.txt +0 -10
  65. data/doc/release_notes/3.49.0.txt +0 -18
  66. data/doc/release_notes/3.5.0.txt +0 -31
  67. data/doc/release_notes/3.50.0.txt +0 -21
  68. data/doc/release_notes/3.51.0.txt +0 -20
  69. data/doc/release_notes/3.52.0.txt +0 -20
  70. data/doc/release_notes/3.53.0.txt +0 -14
  71. data/doc/release_notes/3.54.0.txt +0 -48
  72. data/doc/release_notes/3.55.0.txt +0 -12
  73. data/doc/release_notes/3.56.0.txt +0 -33
  74. data/doc/release_notes/3.57.0.txt +0 -34
  75. data/doc/release_notes/3.58.0.txt +0 -16
  76. data/doc/release_notes/3.59.0.txt +0 -17
  77. data/doc/release_notes/3.6.0.txt +0 -21
  78. data/doc/release_notes/3.60.0.txt +0 -56
  79. data/doc/release_notes/3.61.0.txt +0 -24
  80. data/doc/release_notes/3.62.0.txt +0 -41
  81. data/doc/release_notes/3.63.0.txt +0 -36
  82. data/doc/release_notes/3.64.0.txt +0 -26
  83. data/doc/release_notes/3.65.0.txt +0 -12
  84. data/doc/release_notes/3.66.0.txt +0 -23
  85. data/doc/release_notes/3.67.0.txt +0 -25
  86. data/doc/release_notes/3.68.0.txt +0 -21
  87. data/doc/release_notes/3.69.0.txt +0 -33
  88. data/doc/release_notes/3.7.0.txt +0 -123
  89. data/doc/release_notes/3.70.0.txt +0 -19
  90. data/doc/release_notes/3.71.0.txt +0 -33
  91. data/doc/release_notes/3.72.0.txt +0 -48
  92. data/doc/release_notes/3.73.0.txt +0 -33
  93. data/doc/release_notes/3.74.0.txt +0 -28
  94. data/doc/release_notes/3.75.0.txt +0 -19
  95. data/doc/release_notes/3.76.0.txt +0 -18
  96. data/doc/release_notes/3.77.0.txt +0 -8
  97. data/doc/release_notes/3.78.0.txt +0 -99
  98. data/doc/release_notes/3.79.0.txt +0 -148
  99. data/doc/release_notes/3.8.0.txt +0 -27
  100. data/doc/release_notes/3.80.0.txt +0 -31
  101. data/doc/release_notes/3.81.0.txt +0 -24
  102. data/doc/release_notes/3.82.0.txt +0 -43
  103. data/doc/release_notes/3.83.0.txt +0 -6
  104. data/doc/release_notes/3.9.0.txt +0 -67
@@ -1,15 +0,0 @@
1
- = Improvements
2
-
3
- * The common_logger plugin now includes the SCRIPT_NAME when
4
- logging, for greater compatibility with typical web server
5
- logs.
6
-
7
- * The exception_page plugin now handles invalid POST data.
8
- Previously, invalid POST data would cause the exception page
9
- display to raise an exception.
10
-
11
- * An error is now raised if trying to load a plugin that is not a
12
- module or a recognized plugin symbol.
13
-
14
- * Specs and older release notes are no longer shipped in the
15
- gem, reducing gem size by over 35%.
@@ -1,291 +0,0 @@
1
- = New Features
2
-
3
- * A typecast_params plugin has been added for handling the
4
- conversion of params to the expected type. This plugin is
5
- recommended for all applications that deal with submitted
6
- parameters.
7
-
8
- Submitted parameters should be considered untrusted input, and in
9
- standard use with browsers, parameters are submitted as strings
10
- (or a hash/array containing strings). In most cases it makes sense
11
- to explicitly convert the parameter to the desired type. While this
12
- can be done via manual conversion:
13
-
14
- key = request.params['key'].to_i
15
- key = nil unless key > 0
16
-
17
- the typecast_params plugin adds a friendlier interface:
18
-
19
- key = typecast_params.pos_int('key')
20
-
21
- As typecast_params is a fairly long method name, you may want to
22
- consider aliasing it to something more terse in your application,
23
- such as tp.
24
-
25
- One advantage of using typecast_params is that access or conversion
26
- errors are raised as a specific exception class
27
- (Roda::RodaPlugins::TypecastParams::Error). This allows you to
28
- handle this specific exception class globally and return an
29
- appropriate 4xx response to the client. You can use the
30
- Error#param_name and Error#reason methods to get more information
31
- about the error.
32
-
33
- typecast_params offers support for default values:
34
-
35
- key = typecast_params.pos_int('key', 1)
36
-
37
- The default value is only used if no value has been submitted for
38
- the parameter, or if the conversion of the value results in nil.
39
- Handling defaults for parameter conversion manually is more
40
- difficult, since the parameter may not be present at all, or it may
41
- be present but an empty string because the user did not enter a
42
- value on the related form. Use of typecast_params for the
43
- conversion handles both cases.
44
-
45
- In many cases, parameters should be required, and if they aren't
46
- submitted, that should be considered an error. typecast_params
47
- handles this with ! methods:
48
-
49
- key = typecast_params.pos_int!('key')
50
-
51
- These ! methods raise an error instead of returning nil, and do not
52
- allow defaults.
53
-
54
- To make it easy to handle cases where many parameters need the same
55
- conversion done, you can pass an array of keys to a conversion
56
- method, and it will return an array of converted values:
57
-
58
- key1, key2 = typecast_params.pos_int(['key1', 'key2'])
59
-
60
- This is equivalent to:
61
-
62
- key1 = typecast_params.pos_int('key1')
63
- key2 = typecast_params.pos_int('key2')
64
-
65
- The ! methods also support arrays of keys, ensuring that all
66
- parameters have a value:
67
-
68
- key1, key2 = typecast_params.pos_int!(['key1', 'key2'])
69
-
70
- For handling of array parameters, where all entries in the array
71
- use the same conversion, there is an array method which takes the
72
- type as the first argument and the keys to convert as the second
73
- argument:
74
-
75
- keys = typecast_params.array(:pos_int, 'keys')
76
-
77
- If you want to ensure that all entries in the array are converted
78
- successfully and that there is a value for the array itself, you
79
- can use array!:
80
-
81
- keys = typecast_params.array!(:pos_int, 'keys')
82
-
83
- This will raise an exception if any of the values in the array for
84
- parameter keys cannot be converted to a positive integer.
85
-
86
- Both array and array! support default values which are used if no
87
- value is present for the parameter:
88
-
89
- keys = typecast_params.array(:pos_int, 'keys', [])
90
- keys = typecast_params.array!(:pos_int, 'keys', [])
91
-
92
- You can also pass an array of keys to array or array!, if you would
93
- like to perform the same conversion on multiple arrays:
94
-
95
- foo_ids, bar_ids = typecast_params.array!(:pos_int, ['foo_ids', 'bar_ids'])
96
-
97
- The previous examples have shown use of the pos_int method, which
98
- uses to_i to convert the value to an integer, but returns nil if the
99
- resulting integer is not positive. Unless you need to handle
100
- negative numbers, it is recommended to use pos_int instead of int as
101
- int will convert invalid values to 0 (since that is how
102
- <tt>String#to_i</tt> works).
103
-
104
- There are many built in methods for type conversion:
105
-
106
- any :: Returns the value as is without conversion
107
- str :: Raises if value is not already a string
108
- nonempty_str :: Raises if value is not already a string, and
109
- converts the empty string or string containing only
110
- whitespace to nil
111
- bool :: Converts entry to boolean if in one of the recognized
112
- formats (case insensitive for strings):
113
- nil :: nil, ''
114
- true :: true, 1, '1', 't', 'true', 'yes', 'y', 'on'
115
- false :: false, 0, '0', 'f', 'false', 'no', 'n', 'off'
116
- If not in one of those formats, raises an error.
117
- int :: Converts value to integer using to_i (note that invalid
118
- input strings will be converted to 0)
119
- pos_int :: Converts value using to_i, but non-positive values
120
- are converted to nil
121
- Integer :: Converts value to integer using
122
- Kernel::Integer(value, 10)
123
- float :: Converts value to float using to_f (note that invalid
124
- input strings will be converted to 0.0)
125
- Float :: Converts value to float using Kernel::Float(value)
126
- Hash :: Raises if value is not already a hash
127
- date :: Converts value to Date using Date.parse(value)
128
- time :: Converts value to Time using Time.parse(value)
129
- datetime :: Converts value to DateTime using DateTime.parse(value)
130
- file :: Raises if value is not already a hash with a :tempfile key
131
- whose value responds to read (this is the format rack uses
132
- for uploaded files).
133
-
134
- All of these methods also support ! methods (e.g. pos_int!), and all
135
- of them can be used in the array and array! methods to support
136
- arrays of values.
137
-
138
- Since parameter hashes can be nested, the [] method can be used to
139
- access nested
140
- hashes:
141
-
142
- # params: {'key'=>{'sub_key'=>'1'}}
143
- typecast_params['key'].pos_int!('sub_key') # => 1
144
-
145
- This works to an arbitrary depth:
146
-
147
- # params: {'key'=>{'sub_key'=>{'sub_sub_key'=>'1'}}}
148
- typecast_params['key']['sub_key'].pos_int!('sub_sub_key') # => 1
149
-
150
- And also works with arrays at any depth, if those arrays contain
151
- hashes:
152
-
153
- # params: {'key'=>[{'sub_key'=>{'sub_sub_key'=>'1'}}]}
154
- typecast_params['key'][0]['sub_key'].pos_int!('sub_sub_key') # => 1
155
-
156
- # params: {'key'=>[{'sub_key'=>['1']}]}
157
- typecast_params['key'][0].array!(:pos_int, 'sub_key') # => [1]
158
-
159
- To allow easier access to nested data, there is a dig method:
160
-
161
- typecast_params.dig(:pos_int, 'key', 'sub_key')
162
- typecast_params.dig(:pos_int, 'key', 0, 'sub_key', 'sub_sub_key')
163
-
164
- dig will return nil if any access while looking up the nested value
165
- returns nil. There is also a dig! method, which will raise an Error
166
- if dig would return nil:
167
-
168
- typecast_params.dig!(:pos_int, 'key', 'sub_key')
169
- typecast_params.dig!(:pos_int, 'key', 0, 'sub_key', 'sub_sub_key')
170
-
171
- Note that none of these conversion methods modify request.params.
172
- They purely do the conversion and return the converted value.
173
- However, in some cases it is useful to do all the conversion up
174
- front, and then pass a hash of converted parameters to an internal
175
- method that expects to receive values in specific types. The
176
- convert! method does this, and there is also a convert_each! method
177
- designed for converting multiple values using the same block:
178
-
179
- converted_params = typecast_params.convert! do |tp|
180
- tp.int('page')
181
- tp.pos_int!('artist_id')
182
- tp.array!(:pos_int, 'album_ids')
183
- tp.convert!('sales') do |stp|
184
- tp.pos_int!(['num_sold', 'num_shipped'])
185
- end
186
- tp.convert!('members') do |mtp|
187
- mtp.convert_each! do |stp|
188
- stp.str!(['first_name', 'last_name'])
189
- end
190
- end
191
- end
192
-
193
- # converted_params:
194
- # {
195
- # 'page' => 1,
196
- # 'artist_id' => 2,
197
- # 'album_ids' => [3, 4],
198
- # 'sales' => {
199
- # 'num_sold' => 5,
200
- # 'num_shipped' => 6
201
- # },
202
- # 'members' => [
203
- # {'first_name' => 'Foo', 'last_name' => 'Bar'},
204
- # {'first_name' => 'Baz', 'last_name' => 'Quux'}
205
- # ]
206
- # }
207
-
208
- convert! and convert_each! only return values you explicitly specify
209
- for conversion inside the passed block.
210
-
211
- You can specify the :symbolize option to convert! or convert_each!,
212
- which will symbolize the resulting hash keys:
213
-
214
- converted_params = typecast_params.convert!(symbolize: true) do |tp|
215
- tp.int('page')
216
- tp.pos_int!('artist_id')
217
- tp.array!(:pos_int, 'album_ids')
218
- tp.convert!('sales') do |stp|
219
- tp.pos_int!(['num_sold', 'num_shipped'])
220
- end
221
- tp.convert!('members') do |mtp|
222
- mtp.convert_each! do |stp|
223
- stp.str!(['first_name', 'last_name'])
224
- end
225
- end
226
- end
227
-
228
- # converted_params:
229
- # {
230
- # :page => 1,
231
- # :artist_id => 2,
232
- # :album_ids => [3, 4],
233
- # :sales => {
234
- # :num_sold => 5,
235
- # :num_shipped => 6
236
- # },
237
- # :members => [
238
- # {:first_name => 'Foo', :last_name => 'Bar'},
239
- # {:first_name => 'Baz', :last_name => 'Quux'}
240
- # ]
241
- # }
242
-
243
- Using the :symbolize option makes it simpler to transition from
244
- untrusted external data (string keys), to trusted data that can be
245
- used internally (trusted in the sense that the expected types are
246
- used).
247
-
248
- Note that if there are multiple conversion errors raised inside a
249
- convert! or convert_each! block, they are recorded and a single
250
- Roda::RodaPlugins::TypecastParams::Error instance is raised after
251
- processing the block. TypecastParams::Error#param_names can be
252
- called on the exception to get an array of all parameter names
253
- with conversion issues, and TypecastParams::Error#all_errors
254
- can be used to get an array of all Error instances.
255
-
256
- Because of how convert! and convert_each! work, you should avoid
257
- calling TypecastParams::Params#[] inside the block you pass to
258
- these methods, because if the #[] call fails, it will skip the
259
- reminder of the block.
260
-
261
- Be aware that when you use convert! and convert_each!, the
262
- conversion methods called inside the block may return nil if there
263
- is a error raised, and nested calls to convert! and convert_each!
264
- may not return values.
265
-
266
- When loading the typecast_params plugin, a subclass of
267
- TypecastParams::Params is created specific to the Roda application.
268
- You can add support for custom types by passing a block when loading
269
- the typecast_params plugin. This block is executed in the context
270
- of the subclass, and calling handle_type in the block can be used to
271
- add conversion methods. handle_type accepts a type name and the
272
- block used to convert the type:
273
-
274
- plugin :typecast_params do
275
- handle_type(:album) do |value|
276
- if id = convert_pos_int(val)
277
- Album[id]
278
- end
279
- end
280
- end
281
-
282
- By default, the typecast_params conversion procs are passed the
283
- parameter value directly from request.params without modification.
284
- In some cases, it may be beneficial to strip leading and trailing
285
- whitespace from parameter string values before processing, which
286
- you can do by passing the strip: :all> option when loading the
287
- plugin.
288
-
289
- By design, typecast_params only deals with string keys, it is not
290
- possible to use symbol keys as arguments to the conversion methods
291
- and have them converted.
@@ -1,14 +0,0 @@
1
- = New Features
2
-
3
- * A :relative_paths plugin option has been added to the assets
4
- plugin. This option makes the paths to the asset files in the
5
- link and script tags relative paths instead of absolute paths.
6
-
7
- = Other Improvements
8
-
9
- * The :header matcher in the header_matchers plugin now works
10
- correctly for the Content-Type and Content-Length headers, which
11
- are not prefixed with HTTP_ in the rack environment.
12
-
13
- * The run_append_slash and run_handler plugins now work correctly
14
- when used together.
@@ -1,11 +0,0 @@
1
- = New Features
2
-
3
- * A relative_path plugin has been added, adding a relative_path
4
- method that will take an absolute path and make it relative to the
5
- current request by prepending an appropriate prefix. This is
6
- helpful when using Roda as a static site generator to generate a
7
- site that can be hosted at any subpath or directly from the
8
- filesystem.
9
-
10
- * In the path plugin, the path method now accepts a :relative
11
- option for generating relative paths instead of absolute paths.
@@ -1,42 +0,0 @@
1
- = New Features
2
-
3
- * render_each in the render_each plugin now automatically handles
4
- template names with subdirectories and extensions. Previously, these
5
- caused issues unless the :local option was provided. So now you
6
- can use:
7
-
8
- render_each(foos, "items/foo")
9
-
10
- instead of:
11
-
12
- render_each(foos, "items/foo", :local=>:foo)
13
-
14
- * each_partial has been added to the partials plugin. It operates
15
- similarly to render_each, but uses the convention for partial
16
- template naming. So this:
17
-
18
- each_partial(foos, "items/foo")
19
-
20
- is the same as:
21
-
22
- render_each(foos, "items/_foo", :local=>:foo)
23
-
24
- = Other Improvements
25
-
26
- * The :dependencies option in the assets plugin now works correctly
27
- with compiled templates in the render plugin in uncached mode
28
- (the default in development). Previously, modifying a dependency
29
- file would not result in recompiling the asset template when
30
- requesting the main file.
31
-
32
- * Method visibility issues in the following plugins have been fixed:
33
-
34
- * content_security_policy
35
- * default_headers
36
- * indifferent_params
37
- * placeholder_string_matchers
38
- * symbol_matchers
39
-
40
- Previously, these plugins made private methods public by mistake
41
- when overriding them. Additionally, Roda.freeze no longer changes
42
- the visibility of the set_default_headers private method.
@@ -1,8 +0,0 @@
1
- = New Features
2
-
3
- * The path plugin now supports a url method, allowing for returning
4
- the entire URL instead of just the path for class-based paths.
5
-
6
- * The public plugin now supports a :brotli option that will directly
7
- serve brotli-compressed files (with .br extension) similar to how the
8
- :gzip option directly serves gzipped files (with the .gz extension).
@@ -1,17 +0,0 @@
1
- = Improvements
2
-
3
- * Multiple unneeded conditionals have been removed.
4
-
5
- * pre_content and post_context sections in backtraces are no longer
6
- included in the exception_page plugin output if they would be
7
- empty.
8
-
9
- * The match_affix plugin can be loaded again with a single argument.
10
- It was originally designed to accept a single argument, but a bug
11
- introduced in 2.29.0 made it require two arguments.
12
-
13
- * Core Roda and all plugins that ship with Roda now have 100% branch
14
- coverage.
15
-
16
- * The sinatra_helpers plugin no longer emits statement not reached
17
- warnings in verbose mode.
@@ -1,12 +0,0 @@
1
- = New Features
2
-
3
- * An r plugin has been added. This plugin adds an r method for the
4
- request, useful for allowing the use of r.halt and r.redirect even
5
- in methods where the r local variable is not in scope.
6
-
7
- = Other Improvements
8
-
9
- * Attempting to load a plugin with an argument or block when the plugin
10
- does not accept arguments or a block now warns. This is because a
11
- future update to support a block or an optional argument could break
12
- the call.
@@ -1,17 +0,0 @@
1
- = New Features
2
-
3
- * A multi_public plugin has been added, which allows serving static
4
- files from multiple separate directories. This is especially
5
- useful when there are different access control requirements per
6
- directory.
7
-
8
- * The content_security_policy now supports a
9
- content_security_policy.report_to method to set the
10
- report-to directive.
11
-
12
- = Other Improvements
13
-
14
- * When using the type_routing plugin and performing type routing
15
- using the Accept request header, the Vary response header will be
16
- added or updated so that http caches do not cache a response for one
17
- type and serve it for a different type.
@@ -1,42 +0,0 @@
1
- = New Features
2
-
3
- * A custom_matchers plugin has been added, which allows using
4
- arbitrary objects as matchers, as long as the matcher has been
5
- registered. You can register matchers using the custom_matcher
6
- class method, which takes the class of the matcher, and a block
7
- which is yielded the matcher object. The block should return
8
- nil or false if the matcher doesn't match, and any other value
9
- if the matcher does match. Example:
10
-
11
- plugin :custom_matchers
12
- method_segment = Struct.new(:request_method, :next_segment)
13
- custom_matcher(method_segment) do |matcher|
14
- # self is the request instance ("r" yielded in the route block below)
15
- if matcher.request_method == self.request_method
16
- match(matcher.next_segment)
17
- end
18
- end
19
-
20
- get_foo = method_segment.new('GET', 'foo')
21
- post_any = method_segment.new('POST', String)
22
- route do |r|
23
- r.on('baz') do
24
- r.on(get_foo) do
25
- # GET method, /baz/foo prefix
26
- end
27
-
28
- r.is(post_any) do |seg|
29
- # for POST /baz/bar, seg is "bar"
30
- end
31
- end
32
-
33
- r.on('quux') do
34
- r.is(get_foo) do
35
- # GET method, /quux/foo route
36
- end
37
-
38
- r.on(post_any) do |seg|
39
- # for POST /quux/xyz, seg is "xyz"
40
- end
41
- end
42
- end
@@ -1,5 +0,0 @@
1
- = Improvements
2
-
3
- * The error_email and error_mail plugins now rescue invalid parameter
4
- errors when preparing the email body, because you generally don't
5
- want your error handler to raise an exception.
@@ -1,16 +0,0 @@
1
- = Improvements
2
-
3
- * The relative_path plugin is now faster if you are calling
4
- relative_path or relative_prefix more than once when handling a
5
- request.
6
-
7
- * The typecast_params.convert! method in the typecast_params plugin
8
- now handles explicit nil values the same as missing values.
9
- Explicit nil values do not generally occur in normal Rack parameter
10
- parsing, but they can occur when using the json_parser plugin to
11
- parse JSON requests.
12
-
13
- * Roda now avoids method redefinition warnings in verbose mode by
14
- using a self alias. As Ruby 3 is dropping uninitialized instance
15
- variable warnings, Roda will be verbose warning free if you are
16
- using Ruby 3.
@@ -1,24 +0,0 @@
1
- = New Features
2
-
3
- * A middleware_stack plugin has been added for more detailed control
4
- over middleware, allowing for the removal of middleware and the
5
- insertion of middleware before existing middleware. Example:
6
-
7
- plugin :middleware_stack
8
-
9
- # Remove csrf middleware
10
- middleware_stack.remove{|m, *args| m == Rack::Csrf}
11
-
12
- # Insert csrf middleware before logger middleware
13
- middleware_stack.before{|m, *args| m == Rack::CommonLogger}.
14
- use(Rack::Csrf, raise: true)
15
-
16
- # Insert csrf middleware after logger middleware
17
- middleware_stack.after{|m, *args| m == Rack::CommonLogger}.
18
- use(Rack::Csrf, raise: true)
19
-
20
- = Other Improvements
21
-
22
- * The head plugin now calls close on the response body if the body
23
- responds to close. Previously an existing response body was
24
- just ignored.
@@ -1,24 +0,0 @@
1
- = New Features
2
-
3
- * A precompile_views method has been added to the
4
- precompile_templates plugin. This method works with Roda's
5
- optimized compiled view methods, allowing additional memory
6
- sharing between parent and child processes.
7
-
8
- * A freeze_template_caches! method has been added to the
9
- precompile_templates plugin. This freezes the template caches,
10
- preventing the compilation of additional templates, useful for
11
- enforcing that only precompiled templates are used. Additionally,
12
- this speeds up access to the template caches.
13
-
14
- * RodaCache#freeze now returns the frozen internal hash, which can
15
- then be accessed without a mutex. Previously, freeze only froze
16
- the receiver and not the internal hash, so it didn't have the
17
- expected effect.
18
-
19
- = Other Improvements
20
-
21
- * The view method in the render plugin is now faster in most cases
22
- when a single argument is used. When freezing the application,
23
- an additional optimization is performed to increase the
24
- performance of the view method even further.
@@ -1,9 +0,0 @@
1
- = Improvements
2
-
3
- * The performance of the render plugin's view method when passed the
4
- :content option and no other options or arguments has been improved
5
- by about 3x, by calling compiled template methods directly.
6
-
7
- * The compiled template method for the layout is cleared when the
8
- render plugin is loaded again, which can fix issues when it is
9
- loaded with different options that affect the layout.
@@ -1,21 +0,0 @@
1
- = New Features
2
-
3
- * A recheck_precompiled_assets plugin has been added, which allows
4
- for checking for updates to the precompiled asset metadata file,
5
- and automatically using the updated data.
6
-
7
- * The common_logger plugin now supports a :method plugin option to
8
- specify the method to call on the logger.
9
-
10
- = Other Improvements
11
-
12
- * Plugins and middleware that use keyword arguments are now supported
13
- in Ruby 3.
14
-
15
- * The compile_assets class method in the assets plugin now uses an
16
- atomic approach to writing the precompiled asset metadata file.
17
-
18
- * Minor method visibility issues have been fixed. The custom_matchers
19
- plugin no longer makes the unsupported_matcher request method
20
- public, and the render plugin no longer makes the _layout_method
21
- public when the application is frozen.
@@ -1,34 +0,0 @@
1
- = New Features
2
-
3
- * A host_authorization plugin has been added to verify the requested
4
- Host header is authorized. Using it can prevent DNS rebinding
5
- attacks in cases where the application can receive requests for
6
- arbitrary hosts.
7
-
8
- To check for authorized hosts in your routing tree, you call the
9
- check_host_authorization! method. For example, if you want to
10
- check for authorized hosts after serving requests for public
11
- files, you could do:
12
-
13
- plugin :public
14
- plugin :host_authorization, 'my-domain-name.example.com'
15
-
16
- route do |r|
17
- r.public
18
- check_host_authorized!
19
-
20
- # ... rest of routing tree
21
- end
22
-
23
- In addition to handling single domain names via a string, you can
24
- provide an array of domain names, a regexp to match again, or a
25
- proc.
26
-
27
- By default, requests using unauthorized hosts receive an empty 403
28
- response. If you would like to customize the response, you can
29
- pass a block when loading the plugin:
30
-
31
- plugin :host_authorization, 'my-domain-name.example.com' do |r|
32
- response.status = 403
33
- "Response Body Here"
34
- end
@@ -1,23 +0,0 @@
1
- = New Features
2
-
3
- * An optimized_segment_matchers plugin has been added that offers
4
- very fast matchers for arbitrary segments (the same segments
5
- that would be matched by the String class matcher). The
6
- on_segment method it offers accepts no arguments and yields
7
- the next segment if there is a segment. The is_segment method
8
- is similar, but only yields if the next segment is the final
9
- segment.
10
-
11
- = Other Improvements
12
-
13
- * The send_file and attachment methods in the sinatra_helpers plugin
14
- now support RFC 5987 UTF-8 and ISO-8859-1 encoded filenames,
15
- allowing modern browsers to save files with encoded chracters. For
16
- older browsers that do not support RFC 5987, unsupported characters
17
- in filenames are replaced with dashes. This is considered to be an
18
- improvement over the previous behavior of using Ruby's inspect
19
- output for the filename, which could contain backslashes (backslash
20
- is not an allowed chracter in Windows filenames).
21
-
22
- * The performance of the String class matcher has been slightly
23
- improved.
@@ -1,22 +0,0 @@
1
- = Improvements
2
-
3
- * The typecast_params plugin checks now checks for null bytes by
4
- default before typecasting. If null bytes are present, it raises
5
- an error. Most applications do not require null bytes in
6
- parameters, and in some cases allowing them can lead to security
7
- issues, especially when parameters are passed to C extensions.
8
- In general, the benefit of forbidding null bytes in parameters is
9
- greater than the cost.
10
-
11
- If you would like to continue allowing null bytes, use the
12
- :allow_null_bytes option when loading the plugin.
13
-
14
- Note that this change does not affect uploaded files, since those
15
- are expected to contain null bytes.
16
-
17
- = Backwards Compatibility
18
-
19
- * The change to the typecast_params plugin to raise an error for
20
- null bytes can break applications that are expecting null bytes
21
- to be passed in parameters. Such applications should use the
22
- :allow_null_bytes option when loading the plugin.