sinatra 4.1.1 → 4.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 491154a9e29e4c218d9245fd73024818e7dfa6c75ba1d74220e46498841bb54e
-  data.tar.gz: 42259b9becde7268d9b95abc783d896c864a6c84b3e1dd6d40d7f351a350f626
+  metadata.gz: 273dc42d5989e8186e18f3c93f386454a4c63ffa1e8da672e9d5f91a4e1ea1e5
+  data.tar.gz: 66a2357e2aab7d0acd8a780f692ce66286eb806175199fc7ccd421267b29bf4c
 SHA512:
-  metadata.gz: 43a69c7f07afab191eacc80d7837d9bdbd81701a51973309395b47e9efacb010234a0a66e27503b6edc213f5f8321e426f2f8ad9f7cc7e247e908613d14081c6
-  data.tar.gz: f2fb4deeb5f8e44a5a6a59663080f143c2a1dac1d21a5ca8301728b265a8ba2fcf3e0815c692af0791230289d4ddaf548a317e2f4295cf24b45e5cdec47dc86e
+  metadata.gz: 4a30a3cb2dad00c6c54c9ecf57066f2810e9599a1c612ecea5da910913d1380ca0307e6ed4897eb3d2cedba7faff3d225bb52c6b4975d3f9d2a120fe8d08a304
+  data.tar.gz: 3c241fe8a0613f29af44ed93d416fdc647febf9e0b4c725c8bc15d8328f98701181f3a01d2c8dc4987aa08a44d7b7501722945c10041ea0f37b732c4d894f5ae

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## Unreleased
+
+## 4.2.1 / 2025-10-10
+
+* Fix: Revert "`PATH_INFO` can never be empty" ([#2124](https://github.com/sinatra/sinatra/pull/2124))
+  * addresses issues with routing and 404, [more in the original pull request](https://github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329)
+
+## 4.2.0 / 2025-10-08
+
+* New: Add `:static_headers` setting for custom headers in static file responses ([#2089](https://github.com/sinatra/sinatra/pull/2089))
+* Fix: Fix regex in `etag_matches?` to prevent ReDoS ([#2121](https://github.com/sinatra/sinatra/pull/2121))
+* Fix: `PATH_INFO` can never be empty ([#2114](https://github.com/sinatra/sinatra/pull/2114))
+* Fix: Fix malformed Content-Type headers ([#2081](https://github.com/sinatra/sinatra/pull/2081))
+* Fix: Avoid crash for integer values in `content_type` parameters ([#2078](https://github.com/sinatra/sinatra/pull/2078))
+
 ## 4.1.1 / 2024-11-20
 
 * Fix: Restore WEBrick support ([#2067](https://github.com/sinatra/sinatra/pull/2067))
@@ -18,6 +33,33 @@
   * Don't depend on `Rack::Logger`
   * Don't delete `content-length` header when `Rack::Files` is used
 
+## 4.0.1 / 2025-05-24
+
+* Rack 3.1 compatibility ([#2035])
+
+* Fix malformed Content-Type headers ([#2081])
+
+* Avoid crash for integer values in `content_type` parameters ([#2078])
+
+* Fix compatibility with --enable-frozen-string-literal ([#2033])
+
+* Declare missing dependencies for Ruby 3.5 ([#2032])
+
+* Fix warning about Hash construction. ([#2028])
+
+* Support Zeitwerk 2.7.0+ ([#2050])
+
+* Address URI depreciation ([#2060])
+
+[#2035]: https://github.com/sinatra/sinatra/pull/2035
+[#2081]: https://github.com/sinatra/sinatra/pull/2081
+[#2078]: https://github.com/sinatra/sinatra/pull/2078
+[#2033]: https://github.com/sinatra/sinatra/pull/2033
+[#2032]: https://github.com/sinatra/sinatra/pull/2032
+[#2028]: https://github.com/sinatra/sinatra/pull/2028
+[#2050]: https://github.com/sinatra/sinatra/pull/2050
+[#2060]: https://github.com/sinatra/sinatra/pull/2060
+
 ## 4.0.0. / 2024-01-19
 
 * New: Add support for Rack 3 ([#1857])

data/README.md

@@ -34,9 +34,6 @@ Please restart the server every time you change or use a code reloader
 like [rerun](https://github.com/alexch/rerun) or
 [rack-unreloader](https://github.com/jeremyevans/rack-unreloader).
 
-It is recommended to also run `gem install puma`, which Sinatra will
-pick up if available.
-
 ## Table of Contents
 
 - [Sinatra](#sinatra)
@@ -423,6 +420,15 @@ Note that the public directory name is not included in the URL. A file
 Use the `:static_cache_control` setting (see [below](#cache-control)) to add
 `Cache-Control` header info.
 
+By default, Sinatra serves static files from the `public/` folder without running middleware or filters. To add custom headers (e.g, for CORS or caching), use the `:static_headers` setting:
+
+```ruby
+  set :static_headers, {
+    'access-control-allow-origin' => '*',
+    'x-static-asset' => 'served-by-sinatra'
+  }
+```
+
 ## Views / Templates
 
 Each template language is exposed via its own rendering method. These
@@ -2160,6 +2166,16 @@ set :protection, :session => true
       <tt>set :static_cache_control, [:public, :max_age => 300]</tt>
     </dd>
 
+  <dt>static_headers</dt>
+    <dd>
+      Allows you to define custom header settings for static file responses.
+    </dd>
+    <dd>
+      For example: <br>
+      <tt>set :static_headers, {'access-control-allow-origin' => '*', 'x-static-asset' => 'served-by-sinatra'}</tt>
+    </dd>
+
+
   <dt>threaded</dt>
     <dd>
       If set to <tt>true</tt>, will tell server to use

data/VERSION

@@ -1 +1 @@
-4.1.1
+4.2.1

data/lib/sinatra/base.rb

@@ -396,11 +396,11 @@ module Sinatra
       end
       params.delete :charset if mime_type.include? 'charset'
       unless params.empty?
-        mime_type << (mime_type.include?(';') ? ', ' : ';')
+        mime_type << ';'
         mime_type << params.map do |key, val|
-          val = val.inspect if val =~ /[";,]/
+          val = val.inspect if val.to_s =~ /[";,]/
           "#{key}=#{val}"
-        end.join(', ')
+        end.join(';')
       end
       response['content-type'] = mime_type
     end
@@ -711,7 +711,7 @@ module Sinatra
     def etag_matches?(list, new_resource = request.post?)
       return !new_resource if list == '*'
 
-      list.to_s.split(/\s*,\s*/).include? response['ETag']
+      list.to_s.split(',').map(&:strip).include?(response['ETag'])
     end
 
     def with_params(temp_params)
@@ -1143,6 +1143,7 @@ module Sinatra
 
     # Attempt to serve static files from public directory. Throws :halt when
     # a matching file is found, returns nil otherwise.
+    # If custom static headers are defined, use them.
     def static!(options = {})
       return if (public_dir = settings.public_folder).nil?
 
@@ -1156,6 +1157,9 @@ module Sinatra
 
       env['sinatra.static_file'] = path
       cache_control(*settings.static_cache_control) if settings.static_cache_control?
+
+      headers(settings.static_headers) if settings.static_headers?
+
       send_file path, options.merge(disposition: nil)
     end
 
@@ -2011,6 +2015,8 @@ module Sinatra
     set :public_folder, proc { root && File.join(root, 'public') }
     set :static, proc { public_folder && File.exist?(public_folder) }
     set :static_cache_control, false
+    
+    set :static_headers, {}
 
     error ::Exception do
       response.status = 500

data/lib/sinatra/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sinatra
-  VERSION = '4.1.1'
+  VERSION = '4.2.1'
 end

data/sinatra.gemspec

@@ -40,7 +40,8 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
     'homepage_uri' => 'http://sinatrarb.com/',
     'bug_tracker_uri' => 'https://github.com/sinatra/sinatra/issues',
     'mailing_list_uri' => 'http://groups.google.com/group/sinatrarb',
-    'documentation_uri' => 'https://www.rubydoc.info/gems/sinatra'
+    'documentation_uri' => 'https://www.rubydoc.info/gems/sinatra',
+    'rubygems_mfa_required' => 'true',
   }
 
   s.required_ruby_version = '>= 2.7.8'

metadata

@@ -1,17 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: sinatra
 version: !ruby/object:Gem::Version
-  version: 4.1.1
+  version: 4.2.1
 platform: ruby
 authors:
 - Blake Mizerany
 - Ryan Tomayko
 - Simon Rozet
 - Konstantin Haase
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logger
@@ -67,14 +66,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.1
+        version: 4.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.1
+        version: 4.2.1
 - !ruby/object:Gem::Dependency
   name: rack-session
   requirement: !ruby/object:Gem::Requirement
@@ -115,8 +114,8 @@ email: sinatrarb@googlegroups.com
 executables: []
 extensions: []
 extra_rdoc_files:
-- README.md
 - LICENSE
+- README.md
 files:
 - ".yardopts"
 - AUTHORS.md
@@ -153,7 +152,7 @@ metadata:
   bug_tracker_uri: https://github.com/sinatra/sinatra/issues
   mailing_list_uri: http://groups.google.com/group/sinatrarb
   documentation_uri: https://www.rubydoc.info/gems/sinatra
-post_install_message: 
+  rubygems_mfa_required: 'true'
 rdoc_options:
 - "--line-numbers"
 - "--title"
@@ -174,8 +173,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key: 
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Classy web-development dressed in a DSL
 test_files: []