web-console 2.2.0 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bde2832a1ef7a0ace010d61011afb4c74a116a93
-  data.tar.gz: c0e5de96dab453f1a3e233d969bf5ada72ba848a
+  metadata.gz: c224d95365158b5d6c2c74a723e0f980d6ec2cc1
+  data.tar.gz: 96c1809b1e11969901c710bd3d6f316bbc1221c5
 SHA512:
-  metadata.gz: eb74d0994835ccc223df24cb3a5ee1e034ca2456580f99962724864994438f04a14c67aa05f9425263f1c36773623969abdc7bca5a2b255535e90449b6394ac3
-  data.tar.gz: 31f90bb5c32ed53a95f43cb1a0f25cf89765847c92010255a9df5c0235423203711be37e09eda9af4f435616772d247502b682a2ef367f5409cbbbcc23cca963
+  metadata.gz: 43fb7f5387311dde55c6464a64ff9f9498486b7afc35f7c0254c851ce77027d288b190cfdd73c56bfebf7987e87d3f33315f7c626fef97b4da044892dbf135c5
+  data.tar.gz: 51395dfa02548a44395e5bffa801d3c28a4e95b556fa1982ba7045d279871e1c98de4e0bf1fd1b6a5273348ac5ad3c405bde530ffa394d6becab9ea39cf24bc3

data/CHANGELOG.markdown

@@ -2,15 +2,20 @@
 
 ## master (unreleased)
 
+## 2.2.1
+
+* [#150](https://github.com/rails/web-console/pull/150) Change config.development_only default until 4.2.4 is released.
+
 ## 2.2.0
 
 * [#140](https://github.com/rails/web-console/pull/140) Add the ability to close the console on each page ([@sh19910711])
 * [#135](https://github.com/rails/web-console/pull/135) Run the console only in development mode and raise warning in tests ([@frenesim])
+* [#134](https://github.com/rails/web-conscle/pull/134) Force development only web console by default ([@gsamokovarov])
+* [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
 
 ## 2.1.3
 
 * Fix remote code execution vulnerability in Web Console. CVE-2015-3224.
-* [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
 
 ## 2.1.2
 

data/lib/web_console/middleware.rb

@@ -16,6 +16,8 @@ module WebConsole
       this request hit doesn't store %{id} in memory.
     END
 
+    UNACCEPTABLE_REQUEST_MESSAGE = "A supported version is expected in the Accept header."
+
     cattr_accessor :whiny_requests
     @@whiny_requests = true
 
@@ -29,9 +31,9 @@ module WebConsole
       return @app.call(env) unless request.from_whitelited_ip?
 
       if id = id_for_repl_session_update(request)
-        return update_repl_session(id, request.params)
+        return update_repl_session(id, request)
       elsif id = id_for_repl_session_stack_frame_change(request)
-        return change_stack_trace(id, request.params)
+        return change_stack_trace(id, request)
       end
 
       status, headers, body = @app.call(env)
@@ -43,6 +45,7 @@ module WebConsole
       end
 
       if session && request.acceptable_content_type?
+        headers["X-Web-Console-Session-Id"] = session.id
         response = Rack::Response.new(body, status, headers)
         template = Template.new(env, session)
 
@@ -55,6 +58,28 @@ module WebConsole
 
     private
 
+      def json_response(opts = {})
+        status  = opts.fetch(:status, 200)
+        headers = { 'Content-Type' => 'application/json; charset = utf-8' }
+        body    = yield.to_json
+
+        Rack::Response.new(body, status, headers).finish
+      end
+
+      def json_response_with_session(id, request, opts = {})
+        json_response(opts) do
+          unless request.acceptable?
+            return respond_with_unacceptable_request
+          end
+
+          unless session = Session.find(id)
+            return respond_with_unavailable_session(id)
+          end
+
+          yield session
+        end
+      end
+
       def create_regular_or_whiny_request(env)
         request = Request.new(env)
         whiny_requests ? WhinyRequest.new(request) : request
@@ -80,38 +105,30 @@ module WebConsole
         end
       end
 
-      def update_repl_session(id, params)
-        unless session = Session.find(id)
-          return respond_with_unavailable_session(id)
+      def update_repl_session(id, request)
+        json_response_with_session(id, request) do |session|
+          { output: session.eval(request.params[:input]) }
         end
-
-        status  = 200
-        headers = { 'Content-Type' => 'application/json; charset = utf-8' }
-        body    = { output: session.eval(params[:input]) }.to_json
-
-        Rack::Response.new(body, status, headers).finish
       end
 
-      def change_stack_trace(id, params)
-        unless session = Session.find(id)
-          return respond_with_unavailable_session(id)
-        end
-
-        session.switch_binding_to(params[:frame_id])
+      def change_stack_trace(id, request)
+        json_response_with_session(id, request) do |session|
+          session.switch_binding_to(request.params[:frame_id])
 
-        status  = 200
-        headers = { 'Content-Type' => 'application/json; charset = utf-8' }
-        body    = { ok: true }.to_json
-
-        Rack::Response.new(body, status, headers).finish
+          { ok: true }
+        end
       end
 
       def respond_with_unavailable_session(id)
-        status = 404
-        headers = { 'Content-Type' => 'application/json; charset = utf-8' }
-        body    = { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}.to_json
+        json_response(status: 404) do
+          { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}
+        end
+      end
 
-        Rack::Response.new(body, status, headers).finish
+      def respond_with_unacceptable_request
+        json_response(status: 406) do
+          { error: UNACCEPTABLE_REQUEST_MESSAGE }
+        end
       end
   end
 end

data/lib/web_console/railtie.rb

@@ -5,6 +5,10 @@ module WebConsole
     config.web_console = ActiveSupport::OrderedOptions.new
     config.web_console.whitelisted_ips = %w( 127.0.0.1 ::1 )
 
+    # See rails/web-console#150 and rails/rails#20319. Revert when Ruby on
+    # Rails 4.2.4 is released.
+    config.web_console.development_only = false
+
     initializer 'web_console.initialize' do
       require 'web_console/extensions'
 

data/lib/web_console/request.rb

@@ -10,6 +10,9 @@ module WebConsole
     cattr_accessor :whitelisted_ips
     @@whitelisted_ips = Whitelist.new
 
+    # Define a vendor MIME type. We can call it using Mime::WEB_CONSOLE_V2 constant.
+    Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
+
     # Returns whether a request came from a whitelisted IP.
     #
     # For a request to hit Web Console features, it needs to come from a white
@@ -32,6 +35,11 @@ module WebConsole
       content_type.blank? || content_type.in?(acceptable_content_types)
     end
 
+    # Returns whether the request is acceptable.
+    def acceptable?
+      xhr? && accepts.any? { |mime| Mime::WEB_CONSOLE_V2 == mime }
+    end
+
     class GetSecureIp < ActionDispatch::RemoteIp::GetIp
       def initialize(env, proxies)
         @env      = env

data/lib/web_console/templates/console.js.erb

@@ -476,6 +476,7 @@ function request(method, url, params, callback) {
   xhr.open(method, url, true);
   xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
   xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+  xhr.setRequestHeader("Accept", "<%= Mime::WEB_CONSOLE_V2 %>");
   xhr.send(params);
 
   xhr.onreadystatechange = function() {

data/lib/web_console/version.rb

@@ -1,3 +1,3 @@
 module WebConsole
-  VERSION = '2.2.0'
+  VERSION = '2.2.1'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: web-console
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.2.1
 platform: ruby
 authors:
 - Charlie Somerville