In Rack 3.1, using invalid cookie keys was deprecated and in Rack 3.2,
using an invalid cookie key will raise an exception.
Escaping cookie keys is non-standard behaviour and is not understood by
clients, e.g. `document.cookies` will contain escaped keys. It also
doesn't round-trip correctly, as in, setting a header with a given name
won't have the same name in subsequent requests. In addition, the
escaping / unescaping behaviour in previous versions of Rack
[caused a security issue](https://github.com/advisories/GHSA-j6w9-fv6q-3q52).
[CVE-2024-28103]
The application configurable Permissions-Policy is only
served on responses with an HTML related Content-Type.
This change allows all Content-Types to serve the
configured Permissions-Policy as there are many non-HTML
Content-Types that would benefit from this header.
(examples include image/svg+xml and application/xml)
Executes the first routes reload in middleware, or when the route set
url_helpers is called. Previously, this was executed unconditionally on
boot, which can slow down boot time unnecessarily for larger apps with
lots of routes.
An action can _contain_ multiple renders/redirects, but only one can be _performed_.
"Attempting to try to" is redundant.
Also removes the `and return` recommendation in order to be consistent with the documentation updates from https://github.com/rails/rails/pull/45927
The `'wasm-unsafe-eval'` keyword for the Content Security Policy allows the
loading and execution of WebAssembly modules without the need to allow unsafe
JavaScript execution via `'unsafe-eval'`. A mapping is added so that the symbol
`:wasm_unsafe_evel` can be used for this keyword in the policy configuration in
`config/initializers/content_security_policy.rb`.
* Lookup route from requirements
* Add docs
* Strings instead of symbols
S
* Update actionpack/lib/action_dispatch/routing/route_set.rb
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
* Update actionpack/lib/action_dispatch/routing/route_set.rb
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
* Update actionpack/lib/action_dispatch/routing/route_set.rb
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
* Update actionpack/lib/action_dispatch/routing/route_set.rb
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
---------
Co-authored-by: Andy Waite <andyw8@users.noreply.github.com>
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
The rdoc markdown parser does not currently parse multi-paragraph
definition lists correctly. Instead of putting both paragraphs inside
a single definition, only the first paragraph ends up in the definition
and the second paragraph is rendered after the definition list as a code
block.
Since 7.2 appears to be coming soon, this commit fixes the second
paragraph rendering as a code block by turning it into a second
definition. This doesn't strictly seem like the "correct" fix (compared
to fixing the rdoc markdown parser) but it gives us the visual result
that we want until rdoc is fixed.
This will prevent issues like be0cb4e8f9, which would have resulted in:
```
guides/rails_guides/generator.rb:16:1: W: Lint/Debugger: Remove debugger entry point require "debug".
require "debug"
^^^^^^^^^^^^^^^
```
Disabled the cop in actionpack tests for screenshot_helper and page_dump_helper:
```
actionpack/test/controller/integration_test.rb:1369:9: W: Lint/Debugger: Remove debugger entry point save_and_open_page.
save_and_open_page
^^^^^^^^^^^^^^^^^^
actionpack/test/controller/integration_test.rb:1381:11: W: Lint/Debugger: Remove debugger entry point save_and_open_page.
save_and_open_page
^^^^^^^^^^^^^^^^^^
actionpack/test/controller/integration_test.rb:1391:39: W: Lint/Debugger: Remove debugger entry point save_and_open_page.
assert_raise(InvalidResponse) { save_and_open_page }
^^^^^^^^^^^^^^^^^^
```
```
actionpack/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb:111:13: W: Lint/Debugger: Remove debugger entry point page.save_page(absolute_html_path).
page.save_page(absolute_html_path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
actionpack/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb:115:13: W: Lint/Debugger: Remove debugger entry point page.save_screenshot(absolute_image
_path).
page.save_screenshot(absolute_image_path)
```
The DebuggerRequires option was first available in rubocop v1.63.0, in rubocop/rubocop#12766.
Executes the first routes reload in middleware, or when the route set
url_helpers is called. Previously, this was executed unconditionally on
boot, which can slow down boot time unnecessarily for larger apps with
lots of routes.
Allocations count is often an interesting proxy for performance,
but not necessarily the most relevant thing to include in request
logs, given they aren't a per thread metric, so the reporting
is widely innacurate in multi-threaded environments.
Since Ruby 3.1 there is now `GC.total_time` which is a monotonically
increasing counter of time spent in GC. It still isn't really a per
thread metric, but is is more interesting because it uses the same
unit as the response time, allowing to better see when you have a GC
pause performance issue.
```
2024-04-26 09:36:45 INFO Selenium [:logger_info] Details on how to use and modify Selenium logger:
https://selenium.dev/documentation/webdriver/troubleshooting/logging
2024-04-26 09:36:45 WARN Selenium [DEPRECATION] DriverFinder.path(options, service_class) is deprecated. Use DriverFinder.new(options, service).driver_path instead.
```
Fixes MIME parsing raising errors on valid parameters #51594.
Mime type lookups were updated to handle custom registered types as part of #48397.
This fix the strips out custom media range parameters before falling back to the default type creation.
Ref: https://bugs.ruby-lang.org/issues/15554
A couple are harmless, but another couple found actual problems
in the test suite where we passed blocks to `assert_*` methods that
didn't expect one.
`save_and_open_page` is a capybara helper that lets developers
inspect the status of the page at any given point in their
test. This is helpful when trying to keep a short feedback loop while
working on a test.
This change adds a similar helper with matching signature to
integration tests.
RFC 9110 specifies:
The server MUST send an Upgrade header field in a 426 response
to indicate the required protocol(s)
https://httpwg.org/specs/rfc9110.html#status.426
Status 406 Not Acceptable is more appropriate because it indicates the
resource
does not have a current representation that would be acceptable
to the user agent, according to the proactive negotiation header
fields received in the request
https://httpwg.org/specs/rfc9110.html#status.406
With the proactive negociation section mentionining:
implicit characteristics, such as the client's network address
or parts of the User-Agent field.
https://httpwg.org/specs/rfc9110.html#proactive.negotiation
The `:to` option for routes can once again be a String without a
controller if the controller is implicitly provided by a nesting
`controller` or `resources` call.
This can be reproduced using a version of rdoc that includes this fix:
- c65266437c
The fix correctly adds a newline between definition list items, which
was not added previously.
This commit was generated with the following commands:
```
$ git checkout 3079e8b0f8 -- actionpack/lib/action_controller/metal/conditional_get.rb
$ ./tools/rdoc-to-md --only=actionpack -a
```
This commit addresses the following Rails Nightly CI error since https://github.com/ruby/ruby/pull/10262 .
https://buildkite.com/rails/rails-nightly/builds/310#018e5929-ff70-4397-b978-9a0a03cd4706/1255-1265
- Without this commit:
```ruby
$ ruby -v
ruby 3.4.0dev (2024-03-19T08:26:49Z master 12be40ae6b) [x86_64-linux]
$ cd actionpack
$ RAILS_STRICT_WARNINGS=true bin/test test/controller/renderer_test.rb:37
Running 25 tests in a single process (parallelization threshold is 50)
Run options: --seed 14013
/home/yahonda/src/github.com/rails/rails/actionpack/test/fixtures/ruby_template.ruby:2: warning: literal string will be frozen in the future
E
Error:
RendererTest#test_rendering_with_a_class_renderer:
RuntimeError: Neutered Exception ActionView::Template::Error: /home/yahonda/src/github.com/rails/rails/actionpack/test/fixtures/ruby_template.ruby:2: warning: literal string will be frozen in the future
/home/yahonda/src/github.com/rails/rails/activesupport/lib/active_support/testing/strict_warnings.rb:33:in 'ActiveSupport::RaiseWarnings#warn'
test/fixtures/ruby_template.ruby:2:in '_home_yahonda_src_github_com_rails_rails_actionpack_test_fixtures_ruby_template_ruby__3648742137162546161_6360'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/base.rb:282:in 'Kernel#public_send'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/base.rb:282:in 'ActionView::Base#_run'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/template.rb:275:in 'block in ActionView::Template#render'
/home/yahonda/src/github.com/rails/rails/activesupport/lib/active_support/notifications.rb:212:in 'ActiveSupport::Notifications.instrument'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/template.rb:567:in 'ActionView::Template#instrument_render_template'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/template.rb:263:in 'ActionView::Template#render'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/template_renderer.rb:66:in 'block (2 levels) in ActionView::TemplateRenderer#render_template'
/home/yahonda/src/github.com/rails/rails/activesupport/lib/active_support/notifications.rb:212:in 'ActiveSupport::Notifications.instrument'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/template_renderer.rb:60:in 'block in ActionView::TemplateRenderer#render_template'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/template_renderer.rb:80:in 'ActionView::TemplateRenderer#render_with_layout'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/template_renderer.rb:59:in 'ActionView::TemplateRenderer#render_template'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/template_renderer.rb:11:in 'ActionView::TemplateRenderer#render'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/renderer.rb:58:in 'ActionView::Renderer#render_template_to_object'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/renderer/renderer.rb:31:in 'ActionView::Renderer#render_to_object'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/rendering.rb:135:in 'block in ActionView::Rendering#_render_template'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/base.rb:309:in 'ActionView::Base#in_rendering_context'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/rendering.rb:134:in 'ActionView::Rendering#_render_template'
lib/action_controller/metal/streaming.rb:258:in 'ActionController::Streaming#_render_template'
/home/yahonda/src/github.com/rails/rails/actionview/lib/action_view/rendering.rb:121:in 'ActionView::Rendering#render_to_body'
lib/action_controller/metal/rendering.rb:186:in 'ActionController::Rendering#render_to_body'
lib/action_controller/metal/renderers.rb:142:in 'ActionController::Renderers#render_to_body'
lib/abstract_controller/rendering.rb:47:in 'AbstractController::Rendering#render_to_string'
lib/action_controller/metal/rendering.rb:175:in 'ActionController::Rendering#render_to_string'
lib/action_controller/renderer.rb:136:in 'ActionController::Renderer#render'
test/controller/renderer_test.rb:37:in 'block in <class:RendererTest>'
bin/test test/controller/renderer_test.rb:35
Finished in 0.294798s, 3.3921 runs/s, 0.0000 assertions/s.
1 runs, 0 assertions, 0 failures, 1 errors, 0 skips
$
```
Refer to these Ruby issue and pull request for this change:
https://bugs.ruby-lang.org/issues/20205https://github.com/ruby/ruby/pull/10262
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
Samuel Williams