| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Support callable body for explicit streaming support.
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Useful for redirecting these to files for logging, etc.
Closes #1775
|
|
|
|
|
| |
Close #1731
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a theoretical security issue where a lookup of the session
ID uses a non-constant time algorithm (such as a database index), and
only for cases where there is a session that existed prior to an
rack version that added support for private session IDs.
This defaults :allow_fallback to true for backwards compatibility,
but we may want to make the default false in Rack 3.
Fixes #1431
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit b050e742ca7c8cd26987e1d3d975671e2b221b88.
Annotate `super()` call that started this whole adventure.
|
|
|
|
| |
This reverts commit d96b5c39fd32aa8f8b1b694470a0f78f4a7475fe.
|
| |
|
|\
| |
| | |
Fix MockRequest cookie parsing for hash with array value
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem:
`Rack::Response.new` allows to set multiple cookies just by passing hash with key 'Set-Cookie' and value as an array containing cookies we want to set.
example:
```ruby
Rack::Response.new(
[ "Authentication failed" ],
401,
{
"Content-type" => "text/error",
"Set-Cookie" => ["foo=bar", "baz=ban"]
}
)
```
Unfortunately `MockRequest` class is not able to parse such definition of cookies as it expects cookie value to be always a string.
Solution:
Wrap every cookie value to `Array()` which converts string values to array. So we can safely iterate over the values. In case the value is already an array it simply return it.
|
| |
| |
| |
| | |
This feature was deprecated since #1574.
|
|/
|
|
|
| |
* Remove unnecessary call to `super()`
* Flatten Rack::Request::Env into Request
|
| |
|
|
|
| |
[ci skip]
|
|\
| |
| | |
Fix some typos [ci skip]
|
| | |
|
|\ \
| | |
| | | |
Clarify streaming response body behavior in SPEC
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added the following Lint errors:
- "Middleware must not call #each directly"
- "New body must yield at least once per iteration of old body"
- "Body has not been closed"
- "#to_ary not identical to contents produced by calling #each"
|
| | |
| | |
| | |
| | | |
Apply to `ContentLength` and `ETag` middleware.
|
| |/
| |
| |
| |
| |
| | |
Strings must be processed individually as they are yielded by `each`.
However, if the Body responds to `to_ary` it can be implicitly coerced to
an Array, which may then be processed all at once.
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hosts with no ipv4 connectivity are going to be increasingly common in
the future. In such hosts, one will see errors like the following when
running the rack tests:
Errno::EADDRNOTAVAIL: Cannot assign requested address - bind(2) for 127.0.0.1:9210
Binding to localhost instead of explicitly to
127.0.0.1 solves the problem - `localhost` is resolved to all
_available_ local addresses and those are used. Client connections
need to do the same, and it all just works regardless of the local
networking stack.
|
|
|
|
|
|
|
| |
This change improves SSL detection in apps running behind some
reverse-proxies.
Fixes #1730
|
| |
|
|
|
|
|
|
|
| |
To avoid unexpectedly stop testing Ruby 3.0 when Ruby 3.1 is released.
See https://github.com/actions/runner/issues/849
At https://github.com/rack/rack/runs/2041788658?check_suite_focus=true#step:3:3 we can see that the setup-ruby action ran with just `3` as the input and not `3.0`.
|
|
|
|
|
|
|
|
|
| |
The multipart generator was escaping filenames using
Rack::Utils.escape, but the parser was using Rack::Utils.unescape_path.
If the file name contained spaces such as "foo bar.txt",
escape would encode as "foo+bar.txt" and then unescape_path would
decode to "foo+bar.txt", incorrectly leaving the plus sign. Fix by
changing the generator to use escape_path to match the parser.
|
| |
|
|
|
|
|
|
| |
Allowing ; as separator by default can lead to web cache poisoning.
Fixes #1732
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use `raise "message" unless condition` instead of assert in Rack::Lint
* The existing #assert is very inefficient because it computes the error
message string even if no error is raised.
* Fixes https://github.com/rack/rack/issues/1723
* Deprecate Rack::Lint::Assertion#assert
* No need to include the Assertion module anymore in lint.rb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rack::MockResponse inherits from Rack::Response, which already
uses a HeaderHash for the headers. The original_headers were
only used for cookie parsing, which for some reason was happening
before the call to super in initialize (so the headers weren't
available yet). There seems to be no reason why the cookie parsing
can't happen after the call to super, in which case we can use the
headers directly.
Fixes #1629
Fixes #1630
Co-authored-by: Matt Palmer <mpalmer@hezmatt.org>
|
|\
| |
| | |
Skip rubocop for external tests
|
|/ |
|
|
|
|
|
|
| |
Comparing a 16 byte string:
openssl_secure_compare: 9397508.4 i/s
rack_secure_compare: 515938.0 i/s - 18.21x (± 0.00) slower
|
|
|
|
|
|
|
|
|
| |
Running specs against JRuby 9.2.13.0 got the warning:
```
/Users/mike/.asdf/installs/ruby/jruby-9.2.13.0/lib/ruby/gems/shared/gems/rack-2.2.3/lib/rack/media_type.rb:18: warning: `&' interpreted as argument prefix
```
This PR should fix it.
|
|
|
|
|
|
| |
Support for thin was removed earlier, so no reason to keep this.
Fixes #1714
|
| |
|