aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--actionpack/CHANGELOG2
-rw-r--r--actionpack/lib/action_controller/cgi_process.rb7
-rw-r--r--actionpack/lib/action_view/helpers/asset_tag_helper.rb26
-rw-r--r--actionpack/lib/action_view/template_handlers/erb.rb9
-rw-r--r--actionpack/test/template/asset_tag_helper_test.rb41
5 files changed, 78 insertions, 7 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index c2af2c8c11..1fd3bfee7f 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. #10549 [Cheah Chu Yeow, Peter B, Tom Taylor]
+
* Support render :text => nil. #6684 [tjennings, PotatoSalad, Cheah Chu Yeow]
* assert_response failures include the exception message. #10688 [Seth Rasmussen]
diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb
index 6a802aa8fa..b529db8af4 100644
--- a/actionpack/lib/action_controller/cgi_process.rb
+++ b/actionpack/lib/action_controller/cgi_process.rb
@@ -3,7 +3,7 @@ require 'action_controller/session/cookie_store'
module ActionController #:nodoc:
class Base
- # Process a request extracted from an CGI object and return a response. Pass false as <tt>session_options</tt> to disable
+ # Process a request extracted from a CGI object and return a response. Pass false as <tt>session_options</tt> to disable
# sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session:
#
# * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
@@ -17,7 +17,7 @@ module ActionController #:nodoc:
# an ArgumentError is raised.
# * <tt>:session_expires</tt> - the time the current session expires, as a +Time+ object. If not set, the session will continue
# indefinitely.
- # * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
+ # * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
# server.
# * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS.
# * <tt>:session_path</tt> - the path for which this session applies. Defaults to the directory of the CGI script.
@@ -34,7 +34,8 @@ module ActionController #:nodoc:
class CgiRequest < AbstractRequest #:nodoc:
attr_accessor :cgi, :session_options
- class SessionFixationAttempt < StandardError; end #:nodoc:
+ class SessionFixationAttempt < StandardError #:nodoc:
+ end
DEFAULT_SESSION_OPTIONS = {
:database_manager => CGI::Session::CookieStore, # store data in cookie
diff --git a/actionpack/lib/action_view/helpers/asset_tag_helper.rb b/actionpack/lib/action_view/helpers/asset_tag_helper.rb
index ba474a8ffe..fd01fd60bc 100644
--- a/actionpack/lib/action_view/helpers/asset_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/asset_tag_helper.rb
@@ -50,8 +50,10 @@ module ActionView
# stylesheet_include_tag("application")
# => <link href="http://assets1.example.com/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />
#
- # The proc takes a single <tt>source</tt> parameter which is the path of the source asset. This can be used to
- # generate a particular asset host depending on the asset path.
+ # The proc takes a <tt>source</tt> parameter (which is the path of the source asset) and an optional
+ # <tt>request</tt> parameter (which is an entire instance of an <tt>ActionController::AbstractRequest</tt>
+ # subclass). This can be used to generate a particular asset host depending on the asset path and the particular
+ # request.
#
# ActionController::Base.asset_host = Proc.new { |source|
# if source.starts_with?('/images')
@@ -65,6 +67,19 @@ module ActionView
# stylesheet_include_tag("application")
# => <link href="http://assets.example.com/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />
#
+ # The optional <tt>request</tt> parameter to the proc is useful in particular for serving assets from an
+ # SSL-protected page. The example proc below disables asset hosting for HTTPS connections, while still sending
+ # assets for plain HTTP requests from asset hosts. This is useful for avoiding mixed media warnings when serving
+ # non-HTTP assets from HTTPS web pages when you don't have an SSL certificate for each of the asset hosts.
+ #
+ # ActionController::Base.asset_host = Proc.new { |source, request|
+ # if request.ssl?
+ # "#{request.protocol}#{request.host_with_port}"
+ # else
+ # "#{request.protocol}assets.example.com"
+ # end
+ # }
+ #
# === Using asset timestamps
#
# By default, Rails will append all asset paths with that asset's timestamp. This allows you to set a cache-expiration date for the
@@ -461,7 +476,12 @@ module ActionView
def compute_asset_host(source)
if host = ActionController::Base.asset_host
if host.is_a?(Proc)
- host.call(source)
+ case host.arity
+ when 2:
+ host.call(source, @controller.request)
+ else
+ host.call(source)
+ end
else
host % (source.hash % 4)
end
diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb
index 022fc362e7..87cb09952c 100644
--- a/actionpack/lib/action_view/template_handlers/erb.rb
+++ b/actionpack/lib/action_view/template_handlers/erb.rb
@@ -4,6 +4,15 @@ class ERB
module Util
HTML_ESCAPE = { '&' => '&amp;', '"' => '&quot;', '>' => '&gt;', '<' => '&lt;' }
+ # A utility method for escaping HTML tag characters.
+ # This method is also aliased as <tt>h</tt>.
+ #
+ # In your ERb templates, use this method to escape any unsafe content. For example:
+ # <%=h @person.name %>
+ #
+ # ==== Example:
+ # puts html_escape("is a > 0 & a < 10?")
+ # # => is a &gt; 0 &amp; a &lt; 10?
def html_escape(s)
s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
end
diff --git a/actionpack/test/template/asset_tag_helper_test.rb b/actionpack/test/template/asset_tag_helper_test.rb
index 0d84816765..37392b9f67 100644
--- a/actionpack/test/template/asset_tag_helper_test.rb
+++ b/actionpack/test/template/asset_tag_helper_test.rb
@@ -34,6 +34,8 @@ class AssetTagHelperTest < Test::Unit::TestCase
@request = Class.new do
def relative_url_root() "" end
def protocol() 'http://' end
+ def ssl?() false end
+ def host_with_port() 'localhost' end
end.new
@controller.request = @request
@@ -248,7 +250,7 @@ class AssetTagHelperTest < Test::Unit::TestCase
end
def test_caching_javascript_include_tag_when_caching_on_with_proc_asset_host
- ENV["RAILS_ASSET_ID"] = ""
+ ENV['RAILS_ASSET_ID'] = ''
ActionController::Base.asset_host = Proc.new { |source| "http://a#{source.length}.example.com" }
ActionController::Base.perform_caching = true
@@ -264,6 +266,43 @@ class AssetTagHelperTest < Test::Unit::TestCase
FileUtils.rm_f(File.join(ActionView::Helpers::AssetTagHelper::JAVASCRIPTS_DIR, 'scripts.js'))
end
+ def test_caching_javascript_include_tag_when_caching_on_with_2_argument_proc_asset_host
+ ENV['RAILS_ASSET_ID'] = ''
+ ActionController::Base.asset_host = Proc.new { |source, request|
+ if request.ssl?
+ "#{request.protocol}#{request.host_with_port}"
+ else
+ "#{request.protocol}assets#{source.length}.example.com"
+ end
+ }
+ ActionController::Base.perform_caching = true
+
+ assert_equal '/javascripts/vanilla.js'.length, 23
+ assert_dom_equal(
+ %(<script src="http://assets23.example.com/javascripts/vanilla.js" type="text/javascript"></script>),
+ javascript_include_tag(:all, :cache => 'vanilla')
+ )
+
+ assert File.exist?(File.join(ActionView::Helpers::AssetTagHelper::JAVASCRIPTS_DIR, 'vanilla.js'))
+
+ class << @controller.request
+ def protocol() 'https://' end
+ def ssl?() true end
+ end
+
+ assert_equal '/javascripts/secure.js'.length, 22
+ assert_dom_equal(
+ %(<script src="https://localhost/javascripts/secure.js" type="text/javascript"></script>),
+ javascript_include_tag(:all, :cache => 'secure')
+ )
+
+ assert File.exist?(File.join(ActionView::Helpers::AssetTagHelper::JAVASCRIPTS_DIR, 'secure.js'))
+
+ ensure
+ FileUtils.rm_f(File.join(ActionView::Helpers::AssetTagHelper::JAVASCRIPTS_DIR, 'vanilla.js'))
+ FileUtils.rm_f(File.join(ActionView::Helpers::AssetTagHelper::JAVASCRIPTS_DIR, 'secure.js'))
+ end
+
def test_caching_javascript_include_tag_when_caching_on_and_using_subdirectory
ENV["RAILS_ASSET_ID"] = ""
ActionController::Base.asset_host = 'http://a%d.example.com'