| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
If `env` is duped or otherwise not the same as the original `env` that was
generated at the top of rack middleware, it is impossible for the server hijack
proc to update the right `env` instance. Therefore, capturing the return value
is more reliable. This is the recommendation of the rack SPEC.
|
|
|
|
|
|
|
| |
It is wrongly appeared as instance public methods in the doc.
http://api.rubyonrails.org/v5.1.6/classes/ActionCable/Channel/Callbacks.html
http://api.rubyonrails.org/v5.1.6/classes/ActiveRecord/Timestamp.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
### Summary
This PR changes .rubocop.yml.
Regarding the code using `if ... else ... end`, I think the coding style
that Rails expects is as follows.
```ruby
var = if cond
a
else
b
end
```
However, the current .rubocop.yml setting does not offense for the
following code.
```ruby
var = if cond
a
else
b
end
```
I think that the above code expects offense to be warned.
Moreover, the layout by autocorrect is unnatural.
```ruby
var = if cond
a
else
b
end
```
This PR adds a setting to .rubocop.yml to make an offense warning and
autocorrect as expected by the coding style.
And this change also fixes `case ... when ... end` together.
Also this PR itself is an example that arranges the layout using
`rubocop -a`.
### Other Information
Autocorrect of `Lint/EndAlignment` cop is `false` by default.
https://github.com/bbatsov/rubocop/blob/v0.51.0/config/default.yml#L1443
This PR changes this value to `true`.
Also this PR has changed it together as it is necessary to enable
`Layout/ElseAlignment` cop to make this behavior.
|
|
|
|
| |
Follow up of #31004.
|
|
|
|
|
|
|
|
|
|
| |
If a frontend for some reason tries to unsubscribe from a non existing subscription, the following error is logged:
Could not execute command from ({"command"=>"unsubscribe", "identifier"=>"{\"channel\":\"SomeChannel\"}"}) [NoMethodError - undefined method `unsubscribe_from_channel' for nil:NilClass]
Instead, it will now properly log:
Could not execute command from ({"command"=>"unsubscribe", "identifier"=>"{\"channel\":\"SomeChannel\"}"}) [RuntimeError - Unable to find subscription with identifier: {"channel":"SomeChannel"}]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some examples and guides we are recommending to use code like:
```ruby
verified_user = User.find_by(id: cookies.signed[:user_id])
```
My suggestion is to use instead:
```ruby
verified_user = User.find_by(id: cookies.encrypted[:user_id])
```
which invites users to prefer the "newer" encrypted cookies over the
"legacy" signed cookies.
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
| |
Users should never publicly be interacting with an instance of this. The instance that comes along with an `AC::Connection::Base` instance (the only thing a user should be working with) is [itself intended to be private](https://github.com/tjschuck/rails/blob/master/actioncable/lib/action_cable/connection/base.rb#L137-L140).
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow a default value to be declared for class_attribute
* Convert to using class_attribute default rather than explicit setter
* Removed instance_accessor option by mistake
* False is a valid default value
* Documentation
|
| |
|
|
|
|
|
|
|
| |
This method is repeatedly used throughout the docs (in the [AC::Connection docs](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/lib/action_cable/connection/base.rb#L28), the [AC README](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/README.md#a-full-stack-example), the [AC Guides](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/guides/source/action_cable_overview.md#connection-setup)), but not actually documented itself and seemingly not supported for public use based on its current `private` status.
This actually makes the method public and documents it. The actual behavior that’s documented here is implemented [here](https://github.com/rails/rails/blob/12b684985837bc8ee9ad15c174cf4e07ca82d7c4/actioncable/lib/action_cable/connection/base.rb#L213-L219), via [this rescuing of the UnauthorizedError](https://github.com/rails/rails/blob/3dd1de8ba4d5862b01e7f5dd3878b21fd98b443b/actioncable/lib/action_cable/connection/base.rb#L172).
The method is [already tested here](https://github.com/rails/rails/blob/25473baf409185638073fe2f016f4b9dda284e50/actioncable/test/connection/authorization_test.rb#L17-L29).
|
|
|
| |
Fix missing left bracket in exception message.
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.
Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.
In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
|
|\
| |
| |
| | |
Optionally allow ActionCable requests from the same host as origin
|
| |
| |
| |
| |
| |
| |
| | |
When the `allow_same_origin_as_host` is set to `true`, the request
forgery protection permits `HTTP_ORIGIN` values starting with the
corresponding `proto://` prefix followed by `HTTP_HOST`. This way
it is not required to specify the list of allowed URLs.
|
| |
| |
| |
| |
| |
| |
| |
| | |
IO#close and IO#read across threads don't get along so well:
After T1 enters #read and releases the GVL, T2 can call #close on the
IO, thereby both closing the fd and freeing the buffer while T1 is using
them.
|
| | |
|
| |
| |
| |
| | |
No deprecation, because it was never documented.
|
|\ \
| | |
| | |
| | |
| | |
| | | |
palkan/fix/actioncable-confirmation-race-condition
Avoid race condition on subscription confirmation
|
| | |
| | |
| | |
| | | |
initializing
|
| | | |
|
| |/
|/|
| |
| |
| | |
Otherwise, they can sometimes block, leading to reduced system
throughput.
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|\
| |
| |
| | |
Fix race condition in websocket stream write
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
[ci skip]
|
| |
|
|\
| |
| |
| | |
ActionCable protocol negotiation
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is primarily for backwards compatibility for when
or if the protocol is changed in future versions.
If the server fails to respond with an acceptable
protocol, the client disconnects and disables
the monitor.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Introduce a connection coder responsible for encoding Cable messages
as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck-
typing to any object responding to `#encode` and `#decode`.
* Consolidate encoding responsibility to the connection. No longer
explicitly JSON-encode from channels or other sources. Pass Cable
messages as Hashes to `#transmit` and rely on it to encode.
* Introduce stream encoders responsible for decoding pubsub messages.
Preserve the currently raw encoding, but make it easy to use JSON.
Same duck type as the connection encoder.
* Revert recent data normalization/quoting (#23649) which treated
`identifier` and `data` values as nested JSON objects rather than as
opaque JSON-encoded strings. That dealt us an awkward hand where we'd
decode JSON strings… or not, but always encode as JSON. Embedding
JSON object values directly is preferably, no extra JSON encoding,
but that should be a purposeful protocol version change rather than
ambiguously, inadvertently supporting multiple message formats.
|
| | |
|
|/
|
|
|
|
|
|
| |
We'll get `Errno::ECONNRESET` if the client forcibly disconnected.
Just close the socket rather than raising the exception.
Handle other errors in `ClientSocket#write`, too, mirroring the Faye
error handling which swallows all `StandardError` on write.
|
|\
| |
| | |
Support faye-websocket + EventMachine as an option
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Fixes #22675
Allow channel identifiers and also data with no backslahes/escaping to be accepted by
the subscription storer.
|
|\ \
| |/
|/|
| | |
ActionCable: Add a "welcome" and "ping" message type
|
| |
| |
| |
| |
| |
| |
| |
| | |
This change makes ping into a message type, which
makes the whole protocol a lot more consistent.
Also fixes hacks on the client side to make this all
work.
|