| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The rack gem returns PATH_INFO as an ASCII-8BIT encoded string but it
was being converted to US-ASCII by the match? method because it was
calling Rack::Utils.escape_path. To prevent incompatibile encoding
warnings use ASCII-8BIT strings for the root path and let Ruby handle
any filename encoding conversion.
Fixes #32294, Closes #32314.
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
|
| |
A gzip file has a checksum and length for the decompressed data in its
footer which isn't checked by just calling Zlib::GzipReader#read.
Calling Zlib::GzipReader#close must be called after reading to the end
of the file causes this check to be done, which is done by
Zlib::GzipReader.wrap after its block is called.
|
|
|
|
|
|
|
| |
```
go get -u github.com/client9/misspell/cmd/misspell
misspell -w -error -source=text .
```
|
| |
|
|
|
|
|
| |
`Gem.win_platform?` check if it is Windows more accurately.
Ref: https://github.com/ruby/ruby/blob/ruby_2_2/lib/rubygems.rb#L945..L952
|
| |
|
|
|
|
| |
`ActionDispatch::Static#initialize`
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `ActionDispatch::Static` middleware is used low down in the stack to serve
static assets before doing much processing. Since it's called from so low in
the stack, we don't have access to the request ID at this point, and generally
won't have any exception handling defined (by default `ShowExceptions` is added
to the stack quite a bit higher and relies on logging and request ID).
Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3
this middleware would ignore unknown HTTP methods, and an exception about these
would be raised higher in the stack. After that commit, however, that exception
will be raised here.
If we want to keep `ActionDispatch::Static` so low in the stack (I think we do)
we should suppress the `ActionController::UnknownHttpMethod` exception here,
and instead let it be raised higher up the stack, once we've had a chance to
define exception handling behaviour.
This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to
`ActionDispatch::FileHandler`, which won't raise an
`ActionController::UnknownHttpMethod` error. If an unknown method is
passed, it should exception higher in the stack instead, once we've had a
chance to define exception handling behaviour.`
|
|
|
|
|
|
|
|
| |
gzipped version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any."
This reverts commit 067c52f608568e35181830a5c1016e382650e655.
Conversation: https://github.com/rails/rails/pull/23120#issuecomment-173007011
|
|
|
|
|
|
|
|
| |
version exists or not. This is helpful for CDN's to later distinguish assets, based on previous, current copies and introduced gzip version if any.
For ref: https://www.fastly.com/blog/best-practices-for-using-the-vary-header
This change sets `Vary` header always, to be on safer side
|
|
|
|
|
|
| |
File paths cannot contain null byte characters and methods that do path
operations such as Rack::Utils#clean_path_info will raise unwanted
errors.
|
| |
|
|\
| |
| |
| | |
Add basic support for access control headers to ActionDispatch::Static
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Now ActionDispatch::Static can accept HTTP headers so that developers
will have control of returning arbitrary headers like
'Access-Control-Allow-Origin' when a response is delivered. They can
be configured through `#config.public_file_server.headers`:
config.public_file_server.headers = {
"Cache-Control" => "public, max-age=60",
"Access-Control-Allow-Origin" => "http://rubyonrails.org"
}
Also deprecate `config.static_cache_control` in favor of
`config.public_file_server.headers`.
|
|/ |
|
| |
|
|
|
|
|
|
| |
Set `config.static_index` to serve a static directory index file not
named `index`. For example, to serve `main.html` instead of `index.html`
for directory requests, set `config.static_index` to `"main"`.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When 7e504927 was merged setting `Encoding.default_internal` and
`Encoding.default_external` would throw a warning when the ActionPack
tests were run.
Example warning: `actionpack/test/dispatch/static_test.rb:12: warning:
setting Encoding.default_external`
This patch silences the warnings as other similar tests do for setting
default_internal and default_external.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows
* https://github.com/rails/rails/issues/19187
* https://github.com/rails/rails/pull/19533
* https://github.com/macournoyer/thin/issues/268
These are serious Rails 4 regression for Redmine Bitnami Windows users.
https://community.bitnami.com/t/problems-with-3-0-1-installation-see-report-inside/30195/
It is not caused on webrick users.
Related:
* https://github.com/rack/rack/issues/732#issuecomment-67677272
* https://github.com/phusion/passenger/issues/1328
|
| |
|
|
|
|
|
| |
Rack::Lint raises an error saying "Content-Type header found in 304
response, not allowed".
|
|
|
|
| |
onwards.
|
| |
|
|
|
|
|
| |
FileHandler#matches? should return false for files that are outside the
"root" path.
|
|
|
|
|
|
|
|
| |
Dir.glob can be a security concern. The original use was to provide logic of fallback files. Example a request to `/` should render the file from `/public/index.html`. We can replace the dir glob with the specific logic it represents. The glob {,index,index.html} will look for the current path, then in the directory of the path with index file and then in the directory of the path with index.html. This PR replaces the glob logic by manually checking each potential match. Best case scenario this results in one less file API request, worst case, this has one more file API request.
Related to #16464
Update: added a test for when a file of a given name (`public/bar.html` and a directory `public/bar` both exist in the same root directory. Changed logic to accommodate this scenario.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- don't mutate PATH_INFO in env, test
- test fallback content type matches Rack::File
- change assertion style
- make HTTP_ACCEPT_ENCODING comparison case insensitive
- return gzip path from method instead of true/false so we don't have to assume later
- don't allocate un-needed hash.
Original comments:
https://github.com/rails/rails/commit/
cfaaacd9763642e91761de54c90669a88d772e5a#commitcomment-7468728
cc @jeremy
|
|
|
|
|
|
| |
If someone is using ActionDispatch::Static to serve assets and makes it past the `match?` then the file exists on disk and it will be served. This PR adds in logic that checks to see if the file being served is already compressed (via gzip) and on disk, if it is it will be served as long as the client can handle gzip encoding. If not, then a non gzip file will be served.
This additional logic slows down an individual asset request but should speed up the consumer experience as compressed files are served and production applications should be delivered with a CDN. This PR allows a CDN to cache a gzip file by setting the `Vary` header appropriately. In net this should speed up a production application that are using Rails as an origin for a CDN. Non-asset request speed is not affected in this PR.
|
| |
|
| |
|
|
|
|
|
|
| |
This Adds helpers(jruby_skip & rbx_skip). In Future, Plan is to use
these helpers instead of calls directly to
RUBY_ENGINE/RbConfig/JRUBY_VERSION
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In #5337 we forced the path encoding to ASCII-8BIT to prevent static
file handling from blowing up before an application has had chance to
deal with possibly invalid urls. However this has a negative side
effect of making it an incompatible encoding if the application's
public path has UTF-8 characters in it.
To work around the problem we check to see if the path has a valid
encoding once it has been unescaped. If it is not valid then we can
return early since it will not match any file anyway.
Fixes #13518
|
| |
|
|
|
|
|
|
| |
This test is broken from quite a while & is expected to remain broken as
encoding issues are hardest to fix in JRuby. so lets skip this test for
now
|
|
|
|
| |
This reverts commit c59734f756b79c39486c45273d2cc5d42cd0c864.
|
|
|
|
|
|
|
|
|
|
| |
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes #6421
|
| |
|
|
|
|
|
|
| |
Windows doesn't allow `\ / : * ? " < > |` in filenames so create
the fixture files at runtime and ignore the incompatible ones when
running on Windows.
|
|
|
|
|
|
|
|
|
|
|
| |
RFC 3986[1] allows sub-delim characters in path segments unencoded,
however Rack::File requires them to be encoded so we use URI's
unescape method to leave them alone and then escape them again.
Also since the path gets passed to Dir[] we need to escape any glob
characters in the path.
[1]: http://www.ietf.org/rfc/rfc3986.txt
|
| |
|
| |
|
| |
|
| |
|