From c1dd2285799b19b7067119b2aa121ca922b75bc3 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Wed, 2 Jan 2019 17:11:59 +0900 Subject: Allow using combine the Cache-Control `public` and `no-cache` headers Since #30367, if `no-cache` includes Cache-Control headers, special keys like `public`, `must-revalidate` are ignored. But in my understanding, `public` still need in case of want to cache authenticated pages. The authenticated pages to be cacheable, but still authenticated for every user, need to specify the `Cache-Control: public, no-cache`. For keys other than `public`, I did not know the case where it was necessary to use it in combination with `no-cache`, so I fixed that can be used only for `public`. Ref: https://www.mnot.net/cache_docs/#CACHE-CONTROL Fixes #34780. --- actionpack/lib/action_dispatch/http/cache.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb index f67b13f657..8cc84ff36c 100644 --- a/actionpack/lib/action_dispatch/http/cache.rb +++ b/actionpack/lib/action_dispatch/http/cache.rb @@ -197,10 +197,12 @@ module ActionDispatch if control.empty? # Let middleware handle default behavior elsif control[:no_cache] - self._cache_control = NO_CACHE - if control[:extras] - self._cache_control = _cache_control + ", #{control[:extras].join(', ')}" - end + options = [] + options << PUBLIC if control[:public] + options << NO_CACHE + options.concat(control[:extras]) if control[:extras] + + self._cache_control = options.join(", ") else extras = control[:extras] max_age = control[:max_age] -- cgit v1.2.3 From a37cf8d383147a1e6b5f71dfe214d2e03d177872 Mon Sep 17 00:00:00 2001 From: Haroon Ahmed Date: Mon, 7 Jan 2019 21:24:22 +0000 Subject: Capture parsing errors for ActionController::ParamsWrapper#process_action --- .../lib/action_controller/metal/params_wrapper.rb | 33 +++++++++++----------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 7361946de5..09716f7588 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -241,22 +241,8 @@ module ActionController # Performs parameters wrapping upon the request. Called automatically # by the metal call stack. def process_action(*args) - if _wrapper_enabled? - wrapped_hash = _wrap_parameters request.request_parameters - wrapped_keys = request.request_parameters.keys - wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys) - - # This will make the wrapped hash accessible from controller and view. - request.parameters.merge! wrapped_hash - request.request_parameters.merge! wrapped_hash - - # This will display the wrapped hash in the log file. - request.filtered_parameters.merge! wrapped_filtered_hash - end - ensure - # NOTE: Rescues all exceptions so they - # may be caught in ActionController::Rescue. - return super + _perform_parameter_wrapping if _wrapper_enabled? + super end private @@ -292,5 +278,20 @@ module ActionController ref = request.content_mime_type.ref _wrapper_formats.include?(ref) && _wrapper_key && !request.parameters.key?(_wrapper_key) end + + def _perform_parameter_wrapping + wrapped_hash = _wrap_parameters request.request_parameters + wrapped_keys = request.request_parameters.keys + wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys) + + # This will make the wrapped hash accessible from controller and view. + request.parameters.merge! wrapped_hash + request.request_parameters.merge! wrapped_hash + + # This will display the wrapped hash in the log file. + request.filtered_parameters.merge! wrapped_filtered_hash + rescue ActionDispatch::Http::Parameters::ParseError + # swallow parse error exception + end end end -- cgit v1.2.3