| Date | Commit message (Collapse) |
|---|
|
To facilitate cleanup without depending on garbage collection.
|
|
Ancient HTTP clients which predate HTTP/1.0 may not set HTTP_VERSION
at all, and those do not support chunking.
RFC 1945 describes HTTP/0.9 as well as HTTP/1.0
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
By calling to_app immediately after initializing the per-map
Rack::Builder instances. Otherwise, benefits of warmup and web
servers taking advantage of CoW are lost.
This passes tests, and is lightly tested and I have not verified
this for any negative consequences or incompatibilities.
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
yahns will eventually support more than Rack, but for now
it only knows Rack.
ref: http://yahns.yhbt.net/README
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
Inherits from TypeError, so existing code that checks types by is_a? and friends
should still work fine. This should enable users to be more confident that they
are only catching this error case, not other exceptional conditions.
Closes #524
|
|
|
|
- Removed concat, the DRYness isn't worth the loss of clarity.
- Removed ||=, no need to memoize such a small operation.
- Removed the array-default hash usage; if this behavior is supported,
we should add a test for it.
|
|
Had to put the class method definitions in an eigenclass wrapper
to use the 'alias' keyword sanely. It wouldn't be necessary if
old behavior of the middleware was unsupported, but that would be
too invasive for just a small clarity change.
|
|
|
|
|
|
|
|
|
|
Prevent IP spoofing via X-Forwarded-For and Client-IP headers
|
|
Might close 632, pending more information.
|
|
Closes #592
|
|
|
|
As this is orthoganol to HTML rendering change.
|
|
|
|
* Load HTML exception template only if needed
* Only #call is public
* Enumerable body concern in one place
|
|
Rather than be concerned with whether a request is an asynchronous browser
request or not it is better to simply consider the Accept header and only serve
HTML to clients that specifically ask for it.
This way you will not find your pure JSON API application splitting out HTML
error messages to your console when using curl :)
|
|
It appears Rack has been doing this for years. It's not correct behavior for any
generators that I can remember. It comes from the cookie parsing code.
|
|
By specifying the same IP in X-Forwarded-For and Client-IP an attacker is able to easily spoof the value of `request.ip`, unless a trusted proxy is configured to remove any user supplied Client-IP headers. The value of request.ip should be the value after the last trusted proxy IP in X-Forwarded-For (from right to left).
|
|
this fixes `env_for` on ruby trunk
|
|
|
|
Fix `clean_path_info` for paths with only a slash
|
|
|
|
|
|
Close body if content is fresh enough
|
|
Reformat Rack::Lint docs.
|
|
Ensure Rack::Utils.best_q_match to respect requested content type
|
|
Flip the lobster better
|
|
Add support for RFC2324
|
|
* Previously proposed in #707, unfortunately that patch caused double encoding
* Fixes #707, #618
* The longevity of this patch is dubious. If WEBrick makes identical semantics
modifications as I think should be done, this patch will have no effect. If
WEBrick introduces changes to internal header handling, class structure, etc,
we'll break.
|
|
Fix spec_request on ruby-trunk (2.2.0dev)
|
|
Fix AccessLog documentation typo
|
|
|
|
Manually percent-encode square brackets in query string. This fixes
current travis build issues.
2.2.0dev has recently changed URI parsing from RFC2396 to RFC3986.
Square brackets in RFC3986 are required to be percent-encoded when
present in the query string of a URI. URI.encode on 2.2.0dev isn't
currently updated to support this encoding (see:
https://bugs.ruby-lang.org/issues/9990)
|
|
Readme: Use an SVG badge.
|
|
Badges will look more consistent and less blurry on Retina screens (and the like).
|
|
|
|
With patch https://github.com/rack/rack/commit/74e0acd36353cf619bf56fce17bcb9ef1ab30547, there is ability on rack to set max-age parameter. Which is fine. Unfortunately this parameter is sent to browser only when the session cookie is created. Which is afaik wrong. You usually want to refresh the cookie with each page request. And setting 'expires' parameter behaves in this way as well. So this patch doest:
1) When max-age parameter is present, the Set-Cookie HTTP header is sent with each request
2) When both max-age and expires parameter are set, max-age has precedence
3) Added max-age conversion to string where aplicable, because user might not want to use string for "time interval"
|
|
|
|
Refactor methodoverride to make it easier to inherit and extend
|
|
|
|
|
|
In order to prevent response body resulting in race conditions.
|
|
|
|
|
|
|
|
|