Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
Checking mergeability… Don’t worry, you can still create the pull request.
This comparison is big! We’re only showing the most recent 250 commits
Commits on Jun 10, 2015
@spastorino spastorino URI::Parser = URI::RC2396_Parser in Ruby 2.2+ 22a6c8c
@spastorino spastorino Allow rbx-2 failures on Travis until they completely support 2.2+ 754e787
Commits on Jun 11, 2015
@tenderlove tenderlove raise an exception if the parameters are too deep
CVE-2015-3225

Conflicts:
	lib/rack/utils.rb
	test/spec_utils.rb
b284e73
@tenderlove tenderlove Merge pull request #879 from wjordan/1.6-history
Add HISTORY for 1.6.0 and 1.5.3/1.6.1 releases
76900a4
Commits on Jun 12, 2015
@zenspider zenspider Converting to minitest: phase 1: minitest/bacon
This is a VERY quick conversion to minitest/bacon. It does nothing but
include minitest/bacon and get the tests passing again. Some things are
different, namely, how minitest treats tests (instance methods run
randomly) vs how bacon treats tests ("class" blocks run serially).
Instance variable access is different between the two, so some things
got wrapped in before/after blocks WITHOUT indenting properly. That'll
come later.
22951c8
@zenspider zenspider Make all tests run and pass independently. 221d4fd
@zenspider zenspider Added minitest/bacon to the top of each file so they can be run strai…
…ght up.
3399dc7
@zenspider zenspider No difference between fulltest and test, per tenderlove. 0c56477
@zenspider zenspider Fix gemspec to not eval rack.rb for the version. Just grab it. bd2413d
@zenspider zenspider fixed random failure in webrick test via tenderlove 114ef7f
@zenspider zenspider Fixes from tenderlove for tests I can't currently run. 1d8c197
@zenspider zenspider more patches from tenderlove... both versions of this test are terrib…
…le, so no loss except for the extra dependency in this case
5702c6c
@zenspider zenspider moar from tenderlove 11bc568
@zenspider zenspider More of the terrible from tenderlove f8d63b5
@tenderlove tenderlove join the thread rather than kill it a001eb9
@tenderlove tenderlove assume secure random is always available
secure_random should always be available on Ruby 2.2+, it just may not
use openssl
cc6f90a
@tenderlove tenderlove remove some dead code, move @id to setup a4eefd1
Tadashi Saito Don't get ancestors' constant as Handler that name is same df941b3
@zenspider zenspider First attempt to mass-port from minitest/bacon to minitest/spec.
I still can't run some of the tests, so they might have problems. I'll
leave it to the CI to catch them.
c99a755
@AMekss AMekss Added media_type methods in Rack::Response a193c57
@tenderlove tenderlove Merge pull request #826 from AMekss/media_type_support_in_response
Added media_type methods in Rack::Response
75c17a1
@tenderlove tenderlove update history
Conflicts:
	HISTORY.md
a389bab
@tenderlove tenderlove set the logger to nil 809a752
@deepj deepj Constantize all rack environment variables and make them frozen fd1fbab
@tenderlove tenderlove replace OkJson in favor of the JSON gem 85604db
@matthewd matthewd Merge pull request #835 from greysteil/handle-param-parsing-errors-in…
…-method-override

Ignore param parsing errors in MethodOverride
618e71d
Commits on Jun 13, 2015
@sigmavirus24 sigmavirus24 Add failing test c7d291f
@sigmavirus24 sigmavirus24 Start updating definitions for RFC 2231 b3e90ed
@sigmavirus24 sigmavirus24 Move RFC2183 constant too 12703d3
@sigmavirus24 sigmavirus24 Simplify regular expressions and extract the extended filename 5f5681d
@burtlo burtlo Feature: Provided support for non-ascii character in public header
I love that we worked on this @MadisonRuby for #OSL
b5e7ff4
@burtlo burtlo Force encoding of parsed filename
I love working at the #OSL
2037507
@burtlo burtlo FIX: Backwards compatibility with soupy data
* Broken quotes needs to be checked before RFC2231 otherwise the filenames are
  not correctly found

* Parsing "files" out of the header was converted to an empty string instead
  instead of nil when the body was empty.

I love working at the #OSL
57e030f
@sigmavirus24 sigmavirus24 Use ::Encoding instead of Parser::Encoding 1613b02
@sigmavirus24 sigmavirus24 Fix encoding issue in source files 2d8fee3
@tenderlove tenderlove Merge pull request #726 from sigmavirus24/rfc-2231
Fixes for RFC 2231
df05b3a
@tenderlove tenderlove extract a `make_cookie_header` method
This method doesn't mutate anything
4ceeb53
Commits on Jun 14, 2015
@spastorino spastorino Merge pull request #885 from deepj/constants-and-frozen-strings
Constantize all rack environment variables and make them frozen
b698f84
@deepj deepj Cleanup older code than Ruby 2.0+ one ae4f286
@fabianrbz fabianrbz Add a test that documents how #build_nested_quey works.
Because of Ruby's 1.8 unordered Hash, it was being tested against
 #parse_nested_query. Since Ruby 1.9 Hashes keep order, we can test it
using the actual result instead of using the result of
 #parse_nested_query.
a7095ca
@fabianrbz fabianrbz Remove code from test that was Ruby < 1.9 specific.
Regexp#kcode is no longer supported nor Ruby < 2.2.
f696b9d
@spastorino spastorino Merge pull request #889 from deepj/cleanup-older-code
Cleanup older code than Ruby 2.0+ one
5f8cad8
Commits on Jun 16, 2015
@tenderlove tenderlove Merge branch 'master-sec'
* master-sec:
  update history
  raise an exception if the parameters are too deep

Conflicts:
	HISTORY.md
694c703
@tenderlove tenderlove Merge branch 'master' into zenspider-minitest.phase.2
* master:
  Cleanup older code than Ruby 2.0+ one
  extract a `make_cookie_header` method
  Fix encoding issue in source files
  Use ::Encoding instead of Parser::Encoding
  FIX: Backwards compatibility with soupy data
  Force encoding of parsed filename
  Feature: Provided support for non-ascii character in public header
  Simplify regular expressions and extract the extended filename
  Move RFC2183 constant too
  Start updating definitions for RFC 2231
  Add failing test
  replace OkJson in favor of the JSON gem
  Constantize all rack environment variables and make them frozen
  set the logger to nil
  update history
  Added media_type methods in Rack::Response
  raise an exception if the parameters are too deep
  Handle param parsing errors in MethodOverride silently

Conflicts:
	rack.gemspec
	test/spec_chunked.rb
	test/spec_lint.rb
	test/spec_multipart.rb
	test/spec_request.rb
	test/spec_session_cookie.rb
	test/spec_utils.rb
	test/spec_version.rb
685ef70
@tenderlove tenderlove Merge branch 'master' into fabianrbz-remove_old_ruby_code
* master:
  Cleanup older code than Ruby 2.0+ one
  update history
  First attempt to mass-port from minitest/bacon to minitest/spec.
  raise an exception if the parameters are too deep

Conflicts:
	test/spec_request.rb
	test/spec_utils.rb
3d6cf77
Commits on Jun 18, 2015
@tenderlove tenderlove add make_delete_cookie_header
*  lib/rack/utils.rb: add a method for constructing "delete" cookie
headers.  This allows us to construct cookie headers without depending
on the side effects of mutating a hash.
02e2f0f
Commits on Jun 19, 2015
@dmcinnes dmcinnes allow users to disable the secure cookie warning for custom coders ed84b6d
Commits on Jun 21, 2015
@takiy33 takiy33 Remove rubyforge_project option
rubyforge_project option is deprecated.
605c26a
Commits on Jun 24, 2015
Teo Ljungberg Rename files to follow ruby naming conventions
If a class is named NullLogger, it’s file would be named null_logger.rb
857641d
@teoljungberg teoljungberg Strip trailing whitespace 8c5916f
@tenderlove tenderlove Merge pull request #696 from teoljungberg/patch-1
Rename files to follow ruby naming conventions
971209b
Commits on Jun 30, 2015
@fenec fenec Add 421 status code to utils 5401f77
Commits on Jul 13, 2015
@tenderlove tenderlove make sure we can mix in Utils and still use it 1569a98
Commits on Jul 14, 2015
@tenderlove tenderlove use key? rather than hash access and double bang 4453f50
Commits on Jul 15, 2015
@evanphx evanphx Make static.rb standalone
People sometimes require `rack/static` without `rack`, resulting in constant errors. This fixes that error.
7f59f17
Commits on Jul 18, 2015
@sigmavirus24 sigmavirus24 Omit unnecessary ?s in EXTENDED_INITIAL_VALUE
The ? outside the groups is redundant and Ruby's regular expression engine
rightfully produces a warning when compiling the regular expression.

Removing the ?s prevents the warning from being printed to stderr.

See also: http://rubular.com/r/J4CWeIHQTK
2e244dd
@matthewd matthewd Correct some mismatches with RFC 2231 7125326
@matthewd matthewd Only handle encodings in extended parameter values 384633c
Commits on Aug 01, 2015
@arronmabrey arronmabrey Fixes an issue where `Rack::Static` can raise "TypeError: no implicit…
… conversion of nil into String"

This is due a bug that always incorrectly tries to append `@index` to a root path.
This happens even when the "index option" is not given, thus `@index == nil`.
5db439f
Commits on Aug 03, 2015
@mcantor mcantor Remove unused KNOWN-ISSUES file. 4495726
@mcantor mcantor Update full logo with symmetrical icon. c2e9b7d
Commits on Aug 04, 2015
@mcantor mcantor Reconstitute copyright XML attributes. dfd0c40
@Wardrop Wardrop Lazily instantiate ERB template object
ShowExceptions currently parses it's ERB template on instantiation. This
can add significant overhead, especially for frameworks and applications
that may add middleware dynamically on each request, such as Scorched,
where caching an application instance is non-trivial.
220952c
@mcantor mcantor whitespace b30aebb
@mcantor mcantor Improve heredoc indenting for fold/readability. 0b3884c
@mcantor mcantor Constantize ERB template.
Per @tenderlove's suggestion on #836, this way the constructor isn't
doing any work, and the template is instantiated once on initial
interpretation time.
2441788
@mcantor mcantor Merge remote-tracking branch 'origin/master' into showexceptions-lazy…
…-erb-template
48e0da2
Commits on Aug 06, 2015
@ganmacs ganmacs fix indent in document
[ci skip]
ce55f94
@tenderlove tenderlove Merge pull request #923 from ganmacs/fix-indent-in-document
Fix indent in document
8f90729
@tenderlove tenderlove Merge pull request #921 from mcantor/updated_logo
Update full logo with symmetrical icon.
89bcea7
@tenderlove tenderlove Merge pull request #920 from mcantor/remove-crufty-known-issues-files
Remove unused KNOWN-ISSUES file.
d409e39
@tenderlove tenderlove Merge pull request #919 from arronmabrey/fix_rack_static_index_bug
Fixes an issue where `Rack::Static` can raise a TypeError
c69f7d3
@tenderlove tenderlove Merge pull request #913 from matthewd/filename-parsing
Review filename header parsing regexps
46d7875
@tenderlove tenderlove require file so that the constant is available fe0a4a1
@tenderlove tenderlove fix unused variable warning 2cb9430
Commits on Aug 20, 2015
@tenderlove tenderlove add methods for accessing request specific data
We want to set and get arbitrary data associated with a request object.
Internally, this will just be set in the env hash, but in the future we
may want to change where the data is stored (hopefully we'll stop
passing an env hash around everywhere)
ef5546c
Commits on Aug 21, 2015
@budhrg budhrg Fixed link and rack.session's indentation in SPEC 7218573
@tenderlove tenderlove add Request#initialize_copy
The env should be duped if the request is duped
be777e0
Commits on Aug 22, 2015
@deepj deepj Use a symbol proc instead of a block in some cases 178a927
@deepj deepj Remove RACK_MULTIPART_LIMIT introduced by a mistake d49341e
@deepj deepj Run tests against stable Ruby 2.2.3 and JRuby 9000 f1c728c
@tenderlove tenderlove save the session object on the stack
now we don't need to ask the env to return the session object
a341aa9
Commits on Aug 23, 2015
@tenderlove tenderlove Change Session internals to use Request objects
I want to use request objects for looking up session information. This
allows us to only allocate one request object when dealing with session
objects (rather than doing it every time we need to manipulate cookies,
etc).
c94e224
Commits on Aug 25, 2015
@tenderlove tenderlove cache path / range calculations on the stack for thread safety
We don't need to dup the file handler all the time if we just cache path
and range calculations on the stack, then allocate an iterator object
when we actually need to serve up a file
e0ac329
@tenderlove tenderlove remove useless to_path implementation ed0d8c5
@tenderlove tenderlove introducing Util.get_byte_ranges
Use this instead of `byte_ranges`.  We don't want to depend on the rack
`env` everywhere.
96b1176
@tenderlove tenderlove start using a request object inside the File middleware
This keeps us from knowing about the particular keys in the env hash for
the things this middleware cares about
f244d4a
@tenderlove tenderlove remove some useless methods dde5b68
@spastorino spastorino Merge pull request #927 from deepj/remove-deprecated-part
Remove RACK_MULTIPART_LIMIT introduced by a mistake
cb2fdee
Commits on Aug 27, 2015
@tenderlove tenderlove Merge pull request #928 from deepj/travis-ruby-223-jruby-9k
Run tests against stable Ruby 2.2.3 and JRuby 9000
4807050
@tenderlove tenderlove Merge pull request #926 from deepj/symbol-procs
Use a symbol proc instead of a block in some cases
7b5fc91
@tenderlove tenderlove Merge pull request #925 from budhrg/master
Fixed link and rack.session's indentation in SPEC
ebb7f0b
@tenderlove tenderlove Merge pull request #908 from fenec/add_421_status_code
Add 421 status code to utils
32acf9c
@tenderlove tenderlove Merge pull request #911 from evanphx/patch-1
Make static.rb standalone
82ca855
@tenderlove tenderlove Merge pull request #902 from takiy33/patch-1
Remove rubyforge_project option
05df837
@tenderlove tenderlove extract `delete_cookie_header!` to a non-mutation based implementation
this way we can manipulate cookies without depending on the cookies
being stored in a hash.
fd20c3f
@tenderlove tenderlove change the Helpers module to depend on a few methods
I don't want the helpers module to know that the underlying
implementation uses a hash for storing headers.  Instead, I've extracted
a few methods for manipulating the headers and whoever includes the
module can use whatever data structure they want.
5e0b0a3
@tenderlove tenderlove unmemoize media type.
we should try not to cache things unless we really need to.
2fe4a79
@tenderlove tenderlove set ENV[RACK_TEMPFILES] in one place 961306f
@tenderlove tenderlove Close temp files when raising an exception
If there were too many files created during multi part parsing, this
closes them
f7637ee
@tenderlove tenderlove don't store a counter and an array 896471f
@tenderlove tenderlove don't set `@content_length` to a magic value
Let just use a local boolean to determine whether or not the parser
should leave the loop
dd8afc9
Commits on Aug 28, 2015
@jackxu jackxu Fix comment typing miss 97bad02
@tenderlove tenderlove Merge pull request #931 from jackxu/master
Fix comment typing miss
53d9351
@tenderlove tenderlove Merge pull request #922 from mcantor/showexceptions-lazy-erb-template
Lazily instantiate ERB template object
8653e7a
@tenderlove tenderlove content length should be the bytesize, not string length
The bytesize and string length differ in this case, and bytesize is the
correct value.
4c057e7
@tenderlove tenderlove adding test coverage around mismatched content length e004888
@tenderlove tenderlove wrap bounded IO objects
If we have a content length, wrap the IO object with a new object that
knows about the content length and will act like an IO object with the
length specified
3b51048
@tenderlove tenderlove remove the env from the multipart parser
I want to abstract the multipart parser from `env` so that we can get
the data from some structure other than an env hash.
91cdd46
@tenderlove tenderlove pull the tempfile factory default up to a constant
we don't need to create a new lambda object every time we do parsing
cbe9093
@tenderlove tenderlove let the parser return a null object if the content length is 0 0f8ecc3
@tenderlove tenderlove pull up one loop 360d374
@tenderlove tenderlove use parse states in the mime part methods af7980d
@tenderlove tenderlove write the file body when getting the info f6d225e
@tenderlove tenderlove make the mime parser evented
add an event collector that gets all mime bodies as we parse them
7f3b3d4
@tenderlove tenderlove remove useless variable declarations ba71e13
@tenderlove tenderlove remove useless flow control bd60f08
@tenderlove tenderlove start breaking out state methods 8987a0c
Commits on Aug 29, 2015
@tenderlove tenderlove we have one state machine now 351027a
@tenderlove tenderlove move state parts in to their own methods a1585b1
@tenderlove tenderlove move parser loop away from io da3f2e0
@tenderlove tenderlove pull up eof handling ae16983
@tenderlove tenderlove remove IO from the mime parser's instance 3f6aee5
@deepj deepj Remove any reference to 418 status code
It was removed in Rack 1.6 from HTTP status codes. See
rack#754
9c9d168
@tenderlove tenderlove Merge pull request #933 from deepj/remove-418-reference
Remove any reference to 418 status code
9792bf5
@deepj deepj Rack::Response::Helpers#redirect? would accept 308 status code
308 status code is ‘Permanent Redirect’ (see
http://greenbytes.de/tech/webdav/draft-reschke-http-status-308-07.html)
and `Rack::Response::Helpers#redirect?` would accept it as a
redirection when 308 status is supported by Rack.
09b8271
Commits on Aug 30, 2015
@tenderlove tenderlove Merge pull request #934 from deepj/308-redirect
Rack::Response::Helpers#redirect? would accept 308 status code
6c4160b
@deepj deepj Remove unneeded `options` parameter in Rack::Handler.default 1d995be
@deepj deepj Remove `scrub_filename` in favor of the native string `scrub!` method 3b46636
Commits on Sep 03, 2015
@tenderlove tenderlove Merge pull request #900 from dmcinnes/disable-cookie-secret-warnings
Allow users to disable the secure cookie warning for custom coders
304c1a1
Commits on Sep 04, 2015
@tenderlove tenderlove keep `@path_info` on the stack
This is to start decoupling the directory middleware from instance
variables and make the middleware threadsafe without duping
714eea0
@tenderlove tenderlove remove `@env` instance variable
again, trying to remove coupling to the instance
5d4dcd3
@tenderlove tenderlove remove a few more instance variables 1bb4dee
@tenderlove tenderlove remove more instance variables from the Directory middelware
again, this is to decouple from the instance
439a8d2
@tenderlove tenderlove allocate a body object when we need one
This allocates an iterator body object when there is data that needs to
be returned
4328f42
@tenderlove tenderlove make directory middelware threadsafe without `dup`
The directory middleware should be thread safe without duping now, so it
will only allocate an iterable object when there is data to return.
268791a
@tenderlove tenderlove fixing support for directories that have + in the name
directories that have + in the name should be served up if the browser
puts a + in the path.  + is a valid path character, so it should not be
translated to a space (like you do in query parameters).

references #265 rails/rails#11816
978eb9b
@tenderlove tenderlove use `Rack::Utils.unescape_path` to unescape path_info
Unescaping paths is different from unescaping query parameters.  This
commit changes the unescape to use the URI parser to unescape the path,
which leaves `+` as `+`.

Fixes #265
References rails/rails#11816
568cf72
@tenderlove tenderlove require all of uri
Parser isn't defined if you don't require the top level uri
4080d56
@tenderlove tenderlove Move most methods on the `Rack::Request` to a module
Move most request methods to `Rack::Request::Helpers` and use public API
to get values from the request object.  This enables users to mix
`Rack::Request::Helpers` in to their own objects so they can implement
`(get|set|fetch|each)_header` as they see fit (for example a proxy
object).
7f1fcde
Commits on Sep 05, 2015
@tenderlove tenderlove pull env access in the request object to a module
this also tests that delegation to the request object is possible.  I
want to see exactly how many methods we need to delegate in order to
look like a real request object
b2d7396
@tenderlove tenderlove `Rack::Session::Abstract::ID` IS DEPRECATED.
Please switch to `Rack::Session::Abstract::Persisted`.
`Rack::Session::Abstract::Persisted` uses a request object rather than
the `env` hash.
4224c02
@BenMorganIO BenMorganIO fix spelling edf1588
@tenderlove tenderlove Merge pull request #940 from BenMorganIO/delimeted-to-delimited
fix spelling of delimited
6b4909b
@tenderlove tenderlove Merge pull request #936 from deepj/remove-scrub_filename
Remove `scrub_filename` in favor of the native string `scrub!` method
d8e5daf
@tenderlove tenderlove Merge pull request #935 from deepj/rack-handler-default
Remove unneeded `options` parameter in Rack::Handler.default
bdca78b
@tenderlove tenderlove fully qualify URI constant 23a9fdf
@tenderlove tenderlove move Session::Pool to new superclass
ID is deprecated, and we only want to deal with request objects, so move
to the new superclass.
c000c63
@tenderlove tenderlove testing with circleci b65be48
@tenderlove tenderlove I *think* the load path is wrong on the CI, so try requiring early 113f994
@tenderlove tenderlove fixing the CI
I really don't understand what is wrong.  URI::Parser should exist.
a46eae2
Commits on Sep 06, 2015
@keepcosmos keepcosmos remove fulltest guide on README f6ac962
@ggrossman ggrossman Fix bug in parsing of Content-Disposition header where an unquoted na…
…me at end-of-line sucked in the trailing newline.
319dd62
Commits on Sep 08, 2015
@tenderlove tenderlove Merge pull request #942 from keepcosmos/remove-fulltest-guide
[ci skip] remove fulltest guide on README
c28f271
@ggrossman ggrossman When parsing the name parameter of Content-Disposition, support quote…
…d chars in the quoted-string case.
e424251
Commits on Sep 13, 2015
@davidrunger davidrunger fix rdoc formatting (remove accidental links)
In several places the rdoc comments attempt to indicate hash access, for
example `env['rack.input']`, but rdoc interprets this as a link with
text "env" and href="%27rack.input%27/". Wrapping these snippets of hash
access code in `<tt>` tags escapes the link syntax and also renders the
code snippets in monospace.
85d346f
Commits on Sep 21, 2015
@liamseanbrady liamseanbrady Add space after comma in params to reflect style used everywhere else 461f9de
Eric Wong deflater: always finish zlib stream before closing
This helps avoid Zlib::DataError when a client disconnects on
the server while the server is writing the response.

This fixes the following backtraces on my server:

  data error (Zlib::DataError)
  rack/deflater.rb:124:in `close'
  rack/deflater.rb:124:in `ensure in each'
  rack/deflater.rb:124:in `each'
  rack/chunked.rb:23:in `each'
  ...
ac6af8e
Commits on Sep 23, 2015
@tenderlove tenderlove fix circular require, only start lighttpd once 63807f7
@tenderlove tenderlove oops! c7c8210
@tenderlove tenderlove kill lighttpd in the helper file 3c7911b
@tenderlove tenderlove rearrange thin requires so that we dont get locks in autoload 6ca36db
Commits on Sep 24, 2015
@tenderlove tenderlove Merge pull request #950 from liamseanbrady/fix_minor_params_style_issue
Fix missing space in list of paramaters
babea51
@tenderlove tenderlove Merge pull request #947 from davidrunger/doc-fix
fix rdoc formatting (remove accidental links)
a791217
@tenderlove tenderlove Merge pull request #943 from ggrossman/fix_name_token_at_eol
Fix bug in parsing of Content-Disposition header where an unquoted name at end-of-line sucked in the trailing newline
7cb2ed4
@tenderlove tenderlove let the caller return the rack array 3de0311
@tenderlove tenderlove use a response object when committing the session
Add an adapter object (Rack::Response::Raw) and use that internally in
the session middleware.  After that we will make commit_session public
so the session can be committed out of band of the middleware
817ad51
Commits on Sep 25, 2015
@tenderlove tenderlove make `commit_session` public fdb526b
@tenderlove tenderlove ask the request for session options
The request is in charge.
028438f
Commits on Oct 01, 2015
@jeremy jeremy Rack::Utils.add_cookie_to_header fails on headers it doesn't recognize 1f11ee0
@jeremy jeremy Merge pull request #956 from jeremy/add-cookie-to-header-raises-on-un…
…recognized-header-rather-than-silently-returning-nil

Rack::Utils.add_cookie_to_header fails on headers it doesn't recognize
f69d43f
Commits on Oct 04, 2015
@jeremy jeremy Fix test missed in minitest/bacon -> minitest/spec conversion c99a755 87d65bc
@jeremy jeremy Fix JRuby tests where we can't Kernel#fork. Re. c7c8210 3096a32
@jeremy jeremy CGI/FastCGI tests: Consolidate lighttpd detection and warnings a367e73
@jeremy jeremy Work around OpenStruct#respond_to? regression on Ruby 2.3 dev
As of ruby/ruby@5f0bb43:

>> require 'ostruct'
=> true
>> o=OpenStruct.new(to_ary: true)
=> #<OpenStruct to_ary=true>
>> o.to_ary
=> true
>> o.respond_to?(:to_ary)
=> false
0a405d6
@jeremy jeremy Shush Object#timeout deprecation. Switch to Timeout.timeout. 5e11439
@jeremy jeremy `Response#add_header` to add to a value to a multivalued header
* Introduce `Rack::Response::Helpers#add_header` to add a value to a
  multi-valued response header. Implemented in terms of other
  `Response#*_header` methods, so it's available to any response-like
  class that includes the `Helpers` module.
* Add `Rack::Request#add_header` to match.
* Rename `Response#have_header?` to `#has_header?` to match existing
  `Request#has_header?`
* Add test coverage for this and other `*_header` methods.
1e3d6d1
@jeremy jeremy Merge pull request #957 from jeremy/add-multivalued-header
`Response#add_header` to add to a value to a multivalued header
c617ea9
Commits on Oct 05, 2015
@tenderlove tenderlove add `clock_time` to utils so other people can use it d938cb5
Commits on Oct 06, 2015
@tenderlove tenderlove * Add `Rack::Response::Helpers#etag` and `etag=`. Use this for
setting etag values on the response.
e2a8388
@tenderlove tenderlove * Add `Rack::Response::Helpers#cache_control` and `cache_control=`.
Use this for setting cache control headers on your response objects.
e836fad
Commits on Oct 08, 2015
@tenderlove tenderlove add Rack::Request#authority
* Add `Rack::Request#authority` to calculate the authority under which
the response is being made (this will be handy for h2 pushes).
2f782ce
Commits on Oct 11, 2015
@frodsan frodsan Add support for custom hmac. 68ea528
@spastorino spastorino Merge pull request #958 from frodsan/custom-hmac
Add support for custom hmac.
6216a3f
Commits on Oct 17, 2015
@davidcelis davidcelis Fix typo in Security Policy
Signed-off-by: David Celis <me@davidcel.is>
616b72f
Commits on Oct 19, 2015
@spastorino spastorino Merge pull request #960 from davidcelis/fix-doc-typo
Fix typo in Security Policy
35599cf
Commits on Nov 04, 2015
@tenderlove tenderlove add Rack::Events middleware
* Add `Rack::Events` middleware for adding event based middleware:
middleware that does not care about the response body, but only cares
about doing work at particular points in the request / response
lifecycle.
c393176
Commits on Nov 22, 2015
@prathamesh-sonpatki prathamesh-sonpatki Run lighttpd tests if it's present on the system
 - Because of using !$?, the lighttpd tests were getting skipped no
   matter what.
3f54372
Commits on Dec 05, 2015
@jeremy jeremy First-Party cookies, another line of CSRF defense
Set `first_party: true` to set the First-Party attribute telling
browsers to only send the cookie with legit first-party requests.

* https://tools.ietf.org/html/draft-west-first-party-cookies-00
* https://www.chromestatus.com/feature/4672634709082112
159eb9b
Commits on Dec 07, 2015
@spastorino spastorino Merge pull request #980 from jeremy/first-party-only-cookies
First-Party cookies
96ae9b9
Commits on Dec 10, 2015
@michaelsauter michaelsauter Load session for read before accessing keys or values 4fd82e8
Commits on Dec 17, 2015
@tenderlove tenderlove adding spec for events e9d9d7d
@tenderlove tenderlove remove file that doesn't exist d786a15
@tenderlove tenderlove remove another non-existing file e8dbedb
@tenderlove tenderlove fix Rakefile to read the version from lib/rack.rb c09cec2
@tenderlove tenderlove prefix with "rack-" f456261
Commits on Dec 22, 2015
@ktheory ktheory Add support for HTTP 451 "Unavailable for Legal Reasons"
Adds support for the newly approved HTTP 451 response code,
“Unavailable for Legal Reasons”.

IETF draft specification:
https://tools.ietf.org/html/draft-tbray-http-legally-restricted-status-0
5

More info:
http://www.451unavailable.org
73e0827
@jeremy jeremy Merge pull request #985 from ktheory/http-451-unavailable-for-legal-r…
…easons

Add support for HTTP 451 "Unavailable for Legal Reasons"
2859a5b
@ktheory ktheory [travis] fix apt package installs
Travis CI builds (on Ubuntu 12.04 Precise) were failing at the
before_install step with the error:

    E: Unable to locate package lighttpd
    E: Unable to locate package libmemcache-dev

Updating the apt cache fixes it.
37e486b
Commits on Dec 23, 2015
@matthewd matthewd Merge pull request #988 from ktheory/fix-travis-install
[travis] fix apt package installs
fd9b8a7
@davydovanton davydovanton Freeze static strings in QueryParser#normalize_params 329b850
@matthewd matthewd Merge pull request #989 from davydovanton/reduse-allocation
Freeze static strings in QueryParser#normalize_params
2ac5995
@michaelsauter michaelsauter Add tests for session hash loading 5de59df
Commits on Dec 25, 2015
@deepj deepj Test against Ruby 2.3.0 and JRuby 9.0.4.0 fa9969e
Commits on Dec 27, 2015
@spastorino spastorino Merge pull request #994 from deepj/travis
Test against Ruby 2.3.0 and JRuby 9.0.4.0
7cb3772
Commits on Jan 01, 2016
@matthewd matthewd Merge pull request #981 from michaelsauter/fix/load-for-read
Load session for read before accessing keys or values
a7b3c3c
Commits on Jan 02, 2016
@gfvcastro gfvcastro Test against Ruby 2.2.4 on Travis. 3659be8
Commits on Jan 04, 2016
@spastorino spastorino Merge pull request #983 from gfvcastro/test-ruby-2-2-4
Test against Ruby 2.2.4 on Travis.
7ddf5bc
Commits on Jan 10, 2016
@zach-taylor zach-taylor Use unshift(...) instead of insert(0, ...) d83be70
@spastorino spastorino Merge pull request #996 from zach-taylor/insert-to-unshift
Use unshift(...) instead of insert(0, ...)
545532b
Commits on Jan 16, 2016
@eileencodes eileencodes Move empty hash to it's own method for session
This sets the session's default to a new method called `default_session`
which is set to an empty hash.

Now we can depend on the `default_session` method rather than depending
on the implementation of `Hash`.
45acf49
Commits on Jan 23, 2016
@raggi raggi Fix #905 by stripping quotes from around encodings ff0cac5
Commits on Jan 25, 2016
@kou kou Use Mutex instead of Thread.exclusive for reloader b1c67e8
@raggi raggi Merge pull request #1003 from rack/unity3d_multipart_bug
Strip quotes from around multipart encodings
f175063
@manveru manveru Merge pull request #1004 from kou/unuse-thread-exclusive
Use Mutex instead of Thread.exclusive for reloader
7ba4ad9
Commits on Jan 28, 2016
@jeremyevans jeremyevans Work with ruby 2.3's --enable-frozen-string-literal
These changes are the minimal ones necessary to allow Forme's specs
to pass. There may well be other changes that are required.
483f747
Commits on Jan 29, 2016
@deepj deepj Drop JRuby 1.7 support on Travis since Rack 2.0 requires Ruby 2.2.2+
JRuby 1.7 supports only Ruby 1.9 or 1.8.7
8e5556c
Commits on Jan 30, 2016
@WojtekKruszewski WojtekKruszewski Add failing test for missing empty mulitpart params 923c256
Commits on Jan 31, 2016
@spastorino spastorino Merge pull request #1006 from jeremyevans/fstring
Work with ruby 2.3's --enable-frozen-string-literal
c0e4d9b
@spastorino spastorino Merge pull request #1008 from deepj/drop-jruby-1.7
Drop JRuby 1.7 support on Travis since Rack 2.0 requires Ruby 2.2.2+
6d2a9b8
Commits on Feb 01, 2016
@WojtekKruszewski WojtekKruszewski Don't skip empty multipart params f2baf7b
@gfvcastro gfvcastro Update license. 977d19b
Commits on Feb 02, 2016
@spastorino spastorino Merge pull request #995 from gfvcastro/update-license
Update license.
146c754
Commits on Feb 23, 2016
@tenderlove tenderlove Merge pull request #1009 from WojtekKruszewski/missing_empty_params
Missing empty multipart params
ea2ed57
Commits on Mar 02, 2016
@geemus geemus use secure_compare in auth examples 014f828
@raggi raggi Puma should be the default webserver for rackup
 * Thin is based on fully unmaintained code (EM)
 * Puma is significantly faster, on a tuned 16 core VM the difference is 50kqps.
4208c28
Commits on Mar 03, 2016
@raggi raggi Merge pull request #1026 from geemus/secure-auth-examples
use secure_compare in auth examples
05bdc51
Commits on Mar 05, 2016
@eins78 eins78 add failing test for rack/rack#951 93d1de7
@conzett conzett Fix normalize_params parsing arrays of hashes
Account for child_key being a key representing a nested hash
Closes rack/rack#951
7f00781
@conzett conzett Add more failing specs for ararys b1bf5a3
Commits on Mar 08, 2016
@rthbound rthbound Fixes #1015
  - Handles the edge case
  - Adds a test for #1015
a8a908f
Commits on Mar 11, 2016
@matthewd matthewd Merge pull request #1029 from rthbound/fixes-951-fixes-1015
Fixes 951 fixes 1015
09084fd
Commits on Mar 13, 2016
@raggi raggi Merge pull request #1027 from rack/default-server
Puma should be the default webserver for rackup
95172a6
Commits on Mar 15, 2016
@mastahyeti mastahyeti first-party cookies are now same-site cookies
remove use of `:first_party` option

pass along provided value

make the syntax more flexible

s/strict/Strict/
9e6ebdd
Commits on Mar 17, 2016
@tenderlove tenderlove Merge pull request #1033 from mastahyeti/same-site-cookies
Update first-party-only cookie syntax
deec485
Commits on Apr 05, 2016
@gioele gioele Compare host and server name only once per call
The host name and the server name are not changed inside `#call(env)`,
so there is no need to compare them every time a mapping is tested.
1162736
Commits on Apr 07, 2016
@shhavel shhavel Use String interpolation or << instead plus which are faster 20214d7
@shhavel shhavel Micro refactor string scan in Rack::Auth::Digest::Params.split_header…
…_value
6f2dc4c
@jeremy jeremy Merge pull request #1046 from shhavel/feature/micro_refactor_string_s…
…can_in_rack_auth_digest_params_split_header_value

Micro refactor string scan in Rack::Auth::Digest::Params.split_header_value
2da7bd3
Commits on Apr 12, 2016
@spastorino spastorino Merge pull request #1045 from shhavel/feature/use_string_interpolatio…
…n_instead_plus

Use String interpolation or << instead plus which are faster
9f7703e
@spastorino spastorino Merge pull request #1042 from gioele/cmp-host-server-once
Compare host and server name only once per call
241db7a
Commits on Apr 18, 2016
@jeremy jeremy Travis: allow jruby-head failures due to travis-ci/travis-ci#5861 0c74848
@bobjflong bobjflong Validate the SameSite cookie option
The draft spec for the SameSite option mentions two configuration
options: Strict & Lax. This commit introduces validation of the
associated same_site attribute.

The main motivation for validating this value is ensuring that awry
option values don't cause unexpected behaviour. As this is a sensitive
security option, I think validation is warranted.

The main drawback of validating the option value is that Rack won't
immediately support new options.

Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
f0f828c
@jeremy jeremy CI: bump up to modern Travis setup
* Lean on the default bundle install step.
* Drop sudo. Switch to services+addons.
* Cache our bundle and apt packages.

Closes #1053
c9e313f
@jeremy jeremy Merge pull request #976 from prathamesh-sonpatki/fix-lighttpd-tests
 Run lighttpd tests if it's present on the system
f8729c2
Commits on Apr 24, 2016
Thomas Grindinger improve fragile webrick test 135fabd
@jeremy jeremy Merge pull request #1063 from tgrindinger/fix-webrick-tests
improve fragile webrick test

Awkward busy-wait loop, but sufficient to build on.
dc1cc1f
Commits on Apr 25, 2016
@jeremy jeremy CI: fix missing bundler on some JRuby versions by explicitly installi…
…ng it
4b8378b
Commits on Apr 28, 2016
Thomas Grindinger HEAD requests to Rack::File now omit the response body.
Fixes #945.

Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
a893d50
Commits on Apr 30, 2016
Thomas Grindinger Tests: check exitstatus outside the conditional as a workaround
`$?` may be `nil` here, some quirk on 2.4.0-dev. Split it up to fix.

Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
f3a1086