Fix malformed asset_url in ActionController::Renderer

[tzabaman]

Summary

#28151
Fix malformed asset_url when rendering a template with ActionController::Renderer

[Erol]

Can you also test the scenario where a renderer is initialized with url_scheme: "https"?

[tzabaman]

@Erol Done!

[pixeltrix]

What's the need to switch to url_scheme as the API? Has something changed elsewhere? I assume that https: true used to work? Did something change in Rack?

[tzabaman]

@pixeltrix Take a look at issue #28151 . The problem is described inside the conversation. I don't know if something has changed in Rack but the asset_url was not working properly. asset_url was correct only if https was set to true. We had a malformed url if https was set to false. So scheme_url with params 'http' or 'https' seemed to be solving the problem. At the end of the day https param was was no longer necessary!

[pixeltrix]

@tzabaman that's a good first step - you've found out the how, but we need to know when and why too.

So the first step is to write a standalone test case that we can use to test against multiple versions:

begin
  require "bundler/inline"
rescue LoadError => e
  $stderr.puts "Bundler version 1.10 or later is required. Please update your Bundler"
  raise e
end

gemfile(true) do
  source "https://rubygems.org"
  gem "rails", "5.0.2"
end

require "rack/test"
require "action_controller/railtie"

class TestApp < Rails::Application
  config.root = File.dirname(__FILE__)
  config.session_store :cookie_store, key: "cookie_store_key"
  secrets.secret_token    = "secret_token"
  secrets.secret_key_base = "secret_key_base"

  config.logger = Logger.new($stdout)
  Rails.logger  = config.logger

  routes.draw do
  end
end

class ApplicationController < ActionController::Base; end

require "minitest/autorun"

class BugTest < Minitest::Test
  def test_default_renderer_with_asset_url
    template = "<%= asset_url('avatar.jpg') %>"
    renderer = ApplicationController.renderer
    rendered = renderer.render inline: template

    assert_equal "http://example.org/avatar.jpg", rendered
  end
end

So starting with Rails 5.0.2 what do we get?

  1) Failure:
BugTest#test_default_renderer_with_asset_url [rails-28151.rb:41]:
--- expected
+++ actual
@@ -1 +1 @@
-"http://example.org/avatar.jpg"
+"http://://example.org:80/avatar.jpg"

Okay, so what about Rails 5.0.0? Change the gemspec to the following:

gemfile(true) do
  source "https://rubygems.org"
  gem "rails", "5.0.0"
end

Re-run the test and what do we get?

  1) Failure:
BugTest#test_default_renderer_with_asset_url [rails-28151.rb:41]:
--- expected
+++ actual
@@ -1 +1 @@
-"http://example.org/avatar.jpg"
+"http://://example.org:80/avatar.jpg"

Nope, still broken. Looking at the history for actionpack/lib/action_controller/renderer.rb we can see a significant refactoring took place in 2db7304 - what if we go back earlier than that and test it worked when first committed. To do this we need to use the following gemspec:

gemfile(true) do
  source "https://rubygems.org"
  gem "rails", github: "rails/rails", ref: "801e399" # commit where feature was introduced
  gem "arel", github: "rails/arel", ref: "56040f2" # arel master HEAD at the time
end

So surely this will work, right?

  1) Failure:
BugTest#test_default_renderer_with_asset_url [rails-28151.rb:41]:
--- expected
+++ actual
@@ -1 +1 @@
-"http://example.org/avatar.jpg"
+"http://://example.org:80/avatar.jpg"

Nope, seems like this bug has aways been around. 😞

Okay, we now know when - it's always been broken. The why that obviously follows on is that no-one wrote a test for it.

So what about fixing it? Well, since https: true works then it seems a bit unfortunate that to fix the case where people haven't set anything we need to get the people who did to change their code. If we search elsewhere in the Rails code base we find this line in action_dispatch/testing/integration.rb

"rack.url_scheme" => https? ? "https" : "http"

Can we use a similar technique to fix this problem? Turns out if we change the normalize_keys method to this:

def normalize_keys(env)
  new_env = {}
  env.each_pair { |k,v| new_env[rack_key_for(k)] = rack_value_for(k, v) }
  new_env['rack.url_scheme'] = new_env['HTTPS'] == 'on' ? 'https' : 'http'
  new_env
end

and re-run our test then we get:

.

Finished in 0.130983s, 7.6346 runs/s, 7.6346 assertions/s.

1 runs, 1 assertions, 0 failures, 0 errors, 0 skips

🎉 - the bug is fixed without anyone having to change their code.

So @tzabaman can you update your PR with this fix and remove the deprecation? Thanks 👍

[pixeltrix]

@tzabaman I think something went wrong with your rebase - it's showing 86 commits.

[tzabaman]

@pixeltrix Maybe that happened because I rebased my branch with rails master... Do you propose to open a new PR and drop this one?

[pixeltrix]

@tzabaman try squashing all your commits into a single commit and then rebase that one against master

[tzabaman]

@pixeltrix Thank you very much for your precious help! The methodology with which you approached and finally solved the issue will be very useful for future similar situations! 👍

[pixeltrix]

@tzabaman thanks! 👍

[pixeltrix]

Backported to 5-0-stable in f69edbe

[pixeltrix]

@tzabaman for future reference we normally add a CHANGELOG entry, thanks again.

[tzabaman]

@pixeltrix Thank you, I will have it in mind next time!