rails--rails/actionpack/lib/action_dispatch/http/headers.rb

# frozen_string_literal: true

module ActionDispatch
  module Http
    # Provides access to the request's HTTP headers from the environment.
    #
    #   env     = { "CONTENT_TYPE" => "text/plain", "HTTP_USER_AGENT" => "curl/7.43.0" }
    #   headers = ActionDispatch::Http::Headers.from_hash(env)
    #   headers["Content-Type"] # => "text/plain"
    #   headers["User-Agent"] # => "curl/7.43.0"
    #
    # Also note that when headers are mapped to CGI-like variables by the Rack
    # server, both dashes and underscores are converted to underscores. This
    # ambiguity cannot be resolved at this stage anymore. Both underscores and
    # dashes have to be interpreted as if they were originally sent as dashes.
    #
    #   # GET / HTTP/1.1
    #   # ...
    #   # User-Agent: curl/7.43.0
    #   # X_Custom_Header: token
    #
    #   headers["X_Custom_Header"] # => nil
    #   headers["X-Custom-Header"] # => "token"
    class Headers
      CGI_VARIABLES = Set.new(%W[
        AUTH_TYPE
        CONTENT_LENGTH
        CONTENT_TYPE
        GATEWAY_INTERFACE
        HTTPS
        PATH_INFO
        PATH_TRANSLATED
        QUERY_STRING
        REMOTE_ADDR
        REMOTE_HOST
        REMOTE_IDENT
        REMOTE_USER
        REQUEST_METHOD
        SCRIPT_NAME
        SERVER_NAME
        SERVER_PORT
        SERVER_PROTOCOL
        SERVER_SOFTWARE
      ]).freeze

      HTTP_HEADER = /\A[A-Za-z0-9-]+\z/

      include Enumerable

      def self.from_hash(hash)
        new ActionDispatch::Request.new hash
      end

      def initialize(request) # :nodoc:
        @req = request
      end

      # Returns the value for the given key mapped to @env.
      def [](key)
        @req.get_header env_name(key)
      end

      # Sets the given value for the key mapped to @env.
      def []=(key, value)
        @req.set_header env_name(key), value
      end

      # Add a value to a multivalued header like Vary or Accept-Encoding.
      def add(key, value)
        @req.add_header env_name(key), value
      end

      def key?(key)
        @req.has_header? env_name(key)
      end
      alias :include? :key?

      DEFAULT = Object.new # :nodoc:

      # Returns the value for the given key mapped to @env.
      #
      # If the key is not found and an optional code block is not provided,
      # raises a <tt>KeyError</tt> exception.
      #
      # If the code block is provided, then it will be run and
      # its result returned.
      def fetch(key, default = DEFAULT)
        @req.fetch_header(env_name(key)) do
          return default unless default == DEFAULT
          return yield if block_given?
          raise KeyError, key
        end
      end

      def each(&block)
        @req.each_header(&block)
      end

      # Returns a new Http::Headers instance containing the contents of
      # <tt>headers_or_env</tt> and the original instance.
      def merge(headers_or_env)
        headers = @req.dup.headers
        headers.merge!(headers_or_env)
        headers
      end

      # Adds the contents of <tt>headers_or_env</tt> to original instance
      # entries; duplicate keys are overwritten with the values from
      # <tt>headers_or_env</tt>.
      def merge!(headers_or_env)
        headers_or_env.each do |key, value|
          @req.set_header env_name(key), value
        end
      end

      def env; @req.env.dup; end

      private

        # Converts an HTTP header name to an environment variable name if it is
        # not contained within the headers hash.
        def env_name(key)
          key = key.to_s
          if key =~ HTTP_HEADER
            key = key.upcase.tr("-", "_")
            key = "HTTP_" + key unless CGI_VARIABLES.include?(key)
          end
          key
        end
    end
  end
end
Use frozen string literal in actionpack/ 2017-07-24 16:20:53 -04:00			`# frozen_string_literal: true`

Move HTTP libs and middleware into ActionDispatch component 2009-01-27 19:54:01 -05:00			`module ActionDispatch`
Provide a nicer way to access headers. request.headers["Content-Type"] instead of request.headers["HTTP_CONTENT_TYPE"] [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8625 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 2008-01-11 01:39:56 -05:00			`module Http`
copy edits [ci skip] 2014-05-08 14:24:38 -04:00			`# Provides access to the request's HTTP headers from the environment.`
[ci skip] document ActionDispatch::HTTP::Headers 2014-05-07 12:50:12 -04:00			`#`
Add additional documentation on Headers#[] [ci skip] Issue #16519 covers confusion potentially caused by how HTTP headers, that contain underscores in their names, are retrieved through `ActionDispatch::Http::Headers#[]`. This confusion has its origin in how a CGI maps HTTP header names to variable names. Even though underscores in header names are rarely encountered, they are valid according to RFC822 [1]. Nonetheless CGI like variable names, as requested by the Rack specfication, will only contain underscores and therefore the original header name cannot be recovered after the Rack server passed on the environemnt hash. Please, see also the disscussion on StackOverflow [2], which also links to an explaination in the nginx documentation [3]. [1] http://www.ietf.org/rfc/rfc822.txt [2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names [3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers 2016-01-29 15:01:33 -05:00			`# env = { "CONTENT_TYPE" => "text/plain", "HTTP_USER_AGENT" => "curl/7.43.0" }`
Given a hash (Rails 5) .from_hash must be used When initializing an `ActionDispatch::Http::Headers` object it takes a request object (Rails 5) whereas before it took a hash (Rails 4.x) but the documented example still shows a hash given to the constructor (due to commit 34fa6658dd1b779b21e586f01ee64c6f59ca1537) so this is just a documentation change to use the new `from_hash` method introduced in that earlier commit. 2016-08-12 17:03:34 -04:00			`# headers = ActionDispatch::Http::Headers.from_hash(env)`
[ci skip] document ActionDispatch::HTTP::Headers 2014-05-07 12:50:12 -04:00			`# headers["Content-Type"] # => "text/plain"`
Fix typo in headers comment 2016-03-29 07:21:21 -04:00			`# headers["User-Agent"] # => "curl/7.43.0"`
Add additional documentation on Headers#[] [ci skip] Issue #16519 covers confusion potentially caused by how HTTP headers, that contain underscores in their names, are retrieved through `ActionDispatch::Http::Headers#[]`. This confusion has its origin in how a CGI maps HTTP header names to variable names. Even though underscores in header names are rarely encountered, they are valid according to RFC822 [1]. Nonetheless CGI like variable names, as requested by the Rack specfication, will only contain underscores and therefore the original header name cannot be recovered after the Rack server passed on the environemnt hash. Please, see also the disscussion on StackOverflow [2], which also links to an explaination in the nginx documentation [3]. [1] http://www.ietf.org/rfc/rfc822.txt [2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names [3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers 2016-01-29 15:01:33 -05:00			`#`
			`# Also note that when headers are mapped to CGI-like variables by the Rack`
			`# server, both dashes and underscores are converted to underscores. This`
			`# ambiguity cannot be resolved at this stage anymore. Both underscores and`
			`# dashes have to be interpreted as if they were originally sent as dashes.`
			`#`
			`# # GET / HTTP/1.1`
			`# # ...`
			`# # User-Agent: curl/7.43.0`
			`# # X_Custom_Header: token`
			`#`
			`# headers["X_Custom_Header"] # => nil`
			`# headers["X-Custom-Header"] # => "token"`
prefer composition over inheritence 2012-10-18 18:20:30 -04:00			`class Headers`
Use a frozen Set instance for CGI_VARIABLES. Also expand the CGI_VARIABLE name listing to multiple lines for cleaner diffs and legibility. 2014-06-05 22:05:02 -04:00			`CGI_VARIABLES = Set.new(%W[`
			`AUTH_TYPE`
			`CONTENT_LENGTH`
			`CONTENT_TYPE`
			`GATEWAY_INTERFACE`
			`HTTPS`
			`PATH_INFO`
			`PATH_TRANSLATED`
			`QUERY_STRING`
			`REMOTE_ADDR`
			`REMOTE_HOST`
			`REMOTE_IDENT`
			`REMOTE_USER`
			`REQUEST_METHOD`
			`SCRIPT_NAME`
			`SERVER_NAME`
			`SERVER_PORT`
			`SERVER_PROTOCOL`
			`SERVER_SOFTWARE`
			`]).freeze`

`Http::Headers` respects dotted env vars, symbols, headers with numbers. 2013-03-13 11:25:28 -04:00			`HTTP_HEADER = /\A[A-Za-z0-9-]+\z/`
Http::Headers respects headers that are not prefixed with HTTP_ 2013-03-13 06:14:49 -04:00
prefer composition over inheritence 2012-10-18 18:20:30 -04:00			`include Enumerable`

pass a request object to the headers object 2015-08-20 18:57:15 -04:00			`def self.from_hash(hash)`
			`new ActionDispatch::Request.new hash`
			`end`

			`def initialize(request) # :nodoc:`
			`@req = request`
Silence some trivial warnings: shadowed local vars, indentation mismatches 2009-12-28 19:28:26 -05:00			`end`
Simplifying usage of ETags and Last-Modified and conditional GET requests 2008-08-08 02:43:12 -04:00
[ci skip] doc Http::Headers methods 2014-05-09 12:29:29 -04:00			`# Returns the value for the given key mapped to @env.`
refactor, `Http::Headers` stores headers in env notation Also: cleanup, use consistent syntax for `Http::Header` and test. 2013-03-13 06:30:45 -04:00			`def [](key)`
use accessors on the request object for manipulating env this reduces the API footprint for the env hash so that we can be more flexible when changing API in the future 2015-08-21 19:48:46 -04:00			`@req.get_header env_name(key)`
Enable ActionDispatch::Http::Headers to support fetch 2012-05-02 14:14:40 -04:00			`end`

copy edits [ci skip] 2014-05-10 09:44:43 -04:00			`# Sets the given value for the key mapped to @env.`
refactor, `Http::Headers` stores headers in env notation Also: cleanup, use consistent syntax for `Http::Header` and test. 2013-03-13 06:30:45 -04:00			`def []=(key, value)`
use accessors on the request object for manipulating env this reduces the API footprint for the env hash so that we can be more flexible when changing API in the future 2015-08-21 19:48:46 -04:00			`@req.set_header env_name(key), value`
refactor, `Http::Headers` stores headers in env notation Also: cleanup, use consistent syntax for `Http::Header` and test. 2013-03-13 06:30:45 -04:00			`end`

Introduce `Headers#add`. Move `Response#add_header` upstream. * Introduce `ActionDispatch::Http::Headers#add` to add a value to a multivalued header. * Move `Response#add_header` upstream: https://github.com/rack/rack/pull/957 * Match upstream `Response#have_header?` -> `#has_header?` name change. 2015-10-03 22:14:37 -04:00			`# Add a value to a multivalued header like Vary or Accept-Encoding.`
			`def add(key, value)`
			`@req.add_header env_name(key), value`
			`end`

HTTP::Headers#key? correctly converts Previously if you were looking for a given key, the header may incorrectly tell you that it did not exist even though it would return a valid value: ```ruby env = { "CONTENT_TYPE" => "text/plain" } headers = ActionDispatch::Http::Headers.new(env) headers["Content-Type"] # => "text/plain" headers.key?("Content-Type") # => false ``` This PR fixes that behavior by converting the key before checking for presence 2014-05-07 13:01:34 -04:00			`def key?(key)`
use accessors on the request object for manipulating env this reduces the API footprint for the env hash so that we can be more flexible when changing API in the future 2015-08-21 19:48:46 -04:00			`@req.has_header? env_name(key)`
HTTP::Headers#key? correctly converts Previously if you were looking for a given key, the header may incorrectly tell you that it did not exist even though it would return a valid value: ```ruby env = { "CONTENT_TYPE" => "text/plain" } headers = ActionDispatch::Http::Headers.new(env) headers["Content-Type"] # => "text/plain" headers.key?("Content-Type") # => false ``` This PR fixes that behavior by converting the key before checking for presence 2014-05-07 13:01:34 -04:00			`end`
prefer composition over inheritence 2012-10-18 18:20:30 -04:00			`alias :include? :key?`

use methods on the request object to implement `fetch` Now the Headers internals don't depend on the env hash. 2015-08-21 19:57:07 -04:00			`DEFAULT = Object.new # :nodoc:`

[ci skip] doc Http::Headers methods 2014-05-09 12:29:29 -04:00			`# Returns the value for the given key mapped to @env.`
copy edits [ci skip] 2014-05-10 09:44:43 -04:00			`#`
			`# If the key is not found and an optional code block is not provided,`
			`# raises a <tt>KeyError</tt> exception.`
			`#`
			`# If the code block is provided, then it will be run and`
			`# its result returned.`
use methods on the request object to implement `fetch` Now the Headers internals don't depend on the env hash. 2015-08-21 19:57:07 -04:00			`def fetch(key, default = DEFAULT)`
stop inheriting from Rack::Request Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller 2015-09-04 20:36:15 -04:00			`@req.fetch_header(env_name(key)) do`
use methods on the request object to implement `fetch` Now the Headers internals don't depend on the env hash. 2015-08-21 19:57:07 -04:00			`return default unless default == DEFAULT`
			`return yield if block_given?`
Missing key should throw KeyError It should not throw a NameError, but should throw a KeyError. Fixes #26278 2016-08-26 13:12:33 -04:00			`raise KeyError, key`
use methods on the request object to implement `fetch` Now the Headers internals don't depend on the env hash. 2015-08-21 19:57:07 -04:00			`end`
prefer composition over inheritence 2012-10-18 18:20:30 -04:00			`end`

			`def each(&block)`
dup the request and mutate its headers object. duping the request will dup it's underlying env hash. 2015-08-21 19:40:53 -04:00			`@req.each_header(&block)`
Provide a nicer way to access headers. request.headers["Content-Type"] instead of request.headers["HTTP_CONTENT_TYPE"] [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8625 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 2008-01-11 01:39:56 -05:00			`end`
Simplifying usage of ETags and Last-Modified and conditional GET requests 2008-08-08 02:43:12 -04:00
[ci skip] doc Http::Headers methods 2014-05-09 12:29:29 -04:00			`# Returns a new Http::Headers instance containing the contents of`
			`# <tt>headers_or_env</tt> and the original instance.`
allow headers and env to be passed in `IntegrationTest`. Closes #6513. 2013-03-13 07:25:32 -04:00			`def merge(headers_or_env)`
dup the request and mutate its headers object. duping the request will dup it's underlying env hash. 2015-08-21 19:40:53 -04:00			`headers = @req.dup.headers`
allow headers and env to be passed in `IntegrationTest`. Closes #6513. 2013-03-13 07:25:32 -04:00			`headers.merge!(headers_or_env)`
			`headers`
			`end`

[ci skip] doc Http::Headers methods 2014-05-09 12:29:29 -04:00			`# Adds the contents of <tt>headers_or_env</tt> to original instance`
copy edits [ci skip] 2014-05-10 09:44:43 -04:00			`# entries; duplicate keys are overwritten with the values from`
[ci skip] doc Http::Headers methods 2014-05-09 12:29:29 -04:00			`# <tt>headers_or_env</tt>.`
allow headers and env to be passed in `IntegrationTest`. Closes #6513. 2013-03-13 07:25:32 -04:00			`def merge!(headers_or_env)`
			`headers_or_env.each do \|key, value\|`
use `set_header` rather than []= This allows us to avoid calling `env_name` twice. 2015-08-21 19:43:01 -04:00			`@req.set_header env_name(key), value`
allow headers and env to be passed in `IntegrationTest`. Closes #6513. 2013-03-13 07:25:32 -04:00			`end`
			`end`

dup the env hash on Header#env This prevents external mutations from impacting the internals of the request or the Header object. 2015-08-21 19:49:44 -04:00			`def env; @req.env.dup; end`
pass a request object to the headers object 2015-08-20 18:57:15 -04:00
Provide a nicer way to access headers. request.headers["Content-Type"] instead of request.headers["HTTP_CONTENT_TYPE"] [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8625 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 2008-01-11 01:39:56 -05:00			`private`
pass a request object to the headers object 2015-08-20 18:57:15 -04:00
Fix broken comments indentation caused by rubocop auto-correct [ci skip] All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772. But comments was still kept absolute position. This commit aligns comments with method definitions for consistency. 2016-09-14 04:57:52 -04:00			`# Converts an HTTP header name to an environment variable name if it is`
			`# not contained within the headers hash.`
normalizes indentation and whitespace across the project 2016-08-06 13:55:02 -04:00			`def env_name(key)`
			`key = key.to_s`
			`if key =~ HTTP_HEADER`
			`key = key.upcase.tr("-", "_")`
			`key = "HTTP_" + key unless CGI_VARIABLES.include?(key)`
			`end`
			`key`
refactor, `Http::Headers` stores headers in env notation Also: cleanup, use consistent syntax for `Http::Header` and test. 2013-03-13 06:30:45 -04:00			`end`
Provide a nicer way to access headers. request.headers["Content-Type"] instead of request.headers["HTTP_CONTENT_TYPE"] [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8625 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 2008-01-11 01:39:56 -05:00			`end`
			`end`
Simplifying usage of ETags and Last-Modified and conditional GET requests 2008-08-08 02:43:12 -04:00			`end`