rails--rails/actionpack/lib/action_controller.rb

# frozen_string_literal: true

require "abstract_controller"
require "action_dispatch"
require "action_controller/metal/strong_parameters"

module ActionController
  extend ActiveSupport::Autoload

  autoload :API
  autoload :Base
  autoload :Metal
  autoload :Renderer
  autoload :FormBuilder

  eager_autoload do
    autoload :Caching
  end

  autoload_under "metal" do
    eager_autoload do
      autoload :Live
    end

    autoload :ConditionalGet
    autoload :ContentSecurityPolicy
    autoload :Cookies
    autoload :DataStreaming
    autoload :DefaultHeaders
    autoload :EtagWithTemplateDigest
    autoload :EtagWithFlash
    autoload :FeaturePolicy
    autoload :Flash
    autoload :Head
    autoload :Helpers
    autoload :HttpAuthentication
    autoload :BasicImplicitRender
    autoload :ImplicitRender
    autoload :Instrumentation
    autoload :Logging
    autoload :MimeResponds
    autoload :ParamsWrapper
    autoload :Redirecting
    autoload :Renderers
    autoload :Rendering
    autoload :RequestForgeryProtection
    autoload :Rescue
    autoload :Streaming
    autoload :StrongParameters
    autoload :ParameterEncoding
    autoload :Testing
    autoload :UrlFor
  end

  autoload_under "api" do
    autoload :ApiRendering
  end

  autoload :TestCase,           "action_controller/test_case"
  autoload :TemplateAssertions, "action_controller/test_case"
end

# Common Active Support usage in Action Controller
require "active_support/core_ext/module/attribute_accessors"
require "active_support/core_ext/load_error"
require "active_support/core_ext/module/attr_internal"
require "active_support/core_ext/name_error"
require "active_support/core_ext/uri"
require "active_support/inflector"
Use frozen string literal in actionpack/ 2017-07-24 16:20:53 -04:00			`# frozen_string_literal: true`

applies new string literal convention in actionpack/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:51:43 -04:00			`require "abstract_controller"`
			`require "action_dispatch"`
[Action Pack] require => require_relative This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f, d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3 2017-10-21 09:18:17 -04:00			`require "action_controller/metal/strong_parameters"`
Reorganize autoloads: * A new module (ActiveSupport::Autoload) is provide that extends autoloading with new behavior. * All autoloads in modules that have extended ActiveSupport::Autoload will be eagerly required in threadsafe environments * Autoloads can optionally leave off the path if the path is the same as full_constant_name.underscore * It is possible to specify that a group of autoloads live under an additional path. For instance, all of ActionDispatch's middlewares are ActionDispatch::MiddlewareName, but they live under "action_dispatch/middlewares/middleware_name" * It is possible to specify that a group of autoloads are all found at the same path. For instance, a number of exceptions might all be declared there. * One consequence of this is that testing-related constants are not autoloaded. To get the testing helpers for a given component, require "component_name/test_case". For instance, "action_controller/test_case". * test_help.rb, which is automatically required by a Rails application's test helper, requires the test_case.rb for all active components, so this change will not be disruptive in existing or new applications. 2009-12-02 23:01:01 -05:00
Use autoload instead of explicit requires for ActionController 2008-11-23 17:35:13 -05:00			`module ActionController`
Reorganize autoloads: * A new module (ActiveSupport::Autoload) is provide that extends autoloading with new behavior. * All autoloads in modules that have extended ActiveSupport::Autoload will be eagerly required in threadsafe environments * Autoloads can optionally leave off the path if the path is the same as full_constant_name.underscore * It is possible to specify that a group of autoloads live under an additional path. For instance, all of ActionDispatch's middlewares are ActionDispatch::MiddlewareName, but they live under "action_dispatch/middlewares/middleware_name" * It is possible to specify that a group of autoloads are all found at the same path. For instance, a number of exceptions might all be declared there. * One consequence of this is that testing-related constants are not autoloaded. To get the testing helpers for a given component, require "component_name/test_case". For instance, "action_controller/test_case". * test_help.rb, which is automatically required by a Rails application's test helper, requires the test_case.rb for all active components, so this change will not be disruptive in existing or new applications. 2009-12-02 23:01:01 -05:00			`extend ActiveSupport::Autoload`
Added preliminary version of render_component git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@697 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 2005-02-19 15:29:55 -05:00
Add ActionController API functionality 2015-04-15 14:30:27 -04:00			`autoload :API`
Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :Base`
			`autoload :Metal`
Add ActionController::Renderer Render arbitrary templates outside of controller actions 2015-01-17 19:06:10 -05:00			`autoload :Renderer`
Override default form builder for a controller 2015-04-06 22:20:57 -04:00			`autoload :FormBuilder`
Get tests to run (with failures) without old base around 2009-06-15 14:44:45 -04:00
Move Caching module to Abstract Controller Abstract Controller is the common component between Action Mailer and Action Controller so if we need to share the caching component it need to be there. 2016-02-23 17:55:49 -05:00			`eager_autoload do`
			`autoload :Caching`
			`end`

Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload_under "metal" do`
Allow ActionDispatch::Response to be autoloaded Similar to b744372f2dfd3d86f7eb4af99b1f9049e21f3d44, this defers loading `ActionDispatch::Response` until after initialization, which will allow applications to boot a bit faster in development but also paves the way for `return_only_media_type_on_content_type` to work correctly when set from `new_framework_defaults_6_0.rb`. Benchmark: $ cat test.rb require "bundler/setup" before = ObjectSpace.each_object(Module).count start = Process.clock_gettime(Process::CLOCK_MONOTONIC) require "action_controller" finish = Process.clock_gettime(Process::CLOCK_MONOTONIC) after = ObjectSpace.each_object(Module).count puts "took #{finish - start} and created #{after - before} modules" Before: $ ruby test.rb took 0.35654300000169314 and created 608 modules After: $ ruby test.rb took 0.2770050000108313 and created 466 modules Co-authored-by: Serena Fritsch <serena@intercom.io> 2019-09-17 18:38:01 -04:00			`eager_autoload do`
			`autoload :Live`
			`end`

Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :ConditionalGet`
Add DSL for configuring Content-Security-Policy header https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy 2017-11-15 16:07:28 -05:00			`autoload :ContentSecurityPolicy`
ActionController::Logger should include AbstractController::Logger and sort autoloads for easier readability. 2009-12-30 19:35:50 -05:00			`autoload :Cookies`
Rename it to DataStreaming. 2011-04-18 02:17:47 -04:00			`autoload :DataStreaming`
Include default headers by default in API mode ActionDispatch's default headers are now moved into their own module that are by default included in both Base and API. This allows API-mode applications to take advantage of the default security headers, as well as providing an easy way to add more. 2018-04-06 15:13:28 -04:00			`autoload :DefaultHeaders`
When your templates change, browser caches bust automatically. New default: the template digest is automatically included in your ETags. When you call `fresh_when @post`, the digest for `posts/show.html.erb` is mixed in so future changes to the HTML will blow HTTP caches for you. This makes it easy to HTTP-cache many more of your actions. If you render a different template, you can now pass the `:template` option to include its digest instead: fresh_when @post, template: 'widgets/show' Pass `template: false` to skip the lookup. To turn this off entirely, set: config.action_controller.etag_with_template_digest = false 2014-08-16 18:06:20 -04:00			`autoload :EtagWithTemplateDigest`
Include the content of the flash in the auto-generated etag (#26250) Include the content of the flash in the auto-generated etag 2016-08-22 16:34:35 -04:00			`autoload :EtagWithFlash`
Adds support for configuring HTTP Feature Policy (#33439) A HTTP feature policy is Yet Another HTTP header for instructing the browser about which features the application intends to make use of and to lock down access to others. This is a new security mechanism that ensures that should an application become compromised or a third party attempts an unexpected action, the browser will override it and maintain the intended UX. WICG specification: https://wicg.github.io/feature-policy/ The end result is a HTTP header that looks like the following: ``` Feature-Policy: geolocation 'none'; autoplay https://example.com ``` This will prevent the browser from using geolocation and only allow autoplay on `https://example.com`. Full feature list can be found over in the WICG repository[1]. As of today Chrome and Safari have public support[2] for this functionality with Firefox working on support[3] and Edge still pending acceptance of the suggestion[4]. #### Examples Using an initializer ```rb # config/initializers/feature_policy.rb Rails.application.config.feature_policy do \|f\| f.geolocation :none f.camera :none f.payment "https://secure.example.com" f.fullscreen :self end ``` In a controller ```rb class SampleController < ApplicationController def index feature_policy do \|f\| f.geolocation "https://example.com" end end end ``` Some of you might realise that the HTTP feature policy looks pretty close to that of a Content Security Policy; and you're right. So much so that I used the Content Security Policy DSL from #31162 as the starting point for this change. This change doesn't introduce support for defining a feature policy on an iframe and this has been intentionally done to split the HTTP header and the HTML element (`iframe`) support. If this is successful, I'll look to add that on it's own. Full documentation on HTTP feature policies can be found at https://wicg.github.io/feature-policy/. Google have also published[5] a great in-depth write up of this functionality. [1]: https://github.com/WICG/feature-policy/blob/master/features.md [2]: https://www.chromestatus.com/feature/5694225681219584 [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 [4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy [5]: https://developers.google.com/web/updates/2018/06/feature-policy 2019-07-10 18:33:16 -04:00			`autoload :FeaturePolicy`
ActionController::Logger should include AbstractController::Logger and sort autoloads for easier readability. 2009-12-30 19:35:50 -05:00			`autoload :Flash`
Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :Head`
			`autoload :Helpers`
ActionController::Logger should include AbstractController::Logger and sort autoloads for easier readability. 2009-12-30 19:35:50 -05:00			`autoload :HttpAuthentication`
Return 204 if render is not called in API controllers 2015-06-02 16:12:50 -04:00			`autoload :BasicImplicitRender`
Actually move ImplicitRender into it's own file 2010-03-03 03:42:51 -05:00			`autoload :ImplicitRender`
Add subscriber for ActionPack and move all logging inside it. 2010-01-12 18:41:04 -05:00			`autoload :Instrumentation`
Add ActionController::Base.log_at Allow setting a different log level per request. 2019-09-24 13:47:34 -04:00			`autoload :Logging`
Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :MimeResponds`
Add `ActionController::ParamsWrapper` to wrap parameters into a nested hash This will allow us to do a rootless JSON/XML request to server. 2011-04-28 04:56:11 -04:00			`autoload :ParamsWrapper`
Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :Redirecting`
			`autoload :Renderers`
Autoload AC and AV test case classes 2010-01-04 16:59:23 -05:00			`autoload :Rendering`
ActionController::Logger should include AbstractController::Logger and sort autoloads for easier readability. 2009-12-30 19:35:50 -05:00			`autoload :RequestForgeryProtection`
Flip deferrable autoload convention 2009-12-22 18:27:37 -05:00			`autoload :Rescue`
Body... wanna stream my body? Body... such a thrill my body! Added stream as class level method to make it explicit when to stream. Render also accepts :stream as option. 2011-04-18 02:52:29 -04:00			`autoload :Streaming`
Integrate ActionController::Parameters from StrongParameters gem 2012-07-12 01:50:42 -04:00			`autoload :StrongParameters`
Allow specifying encoding of parameters by action At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action. 2016-08-09 13:35:59 -04:00			`autoload :ParameterEncoding`
Autoload AC and AV test case classes 2010-01-04 16:59:23 -05:00			`autoload :Testing`
Continued effort to deglobalize the router 2010-02-25 18:05:10 -05:00			`autoload :UrlFor`
Nearly all AC modules can be deferred 2009-12-12 20:41:58 -05:00			`end`
Use autoload instead of explicit requires for ActionController 2008-11-23 17:35:13 -05:00
Re-add ActionController::ApiRendering - Fixes bug #23142. - Bug was occurring only with ActionController::API, because `_process_options` wasn't being run for API requests, even though it was being run for normal app requests. 2016-01-20 19:16:23 -05:00			`autoload_under "api" do`
			`autoload :ApiRendering`
			`end`

applies new string literal convention in actionpack/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:51:43 -04:00			`autoload :TestCase, "action_controller/test_case"`
			`autoload :TemplateAssertions, "action_controller/test_case"`
Reorganize autoloads: * A new module (ActiveSupport::Autoload) is provide that extends autoloading with new behavior. * All autoloads in modules that have extended ActiveSupport::Autoload will be eagerly required in threadsafe environments * Autoloads can optionally leave off the path if the path is the same as full_constant_name.underscore * It is possible to specify that a group of autoloads live under an additional path. For instance, all of ActionDispatch's middlewares are ActionDispatch::MiddlewareName, but they live under "action_dispatch/middlewares/middleware_name" * It is possible to specify that a group of autoloads are all found at the same path. For instance, a number of exceptions might all be declared there. * One consequence of this is that testing-related constants are not autoloaded. To get the testing helpers for a given component, require "component_name/test_case". For instance, "action_controller/test_case". * test_help.rb, which is automatically required by a Rails application's test helper, requires the test_case.rb for all active components, so this change will not be disruptive in existing or new applications. 2009-12-02 23:01:01 -05:00			`end`
Ensure ActionView will be available to ActionMailer if ActionController is not loaded 2008-11-25 11:38:20 -05:00
edit pass: the names of Rails components have a space, ie, "Active Record", not "ActiveRecord" 2010-06-14 17:21:53 -04:00			`# Common Active Support usage in Action Controller`
applies new string literal convention in actionpack/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:51:43 -04:00			`require "active_support/core_ext/module/attribute_accessors"`
			`require "active_support/core_ext/load_error"`
			`require "active_support/core_ext/module/attr_internal"`
			`require "active_support/core_ext/name_error"`
			`require "active_support/core_ext/uri"`
			`require "active_support/inflector"`