2017-07-24 16:20:53 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2010-01-17 06:41:55 -05:00
|
|
|
require "action_dispatch"
|
2017-09-23 17:18:01 -04:00
|
|
|
require "active_support/messages/rotation_configuration"
|
2010-01-17 06:41:55 -05:00
|
|
|
|
|
|
|
module ActionDispatch
|
2012-12-01 13:10:08 -05:00
|
|
|
class Railtie < Rails::Railtie # :nodoc:
|
2010-03-26 13:47:55 -04:00
|
|
|
config.action_dispatch = ActiveSupport::OrderedOptions.new
|
2011-08-07 11:34:49 -04:00
|
|
|
config.action_dispatch.x_sendfile_header = nil
|
2010-03-03 19:22:30 -05:00
|
|
|
config.action_dispatch.ip_spoofing_check = true
|
2010-04-02 14:00:29 -04:00
|
|
|
config.action_dispatch.show_exceptions = true
|
2010-07-27 10:39:28 -04:00
|
|
|
config.action_dispatch.tld_length = 1
|
2011-05-02 17:38:39 -04:00
|
|
|
config.action_dispatch.ignore_accept_header = false
|
2016-08-16 03:30:11 -04:00
|
|
|
config.action_dispatch.rescue_templates = {}
|
|
|
|
config.action_dispatch.rescue_responses = {}
|
2012-01-17 05:56:50 -05:00
|
|
|
config.action_dispatch.default_charset = nil
|
2012-10-03 17:43:39 -04:00
|
|
|
config.action_dispatch.rack_cache = false
|
2016-08-06 12:51:43 -04:00
|
|
|
config.action_dispatch.http_auth_salt = "http authentication"
|
|
|
|
config.action_dispatch.signed_cookie_salt = "signed cookie"
|
|
|
|
config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
|
|
|
|
config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
|
2017-09-23 17:18:01 -04:00
|
|
|
config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
|
2017-02-23 13:54:17 -05:00
|
|
|
config.action_dispatch.use_authenticated_cookie_encryption = false
|
2018-05-19 04:01:57 -04:00
|
|
|
config.action_dispatch.use_cookies_with_metadata = false
|
2013-12-05 06:08:34 -05:00
|
|
|
config.action_dispatch.perform_deep_munge = true
|
2019-06-14 23:54:26 -04:00
|
|
|
config.action_dispatch.return_only_media_type_on_content_type = true
|
2011-12-01 13:16:19 -05:00
|
|
|
|
2012-08-10 22:11:56 -04:00
|
|
|
config.action_dispatch.default_headers = {
|
2016-08-06 12:51:43 -04:00
|
|
|
"X-Frame-Options" => "SAMEORIGIN",
|
|
|
|
"X-XSS-Protection" => "1; mode=block",
|
2017-12-09 15:41:55 -05:00
|
|
|
"X-Content-Type-Options" => "nosniff",
|
|
|
|
"X-Download-Options" => "noopen",
|
2018-01-08 22:14:22 -05:00
|
|
|
"X-Permitted-Cross-Domain-Policies" => "none",
|
|
|
|
"Referrer-Policy" => "strict-origin-when-cross-origin"
|
2012-08-10 22:11:56 -04:00
|
|
|
}
|
|
|
|
|
2017-09-23 17:18:01 -04:00
|
|
|
config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
|
|
|
|
|
2012-08-01 14:54:22 -04:00
|
|
|
config.eager_load_namespaces << ActionDispatch
|
|
|
|
|
2010-07-27 10:39:28 -04:00
|
|
|
initializer "action_dispatch.configure" do |app|
|
|
|
|
ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
|
2011-05-02 17:38:39 -04:00
|
|
|
ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
|
2013-12-05 06:08:34 -05:00
|
|
|
ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
|
Delay ActionDispatch::Response configuration to load-time
It fixes the problem in propagating return_only_media_type_on_content_type
and fixes the corresponding test being ineffective.
The mentioned test addes the following line:
...config.action_dispatch.return_only_media_type_on_content_type = true
to the config and checks if it takes effect. However, in this scenario,
the value is already true before this line.
Moreover, the users are supposed to flip this from true to false in real
situations.
This commit flips the config in the test, making it to fail as
expected. The next commit will fix the failure.
In order for return_only_media_type_on_content_type to appropriately
take effect on ActionDispatch::Response, we want to know when
ActionDispatch::Response is loaded.
As load hooks for ActionDispatch would be too broad, the appropriate
registry is for ActionDispatch::Response itself.
Looking into other examples, a hook name is a full class name in
snake case with `_base` suffix omitted, if any. Therefore, in this case,
:action_dispatch_response seems appropriate.
2019-09-30 01:40:49 -04:00
|
|
|
ActiveSupport.on_load(:action_dispatch_response) do
|
|
|
|
self.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
|
|
|
|
self.default_headers = app.config.action_dispatch.default_headers
|
|
|
|
self.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_media_type_on_content_type
|
|
|
|
end
|
2011-11-23 15:36:56 -05:00
|
|
|
|
2011-12-01 14:02:00 -05:00
|
|
|
ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses)
|
|
|
|
ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates)
|
2011-12-01 13:16:19 -05:00
|
|
|
|
2011-11-23 15:36:56 -05:00
|
|
|
config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
|
|
|
|
ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
|
2011-12-23 11:56:49 -05:00
|
|
|
|
|
|
|
ActionDispatch.test_app = app
|
2010-07-27 10:39:28 -04:00
|
|
|
end
|
2010-01-17 06:41:55 -05:00
|
|
|
end
|
2010-07-27 22:24:56 -04:00
|
|
|
end
|