From adc7cb2d362f97631680f6d28a564bd02ad9649c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20D=C3=ADaz?= Date: Fri, 7 May 2021 00:35:51 -0500 Subject: [PATCH] Use a NullFlash object when the session store is disabled The module `EtagWithFlash` (introduced in #26250) uses flash. However, when the session store is not set (or disabled), it will raise an error because the flash middleware is included only if a session store is present. This patch includes the middleware even when the session store is disabled, although the flash module will return a null object to prevent breaks. --- .../lib/action_dispatch/middleware/flash.rb | 15 +++++++++++++++ .../application/default_middleware_stack.rb | 2 +- railties/test/application/configuration_test.rb | 17 +++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb index cf9165d008..a3be2daa05 100644 --- a/actionpack/lib/action_dispatch/middleware/flash.rb +++ b/actionpack/lib/action_dispatch/middleware/flash.rb @@ -45,6 +45,7 @@ module ActionDispatch # read a notice you put there or flash["notice"] = "hello" # to put a new one. def flash + return Flash::NullFlash unless session.respond_to?(:loaded?) flash = flash_hash return flash if flash self.flash = Flash::FlashHash.from_session_value(session["flash"]) @@ -79,6 +80,20 @@ module ActionDispatch end end + module NullFlash #:nodoc: + class << self + def []=(k, v); end + + def [](k); end + + def alert=(message); end + + def notice=(message); end + + def empty?; end + end + end + class FlashNow #:nodoc: attr_accessor :flash diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb index 2b5cba4726..1f18234f07 100644 --- a/railties/lib/rails/application/default_middleware_stack.rb +++ b/railties/lib/rails/application/default_middleware_stack.rb @@ -67,10 +67,10 @@ module Rails config.session_options[:secure] = true end middleware.use config.session_store, config.session_options - middleware.use ::ActionDispatch::Flash end unless config.api_only + middleware.use ::ActionDispatch::Flash middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware middleware.use ::ActionDispatch::PermissionsPolicy::Middleware end diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 78b604c6f3..8c9168c1d2 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -582,6 +582,23 @@ module ApplicationTests end end + test "EtagWithFlash module doesn't break when the session store is disabled" do + make_basic_app do |application| + application.config.session_store :disabled + end + + class ::OmgController < ActionController::Base + def index + stale?(weak_etag: "something") + render plain: "else" + end + end + + get "/" + + assert last_response.ok? + end + test "Use key_generator when secret_key_base is set" do make_basic_app do |application| application.secrets.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33"