Class: ActionDispatch::Request

Inherits:

Object

• Object
• ActionDispatch::Request

Includes:

Flash::RequestMethods, Http::Cache::Request, Http::FilterParameters, Http::MimeNegotiation, Http::Parameters, Http::URL, Rack::Request::Env, Rack::Request::Helpers

Defined in:

lib/action_dispatch/http/request.rb,
lib/action_dispatch/request/utils.rb,
lib/action_dispatch/request/session.rb,
lib/action_dispatch/middleware/flash.rb,
lib/action_dispatch/middleware/cookies.rb

Direct Known Subclasses

TestRequest

Defined Under Namespace

Classes: Session, Utils

Constant Summary

LOCALHOST =

Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]

ENV_METHODS =

%w[ AUTH_TYPE GATEWAY_INTERFACE
PATH_TRANSLATED REMOTE_HOST
REMOTE_IDENT REMOTE_USER REMOTE_ADDR
SERVER_NAME SERVER_PROTOCOL
ORIGINAL_SCRIPT_NAME

HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
HTTP_NEGOTIATE HTTP_PRAGMA HTTP_CLIENT_IP
HTTP_X_FORWARDED_FOR HTTP_ORIGIN HTTP_VERSION
HTTP_X_CSRF_TOKEN HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
SERVER_ADDR
].freeze

PASS_NOT_FOUND =

:nodoc:

Class.new { # :nodoc:
  def self.action(_); self; end
  def self.call(_); [404, {'X-Cascade' => 'pass'}, []]; end
}

RFC2616 =

List of HTTP request methods from the following RFCs: Hypertext Transfer Protocol – HTTP/1.1 (www.ietf.org/rfc/rfc2616.txt) HTTP Extensions for Distributed Authoring – WEBDAV (www.ietf.org/rfc/rfc2518.txt) Versioning Extensions to WebDAV (www.ietf.org/rfc/rfc3253.txt) Ordered Collections Protocol (WebDAV) (www.ietf.org/rfc/rfc3648.txt) Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (www.ietf.org/rfc/rfc3744.txt) Web Distributed Authoring and Versioning (WebDAV) SEARCH (www.ietf.org/rfc/rfc5323.txt) Calendar Extensions to WebDAV (www.ietf.org/rfc/rfc4791.txt) PATCH Method for HTTP (www.ietf.org/rfc/rfc5789.txt)

%w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)

RFC2518 =

%w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)

RFC3253 =

%w(VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY)

RFC3648 =

%w(ORDERPATCH)

RFC3744 =

%w(ACL)

RFC5323 =

%w(SEARCH)

RFC4791 =

%w(MKCALENDAR)

RFC5789 =

%w(PATCH)

HTTP_METHODS =

RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC4791 + RFC5789

HTTP_METHOD_LOOKUP =

{}

ACTION_DISPATCH_REQUEST_ID =

:nodoc:

"action_dispatch.request_id".freeze

Constants included from Http::URL

Http::URL::HOST_REGEXP, Http::URL::IP_HOST_REGEXP, Http::URL::PROTOCOL_REGEXP

Constants included from Http::FilterParameters

Http::FilterParameters::ENV_MATCH, Http::FilterParameters::NULL_ENV_FILTER, Http::FilterParameters::NULL_PARAM_FILTER

Constants included from Http::Parameters

Http::Parameters::DEFAULT_PARSERS, Http::Parameters::PARAMETERS_KEY

Constants included from Http::Cache::Request

Http::Cache::Request::HTTP_IF_MODIFIED_SINCE, Http::Cache::Request::HTTP_IF_NONE_MATCH

Class Method Summary

• .empty ⇒ Object

Instance Method Summary

• #authorization ⇒ Object

  Returns the authorization header regardless of whether it was specified directly or through one of the proxy alternatives.

• #body ⇒ Object

  The request body is an IO input stream.

• #body_stream ⇒ Object

  :nodoc:.

• #commit_cookie_jar! ⇒ Object

  :nodoc:.

• #commit_flash ⇒ Object
• #content_length ⇒ Object

  Returns the content length of the request as an integer.

• #controller_class ⇒ Object
• #controller_instance ⇒ Object

  :nodoc:.

• #controller_instance=(controller) ⇒ Object

  :nodoc:.

• #cookie_jar ⇒ Object
• #cookie_jar=(jar) ⇒ Object
• #cookies_digest ⇒ Object
• #cookies_serializer ⇒ Object
• #encrypted_cookie_salt ⇒ Object
• #encrypted_signed_cookie_salt ⇒ Object
• #engine_script_name(_routes) ⇒ Object

  :nodoc:.

• #engine_script_name=(name) ⇒ Object

  :nodoc:.

• #form_data? ⇒ Boolean

  Determine whether the request body contains form-data by checking the request Content-Type for one of the media-types: “application/x-www-form-urlencoded” or “multipart/form-data”.

• #fullpath ⇒ Object

  Returns the String full path including params of the last URL requested.

• #GET ⇒ Object (also: #query_parameters)

  Override Rack’s GET method to support indifferent access.

• #have_cookie_jar? ⇒ Boolean
• #headers ⇒ Object

  Provides access to the request’s HTTP headers, for example:.

• #http_auth_salt ⇒ Object
• #initialize(env) ⇒ Request constructor

  A new instance of Request.

• #ip ⇒ Object

  Returns the IP address of client as a String.

• #key?(key) ⇒ Boolean
• #key_generator ⇒ Object
• #local? ⇒ Boolean

  True if the request came from localhost, 127.0.0.1, or ::1.

• #logger ⇒ Object
• #media_type ⇒ Object

  The String MIME type of the request.

• #method ⇒ Object

  Returns the original value of the environment’s REQUEST_METHOD, even if it was overridden by middleware.

• #method_symbol ⇒ Object

  Returns a symbol form of the #method.

• #original_fullpath ⇒ Object

  Returns a String with the last requested path including their params.

• #original_url ⇒ Object

  Returns the original request URL as a String.

• #POST ⇒ Object (also: #request_parameters)

  Override Rack’s POST method to support indifferent access.

• #raw_post ⇒ Object

  Read the request body.

• #remote_ip ⇒ Object

  Returns the IP address of client as a String, usually set by the RemoteIp middleware.

• #remote_ip=(remote_ip) ⇒ Object
• #request_id ⇒ Object (also: #uuid)

  Returns the unique request id, which is based on either the X-Request-Id header that can be generated by a firewall, load balancer, or web server or by the RequestId middleware (which sets the action_dispatch.request_id environment variable).

• #request_id=(id) ⇒ Object

  :nodoc:.

• #request_method ⇒ Object

  Returns the HTTP method that the application should see.

• #request_method=(request_method) ⇒ Object

  :nodoc:.

• #request_method_symbol ⇒ Object

  Returns a symbol form of the #request_method.

• #request_parameters=(params) ⇒ Object
• #reset_session ⇒ Object

  TODO This should be broken apart into AD::Request::Session and probably be included by the session middleware.

• #routes ⇒ Object

  :nodoc:.

• #routes=(routes) ⇒ Object

  :nodoc:.

• #secret_key_base ⇒ Object
• #secret_token ⇒ Object
• #server_software ⇒ Object

  Returns the lowercase name of the HTTP server software.

• #session=(session) ⇒ Object

  :nodoc:.

• #session_options=(options) ⇒ Object
• #show_exceptions? ⇒ Boolean

  :nodoc:.

• #signed_cookie_salt ⇒ Object
• #ssl? ⇒ Boolean
• #xml_http_request? ⇒ Boolean (also: #xhr?)

  Returns true if the “X-Requested-With” header contains “XMLHttpRequest” (case-insensitive), which may need to be manually added depending on the choice of JavaScript libraries and frameworks.

Methods included from Http::URL

#domain, extract_domain, extract_subdomain, extract_subdomains, full_url_for, #host, #host_with_port, #optional_port, path_for, #port, #port_string, #protocol, #raw_host_with_port, #server_port, #standard_port, #standard_port?, #subdomain, #subdomains, #url, url_for

Methods included from Http::FilterParameters

#filtered_env, #filtered_parameters, #filtered_path

Methods included from Http::Parameters

#parameters, #path_parameters, #path_parameters=

Methods included from Http::MimeNegotiation

#accepts, #content_mime_type, #content_type, #format, #format=, #formats, #formats=, #has_content_type?, #negotiate_mime, #variant, #variant=

Methods included from Http::Cache::Request

#etag_matches?, #fresh?, #if_modified_since, #if_none_match, #if_none_match_etags, #not_modified?

Methods included from Flash::RequestMethods

#flash, #flash=, #flash_hash

Constructor Details

#initialize(env) ⇒ Request

Returns a new instance of Request.

# File 'lib/action_dispatch/http/request.rb', line 56

def initialize(env)
  super
  @method            = nil
  @request_method    = nil
  @remote_ip         = nil
  @original_fullpath = nil
  @fullpath          = nil
  @ip                = nil
end

Class Method Details

.empty ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 52

def self.empty
  new({})
end

Instance Method Details

#authorization ⇒ Object

Returns the authorization header regardless of whether it was specified directly or through one of the proxy alternatives.

# File 'lib/action_dispatch/http/request.rb', line 369

def authorization
  get_header('HTTP_AUTHORIZATION')   ||
  get_header('X-HTTP_AUTHORIZATION') ||
  get_header('X_HTTP_AUTHORIZATION') ||
  get_header('REDIRECT_X_HTTP_AUTHORIZATION')
end

#body ⇒ Object

The request body is an IO input stream. If the RAW_POST_DATA environment variable is already set, wrap it in a StringIO.

# File 'lib/action_dispatch/http/request.rb', line 295

def body
  if raw_post = get_header('RAW_POST_DATA')
    raw_post.force_encoding(Encoding::BINARY)
    StringIO.new(raw_post)
  else
    body_stream
  end
end

#body_stream ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 316

def body_stream #:nodoc:
  get_header('rack.input')
end

#commit_cookie_jar! ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 66

def commit_cookie_jar! # :nodoc:
end

#commit_flash ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 390

def commit_flash
end

#content_length ⇒ Object

Returns the content length of the request as an integer.

# File 'lib/action_dispatch/http/request.rb', line 232

def content_length
  super.to_i
end

#controller_class ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 74

def controller_class
  params = path_parameters

  if params.key?(:controller)
    controller_param = params[:controller].underscore
    params[:action] ||= 'index'
    const_name = "#{controller_param.camelize}Controller"
    ActiveSupport::Dependencies.constantize(const_name)
  else
    PASS_NOT_FOUND
  end
end

#controller_instance ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 150

def controller_instance # :nodoc:
  get_header('action_controller.instance'.freeze)
end

#controller_instance=(controller) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 154

def controller_instance=(controller) # :nodoc:
  set_header('action_controller.instance'.freeze, controller)
end

#cookie_jar ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 9

def cookie_jar
  fetch_header('action_dispatch.cookies'.freeze) do
    self.cookie_jar = Cookies::CookieJar.build(self, cookies)
  end
end

#cookie_jar=(jar) ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 26

def cookie_jar=(jar)
  set_header 'action_dispatch.cookies'.freeze, jar
end

#cookies_digest ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 58

def cookies_digest
  get_header Cookies::COOKIES_DIGEST
end

#cookies_serializer ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 54

def cookies_serializer
  get_header Cookies::COOKIES_SERIALIZER
end

#encrypted_cookie_salt ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 38

def encrypted_cookie_salt
  get_header Cookies::ENCRYPTED_COOKIE_SALT
end

#encrypted_signed_cookie_salt ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 42

def encrypted_signed_cookie_salt
  get_header Cookies::ENCRYPTED_SIGNED_COOKIE_SALT
end

#engine_script_name(_routes) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 136

def engine_script_name(_routes) # :nodoc:
  get_header(_routes.env_key)
end

#engine_script_name=(name) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 140

def engine_script_name=(name) # :nodoc:
  set_header(routes.env_key, name.dup)
end

#form_data? ⇒ Boolean

Determine whether the request body contains form-data by checking the request Content-Type for one of the media-types: “application/x-www-form-urlencoded” or “multipart/form-data”. The list of form-data media types can be modified through the FORM_DATA_MEDIA_TYPES array.

A request body is not assumed to contain form-data when no Content-Type header is provided and the request_method is POST.

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 312

def form_data?
  FORM_DATA_MEDIA_TYPES.include?(media_type)
end

#fullpath ⇒ Object

Returns the String full path including params of the last URL requested.

# get "/articles"
request.fullpath # => "/articles"

# get "/articles?page=2"
request.fullpath # => "/articles?page=2"

# File 'lib/action_dispatch/http/request.rb', line 211

def fullpath
  @fullpath ||= super
end

#GET ⇒ Object Also known as: query_parameters

Override Rack’s GET method to support indifferent access

# File 'lib/action_dispatch/http/request.rb', line 339

def GET
  fetch_header("action_dispatch.request.query_parameters") do |k|
    rack_query_params = super || {}
    # Check for non UTF-8 parameter values, which would cause errors later
    Request::Utils.check_param_encoding(rack_query_params)
    set_header k, Request::Utils.normalize_encode_params(rack_query_params)
  end
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
  raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}")
end

#have_cookie_jar? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/action_dispatch/middleware/cookies.rb', line 22

def have_cookie_jar?
  has_header? 'action_dispatch.cookies'.freeze
end

#headers ⇒ Object

Provides access to the request’s HTTP headers, for example:

request.headers["Content-Type"] # => "text/plain"

# File 'lib/action_dispatch/http/request.rb', line 189

def headers
  @headers ||= Http::Headers.new(self)
end

#http_auth_salt ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 158

def http_auth_salt
  get_header "action_dispatch.http_auth_salt"
end

#ip ⇒ Object

Returns the IP address of client as a String.

# File 'lib/action_dispatch/http/request.rb', line 245

def ip
  @ip ||= super
end

#key?(key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 87

def key?(key)
  has_header? key
end

#key_generator ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 30

def key_generator
  get_header Cookies::GENERATOR_KEY
end

#local? ⇒ Boolean

True if the request came from localhost, 127.0.0.1, or ::1.

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 377

def local?
  LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip
end

#logger ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 386

def logger
  get_header("action_dispatch.logger".freeze)
end

#media_type ⇒ Object

The String MIME type of the request.

# get "/articles"
request.media_type # => "application/x-www-form-urlencoded"

# File 'lib/action_dispatch/http/request.rb', line 227

def media_type
  content_mime_type.to_s
end

#method ⇒ Object

Returns the original value of the environment’s REQUEST_METHOD, even if it was overridden by middleware. See #request_method for more information.

# File 'lib/action_dispatch/http/request.rb', line 177

def method
  @method ||= check_method(get_header("rack.methodoverride.original_method") || get_header('REQUEST_METHOD'))
end

#method_symbol ⇒ Object

Returns a symbol form of the #method

# File 'lib/action_dispatch/http/request.rb', line 182

def method_symbol
  HTTP_METHOD_LOOKUP[method]
end

#original_fullpath ⇒ Object

Returns a String with the last requested path including their params.

# get '/foo'
request.original_fullpath # => '/foo'

# get '/foo?bar'
request.original_fullpath # => '/foo?bar'

# File 'lib/action_dispatch/http/request.rb', line 200

def original_fullpath
  @original_fullpath ||= (get_header("ORIGINAL_FULLPATH") || fullpath)
end

#original_url ⇒ Object

Returns the original request URL as a String.

# get "/articles?page=2"
request.original_url # => "http://www.example.com/articles?page=2"

# File 'lib/action_dispatch/http/request.rb', line 219

def original_url
  base_url + original_fullpath
end

#POST ⇒ Object Also known as: request_parameters

Override Rack’s POST method to support indifferent access

# File 'lib/action_dispatch/http/request.rb', line 352

def POST
  fetch_header("action_dispatch.request.request_parameters") do
    pr = parse_formatted_parameters(params_parsers) do |params|
      super || {}
    end
    self.request_parameters = Request::Utils.normalize_encode_params(pr)
  end
rescue ParamsParser::ParseError # one of the parse strategies blew up
  self.request_parameters = Request::Utils.normalize_encode_params(super || {})
  raise
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
  raise ActionController::BadRequest.new("Invalid request parameters: #{e.message}")
end

#raw_post ⇒ Object

Read the request body. This is useful for web services that need to work with raw requests directly.

# File 'lib/action_dispatch/http/request.rb', line 284

def raw_post
  unless has_header? 'RAW_POST_DATA'
    raw_post_body = body
    set_header('RAW_POST_DATA', raw_post_body.read(content_length))
    raw_post_body.rewind if raw_post_body.respond_to?(:rewind)
  end
  get_header 'RAW_POST_DATA'
end

#remote_ip ⇒ Object

Returns the IP address of client as a String, usually set by the RemoteIp middleware.

# File 'lib/action_dispatch/http/request.rb', line 251

def remote_ip
  @remote_ip ||= (get_header("action_dispatch.remote_ip") || ip).to_s
end

#remote_ip=(remote_ip) ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 255

def remote_ip=(remote_ip)
  set_header "action_dispatch.remote_ip".freeze, remote_ip
end

#request_id ⇒ Object Also known as: uuid

Returns the unique request id, which is based on either the X-Request-Id header that can be generated by a firewall, load balancer, or web server or by the RequestId middleware (which sets the action_dispatch.request_id environment variable).

This unique ID is useful for tracing a request from end-to-end as part of logging or debugging. This relies on the rack variable set by the ActionDispatch::RequestId middleware.

# File 'lib/action_dispatch/http/request.rb', line 267

def request_id
  get_header ACTION_DISPATCH_REQUEST_ID
end

#request_id=(id) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 271

def request_id=(id) # :nodoc:
  set_header ACTION_DISPATCH_REQUEST_ID, id
end

#request_method ⇒ Object

Returns the HTTP method that the application should see. In the case where the method was overridden by a middleware (for instance, if a HEAD request was converted to a GET, or if a _method parameter was used to determine the method the application should use), this method returns the overridden value, not the original.

# File 'lib/action_dispatch/http/request.rb', line 124

def request_method
  @request_method ||= check_method(super)
end

#request_method=(request_method) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 144

def request_method=(request_method) #:nodoc:
  if check_method(request_method)
    @request_method = set_header("REQUEST_METHOD", request_method)
  end
end

#request_method_symbol ⇒ Object

Returns a symbol form of the #request_method

# File 'lib/action_dispatch/http/request.rb', line 170

def request_method_symbol
  HTTP_METHOD_LOOKUP[request_method]
end

#request_parameters=(params) ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 381

def request_parameters=(params)
  raise if params.nil?
  set_header("action_dispatch.request.request_parameters".freeze, params)
end

#reset_session ⇒ Object

TODO This should be broken apart into AD::Request::Session and probably be included by the session middleware.

# File 'lib/action_dispatch/http/request.rb', line 322

def reset_session
  if session && session.respond_to?(:destroy)
    session.destroy
  else
    self.session = {}
  end
end

#routes ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 128

def routes # :nodoc:
  get_header("action_dispatch.routes".freeze)
end

#routes=(routes) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 132

def routes=(routes) # :nodoc:
  set_header("action_dispatch.routes".freeze, routes)
end

#secret_key_base ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 50

def secret_key_base
  get_header Cookies::SECRET_KEY_BASE
end

#secret_token ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 46

def secret_token
  get_header Cookies::SECRET_TOKEN
end

#server_software ⇒ Object

Returns the lowercase name of the HTTP server software.

# File 'lib/action_dispatch/http/request.rb', line 278

def server_software
  (get_header('SERVER_SOFTWARE') && /^([a-zA-Z]+)/ =~ get_header('SERVER_SOFTWARE')) ? $1.downcase : nil
end

#session=(session) ⇒ Object

:nodoc:

# File 'lib/action_dispatch/http/request.rb', line 330

def session=(session) #:nodoc:
  Session.set self, session
end

#session_options=(options) ⇒ Object

# File 'lib/action_dispatch/http/request.rb', line 334

def session_options=(options)
  Session::Options.set self, options
end

#show_exceptions? ⇒ Boolean

:nodoc:

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 162

def show_exceptions? # :nodoc:
  # We're treating `nil` as "unset", and we want the default setting to be
  # `true`.  This logic should be extracted to `env_config` and calculated
  # once.
  !(get_header('action_dispatch.show_exceptions'.freeze) == false)
end

#signed_cookie_salt ⇒ Object

# File 'lib/action_dispatch/middleware/cookies.rb', line 34

def signed_cookie_salt
  get_header Cookies::SIGNED_COOKIE_SALT
end

#ssl? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 393

def ssl?
  super || scheme == 'wss'.freeze
end

#xml_http_request? ⇒ Boolean Also known as: xhr?

Returns true if the “X-Requested-With” header contains “XMLHttpRequest” (case-insensitive), which may need to be manually added depending on the choice of JavaScript libraries and frameworks.

Returns:

• (Boolean)

# File 'lib/action_dispatch/http/request.rb', line 239

def xml_http_request?
  get_header('HTTP_X_REQUESTED_WITH') =~ /XMLHttpRequest/i
end