Class: ActionDispatch::Request

Inherits:
Object
  • Object
show all
Includes:
ContentSecurityPolicy::Request, Flash::RequestMethods, Http::Cache::Request, Http::FilterParameters, Http::MimeNegotiation, Http::Parameters, Http::URL, PermissionsPolicy::Request, Rack::Request::Env, Rack::Request::Helpers
Defined in:
lib/action_dispatch/http/request.rb,
lib/action_dispatch/request/utils.rb,
lib/action_dispatch/request/session.rb,
lib/action_dispatch/middleware/flash.rb

Direct Known Subclasses

TestRequest

Defined Under Namespace

Classes: Session, Utils

Constant Summary collapse

LOCALHOST = 
Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
ENV_METHODS = 
%w[ AUTH_TYPE GATEWAY_INTERFACE
PATH_TRANSLATED REMOTE_HOST
REMOTE_IDENT REMOTE_USER REMOTE_ADDR
SERVER_NAME SERVER_PROTOCOL
ORIGINAL_SCRIPT_NAME

HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
HTTP_NEGOTIATE HTTP_PRAGMA HTTP_CLIENT_IP
HTTP_X_FORWARDED_FOR HTTP_ORIGIN HTTP_VERSION
HTTP_X_CSRF_TOKEN HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
].freeze
PASS_NOT_FOUND =

:nodoc:

Class.new { # :nodoc:
  def self.action(_); self; end
  def self.call(_); [404, { Constants::X_CASCADE => "pass" }, []]; end
  def self.action_encoding_template(action); false; end
}
RFC2616 =

HTTP methods from [RFC 2616: Hypertext Transfer Protocol – HTTP/1.1](www.ietf.org/rfc/rfc2616.txt)

%w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)
RFC2518 =

HTTP methods from [RFC 2518: HTTP Extensions for Distributed Authoring – WEBDAV](www.ietf.org/rfc/rfc2518.txt)

%w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)
RFC3253 =

HTTP methods from [RFC 3253: Versioning Extensions to WebDAV](www.ietf.org/rfc/rfc3253.txt)

%w(VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY)
RFC3648 =

HTTP methods from [RFC 3648: WebDAV Ordered Collections Protocol](www.ietf.org/rfc/rfc3648.txt)

%w(ORDERPATCH)
RFC3744 =

HTTP methods from [RFC 3744: WebDAV Access Control Protocol](www.ietf.org/rfc/rfc3744.txt)

%w(ACL)
RFC5323 =

HTTP methods from [RFC 5323: WebDAV SEARCH](www.ietf.org/rfc/rfc5323.txt)

%w(SEARCH)
RFC4791 =

HTTP methods from [RFC 4791: Calendaring Extensions to WebDAV](www.ietf.org/rfc/rfc4791.txt)

%w(MKCALENDAR)
RFC5789 =

HTTP methods from [RFC 5789: PATCH Method for HTTP](www.ietf.org/rfc/rfc5789.txt)

%w(PATCH)
HTTP_METHODS = 
RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC4791 + RFC5789
HTTP_METHOD_LOOKUP = 
{}
ACTION_DISPATCH_REQUEST_ID =

:nodoc:

"action_dispatch.request_id"

Constants included from PermissionsPolicy::Request

PermissionsPolicy::Request::POLICY

Constants included from ContentSecurityPolicy::Request

ContentSecurityPolicy::Request::NONCE, ContentSecurityPolicy::Request::NONCE_DIRECTIVES, ContentSecurityPolicy::Request::NONCE_GENERATOR, ContentSecurityPolicy::Request::POLICY, ContentSecurityPolicy::Request::POLICY_REPORT_ONLY

Constants included from Http::URL

Http::URL::HOST_REGEXP, Http::URL::IP_HOST_REGEXP, Http::URL::PROTOCOL_REGEXP

Constants included from Http::FilterParameters

Http::FilterParameters::ENV_MATCH, Http::FilterParameters::NULL_ENV_FILTER, Http::FilterParameters::NULL_PARAM_FILTER

Constants included from Http::Parameters

Http::Parameters::DEFAULT_PARSERS, Http::Parameters::PARAMETERS_KEY

Constants included from Http::MimeNegotiation

Http::MimeNegotiation::RESCUABLE_MIME_FORMAT_ERRORS

Constants included from Http::Cache::Request

Http::Cache::Request::HTTP_IF_MODIFIED_SINCE, Http::Cache::Request::HTTP_IF_NONE_MATCH

Class Method Summary collapse

Instance Method Summary collapse

Methods included from PermissionsPolicy::Request

#permissions_policy, #permissions_policy=

Methods included from ContentSecurityPolicy::Request

#content_security_policy, #content_security_policy=, #content_security_policy_nonce, #content_security_policy_nonce_directives, #content_security_policy_nonce_directives=, #content_security_policy_nonce_generator, #content_security_policy_nonce_generator=, #content_security_policy_report_only, #content_security_policy_report_only=

Methods included from Http::URL

#domain, extract_domain, extract_subdomain, extract_subdomains, full_url_for, #host, #host_with_port, #optional_port, path_for, #port, #port_string, #protocol, #raw_host_with_port, #server_port, #standard_port, #standard_port?, #subdomain, #subdomains, #url, url_for

Methods included from Http::FilterParameters

#filtered_env, #filtered_parameters, #filtered_path, #parameter_filter

Methods included from Http::Parameters

#parameters, #path_parameters, #path_parameters=

Methods included from Http::MimeNegotiation

#accepts, #content_mime_type, #format, #format=, #formats, #formats=, #has_content_type?, #negotiate_mime, #should_apply_vary_header?, #variant, #variant=

Methods included from Http::Cache::Request

#etag_matches?, #fresh?, #if_modified_since, #if_none_match, #if_none_match_etags, #not_modified?

Methods included from Flash::RequestMethods

#flash, #flash=, #flash_hash

Constructor Details

#initialize(env) ⇒ Request

Returns a new instance of Request.



62
63
64
65
66
67
68
69
70
 
# File 'lib/action_dispatch/http/request.rb', line 62

def initialize(env)
  super
  @method            = nil
  @request_method    = nil
  @remote_ip         = nil
  @original_fullpath = nil
  @fullpath          = nil
  @ip                = nil
end

Class Method Details

.emptyObject 



58
59
60
 
# File 'lib/action_dispatch/http/request.rb', line 58

def self.empty
  new({})
end

Instance Method Details

#authorizationObject

Returns the authorization header regardless of whether it was specified directly or through one of the proxy alternatives.



419
420
421
422
423
424
 
# File 'lib/action_dispatch/http/request.rb', line 419

def authorization
  get_header("HTTP_AUTHORIZATION")   ||
  get_header("X-HTTP_AUTHORIZATION") ||
  get_header("X_HTTP_AUTHORIZATION") ||
  get_header("REDIRECT_X_HTTP_AUTHORIZATION")
end

#bodyObject

The request body is an IO input stream. If the RAW_POST_DATA environment variable is already set, wrap it in a StringIO.



349
350
351
352
353
354
355
356
 
# File 'lib/action_dispatch/http/request.rb', line 349

def body
  if raw_post = get_header("RAW_POST_DATA")
    raw_post = (+raw_post).force_encoding(Encoding::BINARY)
    StringIO.new(raw_post)
  else
    body_stream
  end
end

#body_streamObject

:nodoc:



369
370
371
 
# File 'lib/action_dispatch/http/request.rb', line 369

def body_stream # :nodoc:
  get_header("rack.input")
end

#commit_cookie_jar!Object

:nodoc:



72
73
 
# File 'lib/action_dispatch/http/request.rb', line 72

def commit_cookie_jar! # :nodoc:
end

#commit_csrf_tokenObject 



451
452
453
 
# File 'lib/action_dispatch/http/request.rb', line 451

def commit_csrf_token
  controller_instance.commit_csrf_token(self) if controller_instance.respond_to?(:commit_csrf_token)
end

#commit_flashObject 



440
441
 
# File 'lib/action_dispatch/http/request.rb', line 440

def commit_flash
end

#content_lengthObject

Returns the content length of the request as an integer.



284
285
286
287
 
# File 'lib/action_dispatch/http/request.rb', line 284

def content_length
  return raw_post.bytesize if headers.key?("Transfer-Encoding")
  super.to_i
end

#controller_classObject 



81
82
83
84
85
 
# File 'lib/action_dispatch/http/request.rb', line 81

def controller_class
  params = path_parameters
  params[:action] ||= "index"
  controller_class_for(params[:controller])
end

#controller_class_for(name) ⇒ Object 



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/action_dispatch/http/request.rb', line 87

def controller_class_for(name)
  if name
    controller_param = name.underscore
    const_name = controller_param.camelize << "Controller"
    begin
      const_name.constantize
    rescue NameError => error
      if error.missing_name == const_name || const_name.start_with?("#{error.missing_name}::")
        raise MissingController.new(error.message, error.name)
      else
        raise
      end
    end
  else
    PASS_NOT_FOUND
  end
end

#controller_instanceObject

:nodoc:



183
184
185
 
# File 'lib/action_dispatch/http/request.rb', line 183

def controller_instance # :nodoc:
  get_header("action_controller.instance")
end

#controller_instance=(controller) ⇒ Object

:nodoc:



187
188
189
 
# File 'lib/action_dispatch/http/request.rb', line 187

def controller_instance=(controller) # :nodoc:
  set_header("action_controller.instance", controller)
end

#engine_script_name(_routes) ⇒ Object

:nodoc:



169
170
171
 
# File 'lib/action_dispatch/http/request.rb', line 169

def engine_script_name(_routes) # :nodoc:
  get_header(_routes.env_key)
end

#engine_script_name=(name) ⇒ Object

:nodoc:



173
174
175
 
# File 'lib/action_dispatch/http/request.rb', line 173

def engine_script_name=(name) # :nodoc:
  set_header(routes.env_key, name.dup)
end

#form_data?Boolean

Determine whether the request body contains form-data by checking the request ‘Content-Type` for one of the media-types: `application/x-www-form-urlencoded` or `multipart/form-data`. The list of form-data media types can be modified through the `FORM_DATA_MEDIA_TYPES` array.

A request body is not assumed to contain form-data when no ‘Content-Type` header is provided and the request_method is POST.

Returns:

  • (Boolean) 


365
366
367
 
# File 'lib/action_dispatch/http/request.rb', line 365

def form_data?
  FORM_DATA_MEDIA_TYPES.include?(media_type)
end

#fullpathObject

Returns the ‘String` full path including params of the last URL requested.

# get "/articles"
request.fullpath # => "/articles"

# get "/articles?page=2"
request.fullpath # => "/articles?page=2"



263
264
265
 
# File 'lib/action_dispatch/http/request.rb', line 263

def fullpath
  @fullpath ||= super
end

#GETObject Also known as: query_parameters

Override Rack’s GET method to support indifferent access.



387
388
389
390
391
392
393
394
395
396
397
398
399
 
# File 'lib/action_dispatch/http/request.rb', line 387

def GET
  fetch_header("action_dispatch.request.query_parameters") do |k|
    rack_query_params = super || {}
    controller = path_parameters[:controller]
    action = path_parameters[:action]
    rack_query_params = Request::Utils.set_binary_encoding(self, rack_query_params, controller, action)
    # Check for non UTF-8 parameter values, which would cause errors later
    Request::Utils.check_param_encoding(rack_query_params)
    set_header k, Request::Utils.normalize_encode_params(rack_query_params)
  end
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError, Rack::QueryParser::ParamsTooDeepError => e
  raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}")
end

#headersObject

Provides access to the request’s HTTP headers, for example:

request.headers["Content-Type"] # => "text/plain"



225
226
227
 
# File 'lib/action_dispatch/http/request.rb', line 225

def headers
  @headers ||= Http::Headers.new(self)
end

#http_auth_saltObject 



191
192
193
 
# File 'lib/action_dispatch/http/request.rb', line 191

def http_auth_salt
  get_header "action_dispatch.http_auth_salt"
end

#inspectObject

:nodoc:



443
444
445
 
# File 'lib/action_dispatch/http/request.rb', line 443

def inspect # :nodoc:
  "#<#{self.class.name} #{method} #{original_url.dump} for #{remote_ip}>"
end

#ipObject

Returns the IP address of client as a ‘String`.



298
299
300
 
# File 'lib/action_dispatch/http/request.rb', line 298

def ip
  @ip ||= super
end

#key?(key) ⇒ Boolean

Returns true if the request has a header matching the given key parameter.

request.key? :ip_spoofing_check # => true

Returns:

  • (Boolean) 


108
109
110
 
# File 'lib/action_dispatch/http/request.rb', line 108

def key?(key)
  has_header? key
end

#local?Boolean

True if the request came from localhost, 127.0.0.1, or ::1.

Returns:

  • (Boolean) 


427
428
429
 
# File 'lib/action_dispatch/http/request.rb', line 427

def local?
  LOCALHOST.match?(remote_addr) && LOCALHOST.match?(remote_ip)
end

#loggerObject 



436
437
438
 
# File 'lib/action_dispatch/http/request.rb', line 436

def logger
  get_header("action_dispatch.logger")
end

#media_typeObject

The ‘String` MIME type of the request.

# get "/articles"
request.media_type # => "application/x-www-form-urlencoded"



279
280
281
 
# File 'lib/action_dispatch/http/request.rb', line 279

def media_type
  content_mime_type&.to_s
end

#method(*args) ⇒ Object

Returns the original value of the environment’s REQUEST_METHOD, even if it was overridden by middleware. See #request_method for more information.

For debugging purposes, when called with arguments this method will fall back to Object#method



205
206
207
208
209
210
211
212
213
214
 
# File 'lib/action_dispatch/http/request.rb', line 205

def method(*args)
  if args.empty?
    @method ||= check_method(
      get_header("rack.methodoverride.original_method") ||
      get_header("REQUEST_METHOD")
    )
  else
    super
  end
end

#method_symbolObject

Returns a symbol form of the #method.



218
219
220
 
# File 'lib/action_dispatch/http/request.rb', line 218

def method_symbol
  HTTP_METHOD_LOOKUP[method]
end

#original_fullpathObject

Returns a ‘String` with the last requested path including their params.

# get '/foo'
request.original_fullpath # => '/foo'

# get '/foo?bar'
request.original_fullpath # => '/foo?bar'



252
253
254
 
# File 'lib/action_dispatch/http/request.rb', line 252

def original_fullpath
  @original_fullpath ||= (get_header("ORIGINAL_FULLPATH") || fullpath)
end

#original_urlObject

Returns the original request URL as a ‘String`.

# get "/articles?page=2"
request.original_url # => "http://www.example.com/articles?page=2"



271
272
273
 
# File 'lib/action_dispatch/http/request.rb', line 271

def original_url
  base_url + original_fullpath
end

#POSTObject Also known as: request_parameters

Override Rack’s POST method to support indifferent access.



403
404
405
406
407
408
409
410
411
412
413
414
 
# File 'lib/action_dispatch/http/request.rb', line 403

def POST
  fetch_header("action_dispatch.request.request_parameters") do
    pr = parse_formatted_parameters(params_parsers) do |params|
      super || {}
    end
    pr = Request::Utils.set_binary_encoding(self, pr, path_parameters[:controller], path_parameters[:action])
    Request::Utils.check_param_encoding(pr)
    self.request_parameters = Request::Utils.normalize_encode_params(pr)
  end
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError, Rack::QueryParser::ParamsTooDeepError, EOFError => e
  raise ActionController::BadRequest.new("Invalid request parameters: #{e.message}")
end

#raw_postObject

Read the request body. This is useful for web services that need to work with raw requests directly.



340
341
342
343
344
345
 
# File 'lib/action_dispatch/http/request.rb', line 340

def raw_post
  unless has_header? "RAW_POST_DATA"
    set_header("RAW_POST_DATA", read_body_stream)
  end
  get_header "RAW_POST_DATA"
end

#raw_request_methodObject

:nodoc:



138
 
# File 'lib/action_dispatch/http/request.rb', line 138

alias raw_request_method request_method

#remote_ipObject

Returns the IP address of client as a ‘String`, usually set by the RemoteIp middleware.



304
305
306
 
# File 'lib/action_dispatch/http/request.rb', line 304

def remote_ip
  @remote_ip ||= (get_header("action_dispatch.remote_ip") || ip).to_s
end

#remote_ip=(remote_ip) ⇒ Object 



308
309
310
311
 
# File 'lib/action_dispatch/http/request.rb', line 308

def remote_ip=(remote_ip)
  @remote_ip = nil
  set_header "action_dispatch.remote_ip", remote_ip
end

#request_idObject Also known as: uuid

Returns the unique request id, which is based on either the ‘X-Request-Id` header that can be generated by a firewall, load balancer, or web server, or by the RequestId middleware (which sets the `action_dispatch.request_id` environment variable).

This unique ID is useful for tracing a request from end-to-end as part of logging or debugging. This relies on the Rack variable set by the ActionDispatch::RequestId middleware.



323
324
325
 
# File 'lib/action_dispatch/http/request.rb', line 323

def request_id
  get_header ACTION_DISPATCH_REQUEST_ID
end

#request_id=(id) ⇒ Object

:nodoc:



327
328
329
 
# File 'lib/action_dispatch/http/request.rb', line 327

def request_id=(id) # :nodoc:
  set_header ACTION_DISPATCH_REQUEST_ID, id
end

#request_methodObject

Returns the HTTP method that the application should see. In the case where the method was overridden by a middleware (for instance, if a HEAD request was converted to a GET, or if a _method parameter was used to determine the method the application should use), this method returns the overridden value, not the original.



145
146
147
 
# File 'lib/action_dispatch/http/request.rb', line 145

def request_method
  @request_method ||= check_method(super)
end

#request_method=(request_method) ⇒ Object

:nodoc:



177
178
179
180
181
 
# File 'lib/action_dispatch/http/request.rb', line 177

def request_method=(request_method) # :nodoc:
  if check_method(request_method)
    @request_method = set_header("REQUEST_METHOD", request_method)
  end
end

#request_method_symbolObject

Returns a symbol form of the #request_method.



196
197
198
 
# File 'lib/action_dispatch/http/request.rb', line 196

def request_method_symbol
  HTTP_METHOD_LOOKUP[request_method]
end

#request_parameters=(params) ⇒ Object 



431
432
433
434
 
# File 'lib/action_dispatch/http/request.rb', line 431

def request_parameters=(params)
  raise if params.nil?
  set_header("action_dispatch.request.request_parameters", params)
end

#reset_csrf_tokenObject 



447
448
449
 
# File 'lib/action_dispatch/http/request.rb', line 447

def reset_csrf_token
  controller_instance.reset_csrf_token(self) if controller_instance.respond_to?(:reset_csrf_token)
end

#reset_sessionObject 



373
374
375
376
 
# File 'lib/action_dispatch/http/request.rb', line 373

def reset_session
  session.destroy
  reset_csrf_token
end

#route_uri_patternObject

Returns the URI pattern of the matched route for the request, using the same format as ‘bin/rails routes`:

request.route_uri_pattern # => "/:controller(/:action(/:id))(.:format)"



153
154
155
 
# File 'lib/action_dispatch/http/request.rb', line 153

def route_uri_pattern
  get_header("action_dispatch.route_uri_pattern")
end

#route_uri_pattern=(pattern) ⇒ Object

:nodoc:



157
158
159
 
# File 'lib/action_dispatch/http/request.rb', line 157

def route_uri_pattern=(pattern) # :nodoc:
  set_header("action_dispatch.route_uri_pattern", pattern)
end

#routesObject

:nodoc:



161
162
163
 
# File 'lib/action_dispatch/http/request.rb', line 161

def routes # :nodoc:
  get_header("action_dispatch.routes")
end

#routes=(routes) ⇒ Object

:nodoc:



165
166
167
 
# File 'lib/action_dispatch/http/request.rb', line 165

def routes=(routes) # :nodoc:
  set_header("action_dispatch.routes", routes)
end

#send_early_hints(links) ⇒ Object

Early Hints is an HTTP/2 status code that indicates hints to help a client start making preparations for processing the final response.

If the env contains ‘rack.early_hints` then the server accepts HTTP2 push for link headers.

The ‘send_early_hints` method accepts a hash of links as follows:

send_early_hints("link" => "</style.css>; rel=preload; as=style,</script.js>; rel=preload")

If you are using ‘javascript_include_tag` or `stylesheet_link_tag` the Early Hints headers are included by default if supported.



241
242
243
 
# File 'lib/action_dispatch/http/request.rb', line 241

def send_early_hints(links)
  env["rack.early_hints"]&.call(links)
end

#server_softwareObject

Returns the lowercase name of the HTTP server software.



334
335
336
 
# File 'lib/action_dispatch/http/request.rb', line 334

def server_software
  (get_header("SERVER_SOFTWARE") && /^([a-zA-Z]+)/ =~ get_header("SERVER_SOFTWARE")) ? $1.downcase : nil
end

#session=(session) ⇒ Object

:nodoc:



378
379
380
 
# File 'lib/action_dispatch/http/request.rb', line 378

def session=(session) # :nodoc:
  Session.set self, session
end

#session_options=(options) ⇒ Object 



382
383
384
 
# File 'lib/action_dispatch/http/request.rb', line 382

def session_options=(options)
  Session::Options.set self, options
end

#xml_http_request?Boolean Also known as: xhr?

Returns true if the ‘X-Requested-With` header contains “XMLHttpRequest” (case-insensitive), which may need to be manually added depending on the choice of JavaScript libraries and frameworks.

Returns:

  • (Boolean) 


292
293
294
 
# File 'lib/action_dispatch/http/request.rb', line 292

def xml_http_request?
  /XMLHttpRequest/i.match?(get_header("HTTP_X_REQUESTED_WITH"))
end