class StaticRails::SiteMiddleware

Constants

PATH_INFO_OBFUSCATION

Public Class Methods

new(app) click to toggle source
# File lib/static-rails/site_middleware.rb, line 9
def initialize(app)
  @app = app
  @proxy_middleware = ProxyMiddleware.new(app)
  @static_middleware = StaticMiddleware.new(app)
  @determines_whether_to_handle_request = DeterminesWhetherToHandleRequest.new
end

Public Instance Methods

call(env) click to toggle source
# File lib/static-rails/site_middleware.rb, line 16
def call(env)
  return @app.call(env) unless @determines_whether_to_handle_request.call(env)

  if require_csrf_before_processing_request?
    # You might be asking yourself what the hell is going on here. In short,
    # This middleware sits at the top of the stack, which is too early to
    # set a CSRF token in a cookie. Therefore, we've placed a subclass of
    # this middleware named SitePlusCsrfMiddleware near the bottom of the
    # middleware stack, which is slower but comes after Session::CookieStore
    # and therefore can write _csrf_token to the cookie. As a result, the
    # observable behavior to the user is identical, but the first request
    # to set the cookie will be marginally slower because it needs to go
    # deeper down the Rails middleware stack
    #
    # But! Between these two is ActionDispatch::Static. In the odd case that
    # a path that this middleware would serve happens to match the name of
    # a path in public/, kicking down the middleware stack would result in
    # that file being served instead of our deeper middleware being called.
    # So to work around this we're just making the PATH_INFO property so
    # ugly that there's no chance it'll match anything. When our subclass
    # gets its shot at this request, it'll know to remove the path
    # obfuscation from PATH_INFO and go about its business.
    #
    # See, easy!
    #
    # (By the way, this was all Matthew Draper's bright idea. You can
    # compliment him here: https://github.com/matthewd )
    @app.call(env.merge("PATH_INFO" => "/" + PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
  elsif StaticRails.config.proxy_requests
    @proxy_middleware.call(env)
  elsif StaticRails.config.serve_compiled_assets
    @static_middleware.call(env)
  end
end

Protected Instance Methods

require_csrf_before_processing_request?() click to toggle source

Override this in subclass since it'll call super(env) and deal itself

# File lib/static-rails/site_middleware.rb, line 54
def require_csrf_before_processing_request?
  StaticRails.config.set_csrf_token_cookie
end