rack / rack Goto Github PK

i solve the problem with uninstalling 1.1.0
also there is a thread here: http://www.ruby-forum.com/topic/201603

ref: https://rails.lighthouseapp.com/projects/8994/tickets/4714-rails-238-breaks-selenium-test

I have been searching for the source of this error. It appears to be within rack.
A git bisect search points to the first bad commit

commit 8f836f4
Author: Eric Wong [email protected]
Date: Thu Dec 10 21:34:17 2009 -0600

Hi,

I'm experiencing a huge performance drop with the 1.1.0's Builder and Thin 1.2.7. This is due to Builder#to_app recalculating the middleware stack on each request. I modified #to_app to cache the stack after the first request, as to me it seems unusual to modify it during runtime. Performance increased by >1100%.

Patch is at http://gist.github.com/357078 or at http://github.com/lgierth/rack/commit/20f55a85f46a0e8e8ff7549a6781f4915266c074

Before:

Requests per second:    248.44 [#/sec] (mean)
Time per request:       402.509 [ms] (mean)

After:

Requests per second:    2883.85 [#/sec] (mean)
Time per request:       34.676 [ms] (mean)

Rack encodes all cookie values using URI escaping but this is not a requirement of the cookie spec and thus should be exposed as an option that can be overridden. This is especially true when sharing cookies with other environments such as legacy applications or JavaScript that do not make the same assumptions about the encoding of a cookie. One example is YUI's Cookie utility and its subcookie functionality which uses cookies in a format of "cookiename=subcookie1=foo&sub2=bar" which cannot be achieved with the current Rack::Response#set_cookie method.

Some discussion about cookie encoding: http://www.nczonline.net/blog/2009/05/05/http-cookies-explained/

Although the way rack deletes cookies works on 99% of the browsers out there, it fails on older Windows Mobile phones because it doesn't conform to their stricter interpretation of the RFC2109(http://www.w3.org/Protocols/rfc2109/rfc2109).

From the RFC:

  NAME=VALUE

  Required.  The name of the state information ("cookie") is NAME,
  and its value is VALUE.  NAMEs that begin with $ are reserved for
  other uses and must not be used by applications.

  The VALUE is opaque to the user agent and may be anything the
  origin server chooses to send, possibly in a server-selected
  printable ASCII encoding.  "Opaque" implies that the content is of
  interest and relevance only to the origin server.  The content
  may, in fact, be readable by anyone that examines the Set-Cookie
  header.

Rack sends 'NAME=;' which Microsoft has interpreted not to be a valid in it's older mobile browsers.

Instead, Rack should return an arbitrary value, say '0', and an expiration of Time.at(0). The cookie will be deleted regardless of the value given, and it will still conform to stricter interpretations of the RFC by having the required NAME=VALUE.

The change would be as follows.

def delete_cookie(key, value={})
  unless Array === self["Set-Cookie"]
    self["Set-Cookie"] = [self["Set-Cookie"]].compact
  end

  self["Set-Cookie"].reject! { |cookie|
    cookie =~ /\A#{Utils.escape(key)}=/
  }

  set_cookie(key,
             {:value => '0', :path => nil, :domain => nil,
               :expires => Time.at(0) }.merge(value))
end

Hello guys, I've a problem with rack + nginx + passenger. My nginx vhost config is pretty simple:

    server {
      listen 80;
      server_name _;
      root /src/foo-bar/public;
      passenger_enabled on;
    }

If in my config.ru I've:

require 'myapp'
run MyApp

Every thing works super fine.

But If I have:

require 'myapp1'
require 'myapp2'

map "/" do
  run MyApp1
end

map "/two" do
  run MyApp2
end

I get "Not Found"

If I change my server_name to server_name one.local works
If I change my server_name to server_name one.local two.local one.local works but two.local Not
If I change my server_name to server_name two.local one.local two.local works but one.local Not

Any idea? Is a rack or nginx or passenger?

Thanks so much!

• Provide :cookie_only as option and true as default. If false, allows SID to be retrieved from GET/POST params;
• Do not send the cookie back to the client if session id did not change (improves both server and client side perf);
• Make Abstract::ID implementation more modular, allowing Cookie implementation
  to be simpler by inheriting from it;

All here:

http://github.com/josevalim/rack/commit/5dac45a38c38003f6608ca94fdf40d1d6f4e68ab

This is a giant step forward to make Rails depends on Rack::Session store instead of reimplementing everything from scratch.

The regexp used in Rack::Utils.escape function should have a flag /u, not /n. If it has a flag /n and you pass it a utf8 string, it prints a message "warning: regexp match /.../n against to UTF-8 string" to stdout.

A common security measure against fixation attacks is to change the session id after an user signs in. The easiest way to handle it from an authentication framework, like warden, is to set the session id to nil and expect it will be regenerated. However, this is not true in Rack. This commit fixes it:

http://github.com/josevalim/rack/commit/feb6e8950cdc744b4e625193883b9a9c817ad335

The whole commit is here:

http://github.com/josevalim/rack/commit/5be8ad86f287bfd50f900f0747deee70b5f881e8

Thanks raggi! :D

Hi there,

Found a non-obvious bug in rack's multipart parser.

Have a look at:

http://github.com/bloom/rack/commit/8f4bfced74e7a07d0f0f47705b763c7efc2f2aa7

Please let me know how you feel about this, and feel free to cherry pick it if it's interesting. FWIW, I kept running into the oddest problem with a Rails app that happened to be using a multipart form to submit a fairly large form. It so happened that for a given multipart payload size, I would reliably fall onto a chunking/splitting in rack's multipart parser which, given the 16384 bufsize being used by default, just so happened to expose a bug in the parser. Non-obvious because it took a while to isolate and peg down.

Best,
Bosko

When uploading a file I get this error:

/!\ FAILSAFE /!\  2009-07-03 09:31:48 -0600
Status: 500 Internal Server Error
invalid byte sequence in US-ASCII
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/utils.rb:324:in `=~'
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/utils.rb:324:in `block in parse_multipart'
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/utils.rb:319:in `loop'
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/utils.rb:319:in `parse_multipart'
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/request.rb:141:in `POST'
/Users/tonyh/work/captioncontest/vendor/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call'
/Users/tonyh/work/captioncontest/vendor/rails/actionpack/lib/action_controller/params_parser.rb:15:in `call'

I'm using:
Ruby 1.9.1p129 (2009-05-12 revision 23412) [i386-darwin9]
RubyGems version 1.3.1
Rack version 1.0
Rails version 2.3.2
Active Record version 2.3.2
Action Pack version 2.3.2
Active Resource version 2.3.2
Action Mailer version 2.3.2
Active Support version 2.3.2

I get this error when testing with cucumber/webrat and also through Webrick (since I haven't gotten Mongrel working)

Hi there.

I've run into a problem using rack with Ruby 1.9.2-preview3 and 1.9.2-head

If I write a super simple sinatra app and try and run it through passenger, I get the following in my Nginx error log:

*** Exception LoadError in PhusionPassenger::Rack::ApplicationSpawner (no such file to load -- rivup) (process 61765):
from config.ru:3:in require' from config.ru:3:inblock in

If I try and load the same project using shotgun under Ruby 1.9.2 I get a similar error, this leads me to believe that the problem is not with passenger.

If I switch back to Ruby 1.9.1 or Ruby 1.8.7 everything works as expected.

Rails apps work as normal.

Is this a known error?

I noticed that in CommonLogger, it performs an implicit Array splat when receiving responses from the parent application:

      status, header, body = @app.call(env)

This will not properly set headers or body if the parent application returns Rack::Response or a Struct.new(:status, :headers, :body).

I have a Sinatra app which is using Rack::Session::Cookie
the following code worked when using rack 1.1.0, however in rack 1.2.1 it appears that my session never expires.

use Rack::Session::Cookie, :expire_after => 10*60

lib/rack/utils.rb lines 131-138 seem to be breaking compatibility with Ruby 1.8.6

ESCAPE_HTML = {
      "&" => "&",
      "<" => "&lt;",
      ">" => "&gt;",
      "'" => "&#39;",
      '"' => "&quot;",
    }
ESCAPE_HTML_PATTERN = Regexp.union(ESCAPE_HTML.keys)

Prior to Ruby 1.8.7, Regexp#union took String or Regexp arguments. The ability to pass in an Array is new in 1.8.7.

The docs for Rack::Server.new (below) state that passing in an :app option should override checking and loading a :config. This does not seem to be the case (:app is completely ignored).

http://github.com/rack/rack/blob/master/lib/rack/server.rb#L106-107

The example in Rack::Server.start is also wrong for this reason.

I forked and patched here:

http://github.com/lsegal/rack/commit/45a3ca646020bc8dc868a1a04bef90611fb42632

In browsing through the rails code I found that they use an html_escape routine that only escapes [&"><] whereas rack escapes apostrophe as well. See the ERB::Util module, circa Rails 3, and a recent optimization of escape_html in Rack::Utils.

I went looking for other references on html sanitization and found the Open Web Application Security Project (OWASP). They recommend escaping apostrophes and slash:

Escape the following characters with HTML entity encoding to prevent switching
into any execution context, such as script, style, or event handlers. Using
hex entities is recommended in the spec. In addition to the 5 characters
significant in XML (&, <, >, ", '), the forward slash is included as it helps
to end an HTML entity.

 & --> &amp;
 < --> &lt;
 > --> &gt;
 " --> &quot;
 ' --> &#x27;     &apos; is not recommended
 / --> &#x2F;     forward slash is included as it helps end an HTML entity

See bahuvrihi/rack@0e9c6cba769383d4f8f220c149aec7b27e69d201 for a patch implementing the OWASP recommendations. Note that I am not a web security guru and don't know if these recommendations are right or wrong.

The first ip is the client ip. Why is the last ip returned by request.ip?

With rack-1.1.0, when I send parameters to an rails controller, I see this:
Parameters: {"param"=>"thevalue", ...}

But with 1.2.1, I get this:
Parameters: {"param"=>""thevalue"", ...}

I couldn't reproduce it locally, but it happens everytime I try on ruby 1.9.1 + rack 1.2.1.

Along with the get?, post?, put?, delete? and head?, there should be options? and trace? helpers (see the lines involved).

Some clients and web servers support compressed TLS connections. Chrome 6 supports them. I was browsing PivotalTracker (in Chrome 6, they use nginx/0.6.35) and checked the TLS connection, and it turns out that the TLS connection is compressed with deflate.

If the TLS connection is already compressed, does additional HTTP response compression in Rack do anything to help?

Requiring sinatra (which pulls rack) results in the following on Windows XP

C:\temp>ruby test.rb
C:/dev/ruby/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/utils.rb:138:in union': can't convert Array into String (TypeError) from C:/dev/ruby/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/utils.rb:138 from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:ingem_original_require'
from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in require' from C:/dev/ruby/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/request.rb:1 from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:ingem_original_require'
from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in require' from C:/dev/ruby/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/showexceptions.rb:3 from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:ingem_original_require'
... 7 levels...
from C:/dev/ruby/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra.rb:4
from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:in gem_original_require' from C:/dev/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:inrequire'
from test.rb:1

Tested with the newest RubyInstaller and the last OneClickInstaller with all gems updated to 23.06.2010.
test.rb is just one line: require 'sinatra'

Problem does not exist on Mac OS X with the standard Apple Ruby.
Reverting to rack 1.0.1 solves the problem.

Is there a way to run multiple rack apps completely sandboxed from one another?

I want to allow users to upload their own rack apps to my server and run them side by side while preventing them from messing with each other or the server itself.

I couldn't get Rack::Auth::Digest::MD5 to work for URLs with query strings. I think this is a bug.

For a request to http://host/foo?bar, the browser sends the Authorization header uri parameter as uri="/foo?bar". The resulting Rack env has "SCRIPT_NAME"=>"", "PATH_INFO"=>"/foo", "QUERY_STRING"=>"bar". But the test in Rack::Auth::Digest::Request is:

def correct_uri? 
  (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri 
end 

This fails because "/foo" != "/foo?bar".

If I patch the method as follows, it seems to work fine:

def correct_uri? 
  base_uri = @env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s 
  query_uri = base_uri + "?" + @env['QUERY_STRING'] 
  base_uri == uri || query_uri == uri 
end 

There are more pleasant ways to write that, but it tests my hypothesis. :) I saw some indication while Googling around that browsers disagree on whether to include the querystring in the uri parameter, so perhaps that's where this came from. Latest Chrome and Firefox do send the query string, and fail.

Seems like the escape_html algorithm can be significantly optimized (~5x) using this patch: bahuvrihi/rack@3a9c6fc0d250bb44f2ca298771a749dc17da602b

For benchmarks of the optimized version, as well as several variations that came to mind, see http://gist.github.com/436253. I had a hard time believing this but for me the rack specs pass a full 0.5 seconds faster with the patch (~3.6s vs ~3.1s).

Note that I also added a spec for escape_html as there was not one before.

Here is a fix for it:

http://github.com/josevalim/rack/commit/2c9e8c3ba9af6e3cf11b60074b66e77726fc0f82

The specification says if both IF_NOT_MODIFIED and IF_MODIFIED_SINCE are used, both should match in order to consider the freshness of a response or not. This is fixed in my fork in this commit:

http://github.com/josevalim/rack/commit/93b198c82ad0afeb2864e5f893b87b8310d568e6

Due to this change, I've also changed the ETag middleware to not be triggered if Last-Modified is being used. This makes sense because if the user is setting it (or ETag), it means he wants to handle the http cache mechanism on its own. This other change is available here:

http://github.com/josevalim/rack/commit/999651fbdee6b1d64dbd4f57cf0fec7bfdee7777

I'm looking forward to some feedback in these changes since I want to change Rails to use these middlewares as well. :)

Hi there,

I just tried to install the hot-off-the-grill 1.2.0 release, and ran into this error:

ERROR: While executing gem ... (SystemCallError)
Unknown error - mkdir failed

After digging into things I found out this is because the gem is trying to create both a file with the name SPEC and a directory with the name spec/. :)

I came across an issue that caused bytesize() to throw an exception because it was being asked to return the size of nil when an HTTP response has status is 204 (no content).

The test on line 16 of content_length.rb should prevent it from ever reaching this code, but neglects to convert status (an instance of String) to an int before checking for inclusion in the the Set instance named by the constant STATUS_WITH_NO_ENTITY_BODY, which contains integers.

Please accept the following patch:

diff --git a/lib/rack/content_length.rb b/lib/rack/content_length.rb
index 1e56d43..ba72ef2 100644
--- a/lib/rack/content_length.rb
+++ b/lib/rack/content_length.rb
@@ -13,7 +13,7 @@ module Rack
status, headers, body = @app.call(env)
headers = HeaderHash.new(headers)

•  if !STATUS_WITH_NO_ENTITY_BODY.include?(status) &&
  

•  if !STATUS_WITH_NO_ENTITY_BODY.include?(status.to_i) &&
    !headers['Content-Length'] &&
    !headers['Transfer-Encoding'] &&
    (body.respond_to?(:to_ary) || body.respond_to?(:to_str))
  

I hope someone will contact me to let me know whether this has been accepted and what release it will appear in. Thank you and G-d bless.

I kept getting this error in my fastcgi.crash.log

This error occurs in lib/rack/handler/fastcgi.rb at line 7

Looks like it's trying to alias a method before the method is created.

I believe line 7 needs moved to below the 'read' method definition.

This error occurred on a Bluehost server with the rack-1.0.0 gem.

I have created a test in my fork of the project: http://github.com/diclophis/rack/commit/a59f59ed6eb0701ee651e5b532d38920a29c2324

I have not begun investigating for a fix, I wanted to see if you guys have run across this problem

The problem is that the reject statement selecting MemCache options is written backwards. A patch is here: bahuvrihi/rack@34630196450bceafe33f8ecc889f34d7b7ed9f7c

JRuby, Sinatra, Jetty, rack-jetty, rack 1.2.1

Using the above combination of products CONTENT_TYPE often will be empty, that is, it exists but is empty. Then an execption is thrown in Rack::Request#media_type because it tries to use a "downcase" method on a "nil" object.

I do not know if it is ok for CONTENT_TYPE to be empty, but if it is, a simple solution would be to change Rack::Request#media_type to something like:

def media_type
  return nil if content_type.nil? || content_type.empty?
  content_type.split(/\s*[;,]\s*/, 2).first.downcase
end 

At the same time Rack::Request#media_type_params possibly should be changed to:

def media_type_params
  return {} if content_type.nil? || content_type.empty?
  content_type.split(/\s*[;,]\s*/)[1..-1].
    collect { |s| s.split('=', 2) }.
    inject({}) { |hash,(k,v)| hash[k.downcase] = v ; hash }
end 

Best regards,
Claus

Rack (more or less reasonably) assumes that there is no data before the first boundary in multipart/form-data POST data. However, in RFC1521, paragraph 7.2.1, there is a note explaining that data may be present both before the first boundary and after the last, although it is discouraged.

For me, this meant a very hard-to-track-down bug in a REST client I'm writing that was inserting an extra CRLF before the first boundary. Rack should have accepted it, but instead it threw "EOFError (bad content body)".

Here's the RFC: http://www.faqs.org/rfcs/rfc1521.html

Cheers :)

http://github.com/josevalim/rack/commit/332d046276e17637a7b95e63eb26685d49661c3c

Fixed here. I hope this is the last one! Thanks! :D

This commit breaks Rack's compatibility with ruby 1.8.6:

$ rvm use 1.8.6

info: Using ruby 1.8.6 p399
$ irb
> Regexp.union(['foo', 'bar'])
TypeError: can't convert Array into String
        from (irb):1:in `union'
        from (irb):1
> exit
$ rvm use 1.8.7

info: Using ruby 1.8.7 p299
$ irb
> Regexp.union(['foo', 'bar'])
 => /foo|bar/

:(.

ENV["RACK_ENV"] is not set by rackup on startup, meanwhile at least Passenger, Thin and Unicorn pass this to apps. Besides that Sinatra and Merb use it to set their environment.
You can see the discussion about that in the Unicorn list: http://www.mail-archive.com/[email protected]/msg00123.html

The patch to fix it here:
http://github.com/tundraghost/rack/commit/90e9dfedf454a1491d97ab1d145cd105fdb1c216

Here is patch http://s3.amazonaws.com/anildigital.baconfile.com/rack_file_comment_improve.diff

Hi!

Please have a look at this line:

http://github.com/rack/rack/blob/663abfce9b71ab273c8adc0e76c233671bc43e1d/lib/rack/response.rb#L64

value[:expires].clone.gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT")

My default system locale is ru_RU.UTF8, therefore this line produces
string with Russian letters. Browsers cant set expiration date in
Russian. FF sets session cookies, Safari doesnt set cookies at all.
Suppose this is a bug. Instead of strftime, rfc2822 should be used.

Thanks.

This is so that it's easier to see what is going on when debugging with tools like Firebug. Instead of formatting the exception in HTML, simply dumping it in plain text makes everything much more readable.

http://github.com/djanowski/rack/commit/f404683f2fb28834299f0bfff044c04c5744c781

In Ruby < 1.9, :config and :pid must be absolute paths because Rack::Server does Dir.chdir "/" before reading the :config and writing the :pid. This was unexpected - is it intended?

According to the rack spec, a repeated response header is specified by providing a newline-separated string containing the values for the header. When the WEBrick runner is presented with such a header, it only emits the last one. See example.

This seems to be a limitation of WEBrick — AFAICT, its HTTPResponse has no way to set multiple values for the same header. However, RFC 1945 section 4.2 indicates that a repeated header must be equivalent to a single instance of the header with a comma-separated list of values. Perhaps the WEBrick handler should emit repeated headers this way. I.e., in the example, the WEBrick handler would return

WWW-Authenticate: Bar realm=X, Baz realm=Y

Rack::Response does not support Array access, and thus cannot be used with code that expects traditional Array<status, headers, body> response objects. If Rack::Response inherited from Struct.new(:status, :headers, :body), it could gain arbitrary Array access. Rack::Response would only then have to override the #[] and #[]= methods to support String, Symbol and Integer keys.

On my Mac 10.6.4 system webrick no longer processes ctrl-C interrupts properly using any rack including and after this commit

http://github.com/rack/rack/commit/e516d89ffcdad1c9d58432aaaff4a382ed3997e7

commit e516d89ffcdad1c9d58432aaaff4a382ed3997e7
Author: raggi <[email protected]>
Date:   Tue Mar 23 19:29:44 2010 +0000

    Move trap(:INT) to Rack::Server and support optional Handler protocol where handlers may implement .shutdown to do pre-exit cleanup.

I have this problem starting webrick using sc-server (used with the sproutcore gem) and script/server (on rails 2.3.8).

sc-server is cleanly halted using ctrl-C using rack 1.2.1, thin and sproutcore gem v1.0.1046

$ ruby -v
ruby 1.9.1p378 (2010-01-10 revision 26273) [i386-darwin9.8.0]

$ gem list rack

*** LOCAL GEMS ***

rack (1.2.1)
rack-mount (0.6.3)
rack-test (0.5.3)

$ gem list thin

*** LOCAL GEMS ***

thin (1.2.7)

$ gem list sproutcore

*** LOCAL GEMS ***

sproutcore (1.0.1046)

$ sc-server
SproutCore v1.0.1046 Development Server
Starting server at http://0.0.0.0:4020 in debug mode
To quit sc-server, press Control-C
>> Thin web server (v1.2.7 codename No Hup)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:4020, CTRL+C to stop
^C>> Stopping

If I uninstall thin and run sc-server again (which now uses webrick) I need to kill the process to stop it.

This version of rack works (from Mar 23 -- about 3.5 months after the release of rack 1.1.0):
http://github.com/rack/rack/commit/456fb5fc658fec45a07c765ef22b2ced935808b1

commit 456fb5fc658fec45a07c765ef22b2ced935808b1
Author: raggi <[email protected]>
Date:   Tue Mar 23 19:23:43 2010 +0000

    Fix a bug in CGI detection

Using ctrl-C with webrick stops working on the next commit later that day:
http://github.com/rack/rack/commit/e516d89ffcdad1c9d58432aaaff4a382ed3997e7

I have the same problem using rails 2.3.8 and rack e516d89...

$ script/server -p 3001
=> Booting WEBrick
=> Rails 2.3.8 application starting on http://0.0.0.0:3001
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-07-11 19:36:44] INFO  WEBrick 1.3.1
[2010-07-11 19:36:44] INFO  ruby 1.9.1 (2010-01-10) [i386-darwin9.8.0]
[2010-07-11 19:36:44] INFO  WEBrick::HTTPServer#start: pid=79959 port=3001

Here's what the console reports when I enter ctrl-C:

^C[2010-07-11 19:36:47] ERROR SystemExit: exit
    /Users/stephen/.rvm/gems/ruby-1.9.1-p378/gems/rails-2.3.8/lib/commands/server.rb:106:in `exit'

I have to kill the process to stop the server.

If instead I start rails with thin ctrl-C works either using rack e516d89... or rack 1.2.1

$ thin start -p3001
>> Using rails adapter
>> Thin web server (v1.2.7 codename No Hup)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3001, CTRL+C to stop
^C>> Stopping ...

Currently the rewindable input support enables the “posix filesystem semantics” for Ruby 1.9; unfortunately the tempfile class from Ruby 1.9 breaks this: unlinking the file closes the descriptor (which is probably wrong by itself). This breaks the rewindable input badly :/

Perhaps it's considered hacky to pass changes back up the call stack, but currently you generally can, unless you use urlmap. A simple change to using merge! would be faster and would keep it the same object, also, which means a lower level middleware (or the end-point itself) can modify the env hash and a higher level middleware can access that. Sure other middlewares could cause the same issue, but it'd be nice if rack itself didn't. I'll come up with a fork/patch w/ test if you like.

{ :foo => [1,2] }

should produce
foo[]=1&foo[]=2

not
foo=1&foo=2

Rack appears to incorrectly handle cookies with values that are quoted-strings. RFC2109 states that a value is a word and a word may be a token or a quoted-string. Rack is handling quoted-string values as if they were tokens. Naturally this causes some problems.

It looks like the issue stems from the fact that Rack::Request#cookies uses Rack::Utils.parse_query. What parse_query does makes sense for parameters, but I think it is incorrect for cookie values.

If I have a cookie like so:

POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
    Customer="WILE_E_COYOTE"; $Path="/acme";
    Part_Number="Rocket_Launcher_0001"; $Path="/acme"

The ruby String value for key Customer should be "WILE_E_COYOTE" rather than ""WILE_E_COYOTE"".

You can imagine how this handling of quoted strings leads to interoperability problems with other application stacks.

Please apply this patch to the HEAD: http://gist.github.com/393420 and confirm.

Despite the patch I offered with issue http://github.com/rack/rack/issues/closed#issue/10, an HTTP response without a body can still cause an exception after installing the 'thin' gem because bytesize() is given a nil argument. This patch will fix it.