From 8b4cc97a88734ec5dc6a517217f9c0cc6c96114a Mon Sep 17 00:00:00 2001
From: Patrik Ragnarsson <patrik@starkast.net>
Date: Wed, 28 Dec 2022 18:22:42 +0100
Subject: [PATCH] `SERVER_PROTOCOL` -> `HTTP_VERSION`

Similar change as https://github.com/jeremyevans/roda/commit/50f0ddf06728f8fd1b460e7a643eb48025d2ef17

Good to know is that rack-test defaults to HTTP/1.0:
https://github.com/rack/rack-test/blob/v2.0.2/lib/rack/test.rb#L277-L285
(so Rack::Lint does not catch all usage of HTTP_VERSION)
---
 lib/sinatra/base.rb                                          | 5 ++++-
 .../spec/lib/rack/protection/session_hijacking_spec.rb       | 4 ++--
 test/helpers_test.rb                                         | 4 ++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
index ce6bd366d2..b6e1cfcef3 100644
--- a/lib/sinatra/base.rb
+++ b/lib/sinatra/base.rb
@@ -302,7 +302,10 @@ def block.each; yield(call) end
 
     # Halt processing and redirect to the URI provided.
     def redirect(uri, *args)
-      if (env['HTTP_VERSION'] == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
+      # SERVER_PROTOCOL is required in Rack 3, fall back to HTTP_VERSION
+      # for servers not updated for Rack 3 (like Puma 5)
+      http_version = env['SERVER_PROTOCOL'] || env['HTTP_VERSION']
+      if (http_version == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
         status 303
       else
         status 302
diff --git a/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb b/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
index e39497b1a9..508b5814a6 100644
--- a/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
+++ b/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
@@ -27,8 +27,8 @@
 
   it 'accepts requests with a changing Version header' do
     session = { foo: :bar }
-    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
-    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
+    get '/', {}, 'rack.session' => session, 'SERVER_PROTOCOL' => 'HTTP/1.0'
+    get '/', {}, 'rack.session' => session, 'SERVER_PROTOCOL' => 'HTTP/1.1'
     expect(session[:foo]).to eq(:bar)
   end
 end
diff --git a/test/helpers_test.rb b/test/helpers_test.rb
index 50ee677872..c8893d2bc9 100644
--- a/test/helpers_test.rb
+++ b/test/helpers_test.rb
@@ -236,7 +236,7 @@ def status_app(code, &block)
 
     it 'uses 303 for post requests if request is HTTP 1.1' do
       mock_app { post('/') { redirect '/'} }
-      post('/', {}, 'HTTP_VERSION' => 'HTTP/1.1')
+      post('/', {}, 'SERVER_PROTOCOL' => 'HTTP/1.1')
       assert_equal 303, status
       assert_equal '', body
       assert_equal 'http://example.org/', response['Location']
@@ -244,7 +244,7 @@ def status_app(code, &block)
 
     it 'uses 302 for post requests if request is HTTP 1.0' do
       mock_app { post('/') { redirect '/'} }
-      post('/', {}, 'HTTP_VERSION' => 'HTTP/1.0')
+      post('/', {}, 'SERVER_PROTOCOL' => 'HTTP/1.0')
       assert_equal 302, status
       assert_equal '', body
       assert_equal 'http://example.org/', response['Location']