diff options
Diffstat (limited to 'guides')
52 files changed, 206 insertions, 336 deletions
diff --git a/guides/assets/images/rails4_features.png b/guides/assets/images/4_0_release_notes/rails4_features.png Binary files differindex ac73f05cf7..ac73f05cf7 100644 --- a/guides/assets/images/rails4_features.png +++ b/guides/assets/images/4_0_release_notes/rails4_features.png diff --git a/guides/assets/images/belongs_to.png b/guides/assets/images/association_basics/belongs_to.png Binary files differindex 2b8c1d52ea..2b8c1d52ea 100644 --- a/guides/assets/images/belongs_to.png +++ b/guides/assets/images/association_basics/belongs_to.png diff --git a/guides/assets/images/habtm.png b/guides/assets/images/association_basics/habtm.png Binary files differindex 7e508cc1a6..7e508cc1a6 100644 --- a/guides/assets/images/habtm.png +++ b/guides/assets/images/association_basics/habtm.png diff --git a/guides/assets/images/has_many.png b/guides/assets/images/association_basics/has_many.png Binary files differindex 36ccf9f0f6..36ccf9f0f6 100644 --- a/guides/assets/images/has_many.png +++ b/guides/assets/images/association_basics/has_many.png diff --git a/guides/assets/images/has_many_through.png b/guides/assets/images/association_basics/has_many_through.png Binary files differindex 9e9caabd73..9e9caabd73 100644 --- a/guides/assets/images/has_many_through.png +++ b/guides/assets/images/association_basics/has_many_through.png diff --git a/guides/assets/images/has_one.png b/guides/assets/images/association_basics/has_one.png Binary files differindex c29c6b9c59..c29c6b9c59 100644 --- a/guides/assets/images/has_one.png +++ b/guides/assets/images/association_basics/has_one.png diff --git a/guides/assets/images/has_one_through.png b/guides/assets/images/association_basics/has_one_through.png Binary files differindex fdf13286c4..fdf13286c4 100644 --- a/guides/assets/images/has_one_through.png +++ b/guides/assets/images/association_basics/has_one_through.png diff --git a/guides/assets/images/polymorphic.png b/guides/assets/images/association_basics/polymorphic.png Binary files differindex d630db9e01..d630db9e01 100644 --- a/guides/assets/images/polymorphic.png +++ b/guides/assets/images/association_basics/polymorphic.png diff --git a/guides/assets/images/header_backdrop.png b/guides/assets/images/header_backdrop.png Binary files differdeleted file mode 100644 index 81f4d91774..0000000000 --- a/guides/assets/images/header_backdrop.png +++ /dev/null diff --git a/guides/assets/images/icons/README b/guides/assets/images/icons/README deleted file mode 100644 index 09da77fc86..0000000000 --- a/guides/assets/images/icons/README +++ /dev/null @@ -1,5 +0,0 @@ -Replaced the plain DocBook XSL admonition icons with Jimmac's DocBook -icons (http://jimmac.musichall.cz/ikony.php3). I dropped transparency -from the Jimmac icons to get round MS IE and FOP PNG incompatibilities. - -Stuart Rackham diff --git a/guides/assets/images/icons/callouts/1.png b/guides/assets/images/icons/callouts/1.png Binary files differdeleted file mode 100644 index c5d02adcf4..0000000000 --- a/guides/assets/images/icons/callouts/1.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/10.png b/guides/assets/images/icons/callouts/10.png Binary files differdeleted file mode 100644 index fe89f9ef83..0000000000 --- a/guides/assets/images/icons/callouts/10.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/11.png b/guides/assets/images/icons/callouts/11.png Binary files differdeleted file mode 100644 index 3b7b9318e7..0000000000 --- a/guides/assets/images/icons/callouts/11.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/12.png b/guides/assets/images/icons/callouts/12.png Binary files differdeleted file mode 100644 index 7b95925e9d..0000000000 --- a/guides/assets/images/icons/callouts/12.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/13.png b/guides/assets/images/icons/callouts/13.png Binary files differdeleted file mode 100644 index 4b99fe8efc..0000000000 --- a/guides/assets/images/icons/callouts/13.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/14.png b/guides/assets/images/icons/callouts/14.png Binary files differdeleted file mode 100644 index dbde9ca749..0000000000 --- a/guides/assets/images/icons/callouts/14.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/15.png b/guides/assets/images/icons/callouts/15.png Binary files differdeleted file mode 100644 index 70e4bba615..0000000000 --- a/guides/assets/images/icons/callouts/15.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/2.png b/guides/assets/images/icons/callouts/2.png Binary files differdeleted file mode 100644 index 8c57970ba9..0000000000 --- a/guides/assets/images/icons/callouts/2.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/3.png b/guides/assets/images/icons/callouts/3.png Binary files differdeleted file mode 100644 index 57a33d15b4..0000000000 --- a/guides/assets/images/icons/callouts/3.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/4.png b/guides/assets/images/icons/callouts/4.png Binary files differdeleted file mode 100644 index f061ab02b8..0000000000 --- a/guides/assets/images/icons/callouts/4.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/5.png b/guides/assets/images/icons/callouts/5.png Binary files differdeleted file mode 100644 index b4de02da11..0000000000 --- a/guides/assets/images/icons/callouts/5.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/6.png b/guides/assets/images/icons/callouts/6.png Binary files differdeleted file mode 100644 index 0e055eec1e..0000000000 --- a/guides/assets/images/icons/callouts/6.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/7.png b/guides/assets/images/icons/callouts/7.png Binary files differdeleted file mode 100644 index 5ead87d040..0000000000 --- a/guides/assets/images/icons/callouts/7.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/8.png b/guides/assets/images/icons/callouts/8.png Binary files differdeleted file mode 100644 index cb99545eb6..0000000000 --- a/guides/assets/images/icons/callouts/8.png +++ /dev/null diff --git a/guides/assets/images/icons/callouts/9.png b/guides/assets/images/icons/callouts/9.png Binary files differdeleted file mode 100644 index 0ac03602f6..0000000000 --- a/guides/assets/images/icons/callouts/9.png +++ /dev/null diff --git a/guides/assets/images/icons/caution.png b/guides/assets/images/icons/caution.png Binary files differdeleted file mode 100644 index 7227b54b32..0000000000 --- a/guides/assets/images/icons/caution.png +++ /dev/null diff --git a/guides/assets/images/icons/example.png b/guides/assets/images/icons/example.png Binary files differdeleted file mode 100644 index a0e855befa..0000000000 --- a/guides/assets/images/icons/example.png +++ /dev/null diff --git a/guides/assets/images/icons/home.png b/guides/assets/images/icons/home.png Binary files differdeleted file mode 100644 index e70e164522..0000000000 --- a/guides/assets/images/icons/home.png +++ /dev/null diff --git a/guides/assets/images/icons/important.png b/guides/assets/images/icons/important.png Binary files differdeleted file mode 100644 index bab53bf3aa..0000000000 --- a/guides/assets/images/icons/important.png +++ /dev/null diff --git a/guides/assets/images/icons/next.png b/guides/assets/images/icons/next.png Binary files differdeleted file mode 100644 index a158832725..0000000000 --- a/guides/assets/images/icons/next.png +++ /dev/null diff --git a/guides/assets/images/icons/note.png b/guides/assets/images/icons/note.png Binary files differdeleted file mode 100644 index 62eec7845f..0000000000 --- a/guides/assets/images/icons/note.png +++ /dev/null diff --git a/guides/assets/images/icons/prev.png b/guides/assets/images/icons/prev.png Binary files differdeleted file mode 100644 index 8a96960422..0000000000 --- a/guides/assets/images/icons/prev.png +++ /dev/null diff --git a/guides/assets/images/icons/tip.png b/guides/assets/images/icons/tip.png Binary files differdeleted file mode 100644 index a5316d318f..0000000000 --- a/guides/assets/images/icons/tip.png +++ /dev/null diff --git a/guides/assets/images/icons/up.png b/guides/assets/images/icons/up.png Binary files differdeleted file mode 100644 index 6cac818170..0000000000 --- a/guides/assets/images/icons/up.png +++ /dev/null diff --git a/guides/assets/images/icons/warning.png b/guides/assets/images/icons/warning.png Binary files differdeleted file mode 100644 index 72a8a5d873..0000000000 --- a/guides/assets/images/icons/warning.png +++ /dev/null diff --git a/guides/assets/images/rails_logo_remix.gif b/guides/assets/images/rails_logo_remix.gif Binary files differdeleted file mode 100644 index 58960ee4f9..0000000000 --- a/guides/assets/images/rails_logo_remix.gif +++ /dev/null diff --git a/guides/assets/images/csrf.png b/guides/assets/images/security/csrf.png Binary files differindex a8123d47c3..a8123d47c3 100644 --- a/guides/assets/images/csrf.png +++ b/guides/assets/images/security/csrf.png diff --git a/guides/assets/images/session_fixation.png b/guides/assets/images/security/session_fixation.png Binary files differindex e009484f09..e009484f09 100644 --- a/guides/assets/images/session_fixation.png +++ b/guides/assets/images/security/session_fixation.png diff --git a/guides/assets/stylesheets/responsive-tables.css b/guides/assets/stylesheets/responsive-tables.css deleted file mode 100644 index f5fbcbf948..0000000000 --- a/guides/assets/stylesheets/responsive-tables.css +++ /dev/null @@ -1,50 +0,0 @@ -/* Foundation v2.1.4 http://foundation.zurb.com */ -/* Artfully masterminded by ZURB */ - -/* -------------------------------------------------- - Table of Contents ------------------------------------------------------ -:: Shared Styles -:: Page Name 1 -:: Page Name 2 -*/ - - -/* ----------------------------------------- - Shared Styles ------------------------------------------ */ - -table th { font-weight: bold; } -table td, table th { padding: 9px 10px; text-align: left; } - -/* Mobile */ -@media only screen and (max-width: 767px) { - - table { margin-bottom: 0; } - - .pinned { position: absolute; left: 0; top: 0; background: #fff; width: 35%; overflow: hidden; overflow-x: scroll; border-right: 1px solid #ccc; border-left: 1px solid #ccc; } - .pinned table { border-right: none; border-left: none; width: 100%; } - .pinned table th, .pinned table td { white-space: nowrap; } - .pinned td:last-child { border-bottom: 0; } - - div.table-wrapper { position: relative; margin-bottom: 20px; overflow: hidden; border-right: 1px solid #ccc; } - div.table-wrapper div.scrollable table { margin-left: 35%; } - div.table-wrapper div.scrollable { overflow: scroll; overflow-y: hidden; } - - table td, table th { position: relative; white-space: nowrap; overflow: hidden; } - table th:first-child, table td:first-child, table td:first-child, table.pinned td { display: none; } - -} - -/* ----------------------------------------- - Page Name 1 ------------------------------------------ */ - - - - -/* ----------------------------------------- - Page Name 2 ------------------------------------------ */ - - diff --git a/guides/source/4_0_release_notes.md b/guides/source/4_0_release_notes.md index 0921cd1979..a1a6a225b2 100644 --- a/guides/source/4_0_release_notes.md +++ b/guides/source/4_0_release_notes.md @@ -55,7 +55,7 @@ $ ruby /path/to/rails/railties/bin/rails new myapp --dev Major Features -------------- -[](http://guides.rubyonrails.org/images/rails4_features.png) +[](http://guides.rubyonrails.org/images/4_0_release_notes/rails4_features.png) ### Upgrade diff --git a/guides/source/5_2_release_notes.md b/guides/source/5_2_release_notes.md index 3c36ba5f7a..541c025fac 100644 --- a/guides/source/5_2_release_notes.md +++ b/guides/source/5_2_release_notes.md @@ -85,69 +85,9 @@ Rails 5.2 ships with a new DSL that allows you to configure a for your application. You can configure a global default policy and then override it on a per-resource basis and even use lambdas to inject per-request values into the header such as account subdomains in a multi-tenant application. - -Example global policy: - -```ruby -# config/initializers/content_security_policy.rb -Rails.application.config.content_security_policy do |policy| - policy.default_src :self, :https - policy.font_src :self, :https, :data - policy.img_src :self, :https, :data - policy.object_src :none - policy.script_src :self, :https - policy.style_src :self, :https - - # Specify URI for violation reports - policy.report_uri "/csp-violation-report-endpoint" -end -``` - -Example controller overrides: - -```ruby -# Override policy inline -class PostsController < ApplicationController - content_security_policy do |p| - p.upgrade_insecure_requests true - end -end - -# Using literal values -class PostsController < ApplicationController - content_security_policy do |p| - p.base_uri "https://www.example.com" - end -end - -# Using mixed static and dynamic values -class PostsController < ApplicationController - content_security_policy do |p| - p.base_uri :self, -> { "https://#{current_user.domain}.example.com" } - end -end - -# Disabling the global CSP -class LegacyPagesController < ApplicationController - content_security_policy false, only: :index -end -``` - -To report only content violations for migrating -legacy content using the `content_security_policy_report_only` -configuration attribute: - -```ruby -# config/initializers/content_security_policy.rb -Rails.application.config.content_security_policy_report_only = true -``` - -```ruby -# Controller override -class PostsController < ApplicationController - content_security_policy_report_only only: :index -end -``` +You can read more about this in the +[Securing Rails Applications](security.html#content-security-policy) +guide. Railties -------- @@ -172,26 +112,16 @@ Please refer to the [Changelog][railties] for detailed changes. ### Notable changes -* Namespace error pages' CSS selectors to stop the styles from bleeding - into other pages when using Turbolinks. - ([Pull Request](https://github.com/rails/rails/pull/28814)) - * Added a shared section to `config/database.yml` that will be loaded for all environments. ([Pull Request](https://github.com/rails/rails/pull/28896)) -* Allow irb options to be passed from `rails console` command. - ([Pull Request](https://github.com/rails/rails/pull/29010)) - * Add `railtie.rb` to the plugin generator. ([Pull Request](https://github.com/rails/rails/pull/29576)) * Clear screenshot files in `tmp:clear` task. ([Pull Request](https://github.com/rails/rails/pull/29534)) -* Load environment file in `dbconsole` command. - ([Pull Request](https://github.com/rails/rails/pull/29725)) - * Skip unused components when running `bin/rails app:update`. If the initial app generation skipped Action Cable, Active Record etc., the update task honors those skips too. @@ -246,19 +176,11 @@ Please refer to the [Changelog][railties] for detailed changes. * Add `mini_magick` to default `Gemfile` as comment. ([Pull Request](https://github.com/rails/rails/pull/30633)) -* Gemfile for new apps: upgrade redis-rb from ~> 3.0 to 4.0. - ([Pull Request](https://github.com/rails/rails/pull/30748)) - * `rails new` and `rails plugin new` get `Active Storage` by default. Add ability to skip `Active Storage` with `--skip-active-storage` and do so automatically when `--skip-active-record` is used. ([Pull Request](https://github.com/rails/rails/pull/30101)) -* Fix minitest rails plugin. - The custom reporters are added only if needed. - This will fix conflicts with others plugins. - ([Commit](https://github.com/rails/rails/commit/ac99916fcf7bf27bb1519d4f7387c6b4c5f0463d)) - Action Cable ------------ @@ -277,9 +199,6 @@ Please refer to the [Changelog][action-cable] for detailed changes. * Hash long stream identifiers when using PostgreSQL adapter. ([Pull Request](https://github.com/rails/rails/pull/29297)) -* Add support for compatibility with redis-rb gem for 4.0 version. - ([Pull Request](https://github.com/rails/rails/pull/30748)) - Action Pack ----------- @@ -298,10 +217,6 @@ Please refer to the [Changelog][action-pack] for detailed changes. ### Notable changes -* Add `action_controller_api` and `action_controller_base` load hooks to be - called in `ActiveSupport.on_load`. - ([Pull Request](https://github.com/rails/rails/pull/28402)) - * Add support for recyclable cache keys with fragment caching. ([Pull Request](https://github.com/rails/rails/pull/29092)) @@ -312,18 +227,9 @@ Please refer to the [Changelog][action-pack] for detailed changes. * AEAD encrypted cookies and sessions with GCM. ([Pull Request](https://github.com/rails/rails/pull/28132)) -* `driven_by` now registers poltergeist and capybara-webkit. - ([Pull Request](https://github.com/rails/rails/pull/29315)) - -* Fallback `ActionController::Parameters#to_s` to `Hash#to_s`. - ([Pull Request](https://github.com/rails/rails/pull/29630)) - * Protect from forgery by default. ([Pull Request](https://github.com/rails/rails/pull/29742)) -* Make `take_failed_screenshot` work within engine. - ([Pull Request](https://github.com/rails/rails/pull/30421)) - * Enforce signed/encrypted cookie expiry server side. ([Pull Request](https://github.com/rails/rails/pull/30121)) @@ -353,9 +259,6 @@ Please refer to the [Changelog][action-pack] for detailed changes. [Commit](https://github.com/rails/rails/commit/619b1b6353a65e1635d10b8f8c6630723a5a6f1a), [Commit](https://github.com/rails/rails/commit/4ec8bf68ff92f35e79232fbd605012ce1f4e1e6e)) -* Fix optimized url helpers when using relative url root. - ([Pull Request](https://github.com/rails/rails/pull/31261)) - * Register most popular audio/video/font mime types supported by modern browsers. ([Pull Request](https://github.com/rails/rails/pull/31251)) @@ -409,21 +312,10 @@ Please refer to the [Changelog][action-view] for detailed changes. ### Notable changes -* Update `distance_of_time_in_words` helper to display better error messages - for bad input. - ([Pull Request](https://github.com/rails/rails/pull/20701)) - * Add `:json` type to `auto_discovery_link_tag` to support [JSON Feeds](https://jsonfeed.org/version/1). ([Pull Request](https://github.com/rails/rails/pull/29158)) -* Generate field ids in `collection_check_boxes` and - `collection_radio_buttons`. - ([Pull Request](https://github.com/rails/rails/pull/29412)) - -* Fix issues with scopes and engine on `current_page?` method. - ([Pull Request](https://github.com/rails/rails/pull/29503)) - * Add `srcset` option to `image_tag` helper. ([Pull Request](https://github.com/rails/rails/pull/29349)) @@ -453,10 +345,6 @@ Please refer to the [Changelog][action-mailer] for detailed changes. * Add `assert_enqueued_email_with` test helper. ([Pull Request](https://github.com/rails/rails/pull/30695)) -* Bring back proc with arity of 1 in `ActionMailer::Base.default` proc - since it was supported in Rails 5.0 but not deprecated. - ([Pull Request](https://github.com/rails/rails/pull/30391)) - Active Record ------------- @@ -546,9 +434,6 @@ Please refer to the [Changelog][active-record] for detailed changes. when the current migration does not exist. ([Commit](https://github.com/rails/rails/commit/bb9d6eb094f29bb94ef1f26aa44f145f17b973fe)) -* Add type caster to `RuntimeReflection#alias_name`. - ([Pull Request](https://github.com/rails/rails/pull/28961)) - * Respect `SchemaDumper.ignore_tables` in rake tasks for databases structure dump. ([Pull Request](https://github.com/rails/rails/pull/29077)) @@ -559,39 +444,16 @@ Please refer to the [Changelog][active-record] for detailed changes. does not include a timestamp any more. ([Pull Request](https://github.com/rails/rails/pull/29092)) -* Loading model schema from database is now thread-safe. - ([Pull Request](https://github.com/rails/rails/pull/29216)) - * Prevent creation of bind param if casted value is nil. ([Pull Request](https://github.com/rails/rails/pull/29282)) * Use bulk INSERT to insert fixtures for better performance. ([Pull Request](https://github.com/rails/rails/pull/29504)) -* Fix destroying existing object does not work well when optimistic locking - enabled and `locking_column` is null in the database. - ([Pull Request](https://github.com/rails/rails/pull/28926)) - -* `ActiveRecord::Persistence#touch` does not work well - when optimistic locking enabled and `locking_column`, - without default value, is null in the database. - ([Pull Request](https://github.com/rails/rails/pull/28914)) - * Merging two relations representing nested joins no longer transforms the joins of the merged relation into LEFT OUTER JOIN. ([Pull Request](https://github.com/rails/rails/pull/27063)) -* Previously, when building records using a `has_many :through` association, - if the child records were deleted before the parent was saved, - they would still be persisted. Now, if child records are deleted - before the parent is saved on a `has_many :through` association, - the child records will not be persisted. - ([Pull Request](https://github.com/rails/rails/pull/29593)) - -* Query cache was unavailable when entering the `ActiveRecord::Base.cache` - block without being connected. - ([Pull Request](https://github.com/rails/rails/pull/29609)) - * Fix transactions to apply state to child transactions. Previously, if you had a nested transaction and the outer transaction was rolledback, the record from the inner transaction would still be marked @@ -617,26 +479,10 @@ Please refer to the [Changelog][active-record] for detailed changes. recognize 't' and 'f' as was previously serialized. ([Pull Request](https://github.com/rails/rails/pull/29699)) -* `Relation#joins` is no longer affected by the target model's - `current_scope`, with the exception of `unscoped`. - ([Commit](https://github.com/rails/rails/commit/5c71000d086cc42516934415b79380c2224e1614)) - * Values constructed using multi-parameter assignment will now use the post-type-cast value for rendering in single-field form inputs. ([Commit](https://github.com/rails/rails/commit/1519e976b224871c7f7dd476351930d5d0d7faf6)) -* Fix `unscoped(where: [columns])` removing the wrong bind values. - ([Pull Request](https://github.com/rails/rails/pull/29780)) - -* When a `has_one` association is destroyed by `dependent: destroy`, - `destroyed_by_association` will now be set to the reflection, matching the - behaviour of `has_many` associations. - ([Pull Request](https://github.com/rails/rails/pull/29855)) - -* Fix `COUNT(DISTINCT ...)` with `ORDER BY` and `LIMIT` - to keep the existing select list. - ([Pull Request](https://github.com/rails/rails/pull/29848)) - * `ApplicationRecord` is no longer generated when generating models. If you need to generate it, it can be created with `rails g application_record`. ([Pull Request](https://github.com/rails/rails/pull/29916)) @@ -652,9 +498,6 @@ Please refer to the [Changelog][active-record] for detailed changes. * Add `binary` fixture helper method. ([Pull Request](https://github.com/rails/rails/pull/30073)) -* Ensure `sum` honors `distinct` on `has_many :through` associations. - ([Commit](https://github.com/rails/rails/commit/566f1fd068711dfe557bef63406f8dd6d41d473d)) - * Automatically guess the inverse associations for STI. ([Pull Request](https://github.com/rails/rails/pull/23425)) @@ -676,19 +519,6 @@ Please refer to the [Changelog][active-record] for detailed changes. * PostgreSQL `tsrange` now preserves subsecond precision. ([Pull Request](https://github.com/rails/rails/pull/30725)) -* Fix `COUNT(DISTINCT ...)` for `GROUP BY` with `ORDER BY` and `LIMIT`. - ([Commit](https://github.com/rails/rails/commit/5668dc6b1863ef43be8f8ef0fb1d5db913085fb3)) - -* MySQL: Don't lose `auto_increment: true` in the `db/schema.rb`. - ([Commit](https://github.com/rails/rails/commit/9493d4553569118b2a85da84fd3a8ba2b5b2de76)) - -* Fix longer sequence name detection for serial columns. - ([Pull Request](https://github.com/rails/rails/pull/28339)) - -* Fix `bin/rails db:setup` and `bin/rails db:test:prepare` create wrong - ar_internal_metadata's data for a test database. - ([Pull Request](https://github.com/rails/rails/pull/30579)) - * Raises when calling `lock!` in a dirty record. ([Commit](https://github.com/rails/rails/commit/63cf15877bae859ff7b4ebaf05186f3ca79c1863)) @@ -732,9 +562,6 @@ Please refer to the [Changelog][active-record] for detailed changes. * Add support for PostgreSQL operator classes to `add_index`. ([Pull Request](https://github.com/rails/rails/pull/19090)) -* Fix conflicts `counter_cache` with `touch: true` by optimistic locking. - ([Pull Request](https://github.com/rails/rails/pull/31405)) - * Log database query callers. ([Pull Request](https://github.com/rails/rails/pull/26815), [Pull Request](https://github.com/rails/rails/pull/31519), @@ -746,16 +573,6 @@ Please refer to the [Changelog][active-record] for detailed changes. * Using subselect for `delete_all` with `limit` or `offset`. ([Commit](https://github.com/rails/rails/commit/9e7260da1bdc0770cf4ac547120c85ab93ff3d48)) -* Fix `count(:all)` to correctly work `distinct` with custom SELECT list. - ([Commit](https://github.com/rails/rails/commit/c6cd9a59f200863ccfe8ad1d9c5a8876c39b9c5c)) - -* Fix to invoke callbacks when using `update_attribute`. - ([Commit](https://github.com/rails/rails/commit/732aa34b6e6459ad66a3d3ad107cfff75cc45160)) - -* Use `count(:all)` in `HasManyAssociation#count_records` to prevent invalid - SQL queries for association counting. - ([Pull Request](https://github.com/rails/rails/pull/27561)) - * Fixed inconsistency with `first(n)` when used with `limit()`. The `first(n)` finder now respects the `limit()`, making it consistent with `relation.to_a.first(n)`, and also with the behavior of `last(n)`. @@ -779,17 +596,10 @@ Please refer to the [Changelog][active-record] for detailed changes. * Clear the transaction state when an Active Record object is duped. ([Pull Request](https://github.com/rails/rails/pull/31751)) -* Fix `count(:all)` with eager loading and having an order other than - the driving table. - ([Commit](https://github.com/rails/rails/commit/ebc09ed9ad9a04338138739226a1a92c7a2707ee)) - * Fix not expanded problem when passing an Array object as argument to the where method using `composed_of` column. ([Pull Request](https://github.com/rails/rails/pull/31724)) -* PostgreSQL: Allow pg-1.0 gem to be used with Active Record. - ([Pull Request](https://github.com/rails/rails/pull/31671)) - * Make `reflection.klass` raise if `polymorphic?` not to be misused. ([Commit](https://github.com/rails/rails/commit/63fc1100ce054e3e11c04a547cdb9387cd79571a)) @@ -798,10 +608,6 @@ Please refer to the [Changelog][active-record] for detailed changes. even if `ORDER BY` columns include other table's primary key. ([Commit](https://github.com/rails/rails/commit/851618c15750979a75635530200665b543561a44)) -* Fix that after commit callbacks on update does not triggered - when optimistic locking is enabled. - ([Commit](https://github.com/rails/rails/commit/7f9bd034c485c2425ae0164ff5d6374834e3aa1d)) - * Fix `dependent: :destroy` issue for has_one/belongs_to relationship where the parent class was getting deleted when the child was not. ([Commit](https://github.com/rails/rails/commit/b0fc04aa3af338d5a90608bf37248668d59fc881)) @@ -818,10 +624,6 @@ Please refer to the [Changelog][active-model] for detailed changes. Change `#values` to only return the not empty values. ([Pull Request](https://github.com/rails/rails/pull/28584)) -* Fix regression in numericality validator when comparing Decimal and Float - input values with more scale than the schema. - ([Pull Request](https://github.com/rails/rails/pull/28584)) - * Add method `#merge!` for `ActiveModel::Errors`. ([Pull Request](https://github.com/rails/rails/pull/29714)) @@ -832,9 +634,6 @@ Please refer to the [Changelog][active-model] for detailed changes. is `false`. ([Pull Request](https://github.com/rails/rails/pull/31058)) -* Fix to working before/after validation callbacks on multiple contexts. - ([Pull Request](https://github.com/rails/rails/pull/31483)) - * Models using the attributes API with a proc default can now be marshalled. ([Commit](https://github.com/rails/rails/commit/0af36c62a5710e023402e37b019ad9982e69de4b)) @@ -883,10 +682,6 @@ Please refer to the [Changelog][active-support] for detailed changes. in Active Record and its use in Action Pack's fragment caching. ([Pull Request](https://github.com/rails/rails/pull/29092)) -* Fix implicit coercion calculations with scalars and durations. - ([Pull Request](https://github.com/rails/rails/pull/29163), - [Pull Request](https://github.com/rails/rails/pull/29971)) - * Add `ActiveSupport::CurrentAttributes` to provide a thread-isolated attributes singleton. Primary use case is keeping all the per-request attributes easily available to the whole system. @@ -923,9 +718,6 @@ Please refer to the [Changelog][active-support] for detailed changes. `ActiveSupport::MessageEncryptor`. ([Pull Request](https://github.com/rails/rails/pull/29892)) -* Fix modulo operations involving durations. - ([Commit](https://github.com/rails/rails/commit/a54e13bd2e8fb4d6aa0aebe59271699a2d62567b)) - * Update `String#camelize` to provide feedback when wrong option is passed. ([Pull Request](https://github.com/rails/rails/pull/30039)) @@ -1016,9 +808,6 @@ Please refer to the [Changelog][active-support] for detailed changes. This allows to specify multiple numeric differences in the same assertion. ([Pull Request](https://github.com/rails/rails/pull/31600)) -* Return all mappings for a timezone identifier in `country_zones`. - ([Commit](https://github.com/rails/rails/commit/cdce6a709e1cbc98fff009effc3b1b3ce4c7e8db)) - * Caching: MemCache and Redis `read_multi` and `fetch_multi` speedup. Read from the local in-memory cache before consulting the backend. ([Commit](https://github.com/rails/rails/commit/a2b97e4ffef971607a1be8fc7909f099b6840f36)) @@ -1030,9 +819,6 @@ Please refer to the [Changelog][active-job] for detailed changes. ### Notable changes -* Add support for compatibility with redis-rb gem for 4.0 version. - ([Pull Request](https://github.com/rails/rails/pull/30748)) - * Allow block to be passed to `ActiveJob::Base.discard_on` to allow custom handling of discard jobs. ([Pull Request](https://github.com/rails/rails/pull/30622)) diff --git a/guides/source/_welcome.html.erb b/guides/source/_welcome.html.erb index 6959f992aa..cd33e2119a 100644 --- a/guides/source/_welcome.html.erb +++ b/guides/source/_welcome.html.erb @@ -21,6 +21,8 @@ The guides for earlier releases: <a href="http://guides.rubyonrails.org/v4.2/">Rails 4.2</a>, <a href="http://guides.rubyonrails.org/v4.1/">Rails 4.1</a>, <a href="http://guides.rubyonrails.org/v4.0/">Rails 4.0</a>, -<a href="http://guides.rubyonrails.org/v3.2/">Rails 3.2</a>, and +<a href="http://guides.rubyonrails.org/v3.2/">Rails 3.2</a>, +<a href="http://guides.rubyonrails.org/v3.1/">Rails 3.1</a>, +<a href="http://guides.rubyonrails.org/v3.0/">Rails 3.0</a>, and <a href="http://guides.rubyonrails.org/v2.3/">Rails 2.3</a>. </p> diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index eadd517f07..e0e85588a0 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -51,7 +51,7 @@ class ClientsController < ApplicationController end ``` -As an example, if a user goes to `/clients/new` in your application to add a new client, Rails will create an instance of `ClientsController` and call its `new` method. Note that the empty method from the example above would work just fine because Rails will by default render the `new.html.erb` view unless the action says otherwise. The `new` method could make available to the view a `@client` instance variable by creating a new `Client`: +As an example, if a user goes to `/clients/new` in your application to add a new client, Rails will create an instance of `ClientsController` and call its `new` method. Note that the empty method from the example above would work just fine because Rails will by default render the `new.html.erb` view unless the action says otherwise. By creating a new `Client`, the `new` method can make a `@client` instance variable accessible in the view: ```ruby def new @@ -1181,22 +1181,6 @@ NOTE: Certain exceptions are only rescuable from the `ApplicationController` cla Force HTTPS protocol -------------------- -Sometime you might want to force a particular controller to only be accessible via an HTTPS protocol for security reasons. You can use the `force_ssl` method in your controller to enforce that: - -```ruby -class DinnerController - force_ssl -end -``` - -Just like the filter, you could also pass `:only` and `:except` to enforce the secure connection only to specific actions: - -```ruby -class DinnerController - force_ssl only: :cheeseburger - # or - force_ssl except: :cheeseburger -end -``` - -Please note that if you find yourself adding `force_ssl` to many controllers, you may want to force the whole application to use HTTPS instead. In that case, you can set the `config.force_ssl` in your environment file. +If you'd like to ensure that communication to your controller is only possible +via HTTPS, you should do so by enabling the `ActionDispatch::SSL` middleware via +`config.force_ssl` in your environment configuration. diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md index 9f239da90f..662f9ea38a 100644 --- a/guides/source/action_mailer_basics.md +++ b/guides/source/action_mailer_basics.md @@ -20,9 +20,18 @@ Introduction ------------ Action Mailer allows you to send emails from your application using mailer classes -and views. Mailers work very similarly to controllers. They inherit from -`ActionMailer::Base` and live in `app/mailers`, and they have associated views -that appear in `app/views`. +and views. + +#### Mailers are similar to controllers + +They inherit from `ActionMailer::Base` and live in `app/mailers`. Mailers also work +very similarly to controllers. Some examples of similarities are enumerated below. +Mailers have: + +* Actions, and also, associated views that appear in `app/views`. +* Instance variables that are accessible in views. +* The ability to utilise layouts and partials. +* The ability to access a params hash. Sending Emails -------------- @@ -60,8 +69,7 @@ end ``` As you can see, you can generate mailers just like you use other generators with -Rails. Mailers are conceptually similar to controllers, and so we get a mailer, -a directory for views, and a test. +Rails. If you didn't want to use a generator, you could create your own file inside of `app/mailers`, just make sure that it inherits from `ActionMailer::Base`: @@ -73,10 +81,9 @@ end #### Edit the Mailer -Mailers are very similar to Rails controllers. They also have methods called -"actions" and use views to structure the content. Where a controller generates -content like HTML to send back to the client, a Mailer creates a message to be -delivered via email. +Mailers have methods called "actions" and they use views to structure their content. +Where a controller generates content like HTML to send back to the client, a Mailer +creates a message to be delivered via email. `app/mailers/user_mailer.rb` contains an empty mailer: @@ -110,9 +117,6 @@ messages in this class. This can be overridden on a per-email basis. * `mail` - The actual email message, we are passing the `:to` and `:subject` headers in. -Just like controllers, any instance variables we define in the method become -available for use in the views. - #### Create a Mailer View Create a file called `welcome_email.html.erb` in `app/views/user_mailer/`. This diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md index 831a02a9a1..d67f65e88a 100644 --- a/guides/source/active_storage_overview.md +++ b/guides/source/active_storage_overview.md @@ -114,6 +114,13 @@ gem "aws-sdk-s3", require: false NOTE: The core features of Active Storage require the following permissions: `s3:ListBucket`, `s3:PutObject`, `s3:GetObject`, and `s3:DeleteObject`. If you have additional upload options configured such as setting ACLs then additional permissions may be required. +NOTE: If you want to use environment variables, standard SDK configuration files, profiles, +IAM instance profiles or task roles, you can omit the `access_key_id`, `secret_access_key`, +and `region` keys in the example above. The Amazon S3 Service supports all of the +authentication options described in the [AWS SDK documentation] +(https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html). + + ### Microsoft Azure Storage Service Declare an Azure Storage service in `config/storage.yml`: diff --git a/guides/source/api_app.md b/guides/source/api_app.md index b4d90d31de..c2df6c45ad 100644 --- a/guides/source/api_app.md +++ b/guides/source/api_app.md @@ -24,7 +24,7 @@ With the advent of client-side frameworks, more developers are using Rails to build a back-end that is shared between their web application and other native applications. -For example, Twitter uses its [public API](https://dev.twitter.com) in its web +For example, Twitter uses its [public API](https://developer.twitter.com/) in its web application, which is built as a static site that consumes JSON resources. Instead of using Rails to generate HTML that communicates with the server @@ -375,7 +375,6 @@ controller modules by default: - `ActionController::ConditionalGet`: Support for `stale?`. - `ActionController::BasicImplicitRender`: Makes sure to return an empty response, if there isn't an explicit one. - `ActionController::StrongParameters`: Support for parameters white-listing in combination with Active Model mass assignment. -- `ActionController::ForceSSL`: Support for `force_ssl`. - `ActionController::DataStreaming`: Support for `send_file` and `send_data`. - `AbstractController::Callbacks`: Support for `before_action` and similar helpers. diff --git a/guides/source/association_basics.md b/guides/source/association_basics.md index f895cadea5..860a1e1cba 100644 --- a/guides/source/association_basics.md +++ b/guides/source/association_basics.md @@ -94,7 +94,7 @@ class Book < ApplicationRecord end ``` - + NOTE: `belongs_to` associations _must_ use the singular term. If you used the pluralized form in the above example for the `author` association in the `Book` model, you would be told that there was an "uninitialized constant Book::Authors". This is because Rails automatically infers the class name from the association name. If the association name is wrongly pluralized, then the inferred class will be wrongly pluralized too. @@ -127,7 +127,7 @@ class Supplier < ApplicationRecord end ``` - + The corresponding migration might look like this: @@ -171,7 +171,7 @@ end NOTE: The name of the other model is pluralized when declaring a `has_many` association. - + The corresponding migration might look like this: @@ -213,7 +213,7 @@ class Patient < ApplicationRecord end ``` - + The corresponding migration might look like this: @@ -299,7 +299,7 @@ class AccountHistory < ApplicationRecord end ``` - + The corresponding migration might look like this: @@ -340,7 +340,7 @@ class Part < ApplicationRecord end ``` - + The corresponding migration might look like this: @@ -494,7 +494,7 @@ class CreatePictures < ActiveRecord::Migration[5.0] end ``` - + ### Self Joins diff --git a/guides/source/caching_with_rails.md b/guides/source/caching_with_rails.md index 5dde6f34fa..3f357b532b 100644 --- a/guides/source/caching_with_rails.md +++ b/guides/source/caching_with_rails.md @@ -446,30 +446,28 @@ config.cache_store = :mem_cache_store, "cache-1.example.com", "cache-2.example.c ### ActiveSupport::Cache::RedisCacheStore -The Redis cache store takes advantage of Redis support for least-recently-used -and least-frequently-used key eviction when it reaches max memory, allowing it -to behave much like a Memcached cache server. +The Redis cache store takes advantage of Redis support for automatic eviction +when it reaches max memory, allowing it to behave much like a Memcached cache server. Deployment note: Redis doesn't expire keys by default, so take care to use a dedicated Redis cache server. Don't fill up your persistent-Redis server with volatile cache data! Read the [Redis cache server setup guide](https://redis.io/topics/lru-cache) in detail. -For an all-cache Redis server, set `maxmemory-policy` to an `allkeys` policy. -Redis 4+ support least-frequently-used (`allkeys-lfu`) eviction, an excellent -default choice. Redis 3 and earlier should use `allkeys-lru` for -least-recently-used eviction. +For a cache-only Redis server, set `maxmemory-policy` to one of the variants of allkeys. +Redis 4+ supports least-frequently-used eviction (`allkeys-lfu`), an excellent +default choice. Redis 3 and earlier should use least-recently-used eviction (`allkeys-lru`). Set cache read and write timeouts relatively low. Regenerating a cached value is often faster than waiting more than a second to retrieve it. Both read and write timeouts default to 1 second, but may be set lower if your network is -consistently low latency. +consistently low-latency. By default, the cache store will not attempt to reconnect to Redis if the connection fails during a request. If you experience frequent disconnects you may wish to enable reconnect attempts. -Cache reads and writes never raise exceptions. They just return `nil` instead, +Cache reads and writes never raise exceptions; they just return `nil` instead, behaving as if there was nothing in the cache. To gauge whether your cache is hitting exceptions, you may provide an `error_handler` to report to an exception gathering service. It must accept three keyword arguments: `method`, @@ -477,12 +475,33 @@ the cache store method that was originally called; `returning`, the value that was returned to the user, typically `nil`; and `exception`, the exception that was rescued. -Putting it all together, a production Redis cache store may look something -like this: +To get started, add the redis gem to your Gemfile: ```ruby -cache_servers = %w[ "redis://cache-01:6379/0", "redis://cache-02:6379/0", … ], -config.cache_store = :redis_cache_store, url: cache_servers, +gem 'redis' +``` + +You can enable support for the faster [hiredis](https://github.com/redis/hiredis) +connection library by additionally adding its ruby wrapper to your Gemfile: + +```ruby +gem 'hiredis' +``` + +Redis cache store will automatically require & use hiredis if available. No further +configuration is needed. + +Finally, add the configuration in the relevant `config/environments/*.rb` file: + +```ruby +config.cache_store = :redis_cache_store, { url: ENV['REDIS_URL'] } +``` + +A more complex, production Redis cache store may look something like this: + +```ruby +cache_servers = %w(redis://cache-01:6379/0 redis://cache-02:6379/0) +config.cache_store = :redis_cache_store, { url: cache_servers, connect_timeout: 30, # Defaults to 20 seconds read_timeout: 0.2, # Defaults to 1 second @@ -491,9 +510,10 @@ config.cache_store = :redis_cache_store, url: cache_servers, error_handler: -> (method:, returning:, exception:) { # Report errors to Sentry as warnings - Raven.capture_exception exception, level: 'warning", + Raven.capture_exception exception, level: 'warning', tags: { method: method, returning: returning } } +} ``` ### ActiveSupport::Cache::NullStore diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 368b74f708..8bdba4b3de 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -400,10 +400,16 @@ by adding the following to your `application.rb` file: Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true ``` -The schema dumper adds one additional configuration option: +The schema dumper adds two additional configuration options: * `ActiveRecord::SchemaDumper.ignore_tables` accepts an array of tables that should _not_ be included in any generated schema file. +* `ActiveRecord::SchemaDumper.fk_ignore_pattern` allows setting a different regular + expression that will be used to decide whether a foreign key's name should be + dumped to db/schema.rb or not. By default, foreign key names starting with + `fk_rails_` are not exported to the database schema dump. + Defaults to `/^fk_rails_[0-9a-f]{10}$/`. + ### Configuring Action Controller `config.action_controller` includes a number of configuration settings: diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index f545b90103..5b6cfe6659 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -1125,7 +1125,7 @@ TIP: Rails automatically wraps fields that contain an error with a div with class `field_with_errors`. You can define a CSS rule to make them standout. -Now you'll get a nice error message when saving an article without title when +Now you'll get a nice error message when saving an article without a title when you attempt to do just that on the new article form <http://localhost:3000/articles/new>: @@ -1522,7 +1522,7 @@ comments on articles. ### Generating a Model We're going to see the same generator that we used before when creating -the `Article` model. This time we'll create a `Comment` model to hold +the `Article` model. This time we'll create a `Comment` model to hold a reference to an article. Run this command in your terminal: ```bash @@ -1857,7 +1857,7 @@ This will now render the partial in `app/views/comments/_comment.html.erb` once for each comment that is in the `@article.comments` collection. As the `render` method iterates over the `@article.comments` collection, it assigns each comment to a local variable named the same as the partial, in this case -`comment` which is then available in the partial for us to show. +`comment`, which is then available in the partial for us to show. ### Rendering a Partial Form @@ -2060,7 +2060,7 @@ What's Next? Now that you've seen your first Rails application, you should feel free to update it and experiment on your own. -Remember you don't have to do everything without help. As you need assistance +Remember, you don't have to do everything without help. As you need assistance getting up and running with Rails, feel free to consult these support resources: diff --git a/guides/source/security.md b/guides/source/security.md index 4cf6c06f2d..ffd7e66fc5 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -217,7 +217,7 @@ The best _solution against it is not to store this kind of data in a session, bu NOTE: _Apart from stealing a user's session ID, the attacker may fix a session ID known to them. This is called session fixation._ - + This attack focuses on fixing a user's session ID known to the attacker, and forcing the user's browser into using this ID. It is therefore not necessary for the attacker to steal the session ID afterwards. Here is how this attack works: @@ -272,7 +272,7 @@ Cross-Site Request Forgery (CSRF) This attack method works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands. - + In the [session chapter](#sessions) you have learned that most Rails applications use cookie-based sessions. Either they store the session ID in the cookie and have a server-side session hash, or the entire session hash is on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if it can find a cookie for that domain. The controversial point is that if the request comes from a site of a different domain, it will also send the cookie. Let's start with an example: @@ -1089,6 +1089,112 @@ Here is a list of common headers: * **Access-Control-Allow-Origin:** Used to control which sites are allowed to bypass same origin policies and send cross-origin requests. * **Strict-Transport-Security:** [Used to control if the browser is allowed to only access a site over a secure connection](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) +### Content Security Policy + +Rails provides a DSL that allows you to configure a +[Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) +for your application. You can configure a global default policy and then +override it on a per-resource basis and even use lambdas to inject per-request +values into the header such as account subdomains in a multi-tenant application. + +Example global policy: + +```ruby +# config/initializers/content_security_policy.rb +Rails.application.config.content_security_policy do |policy| + policy.default_src :self, :https + policy.font_src :self, :https, :data + policy.img_src :self, :https, :data + policy.object_src :none + policy.script_src :self, :https + policy.style_src :self, :https + + # Specify URI for violation reports + policy.report_uri "/csp-violation-report-endpoint" +end +``` + +Example controller overrides: + +```ruby +# Override policy inline +class PostsController < ApplicationController + content_security_policy do |p| + p.upgrade_insecure_requests true + end +end + +# Using literal values +class PostsController < ApplicationController + content_security_policy do |p| + p.base_uri "https://www.example.com" + end +end + +# Using mixed static and dynamic values +class PostsController < ApplicationController + content_security_policy do |p| + p.base_uri :self, -> { "https://#{current_user.domain}.example.com" } + end +end + +# Disabling the global CSP +class LegacyPagesController < ApplicationController + content_security_policy false, only: :index +end +``` + +Use the `content_security_policy_report_only` +configuration attribute to set +[Content-Security-Policy-Report-Only](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only) +in order to report only content violations for migrating +legacy content + +```ruby +# config/initializers/content_security_policy.rb +Rails.application.config.content_security_policy_report_only = true +``` + +```ruby +# Controller override +class PostsController < ApplicationController + content_security_policy_report_only only: :index +end +``` + +You can enable automatic nonce generation: + +```ruby +# config/initializers/content_security_policy.rb +Rails.application.config.content_security_policy do |policy| + policy.script_src :self, :https +end + +Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } +``` + +Then you can add an automatic nonce value by passing `nonce: true` +as part of `html_options`. Example: + +```html+erb +<%= javascript_tag nonce: true do -%> + alert('Hello, World!'); +<% end -%> +``` + +Use [`csp_meta_tag`](http://api.rubyonrails.org/classes/ActionView/Helpers/CspHelper.html#method-i-csp_meta_tag) +helper to create a meta tag "csp-nonce" with the per-session nonce value +for allowing inline `<script>` tags. + +```html+erb +<head> + <%= csp_meta_tag %> +</head> +``` + +This is used by the Rails UJS helper to create dynamically +loaded inline `<script>` elements. + Environmental Security ---------------------- diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index d5dfaef591..c2fe012eeb 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -66,6 +66,17 @@ Overwrite /myapp/config/application.rb? (enter "h" for help) [Ynaqdh] Don't forget to review the difference, to see if there were any unexpected changes. +Upgrading from Rails 5.2 to Rails 6.0 +------------------------------------- + +### Force SSL + +The `force_ssl` method on controllers has been deprecated and will be removed in +Rails 6.1. You are encouraged to enable `config.force_ssl` to enforce HTTPS +connections throughout your application. If you need to exempt certain endpoints +from redirection, you can use `config.ssl_options` to configure that behavior. + + Upgrading from Rails 5.1 to Rails 5.2 ------------------------------------- |
