aboutsummaryrefslogtreecommitdiffstats
path: root/guides
diff options
context:
space:
mode:
Diffstat (limited to 'guides')
-rw-r--r--guides/source/5_1_release_notes.md4
-rw-r--r--guides/source/6_0_release_notes.md2
-rw-r--r--guides/source/upgrading_ruby_on_rails.md36
3 files changed, 36 insertions, 6 deletions
diff --git a/guides/source/5_1_release_notes.md b/guides/source/5_1_release_notes.md
index e885b1e42e..f870c4c47c 100644
--- a/guides/source/5_1_release_notes.md
+++ b/guides/source/5_1_release_notes.md
@@ -41,8 +41,8 @@ Major Features
[Pull Request](https://github.com/rails/rails/pull/26836)
Rails 5.1 allows managing JavaScript dependencies
-from NPM via Yarn. This will make it easy to use libraries like React, VueJS
-or any other library from NPM world. The Yarn support is integrated with
+from npm via Yarn. This will make it easy to use libraries like React, VueJS
+or any other library from npm world. The Yarn support is integrated with
the asset pipeline so that all dependencies will work seamlessly with the
Rails 5.1 app.
diff --git a/guides/source/6_0_release_notes.md b/guides/source/6_0_release_notes.md
index 1b37bf50e1..fa45e7240d 100644
--- a/guides/source/6_0_release_notes.md
+++ b/guides/source/6_0_release_notes.md
@@ -245,7 +245,7 @@ Please refer to the [Changelog][action-pack] for detailed changes.
* Expose `ActionController::Parameters#each_key`.
([Pull Request](https://github.com/rails/rails/pull/33758))
-* Add purpose metadata to signed/encrypted cookies to prevent copying the value of
+* Add purpose and expiry metadata inside signed/encrypted cookies to prevent copying the value of
cookies into one another.
([Pull Request](https://github.com/rails/rails/pull/32937))
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md
index 76ee5c0c48..10a9f24c9a 100644
--- a/guides/source/upgrading_ruby_on_rails.md
+++ b/guides/source/upgrading_ruby_on_rails.md
@@ -85,13 +85,14 @@ Rails 6.1. You are encouraged to enable `config.force_ssl` to enforce HTTPS
connections throughout your application. If you need to exempt certain endpoints
from redirection, you can use `config.ssl_options` to configure that behavior.
-### Purpose in signed or encrypted cookie is now embedded within cookies
+### Purpose and expiry metadata is now embedded inside signed and encrypted cookies for increased security
+
+To improve security, Rails embeds the purpose and expiry metadata inside encrypted or signed cookies value.
-To improve security, Rails embeds the purpose information in encrypted or signed cookies value.
Rails can then thwart attacks that attempt to copy the signed/encrypted value
of a cookie and use it as the value of another cookie.
-This new embed information make those cookies incompatible with versions of Rails older than 6.0.
+This new embed metadata make those cookies incompatible with versions of Rails older than 6.0.
If you require your cookies to be read by Rails 5.2 and older, or you are still validating your 6.0 deploy and want
to be able to rollback set
@@ -281,6 +282,35 @@ won't work, child objects like `Hotel::Pricing` won't be found.
This restriction only applies to explicit namespaces. Classes and modules not defining a namespace can be defined using those idioms.
+#### One file, one constant (at the same top-level)
+
+In `classic` mode you could technically define several constants at the same top-level and have them all reloaded. For example, given
+
+```ruby
+# app/models/foo.rb
+
+class Foo
+end
+
+class Bar
+end
+```
+
+while `Bar` could not be autoloaded, autoloading `Foo` would mark `Bar` as autoloaded too. This is not the case in `zeitwerk` mode, you need to move `Bar` to its own file `bar.rb`. One file, one constant.
+
+This affects only to constants at the same top-level as in the example above. Inner classes and modules are fine. For example, consider
+
+```ruby
+# app/models/foo.rb
+
+class Foo
+ class InnerClass
+ end
+end
+```
+
+If the application reloads `Foo`, it will reload `Foo::InnerClass` too.
+
#### Spring and the `test` Environment
Spring reloads the application code if something changes. In the `test` environment you need to enable reloading for that to work: