aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | Merge pull request #36653 from y-yagi/check_error_number_instead_of_messageYuji Yaginuma2019-07-112-2/+6
|\ \ \ \ | | | | | | | | | | MySQL: Check error number instead of a message
| * | | | MySQL: Check error number instead of a messageyuuji.yaginuma2019-07-112-2/+6
| |/ / / | | | | | | | | | | | | To be able to check regardless of locale.
* | | | Adds support for configuring HTTP Feature Policy (#33439)Jacob Bednarz2019-07-1014-1/+608
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A HTTP feature policy is Yet Another HTTP header for instructing the browser about which features the application intends to make use of and to lock down access to others. This is a new security mechanism that ensures that should an application become compromised or a third party attempts an unexpected action, the browser will override it and maintain the intended UX. WICG specification: https://wicg.github.io/feature-policy/ The end result is a HTTP header that looks like the following: ``` Feature-Policy: geolocation 'none'; autoplay https://example.com ``` This will prevent the browser from using geolocation and only allow autoplay on `https://example.com`. Full feature list can be found over in the WICG repository[1]. As of today Chrome and Safari have public support[2] for this functionality with Firefox working on support[3] and Edge still pending acceptance of the suggestion[4]. #### Examples Using an initializer ```rb # config/initializers/feature_policy.rb Rails.application.config.feature_policy do |f| f.geolocation :none f.camera :none f.payment "https://secure.example.com" f.fullscreen :self end ``` In a controller ```rb class SampleController < ApplicationController def index feature_policy do |f| f.geolocation "https://example.com" end end end ``` Some of you might realise that the HTTP feature policy looks pretty close to that of a Content Security Policy; and you're right. So much so that I used the Content Security Policy DSL from #31162 as the starting point for this change. This change *doesn't* introduce support for defining a feature policy on an iframe and this has been intentionally done to split the HTTP header and the HTML element (`iframe`) support. If this is successful, I'll look to add that on it's own. Full documentation on HTTP feature policies can be found at https://wicg.github.io/feature-policy/. Google have also published[5] a great in-depth write up of this functionality. [1]: https://github.com/WICG/feature-policy/blob/master/features.md [2]: https://www.chromestatus.com/feature/5694225681219584 [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 [4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy [5]: https://developers.google.com/web/updates/2018/06/feature-policy
* | | | Merge pull request #36645 from Shopify/arel-dispatch-cacheRyuta Kamizono2019-07-111-1/+1
|\ \ \ \ | | | | | | | | | | Share the Arel dispatch cache between connections
| * | | | Share the Arel dispatch cache between connectionsJean Boussier2019-07-101-1/+1
| | | | |
* | | | | Merge pull request #36637 from Shopify/share-quote-cacheRyuta Kamizono2019-07-114-7/+14
|\ \ \ \ \ | | | | | | | | | | | | Share the column and table name quote cache between connections
| * | | | | Share the column and table name quote cache between connectionsJean Boussier2019-07-094-7/+14
| |/ / / /
* | | | | Merge pull request #36618 from engwan/fix-query-cache-with-shared-ar-connectionEileen M. Uchitelle2019-07-103-5/+26
|\ \ \ \ \ | | | | | | | | | | | | Fix query cache when using shared connections
| * | | | | Fix query cache when using shared connectionsHeinrich Lee Yu2019-07-083-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables the query cache on the correct connection when shared connections across threads are enabled
* | | | | | fixes link [skip ci]Xavier Noria2019-07-101-1/+1
| | | | | |
* | | | | | fixes link [skip ci]Xavier Noria2019-07-101-1/+1
| |_|/ / / |/| | | |
* | | | | updates the guides table of contents [skip ci]Xavier Noria2019-07-091-2/+6
| | | | |
* | | | | renames and revises the autoloading guide for classic mode [skip ci]Xavier Noria2019-07-091-0/+1351
| | | | |
* | | | | autoloading guide revamped for Zeitwerk mode [skip ci]Xavier Noria2019-07-091-1254/+108
| |/ / / |/| | | | | | | | | | | This is a first draft only, needs polishing for final.
* | | | Merge pull request #36612 from ↵Yuji Yaginuma2019-07-091-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | y-yagi/make_setup_works_when_using_with_locales_other_than_en Make "bin/setup" works when using PostgreSQL with locales other than en locale
| * | | | Make "bin/setup" works when using PostgreSQL with locales other than en localeyuuji.yaginuma2019-07-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PostgreSQL adapter uses an error message to determine if a database exists or not. https://github.com/rails/rails/blob/74ef67b16de67d2ae2f996e50a18a93aebf68fe6/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L49 However, this message is properly converted according to the locale. So this check does not work correctly for non-en locales. As a result, `db:prepare` cannot correctly determine if a database exists, and `bin/setup`, which depends on the task, does not work correctly if the database does not exist. It checks to exist if the "does not exist" exists, but that message is also used in other error messages(e.g. "role does not exist"). So cannot check correctly also in en locale. https://github.com/postgres/postgres/blob/master/src/backend/po/ja.po#L10542 It would be fine could check the status, but in my understanding, when a connecting fails, only the status `CONNECTION_BAD` be used, and it seems that details cannot be checked. https://www.postgresql.org/docs/11/libpq-status.html#LIBPQ-PQSTATUS I fixed to check whether the error message contains a database name. This is probably not accurate but can check it better now.
* | | | | Merge pull request #36624 from ultrawebmarketing/patch-1Ryuta Kamizono2019-07-091-2/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | update example url for add_source [ci skip]
| * | | | | update example url for add_sourceultrawebmarketing2019-07-081-2/+2
| | | | | | | | | | | | | | | | | | http://code.whytheluckystiff.net is now just a spam site. Use http://gems.github.com as an example instead.
* | | | | | Merge pull request #36627 from robertomiranda/patch-4Ryuta Kamizono2019-07-091-1/+1
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | Fix indentation 💇‍♀️ [ci skip]
| * | | | | Fix indentation 💇‍♀️Roberto Miranda2019-07-081-1/+1
|/ / / / / | | | | | | | | | | Ref https://github.com/rails/rails/pull/36621#discussion_r301208961
* | | | | Merge pull request #36471 from itsWill/add_database_exist_methodGuillermo Iguaran2019-07-088-0/+71
|\ \ \ \ \ | |_|_|_|/ |/| | | | Add database_exists? method to connection adapters
| * | | | Merge branch 'master' into add_database_exist_methodGuillermo Iguaran2019-07-0892-221/+795
| |\ \ \ \ | |/ / / / |/| | | |
* | | | | Merge pull request #36617 from ↵Eileen M. Uchitelle2019-07-082-5/+24
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | wjessop/fix_database_url_trampling_other_env_configs When DATABASE_URL is specified don't trample envs that use a url: key
| * | | | | When DATABASE_URL is specified don't trample envs that use a url: keyWill Jessop2019-07-082-5/+24
|/ / / / / | | | | | | | | | | | | | | | fixes #36610
* | | | | Merge pull request #36616 from kamipo/dont_use_alias_for_grouped_fieldRyuta Kamizono2019-07-082-1/+8
|\ \ \ \ \ | | | | | | | | | | | | Do not use aliases in GROUP BY clause
| * | | | | Do not use aliases in GROUP BY clauseRyuta Kamizono2019-07-082-1/+8
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | It appears that Oracle does not allow using aliases in GROUP BY clause unlike ORDER BY clause. Fixes #36613.
* | | | | Implement ActiveStorage::Blob#attachable_plain_text_representationGeorge Claghorn2019-07-072-0/+9
| |_|/ / |/| | | | | | | | | | | | | | | | | | | Fixes that file attachments without captions would not be represented in plain text generated from rich-text content, causing ActionText::RichText#present? to return false. Closes #36607.
* | | | Should `Regexp.escape` quoted table name in regexRyuta Kamizono2019-07-087-115/+51
|/ / / | | | | | | | | | | | | It is for agnostic test case, since quoted table name may include `.` for all adapters, and `[` / `]` for sqlserver adapter.
* | | Merge pull request #36443 from jhawthorn/as_parallelization_process_nameJohn Hawthorn2019-07-061-0/+11
|\ \ \ | | | | | | | | Set process title of parallelized test workers
| * | | Set process name of parallelized test workersJohn Hawthorn2019-06-071-0/+11
| | | |
* | | | Merge pull request #36602 from jhawthorn/system_testing_preload_2John Hawthorn2019-07-063-4/+14
|\ \ \ \ | | | | | | | | | | Fix Browser#preload for older Selenium
| * | | | Bump minimum selenium-webdriver versionJohn Hawthorn2019-07-042-2/+2
| | | | | | | | | | | | | | | | | | | | Since #36424, we need an newer version in order to pass.
| * | | | Fix Browser#preload for older SeleniumJohn Hawthorn2019-07-041-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Older versions of selenium had driver_path on ::Selenium::WebDriver::Chrome directly, not on Service. This avoids errors on those old versions and will preload properly if webdrivers is installed.
* | | | | Merge pull request #36604 from kamipo/fix_schema_dumping_enumRyuta Kamizono2019-07-076-7/+55
|\ \ \ \ \ | | | | | | | | | | | | MySQL: Fix schema dumping `enum` and `set` columns correctly
| * | | | | MySQL: Fix schema dumping `enum` and `set` columns correctlyRyuta Kamizono2019-07-056-7/+55
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `enum` and `set` are typed cast as `:string`, but currently the `:string` type is incorrectly reused for schema dumping. A cast type on columns is not always the same with `sql_type`, this fixes schema dumping `enum` and `set` columns to use `sql_type` instead of `type` correctly.
* | | | | Merge pull request #36605 from jmondo/patch-3Ryuta Kamizono2019-07-061-1/+1
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | Update docs on dirty.rb [ci skip]
| * | | | Update docs on dirty.rbJohn Gesimondo2019-07-051-1/+1
|/ / / / | | | | | | | | `previously_changed` seems to actually be `previous_changes`
* | | | Merge pull request #36592 from jhawthorn/system_testing_preloadJohn Hawthorn2019-07-044-0/+29
|\ \ \ \ | | | | | | | | | | Preload browser driver_path to fix system testing under parallelism
| * | | | Preload browser driver_path for system testingJohn Hawthorn2019-07-034-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The webdrivers gem configures Selenium::WebDriver::Service.driver_path as a proc which updates the web drivers and returns their path. This commit introduces SystemTesting::Browser#preload, which runs this proc early. This ensures that webdrivers update is run before forking for parallel testing, but doesn't explicitly tie us to that gem (and I think anything configured as driver_path probably makes sense to eager-load).
* | | | | Fix a typo by removing extra article [ci skip]jacobherrington2019-07-041-1/+1
| | | | |
* | | | | Merge pull request #36594 from jacobherrington/doc/rephrase-ski-ci-instructionsPrem Sichanugrist2019-07-041-1/+1
|\ \ \ \ \ | |/ / / / |/| | | | Update docs regarding skipping CI tests [ci skip]
| * | | | Update docs regarding skipping CI tests [ci skip]jacobherrington2019-07-031-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | The phrasing of this struck we as odd, "To help our CI servers..." So I feel it would be more useful if we explain more explicitly that ci skip cuts down on usage by not running CI.
* | | | Merge pull request #36585 from tr4b4nt/patch-1Eileen M. Uchitelle2019-07-031-1/+1
|\ \ \ \ | |_|_|/ |/| | | Fix swapped replica/primary in multi-db docs [ci skip]
| * | | Replace replica with primary in automatic connection switching after write ↵tr4b4nt2019-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | in multi-db docs [ci skip] Reads after write should be from the primary database.
* | | | Merge pull request #36534 from y-yagi/fixes_35137Yuji Yaginuma2019-07-037-12/+120
|\ \ \ \ | |/ / / |/| | | Add the ability to set the CSP nonce only to the specified directives
| * | | Add the ability to set the CSP nonce only to the specified directivesyuuji.yaginuma2019-06-227-12/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I changed to set CSP nonce to `style-src` directive in #32932. But this causes an issue when `unsafe-inline` is specified to `style-src` (If a nonce is present, a nonce takes precedence over `unsafe-inline`). So, I fixed to nonce directives configurable. By configure this, users can make CSP as before. Fixes #35137.
* | | | Revert "Merge pull request #36582 from f1337/master"Ryuta Kamizono2019-07-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 60e19c6d6cb60159af4e2247f29d2cea375a21d6, reversing changes made to 72e257b4c935b6829f7d4db36dea61a1682aa44e. The method signature is different between `create_file` and `template`. https://www.rubydoc.info/github/erikhuda/thor/master/Thor/Actions#create_file-instance_method https://www.rubydoc.info/github/erikhuda/thor/master/Thor/Actions#template-instance_method
* | | | Merge pull request #36582 from f1337/masterRyuta Kamizono2019-07-021-2/+2
|\ \ \ \ | | | | | | | | | | [skip ci] use 'template' instead of 'create_file' for erb templates in generators guide
| * | | | use 'template' instead of 'create_file' for erb templates in generators ↵Michael R Fleet2019-07-011-2/+2
|/ / / / | | | | | | | | | | | | guide [skip ci]
* | | | bumps ZeitwerkXavier Noria2019-06-302-3/+3
| | | | | | | | | | | | | | | | | | | | This version makes eager loading and autoloading consistent, as documented in the upgrading guide.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 09:50:30 +0000