aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Improve generated file `app/views/application.html.erb` of pluginbogdanvlviv2018-02-232-1/+14
| | | | | - Do not generate `javascript_include_tag` if `--skip-javascript` - Generate `<%= csp_meta_tag %>`. Related to #32018.
* Comment `require "active_storage/engine"` in `bin/rails` of plugin if ↵bogdanvlviv2018-02-232-2/+3
| | | | `--skip-active-storage`
* Merge pull request #32085 from rails/add-timezone-support-to-activejobAndrew White2018-02-2210-1/+103
|\ | | | | Add support for timezones to Active Job
| * Add support for timezones to Active JobAndrew White2018-02-2210-1/+103
| | | | | | | | | | | | Record what was the current timezone in effect when the job was enqueued and then restore when the job is executed in same way that the current locale is recorded and restored.
* | Merge pull request #32018 from rails/add-nonce-support-to-cspAndrew White2018-02-2216-52/+207
|\ \ | | | | | | Add support for automatic nonce generation for Rails UJS
| * | Add support for automatic nonce generation for Rails UJSAndrew White2018-02-1916-52/+207
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* | | Merge pull request #32084 from buehmann/fix/escape-quoted-column-name-in-regexpRyuta Kamizono2018-02-221-1/+1
|\ \ \ | | | | | | | | Properly escape column name embedded into regexp
| * | | Properly escape column name embedded into regexpAndreas Bühmann2018-02-221-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | SQLServerAdapter (gem `activerecord-sqlserver-adapter`) uses square brackets for quoting column names (e.g. `[id]`). Those brackets must not be misinterpreted in regular expressions. Failure: Expected /SELECT [developers].[id].* FROM developers/ to match "SELECT [developers].[id], [developers].[name], [developers].[salary], [developers].[firm_id], [developers].[mentor_id], [developers].[created_at], [developers].[updated_at], [developers].[created_on], [developers].[updated_on] FROM developers".
* | / Reject empty database yamlseileencodes2018-02-221-1/+1
| |/ |/| | | | | | | | | | | | | In #32075 I deleted the default configuration since that's what's generated with the Rails app. Since someone could change the default name instead delete any config that doesn't have a database so we can avoid peppering our Rails tasks with conditionals to deal with invalid database configs.
* | Add cop for preferring 'Foo.method' over 'Foo::method'Andrew White2018-02-224-3/+7
| |
* | Merge pull request #32076 from utilum/use_dotAndrew White2018-02-224-8/+9
|\ \ | | | | | | Call methods with .method_name not ::method_name
| * | We should call methods with `.method_name` not `::method_name`.utilum2018-02-224-8/+9
| | | | | | | | | | | | | | | | | | Found several instances. Follow up on 63d530c5e68a8cf53603744789f53ccbc7ac1a0e
* | | Do not add routes when actions are not specifiedYuji Yaginuma2018-02-222-0/+8
|/ / | | | | | | | | | | | | | | | | | | Since #30241, if namepsace is specified, routes will be generated even if there is no actions. However, it seems that this behavior is not intentionally added behavior. As with 5.1, routes should not be generated if actions are not specified. Fixes #32072.
* | Call `YAML.load` correctlyeileencodes2018-02-212-2/+2
| | | | | | | | | | We should call methods with `.method_name` not `::method_name`. Fix two instances of `YAML::load` I found in favor of `YAML.load`.
* | Merge pull request #32075 from eileencodes/delete-default-configurationEileen M. Uchitelle2018-02-213-20/+1
|\ \ | | | | | | Delete default configuration
| * | Delete default configurationeileencodes2018-02-213-20/+1
| | | | | | | | | | | | | | | | | | | | | Because of this default configuration we're constantly checking if the database exists when looping through configurations. This is unnecessary and we should just delete it before we need to loop through configurations.
* | | Update to sinatra 2.0.1Andrew White2018-02-211-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | Although not a direct dependency, it's pulled in by Resque for Active Job integration tests so we need to update because the rack-protection gem has a security vulnerability[1]. [1]: https://nvd.nist.gov/vuln/detail/CVE-2018-7212
* | | Add note to Active Storage guide about S3 permissions [ci skip]Andrew White2018-02-211-0/+2
| | |
* | | Allow S3 tests against buckets in other regionsAndrew White2018-02-212-2/+2
| | | | | | | | | | | | | | | Only us-east-1 gives URLs like bucket.s3.amazonaws.com whereas other regions have URLs like s3-eu-west-1.amazonaws.com/ubxd-rails
* | | Merge pull request #32064 from yahonda/ci_with_jruby_headRyuta Kamizono2018-02-211-3/+3
|\ \ \ | | | | | | | | CI with `jruby-head` compatible with Ruby 2.4.1
| * | | CI with `jruby-head` compatible with Ruby 2.4.1Yasuo Honda2018-02-211-3/+3
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #32034 Rails 6 requires Ruby 2.4.1 or higher. Two CI jobs configured with the latest version of`jruby-9.1.15.0` compatibile with Ruby 2.3.3 are getting errors: https://travis-ci.org/rails/rails/jobs/343519339 ``` Bundler could not find compatible versions for gem "ruby": In Gemfile: ruby java rails java was resolved to 6.0.0.alpha, which depends on ruby (>= 2.4.1) java Could not find gem 'ruby (>= 2.4.1)', which is required by gem 'rails', in any of the relevant sources: ```
* | | Hoist update for clarityGeorge Claghorn2018-02-202-8/+8
| | |
* | | Undocument ActiveStorage::IdentificationGeorge Claghorn2018-02-201-1/+1
| | |
* | | Correct Range header syntaxGeorge Claghorn2018-02-201-1/+1
| | |
* | | Merge pull request #32026 from bogdanvlviv/improve-30941Rafael França2018-02-206-39/+69
|\ \ \ | | | | | | | | Improve ActiveJob custom argument serializers #30941
| * | | Fix error message about unknown `ActiveJob` argument serializerbogdanvlviv2018-02-172-2/+2
| | | |
| * | | Fix docs of ActiveJob custom argument serializersbogdanvlviv2018-02-173-36/+35
| | | | | | | | | | | | | | | | | | | | | | | | Add `:nodoc:` to `ActiveJob::Serializers` Add `:doc:` to `ActiveJob::Serializers::ObjectSerializer#klass` Express `ActiveJob::Serializers::ObjectSerializer#klass` as private method
| * | | Add argument serializer `TimeWithZoneSerializer`bogdanvlviv2018-02-173-1/+32
| | | | | | | | | | | | | | | | | | | | The serializer serializes an instance of `ActiveSupport::TimeWithZone`. The serializer deserializes value to `ActiveSupport::TimeWithZone` if possible.
* | | | Merge pull request #32062 from ↵Yuji Yaginuma2018-02-201-8/+9
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | bogdanvlviv/test_mini_magick_gem_when_skip_active_storage_is_given Ensure that `mini_magick` is absent after `rails new` with `--skip-active-storage`
| * | | | Ensure that `mini_magick` is absent after `rails new` with ↵bogdanvlviv2018-02-201-8/+9
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--skip-active-storage` Remove redundant assertions of an absence of `mini_magick` in `Gemfile` since `bin/rails app:update` does not update Gemfile. This assertions was added by 4a835aa3236eedb135ccf8b59ed3c03e040b8b01, after reviewing of https://github.com/rails/rails/pull/32049 i realized that assertions are redundant.
* | | | Merge pull request #26743 from mtsmfm/remove-unicode-tableRafael França2018-02-194-439/+15
|\ \ \ \ | | | | | | | | | | Remove `AS::Multibyte`'s unicode table
| * | | | Remove `AS::Multibyte`'s unicode tableFumiaki MATSUSHIMA2018-02-204-439/+15
|/ / / /
* | | | Merge pull request #32032 from utilum/method_redefinedAndrew White2018-02-191-2/+2
|\ \ \ \ | |_|_|/ |/| | | Avoid method_redefined warnings in RouteSet::NamedRouteCollection
| * | | Avoid method_redefined warnings in RouteSet::NamedRouteCollectionutilum2018-02-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before: ``` ~/.rbenv/versions/2.5.0/bin/ruby -w -Itest -Ilib -I../activesupport/lib -I../actionpack/lib -I../actionview/lib -I../activemodel/lib test/application/routing_test.rb Run options: --seed 5851 .......~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:156: warning: method redefined; discarding old custom_path ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_path was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:162: warning: method redefined; discarding old custom_url ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_url was here ....~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:156: warning: method redefined; discarding old custom_path ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_path was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:162: warning: method redefined; discarding old custom_url ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_url was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:156: warning: method redefined; discarding old custom_path ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_path was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:162: warning: method redefined; discarding old custom_url ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_url was here ..........~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:156: warning: method redefined; discarding old custom_path ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_path was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:162: warning: method redefined; discarding old custom_url ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_url was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:156: warning: method redefined; discarding old custom_path ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_path was here ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:162: warning: method redefined; discarding old custom_url ~/code/rails/actionpack/lib/action_dispatch/routing/route_set.rb:321: warning: previous definition of custom_url was here ..... Finished in 13.233638s, 1.9647 runs/s, 5.8185 assertions/s. 26 runs, 77 assertions, 0 failures, 0 errors, 0 skips ``` After: ``` ~/.rbenv/versions/2.5.0/bin/ruby -w -Itest -Ilib -I../activesupport/lib -I../actionpack/lib -I../actionview/lib -I../activemodel/lib test/application/routing_test.rb Run options: --seed 38072 .......................... Finished in 12.009632s, 2.1649 runs/s, 6.4115 assertions/s. 26 runs, 77 assertions, 0 failures, 0 errors, 0 skips ```
* | | | Merge pull request #32054 from rails/fix-generation-of-empty-cspAndrew White2018-02-194-69/+73
|\ \ \ \ | |/ / / |/| | | Fix generation of empty content security policy
| * | | Remove trailing semi-colon from CSPAndrew White2018-02-193-39/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although the spec[1] is defined in such a way that a trailing semi-colon is valid it also doesn't allow a semi-colon by itself to indicate an empty policy. Therefore it's easier (and valid) just to omit it rather than to detect whether the policy is empty or not. [1]: https://www.w3.org/TR/CSP2/#policy-syntax
| * | | Don't accidentally create an empty CSPAndrew White2018-02-192-3/+33
| | | | | | | | | | | | | | | | | | | | | | | | Setting up the request environment was accidentally creating a CSP as a consequence of accessing the option - only set the instance variable if a block is passed.
| * | | Revert "Merge pull request #32045 from eagletmt/skip-csp-header"Andrew White2018-02-193-31/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 86f7c269073a3a9e6ddec9b957deaa2716f2627d, reversing changes made to 5ece2e4a4459065b5efd976aebd209bbf0cab89b. If a policy is set then we should generate it even if it's empty. However what is happening is that we're accidentally generating an empty policy when the initializer is commented out by default.
* | | | Merge pull request #32052 from rails/fix-country-zones-with-multiple-mappingsAndrew White2018-02-193-2/+31
|\ \ \ \ | |/ / / |/| | | Return all mappings for a timezone id in country_zones
| * | | Return all mappings for a timezone id in `country_zones`Andrew White2018-02-193-2/+31
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some timezones like `Europe/London` have multiple mappings in `ActiveSupport::TimeZone::MAPPING` so return all of them instead of the first one found by using `Hash#value`. e.g: # Before ActiveSupport::TimeZone.country_zones("GB") # => ["Edinburgh"] # After ActiveSupport::TimeZone.country_zones("GB") # => ["Edinburgh", "London"] Fixes #31668.
* | | Merge pull request #32051 from dixitp012/rubocop_single_spaceRyuta Kamizono2018-02-191-1/+1
|\ \ \ | | | | | | | | rubocop single space after assignment
| * | | rubocop single space after assignmentDixit Patel2018-02-191-1/+1
|/ / /
* | | Use the query cache when connection is already connectedyuuji.yaginuma2018-02-192-6/+17
| | | | | | | | | | | | Fixes #32021.
* | | Add stimulus to list of supported options for --webpackGuillermo Iguaran2018-02-181-1/+1
| | |
* | | Fix test method nameGuillermo Iguaran2018-02-181-1/+1
| | |
* | | Don't generate empty app/views folder when --api and --skip-action-mailer ↵Guillermo Iguaran2018-02-182-2/+23
| | | | | | | | | | | | | | | | | | | | | are used together The purpose of keeping app/views folder in API apps is that it's used for mailer views so doesn't makes sense to keep it when Action Mailer is skipped.
* | | Clean up reporter replacement a bit.Kasper Timm Hansen2018-02-182-29/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Don't use :: for class methods, we don't do that elsewhere. * Don't install a needless method on minitest. Prefer assigning the reporter anyway as that's what minitest does internally. * Don't bother opting out when the reporter ain't a Minitest::CompositeReporter. It's hardcoded: https://github.com/seattlerb/minitest/blob/005a3ba42c07d04797e2d00ac2c53e3be127c12f/lib/minitest.rb#L125 And overrides have to create delegate reporters: https://github.com/kern/minitest-reporters/blob/1018b1b42f34b01d4de179c8aad2fa06771fe9b0/lib/minitest/minitest_reporter_plugin.rb#L72
* | | Merge pull request #32045 from eagletmt/skip-csp-headerGuillermo Iguaran2018-02-183-5/+31
|\ \ \ | | | | | | | | Skip generating empty CSP header when no policy is configured
| * | | Skip generating empty CSP header when no policy is configuredKohei Suzuki2018-02-183-5/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `Rails.application.config.content_security_policy` is configured with no policies by default. In this case, Content-Security-Policy header should not be generated instead of generating the header with no directives. Firefox also warns "Content Security Policy: Couldn't process unknown directive ''".
* | | | Add a CHANGELOG entry for #31941 [ci skip]Ryuta Kamizono2018-02-191-0/+4
| | | |