| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Although the spec[1] is defined in such a way that a trailing semi-colon
is valid it also doesn't allow a semi-colon by itself to indicate an
empty policy. Therefore it's easier (and valid) just to omit it rather
than to detect whether the policy is empty or not.
[1]: https://www.w3.org/TR/CSP2/#policy-syntax
|
|
|
|
|
|
| |
Setting up the request environment was accidentally creating a CSP
as a consequence of accessing the option - only set the instance
variable if a block is passed.
|
|
|
|
|
|
|
|
|
| |
This reverts commit 86f7c269073a3a9e6ddec9b957deaa2716f2627d, reversing
changes made to 5ece2e4a4459065b5efd976aebd209bbf0cab89b.
If a policy is set then we should generate it even if it's empty.
However what is happening is that we're accidentally generating an
empty policy when the initializer is commented out by default.
|
|\
| |
| | |
rubocop single space after assignment
|
|/ |
|
|
|
|
| |
Fixes #32021.
|
| |
|
| |
|
|
|
|
|
|
|
| |
are used together
The purpose of keeping app/views folder in API apps is that it's used for
mailer views so doesn't makes sense to keep it when Action Mailer is skipped.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't use :: for class methods, we don't do that elsewhere.
* Don't install a needless method on minitest. Prefer assigning the
reporter anyway as that's what minitest does internally.
* Don't bother opting out when the reporter ain't a Minitest::CompositeReporter.
It's hardcoded: https://github.com/seattlerb/minitest/blob/005a3ba42c07d04797e2d00ac2c53e3be127c12f/lib/minitest.rb#L125
And overrides have to create delegate reporters:
https://github.com/kern/minitest-reporters/blob/1018b1b42f34b01d4de179c8aad2fa06771fe9b0/lib/minitest/minitest_reporter_plugin.rb#L72
|
|\
| |
| | |
Skip generating empty CSP header when no policy is configured
|
| |
| |
| |
| |
| |
| |
| |
| | |
`Rails.application.config.content_security_policy` is configured with no
policies by default. In this case, Content-Security-Policy header should
not be generated instead of generating the header with no directives.
Firefox also warns "Content Security Policy: Couldn't process unknown
directive ''".
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
3acc5d6 was changed the order of scope evaluation from through scope to
the association's own scope to be prioritized over the through scope.
But the sorting order will be prioritized that is evaluated first. It is
unintentional effect, association scope's sorting order should be
prioritized as well.
Fixes #32008.
|
|\ \
| |/
|/| |
Fix active_job_basics.md callbacks example [ci skip]
|
|/ |
|
|
|
|
|
|
| |
This reverts commit cf4f05a7d4a2051cf3593bc7c3a6a216e74e797a.
Since Rails 6 requires Ruby 2.4.1+.
|
|
|
|
|
| |
So `2.4` would match `2.4.1` (due to an rvm alias) rather than matching
the latest `2.4.3` release.
|
|
|
|
|
| |
This faithfully preserves grapheme clusters (characters composed of other
characters and combining marks) and other multibyte characters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
```ruby
"foo".freeze.strip_heredoc.frozen? # => true
```
Fixes the case where frozen string literals would inadvertently become
unfrozen:
```ruby
foo = <<-MSG.strip_heredoc
la la la
MSG
foo.frozen? # => false !??
```
|
|
|
|
|
|
| |
Prepare bug report templates for Rails 6.0 development
Add missing `require "active_support"` in `guides/bug_report_templates/generic_gem.rb`
|
| |
|
| |
|
|
|
| |
Fixes typos
|
|
|
|
|
|
| |
Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug.
References #32028
|
|
|
|
|
|
|
| |
Object#blank? used to be used in this file, but it's not anymore.
This avoids a monkey-patch, for those who want to use just this isolated
feature of ActiveSupport.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Global ignores at toplevel .gitignore
* Component-specific ignores in each toplevel directory
* Remove `actionview/test/tmp/.keep` for JRuby
```
rm actionview/test/tmp/ -fr
cd actionview/
bundle exec jruby -Itest test/template/digestor_test.rb
```
Related to #11743, #30392.
Closes #29978.
|
|
|
|
| |
Closes #31998
|
|
|
|
|
|
| |
Some attr_readers should be `protected` instead of `private`
See https://travis-ci.org/rails/rails/builds/342800276
|
|
|
|
| |
See https://github.com/ruby/ruby/blob/ruby_2_3/NEWS
|
|
|
|
| |
Rack::TemfileReaper in default middleware stack for API only apps
|
| |
|
| |
|
|\
| |
| | |
Fix custome serializer setting
|
| |
| |
| |
| |
| |
| |
| |
| | |
The serializer should be set up in `after_initialize` so that it work
properly even if the user specifies serializer with initializers.
Also, since `custom_serializers` is `Array`, it needs to be flattened
before setting the value.
|
| | |
|
| | |
|
| |
| |
| |
| | |
References 89bcca5
|
|\ \
| | |
| | | |
Use SuppressedSummaryReporter and Rails::TestUnitReporter only if needed
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix array routing constraints
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make sure that when transforming the keys of a HashWithIndifferentAccess
we can still access with indifferent access in Ruby 2.5.
Closes #32007.
|
|\ \ \ \
| | | | |
| | | | | |
Remove needless requiring 'active_support/core_ext/string/strip'
|
|/ / / / |
|
| | | |
| | | |
| | | |
| | | | |
References 89bcca59e91fa9da941de890012872e8288e77b0
|
|/ / /
| | |
| | |
| | | |
It seems to debug print.
|
| | |
| | |
| | |
| | |
| | | |
Some places we can't remove because Ruby still don't have a method
equivalent to strip_heredoc to be called in an already existent string.
|
| | | |
|
| | |
| | |
| | |
| | | |
Rails 6 will only support Ruby >= 2.3.
|