| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ActionView::Template instances compile their source to methods on the
ActionView::CompiledTemplates module. To prevent leaks in development
mode, where templates can frequently change, a finalizer is added that
undefines these methods[1] when the templates are garbage-collected.
This is undesirable in the test environment, however, as templates don't
change during the life of the test. Moreover, the cost of undefining a
method is proportional to the number of descendants a class or module
has, since the method cache must be cleared for all descendant classes.
As ActionView::CompiledTemplates is mixed into every
ActionView::TestCase (or in RSpec suites, every view spec example
group), it can end up with a very large number of descendants, and
undefining its methods can become very expensive.
In large test suites, this results in a long delay at the end of the
test suite as all template finalizers are run, only for the process to
then exit.
To avoid this unnecessary cost, this change adds a config option,
`action_view.finalize_compiled_template_methods`, defaulting to true,
and sets it to false in the test environment only.
[1] https://github.com/rails/rails/blob/09b2348f7fc8d4e7191e70e06608c5909067e2aa/actionview/lib/action_view/template.rb#L118-L126
|
|
|
|
|
| |
This makes more sense, as the foreign key ignore pattern is only used by
the schema dumper.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add section "Expiry in signed or encrypted cookie is now embedded in the cookies values"
to `master` since it should always be in the guides, not only for version 5.2.
Add info about `config.action_dispatch.use_authenticated_cookie_encryption`
to the "Configuring Rails Applications" guide.
It was committed straight to `5-2-stable` since we don't need this
functionality in 6.0. Related to b25fcbc074ea688765af62a163698d5449221a8c.
|
|
|
|
|
|
| |
With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
This was changed with 5d7b70f and 428939b.
|
| |
|
|
|
|
|
| |
Mention `config.generators.system_tests` in
the "Configuring Rails Applications" guide.
|
|
|
|
|
|
| |
Instead of providing a configuration option to set the hash function,
switch to SHA-1 for new apps and allow upgrading apps to opt in later
via `new_framework_defaults_5_2.rb`.
|
|
|
|
| |
configuring.md [ci skip]
|
|
|
|
|
| |
- Add mention about `config.active_record.internal_metadata_table_name`
- Add mention about `config.active_record.protected_environments`
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When `form_with` was introduced we disabled the automatic
generation of ids that was enabled in `form_for`. This usually
is not an good idea since labels don't work when the input
doesn't have an id and it made harder to test with Capybara.
You can still disable the automatic generation of ids setting
`config.action_view.form_with_generates_ids` to `false.`
|
|
|
| |
It was brought to my attention that the Rails guide suggests using filenames to ensure code load order, so I thought I would suggest a better alternative.
|
|
|
|
|
| |
Passing the environment's name as a regular argument is deprecated
in 48b249927375465a7102acc71c2dfb8d49af8309.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's become clear to me that the use case is still a bit muddy
and the upgrade path is going to be tough for people to figure
out.
This attempts at understanding it better through documentation,
but still needs follow up work.
[ Michael Coyne & Kasper Timm Hansen ]
|
|
|
|
|
|
| |
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
|
|
|
|
|
|
|
| |
Removes most mentions of secrets.secret_key_base and explains
credentials instead.
Also removes some very stale upgrade notices about Rails 3/4.
|
| |
|
|
|
|
|
|
|
| |
Should _probably_ be done across the board with all of our
documentation, but going to leave that for another time :)
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Abstract boolean serialization has been using 't' and 'f', with MySQL
overriding that to use 1 and 0.
This has the advantage that SQLite natively recognizes 1 and 0 as true
and false, but does not natively recognize 't' and 'f'.
This change in serialization requires a migration of stored boolean data
for SQLite databases, so it's implemented behind a configuration flag
whose default false value is deprecated. The flag itself can be
deprecated in a future version of Rails. While loaded models will give
the correct result for boolean columns without migrating old data,
where() clauses will interact incorrectly with old data.
While working in this area, also change the abstract adapter to use
`"TRUE"` and `"FALSE"` as quoted values and `true` and `false` for
unquoted. These are supported by PostreSQL, and MySQL remains
overriden.
|
|
|
|
|
|
|
|
| |
Rather than protecting from forgery in the generated
ApplicationController, add it to ActionController::Base by config. This
configuration defaults to false to support older versions which have
removed it from their ApplicationController, but is set to true for
Rails 5.2.
|
|
|
|
| |
which is always enabled now. Ref: https://github.com/rails/sprockets-rails/commit/655b93bffc6f51b96a7cc097f9010942693bfaae and https://github.com/rails/rails/pull/24070 . Fixes #29483 [ci skip] (#29484)
|
|\
| |
| |
| |
| | |
clupprich/remove-action-dispatch-callbacks-to-prepare-mention
Remove mentions of deprecated callbacks on ActionDispatch::Callbacks
|
| |
| |
| |
| |
| | |
ActionDispatch::Callbacks.to_prepare was removed in #27587
[ci skip]
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
config.time_zone is no longer in included in config/application.rb.
See 28dcadc0140dfdebe87d5e691fd709c0a9ae0bae.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The default digest class changed to SHA256 in sprockets 3.0.
Ref: https://github.com/sstephenson/sprockets/pull/647
|
| |
|
|
|
|
| |
This changed in c046660
|
|
|
|
|
|
| |
* Clarify the default behavior of log_formatter
Updates language to remove reference to production.rb and fix quoting
|
|
|
|
|
|
| |
ActionDispatch::ParamsParser class was removed in favor of
ActionDispatch::Http::Parameters so it is better to move the error
constant to the new class.
|
|
|
|
|
|
| |
When the initial evented monitor feature was written, the latest version of listen
was the 3.0.x series. Since then the listen project has moved on to the 3.1.x series.
This patch allows the use of the new versions.
|
|
|
|
| |
The default `cache_store` has changed in 8f0e0b6 to use `file_store`.
|
|\
| |
| | |
[ci skip] Simply formatting documents
|