| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \
| | | | |
| | | | | |
Update results of command in Testing guides [ci skip]
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Results of command in testing guides are different from actual ones.
* Updated them.
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
* Rewrite with Vanilla JS
* Confirmed with Chrome, Safari, Firefox
|
|\ \ \ \
| | | | |
| | | | | |
[ci skip] belongs_to in self join association needs optional: true, if it's over 5.0 ver of rails
|
| |/ / /
| | | |
| | | |
| | | | |
over 5.0 ver of rails
|
|\ \ \ \
| | | | |
| | | | | |
guides/testing: Pluralize controller and helper class names.
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
The Rails convention for controllers and helpers is plural, except where
intentionally singular. Pluralize the controller and helper class names,
to match convention.
|
|\ \ \ \
| |_|/ /
|/| | | |
Rails-ujs: Info about stoppable events
|
| |/ / |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add the `nonce: true` option for `javascript_include_tag` helper.
|
| | |/
| |/| |
|
|/ /
| |
| |
| | |
Calling this an MD5 implies that it is generated consistently based on some input.
However, this value is [completely random](https://github.com/rails/sprockets/blob/fbe6e450b6f25cf3ea494fcab0e34001d0b5a0b9/lib/sprockets/manifest_utils.rb#L11-L24).
|
|\ \
| | |
| | | |
Inclusive Language in Documentation Examples
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Add the reference to Rails Guides 5.2 from the Edge Guides
|
| |/
| |
| |
| | |
[ci skip]
|
|/ |
|
|
|
| |
Updated underground market prices according to the 2017 Symantec ISTR (was previously citing the 2008 report)
|
|
|
|
| |
The old link https://samy.pl/popular/tech.html is 404 not found.
|
|
|
|
|
|
| |
See https://github.com/rails/rails-docs-server/pull/8 for reason.
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want people to jump from the last release in the previous
series (4.2) straing to the first release in the current series that is
support (5.1), so we should be supporting the entire series for severe
security issues.
This will not be a problem because usually we only have 3 releases in a
series and backporting patches inside the same series is not harder than
backporting to a previous series.
|
|
|
|
| |
It is the last major release series.
|
| |
|
|
|
|
| |
* In 5.2 release note, added [securing rails app guide](http://edgeguides.rubyonrails.org/security.html#custom-credentials) link to [credentials section](http://edgeguides.rubyonrails.org/5_2_release_notes.html#credentials).
|
| |
|
|
|
|
| |
* refs #32420
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ActionView::Template instances compile their source to methods on the
ActionView::CompiledTemplates module. To prevent leaks in development
mode, where templates can frequently change, a finalizer is added that
undefines these methods[1] when the templates are garbage-collected.
This is undesirable in the test environment, however, as templates don't
change during the life of the test. Moreover, the cost of undefining a
method is proportional to the number of descendants a class or module
has, since the method cache must be cleared for all descendant classes.
As ActionView::CompiledTemplates is mixed into every
ActionView::TestCase (or in RSpec suites, every view spec example
group), it can end up with a very large number of descendants, and
undefining its methods can become very expensive.
In large test suites, this results in a long delay at the end of the
test suite as all template finalizers are run, only for the process to
then exit.
To avoid this unnecessary cost, this change adds a config option,
`action_view.finalize_compiled_template_methods`, defaulting to true,
and sets it to false in the test environment only.
[1] https://github.com/rails/rails/blob/09b2348f7fc8d4e7191e70e06608c5909067e2aa/actionview/lib/action_view/template.rb#L118-L126
|
|\
| |
| | |
Remove needless images in guides
|
| | |
|
|\ \
| |/
|/| |
[ci skip] Use Oxford comma style in guide
|
| | |
|
|/
|
|
|
|
|
| |
The text is a continuation of the sentence before the listing so
doesn't need to begin with a capital letter.
This reverts commit 77a7acafba11fccac8b4cf30a9ce62d43a9ac186.
|
|\
| |
| |
| |
| | |
yhirano55/capitalize_sentence_of_first_char_in_as_guide
[ci skip] Capitalize sentence of first char in AS guide
|
| | |
|
|\ \
| | |
| | | |
Add earlier releases v3.0, v3.1 in guides
|
| | | |
|
| |/
|/|
| |
| | |
* The twitter developer site's url was changed.
|
|\ \
| |/
|/| |
Deprecate controller level force_ssl
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Today there are two common ways for Rails developers to force their
applications to communicate over HTTPS:
* `config.force_ssl` is a setting in environment configurations that
enables the `ActionDispatch::SSL` middleware. With this middleware
enabled, all HTTP communication to your application will be redirected
to HTTPS. The middleware also takes care of other best practices by
setting HSTS headers, upgrading all cookies to secure only, etc.
* The `force_ssl` controller method redirects HTTP requests to certain
controllers to HTTPS.
As a consultant, I've seen many applications with misconfigured HTTPS
setups due to developers adding `force_ssl` to `ApplicationController`
and not enabling `config.force_ssl`. With this configuration, many
application requests can be served over HTTP such as assets, requests
that hit mounted engines, etc. In addition, because cookies are not
upgraded to secure only in this configuration and HSTS headers are not
set, it's possible for cookies that are meant to be secure to be sent
over HTTP.
The confusion between these two methods of forcing HTTPS is compounded
by the fact that they share an identical name. This makes finding
documentation on the "right" method confusing.
HTTPS throughout is quickly becomming table stakes for all web sites.
Sites are expected to operate over HTTPS for all communication,
sensitive or otherwise. Let's encourage use of the broader-reaching
`ActionDispatch::SSL` middleware and elminate this source of user
confusion. If, for some reason, applications need to expose certain
endpoints over HTTP they can do so by properly configuring
`config.ssl_options`.
|
|\ \
| | |
| | | |
Expose foreign key name ignore pattern in configuration
|
| | |
| | |
| | |
| | |
| | | |
This makes more sense, as the foreign key ignore pattern is only used by
the schema dumper.
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| |
| | | |
[ci skip] Update Action Mailer Documentation
|
| | |
| | |
| | | |
Remove superfluous repetition and place them in a common section. [ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If an explicit AWS key pair and/or region is not provided in
config/storage.yml, attempt to use environment variables, shared
credentials, or IAM role credentials. Order of precedence is
determined by the AWS SDK[1].
[1]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html
|
| | |
| | |
| | |
| | |
| | |
| | | |
- Add mention about "nonce".
Related to https://github.com/rails/rails/pull/32222#issuecomment-372268157
|