| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
If `SECRET_KEY_BASE` or other `secret` gets passed as other then string
we need to raise `ArgumentError` to know that it's a wrong argument.
Closes #22072
|
|\ |
|
| | |
|
| | |
|
|/
|
|
|
| |
We shouldn't merge the app middleware in to the config middleware for
engines.
|
|
|
|
|
|
|
|
|
| |
Stems from https://github.com/rails/rails/pull/20105#issuecomment-100900939
where @senny said:
> From my point of view, all the docs (guides, API) are version bound.
> They should describe that version and continue to be available when newer versions are released.
> The cross referencing can be done by the interested user.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Removing `#build_original_fullpath` because it is no longer
used by the Rails' source code or called in the `#call` method becasue
the previous commit now uses `fullpath` from Rack.
The method was nodoc'ed so it's safe to remove.
NOTE: I did this as a separate commit so if this does cause a problem
with engines etc reverting is easy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Rack, `#fullpath` checks if there is a query string and builds the
query correctly:
```
def path
script_name + path_info
end
def fullpath
query_string.empty? ? path : "#{path}?#{query_string}"
end
```
We can utilize this instead of manually building the fullpath because
they are the same result. This also reduces allocations in `#call`
because we don't need `build_original_fullpath` to create the paths and
query strings. We don't need to build `fullpath` twice.
|
|
|
|
|
|
| |
* Fix a few typos
* Wrap some lines around 80 chars
* Rephrase some statements
|
| |
|
|
|
|
|
| |
A special `if` statement to support `Psych` for Ruby < 2.0 can be
dropped now that Rails requires Ruby >= 2.0.
|
| |
|
|
|
|
| |
Just prefer secrets over config
|
|\
| |
| |
| | |
Allow fallback to LegacyKeyGenerator when secret_key_base is not set but secrets.secret_token is
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
|/ |
|
|
|
|
| |
This seems to be the style settled on in most of the templates.
|
|
|
|
|
|
|
| |
When copying migrations some engines might depend on schema from other
engine so we can't blindly reverse all railties collection as that would
affect the order they were originally loaded. This patch helps to only
apply the order from engines specified in `railties_order`
|
|
|
|
|
|
| |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
| |
|
| |
|
|
|
|
| |
this means we can meaningfully override methods in the subclass
|
|
|
|
|
| |
This is a convenience for loading configuration for the current Rails
environment.
|
|
|
|
| |
This PR fixes #8930 and some stuff from #8985
|
|
|
|
|
|
|
| |
Like rake tasks and runner blocks these blocks should also being shared
between applications since they are stored at the classes.
Fixes #14748
|
|
|
|
| |
Fixes #14620
|
| |
|
|
|
|
|
|
|
|
| |
In 1.9, it doesn't live in its own file, so we'll have to define it
ourselves.
Check RUBY_VERSION, instead of rescuing the require, because we want
this to break if `psych/y` moves in a future Ruby release.
|
|\
| |
| | |
Cookies serializer improvements
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the error was:
```
RuntimeError: You must set secret_key_base in your app's config
```
Will now be:
```
RuntimeError: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml`
```
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
It is an application global verifier that can be used to generate and
verify signed messages.
See the documentation of ActiveSupport::MessageVerifier for more
information.
|
| |
|
| |
|