| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Instead of providing a configuration option to set the hash function,
switch to SHA-1 for new apps and allow upgrading apps to opt in later
via `new_framework_defaults_5_2.rb`.
|
|
|
|
|
|
|
| |
Before Rails 4.0, `config.cache_classes` determined whether application
code was eager loaded. The `config.eager_load` option was introduced to
allow the two behaviours to be configured independently, but this
documentation was never updated to reflect that change.
|
|
|
|
|
|
|
|
|
| |
To prevent errors from being raise in environments where credentials
is unnecessary.
Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489
Fixes #31283
|
|
|
|
|
| |
This will keep the behavior of an application with the defaults of a 4.2
or 5.0 application behaving the same when upgrading to 5.2.
|
|
|
|
| |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
|
|
|
| |
When load `5.1` config, `form_with_generates_remote_forms` is set.
https://github.com/rails/rails/blob/89a209f1abba5a2320d31c4898dea150c0abd0c0/railties/lib/rails/application/configuration.rb#L86
|
|
|
|
|
| |
When the defaults being loaded are the 5.0 or 5.1 we disable generation
of ids with form_with.
|
|
|
|
|
|
|
|
|
|
| |
When `form_with` was introduced we disabled the automatic
generation of ids that was enabled in `form_for`. This usually
is not an good idea since labels don't work when the input
doesn't have an id and it made harder to test with Capybara.
You can still disable the automatic generation of ids setting
`config.action_view.form_with_generates_ids` to `false.`
|
|
|
|
| |
This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Abstract boolean serialization has been using 't' and 'f', with MySQL
overriding that to use 1 and 0.
This has the advantage that SQLite natively recognizes 1 and 0 as true
and false, but does not natively recognize 't' and 'f'.
This change in serialization requires a migration of stored boolean data
for SQLite databases, so it's implemented behind a configuration flag
whose default false value is deprecated. The flag itself can be
deprecated in a future version of Rails. While loaded models will give
the correct result for boolean columns without migrating old data,
where() clauses will interact incorrectly with old data.
While working in this area, also change the abstract adapter to use
`"TRUE"` and `"FALSE"` as quoted values and `true` and `false` for
unquoted. These are supported by PostreSQL, and MySQL remains
overriden.
|
|
|
|
|
|
|
|
| |
Rather than protecting from forgery in the generated
ApplicationController, add it to ActionController::Base by config. This
configuration defaults to false to support older versions which have
removed it from their ApplicationController, but is set to true for
Rails 5.2.
|
| |
|
| |
|
|
|
|
| |
- Introduce a method to select default cipher, and maintain backward compatibility
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
|
|
|
|
| |
environments
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, `read_encrypted_secrets` is set with initializer.
Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false,
so can not get the value of `secrets.yml.enc`.
In order to be able to refer to secrets in config, modified to refer to
`config.read_encrypted_secrets` when calling `secrets`.
Fixes #28618.
|
|
|
|
|
|
|
|
| |
Since 4.2 the default log level in production is now debug. We removed
the deprecation in c2e865849beadd99866e521a93d733da7d1b5255
but we don't reflected the default value. We are not appling it.
Closes #28558
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can not check correctly with `defined?`
```ruby
irb(main):001:0> Rails.application.config.active_record
=> {:maintain_test_schema=>true, :belongs_to_required_by_default=>true}
irb(main):002:0> defined?(Rails.application.config.active_record)
=> nil
```
Follow up to #28469
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of forcing new applications to carry an initializer that just
switches things to what their default "should" be, we can handle it
internally.
The initializer is then only used by upgraders: it shows what the new
default would be (commented out), while their upgraded application
continues to operate as it did before.
Under this model, a multiply-upgraded application could accumulate
several new_framework_defaults_*.rb files, for each release series it
has traversed. A given release series only needs to generate the latest,
though, because we don't support `rails app:upgrade` while skipping
releases.
|
| |
|
| |
|
| |
|
|\
| |
| | |
Fully initialize routes before the first request is handled
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`AD::Journey::GTG::Simulator` is lazily built the first time
`Journey::Router#find_routes` is invoked, which happens when
the first request is served.
On large applications with many routes, building the simulator
can take several hundred milliseconds (~700ms for us).
Triggering this initialization during the boot process reduces
the impact of deploys on the application response time.
|
| |
| |
| |
| | |
(I personally prefer writing one string in one line no matter how long it is, though)
|
|\ \
| |/
|/| |
remove unused requires
|
| |
| |
| |
| | |
Related to 0129ca2eeb6d5b2ea8c6e6be38eeb770fe45f1fa, f7782812f7e727178e4a743aa2874c078b722eef, f9ed83321ac1d1902578a0aacdfe55d3db754219
|
|/
|
|
| |
than a ruby encoding
|
|
|
|
| |
Actually, private methods cannot be called with `self.`, so it's not just redundant, it's a bad habit in Ruby
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
We want the actual order to be very predictable, so it's rightly defined
in code -- not with an on-the-fly tsort.
But we can do the tsort here, and then verify that it matches the
implemented ordering. This way we don't leave future readers guessing
which parts of the ordering are deliberate and which are arbitrary.
|
| |
|
|
|
|
|
|
|
|
|
| |
A few have been left for aesthetic reasons, but have made a pass
and removed most of them.
Note that if the method `foo` returns an array, `foo << 1`
is a regular push, nothing to do with assignments, so
no self required.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
| |
This commit suppressed
`warning: instance variable @session_store not initialized`.
e5a6f7ee9e951dbe0e4e9ea2c0743b4dfb135c57 introduced these
warnings.
|
|\
| |
| |
| | |
Setup default session store internally, no longer through an initializer
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
initializer
- By default the session store will be set to cookie store with
application name as session key.
- Older apps are not affected as they will have the session store
initializer generated by Rails in older versions, and Rails will not
overwrite the session store if it is already set or disabled.
- But new apps will not have the initializer, instead the session store
will be set to cookie store by default.
- Based on comment by DHH here - https://github.com/rails/rails/issues/25181#issuecomment-222312764.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
set to activerecord session store
- Use keyword args as it is possible to use them now.
- The error message for activerecord-session_store gem was added in 1807384.
- But it was added for a code path which gets called when we try to
**access** the session store, not when we **set** it.
- So the test expecting the exception started failing because now the
session store is set via railtie again **after** setting it first with
:active_record_store in the test.
- As the error is not raised while setting the store to
:active_record_store, the store gets overwritten by railtie and when
we access it via `session_store` while building the default middleware
stack, the exception is not raised.
- This commit moves the code for raising the exception to the path where
we try to set the store.
|
|/
|
|
|
|
|
|
|
|
|
| |
by Rails
- We need to ability to check whether the session store it is set or
not so that we can set it ourselves in an internal initializer.
- We can't rely on return value of `config.session_store` as it can
return `nil` when set to `disabled` and we will accidentally override it
and set to default cookie store.
- So introduced new method which just tells us whether it is set or not.
|
| |
|
|
|
|
|
|
|
| |
This will fix the failures fixed by
41488adbb89a09fa96188486f8414842ff28c848
and keep this new option that is semi-private
outside of the generated configurations
|
|
|
|
|
|
|
|
| |
This will make easier to applications that rely on having const_missing
hooks in production upgrade to Rails 5.
This option is going to be remove in the future and the default behavior
will be to disable the dependency loading.
|
|
|
|
|
|
|
|
| |
The /rails/info routes were inaccessible in apps with a catch-all
globbing route, as they were being appended after the globbing route and
would never be matched.
See also ccc3ddb7762bae0df7e2f8d643b19b6a4769d5be.
|
|
|
|
| |
http://edgeguides.rubyonrails.org/api_documentation_guidelines.html#english
|