| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| | |
Add `//= require rails-ujs`
Closes #32094
|
| |
| |
| |
| |
| | |
- Do not generate `javascript_include_tag` if `--skip-javascript`
- Generate `<%= csp_meta_tag %>`. Related to #32018.
|
| |
| |
| |
| | |
`--skip-active-storage`
|
|\ \
| | |
| | | |
Add support for automatic nonce generation for Rails UJS
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because the UJS library creates a script tag to process responses it
normally requires the script-src attribute of the content security
policy to include 'unsafe-inline'.
To work around this we generate a per-request nonce value that is
embedded in a meta tag in a similar fashion to how CSRF protection
embeds its token in a meta tag. The UJS library can then read the
nonce value and set it on the dynamically generated script tag to
enable it to execute without needing 'unsafe-inline' enabled.
Nonce generation isn't 100% safe - if your script tag is including
user generated content in someway then it may be possible to exploit
an XSS vulnerability which can take advantage of the nonce. It is
however an improvement on a blanket permission for inline scripts.
It is also possible to use the nonce within your own script tags by
using `nonce: true` to set the nonce value on the tag, e.g
<%= javascript_tag nonce: true do %>
alert('Hello, World!');
<% end %>
Fixes #31689.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since #30241, if namepsace is specified, routes will be generated even
if there is no actions.
However, it seems that this behavior is not intentionally added behavior.
As with 5.1, routes should not be generated if actions are not specified.
Fixes #32072.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
are used together
The purpose of keeping app/views folder in API apps is that it's used for
mailer views so doesn't makes sense to keep it when Action Mailer is skipped.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Some places we can't remove because Ruby still don't have a method
equivalent to strip_heredoc to be called in an already existent string.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provides both a forked process and threaded parallelization options. To
use add `parallelize` to your test suite.
Takes a `workers` argument that controls how many times the process
is forked. For each process a new database will be created suffixed
with the worker number; test-database-0 and test-database-1
respectively.
If `ENV["PARALLEL_WORKERS"]` is set the workers argument will be ignored
and the environment variable will be used instead. This is useful for CI
environments, or other environments where you may need more workers than
you do for local testing.
If the number of workers is set to `1` or fewer, the tests will not be
parallelized.
The default parallelization method is to fork processes. If you'd like to
use threads instead you can pass `with: :threads` to the `parallelize`
method. Note the threaded parallelization does not create multiple
database and will not work with system tests at this time.
parallelize(workers: 2, with: :threads)
The threaded parallelization uses Minitest's parallel exector directly.
The processes paralleliztion uses a Ruby Drb server.
For parallelization via threads a setup hook and cleanup hook are
provided.
```
class ActiveSupport::TestCase
parallelize_setup do |worker|
# setup databases
end
parallelize_teardown do |worker|
# cleanup database
end
parallelize(workers: 2)
end
```
[Eileen M. Uchitelle, Aaron Patterson]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://github.com/rails/rails/pull/31957#issuecomment-364817423
The purpose of `--force` is not to have any prompt whether a file should
be kept or overwritten. In general, all existing files should be overwritten.
However, `config/master.key` is special because it is git-ignored, and
overwriting it will cause the app not to run (since there won't be a way
to decrypt the credentials).
As a result, it's probably better to keep the existing config/master.key.
|
| |
| |
| |
| |
| | |
Incompatible settings are included in the settings set by `load_defaults`.
So, I think that target version should be updated by a user when becomes
available, and should not be updated with `app:update`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to #30700 which ensures the `--quiet` option of `rails new`
is respected by the `MasterKeyGenerator` (missing from #30067).
Before this commit, running `rails new app --force` would still prompt the
user what to do with the conflict in `config/master.key`:
```
…
identical config/locales/en.yml
conflict config/master.key
Overwrite /Users/claudiob/Desktop/pizza/config/master.key? (enter "h" for help) [Ynaqdh]
```
After this commit, `config/master.key` is overwritten:
```
…
identical config/locales/en.yml
force config/master.key
append .gitignore
```
The newly added test generates an app and then generates it again with
`--force`. Without this commit, the test would just wait forever for user
input.
|
|\ \
| | |
| | | |
Remove warning from 4 years ago [ci skip]
|
| | |
| | |
| | |
| | |
| | | |
`config/initializers/assets.rb` has been a part of Rails apps since
Rails 4.2 (30b56084). This comment is probably unnecessary by now.
|
|/ /
| |
| |
| |
| | |
* Use heredoc with credentials template.
* Fix indentation for aws config
|
| |
| |
| |
| | |
These classes are internally used only.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Appropriate way to handle encrypted command is by `bin/rails credentials` and
`bin/rails encrypted`
It was displayed on `bin/rails generate` command:
```
Please choose a generator below.
Rails:
application_record
assets
channel
controller
encrypted_file
encryption_key_file
generator
...
```
|
| |
| |
| |
| |
| |
| |
| |
| | |
Before this patch, to be able to use webpacker and webconsole we were
defining an used default in the script-src policy. White we don't
implement the automatic nonce approach defined in
https://github.com/rails/rails/issues/31689 it is better to not have any
default configuration in Rails 5.2.
|
|\ \
| | |
| | |
| | | |
yarnpkg: correct exec syntax
|
|/ /
| |
| | |
Previous change didn’t expand this array of arguments
|
| |
| |
| |
| |
| |
| | |
Previously, the `bin/yarn` wrapper would "unquote" arguments to yarn like this:
`yarn run add-copyright "(c) 2017, 2018 MyCompany"`
That results in an ARGV of ['run', 'add-copyright', '(c) 2017, 2018 MyCompany'] in the yarn wrapper,
but a ARGV in the yarn executable of ['run', 'add-copyright', '(c)', '2017,', '2018', MyCompany']
|
|\ \
| | |
| | | |
Use dup'ed options hash
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Otherwise, at least using JRuby, the replacements in
convert_database_option_for_jruby won't work. Thus a call to
bundle exec rails app:update
fails. Simply replacing those replace statements doesn't seem to work
either, since the options hash seems to be frozen, too.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
koic/enable_autocorrect_for_lint_end_alignment_cop
Enable autocorrect for `Lint/EndAlignment` cop
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
### Summary
This PR changes .rubocop.yml.
Regarding the code using `if ... else ... end`, I think the coding style
that Rails expects is as follows.
```ruby
var = if cond
a
else
b
end
```
However, the current .rubocop.yml setting does not offense for the
following code.
```ruby
var = if cond
a
else
b
end
```
I think that the above code expects offense to be warned.
Moreover, the layout by autocorrect is unnatural.
```ruby
var = if cond
a
else
b
end
```
This PR adds a setting to .rubocop.yml to make an offense warning and
autocorrect as expected by the coding style.
And this change also fixes `case ... when ... end` together.
Also this PR itself is an example that arranges the layout using
`rubocop -a`.
### Other Information
Autocorrect of `Lint/EndAlignment` cop is `false` by default.
https://github.com/bbatsov/rubocop/blob/v0.51.0/config/default.yml#L1443
This PR changes this value to `true`.
Also this PR has changed it together as it is necessary to enable
`Layout/ElseAlignment` cop to make this behavior.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
bogdanvlviv/allow_false_for-config-generators-system_tests
Allow `false` for `config.generators.system_tests=`
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Mention `config.generators.system_tests` in
the "Configuring Rails Applications" guide.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit edc54fd2068bc21f0d381228e55d97e32f508923, reversing
changes made to a5922f132f4d163e2c7f770427087f5268c18def.
As discussed, this is not an appropriate place to make assumptions about
ARGV, or to write to stdout: config/boot.rb is a library and is required
by other applictions, with which we have no right to interfere.
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix comment about initializers to adapt to the fact
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the comment says application configuration should go into
files in `config/initializers`.
However some configuration couldn't initialize correctly because of the
initializing process(e.g. `config.time_zone`).
It should be changed by framework but this is large change and it may occur
malfunction to some applications which depends on current initializing
process.
So this comment is changed to adapt to the fact.
|
|\ \ \
| | | |
| | | | |
Use SHA-1 for non-sensitive digests by default
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Instead of providing a configuration option to set the hash function,
switch to SHA-1 for new apps and allow upgrading apps to opt in later
via `new_framework_defaults_5_2.rb`.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
alternative
Closes #31273 but we will still want to upgrade this to the
nonce-approach when it’s ready.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pg-1.0.0 is just released and most Gemfiles don't restrict
it's version. But the version is checked when connecting to
the database, which leads to the following error:
Gem::LoadError: can't activate pg (~> 0.18), already activated pg-1.0.0
See also this pg issue:
https://bitbucket.org/ged/ruby-pg/issues/270/pg-100-x64-mingw32-rails-server-not-start
Preparation for pg-1.0 was done in commit f28a331023fab,
but the pg version constraint was not yet relaxed.
|
|\ \ \
| |/ /
|/| | |
Don't include Active Storage migrations in new apps
|
| | |
| | |
| | |
| | | |
See #31315 for full discussion
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `app:update` rake task will regenerate `development.rb` so that it
contains this option; that means we're currently adding it to existing
apps in two places, which is unnecessary and confusing.
Also:
- Remove inaccurate comment about which stack frames are ignored
- Clarify that the feature uses `caller_locations`, not `caller`
- Remove unused return value in `extract_callstack`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Specifying the `--dev` option is when want to change the codebase,
as it is not necessary to cache it.
Context: https://github.com/rails/rails/pull/31485#issuecomment-352452653
|
|\ \ \
| | | |
| | | | |
Raise an error only when `require_master_key` is specified
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To prevent errors from being raise in environments where credentials
is unnecessary.
Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489
Fixes #31283
|
| | |
| | |
| | | |
Be consistent in comments when mentioning AES.
|
|/ /
| |
| |
| |
| |
| | |
`bootsnap` is a useful gem normally. However, `bootsnap` is unnecessary
when generating a Rails application to be used only for testing.
So I want to control whether use this or not by option.
|