| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
AEAD encrypted cookies and sessions
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
| |
| |
| | |
Fixes #29247
|
| | |
|
|\ \
| | |
| | | |
Define path with __dir__
|
| |/
| |
| |
| |
| |
| | |
".. with __dir__ we can restore order in the Universe." - by @fxn
Related to 5b8738c2df003a96f0e490c43559747618d10f5f
|
|\ \
| | |
| | | |
Make `secrets:edit` run `secrets:setup` if it hasn't already.
|
| |/
| |
| |
| |
| |
| | |
Setup config/secrets.yml.enc with template contents for people to edit.
Then generate encryption key and encrypt the initial secrets.
|
| |
| |
| |
| | |
with it
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
Capybara 2.14.0 was released. Loosen the tight constraint in the
generated Gemfile, so that Rails applications can take advantage of the
new version
|
|
|
|
|
| |
Since `package.json` is created in root directory, it is appropriate to
create it in `create_root_files`.
|
|
|
|
|
| |
The `package.json` is created only if `skip_yarn` is not specified.
https://github.com/rails/rails/blob/a4c1282854795d1f0d7696ce1ccbabf94b3d9098/railties/lib/rails/generators/rails/app/app_generator.rb#L202..L204
|
|
|
|
|
|
| |
Import from https://github.com/rails/webpacker/pull/277.
Fixes https://github.com/rails/webpacker/issues/278
|
|
|
|
| |
The css selectors on the generated error pages are too broad (for example `text-align: center` on `body` and thus bleed out to the following pages (say, by pressing the back button) when using Turbolinks. This commit namespaces all the selectors.
|
|\
| |
| | |
Don't generate system test files if `skip_system_test` option is specified
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Allows users to not have remote forms by default, since there's
more JS harness, e.g. bundling rails-ujs, otherwise.
Also don't skip creating defaults file anymore. Sprockets isn't the only new config.
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
Follow up to #28546
|
|\
| |
| | |
make it clear how to enable caching
|
| | |
|
| |
| |
| | |
since this is a new change, many will be coming here to toggle the true/false config and not find it. This will allow them to quickly implement the change.
|
|\ \
| | |
| | |
| | |
| | | |
y-yagi/remove_unnecessary_files_to_api_applications_when_app_task_task_executed
Remove unnecessary files to API-only Applications when `app:task` task executed
|
| |/ |
|
|\ \
| | |
| | |
| | | |
Remove -j (--javascript) option from `rails new`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "-j" option was added 5 years ago (https://github.com/rails/rails/commit/d9c39c3a)
when we wanted to support prototype-rails and jquery-rails.
Prototype is not as popular and jQuery is not a requirement anymore.
Still the "-j" option can be used to install *any* gem that ends in "-rails".
This "might" open security issues and does not bring great benefits anymore.
If you know which "-rails"-ending gem you want to install, you can manually
add it to the Gemfile just like any other gem.
|
|\ \
| | |
| | | |
ignore system test gems on Gemfile when execute with --skip-test option
|
| |/ |
|
|/
|
|
|
|
| |
This is a follow up to a6d065e. When using `form_with` you must supply
field ids manually. Since the scaffold generator is using labels we
need to make sure that they are linked up properly.
|
|\
| |
| | |
List options for `rails new --webpack=WEBPACK`
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you type `rails new -h`, the `--database=DATABASE` options display
this useful message:
> Preconfigure for selected database (options: mysql/postgresql/sqlite3/oracle/frontbase/ibm_db/sqlserver/jdbcmysql/jdbcsqlite3/jdbcpostgresql/jdbc)
However, the `--webpack=WEBPACK` option only displays this:
> Preconfigure for app-like JavaScript with Webpack
so it's hard to know *which* values are valid for `WEBPACK`.
This commit improves the help message to display:
> Preconfigure for app-like JavaScript with Webpack (options: react/vue/angular)
The implication of this commit is that the list needs to be manually updated
whenever rails/webpacker adds support for a new framework.
However, I don't imagine this list to change very frequently, and I think that
the benefit of display the list to the users is greater than the hustle of
updating the list when needed.
|
|\ \
| |/
|/| |
Don't add a dummy API key to every new Rails app
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Every new Rails app is currently generated with
`Rails.application.secrets[:api_key]` set to `123`.
This comes from a line in `config/secrets.yml` that, in my opinion,
should be left commented out to only serve as a syntax example, rather
than being actually set in every Rails app.
Additionally, we might want to give a better example than `123`, since
in the same file we are suggesting to
> Make sure the secret is at least 30 characters and all random,
> no regular words or you'll be exposed to dictionary attacks.
The result of this commit is that `config/secrets.yml` will include something like:
```yaml
# Shared secrets are available across all environments.
# shared:
# api_key: f56930851993982510d5bd9236f4108f6fe7c15448f1c6923a51872e0dbae1a24d274b318abb6518b540dfb51079c61640885f607467e5ed1053849be7587d61
```
rather than this:
```yaml
# Shared secrets are available across all environments.
shared:
api_key: 123
```
|
|/
|
|
|
|
|
| |
This is necessary only when updating to Rails 5.0, it is not necessary
for updating to 5.1.
Related #24243
|
| |
|
|
|
|
| |
More intention revealing and means `f` can go F itself 😋
|
|\
| |
| |
| |
| | |
chukitow/feature/user-form-with-instead-of-form-for-scaffold
user form with instead of form for in scaffold generator
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Occasionally we update the file generated by engine.
Therefore, I think that there is a task for updating as well as
application in the engine, it is convenient for updating.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of forcing new applications to carry an initializer that just
switches things to what their default "should" be, we can handle it
internally.
The initializer is then only used by upgraders: it shows what the new
default would be (commented out), while their upgraded application
continues to operate as it did before.
Under this model, a multiply-upgraded application could accumulate
several new_framework_defaults_*.rb files, for each release series it
has traversed. A given release series only needs to generate the latest,
though, because we don't support `rails app:upgrade` while skipping
releases.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Capybara was updated in teamcapybara/capybara#1841 to use Minitest style
assertions so that system test output shows x number of assertions, x
numbe of failures, etc.
Before:
```
6 runs, 0 assertions, 0 failures, 0 errors, 0 skips
```
After:
```
6 runs, 7 assertions, 1 failures, 0 errors, 0 skips
```
This change bumps Capybara from 2.7.0 to 2.13.0 and includes the
required minitest assertion file in the test case. :tada:
|
|\
| |
| | |
Update `database.yml` when `rails new <new_app> -d oracle` specified
|