aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #32444 from matrinox/fix-return-response-mutation-rack-loggerRafael Mendonça França2018-04-041-3/+3
|\ | | | | | | Stop mutating body response
| * Stop mutating body responseGeoff Lee2018-04-031-3/+3
| | | | | | | | | | | | If @app.call returns an object that is saved (for e.g., in a constant), the mutation results in a continuing cycle of wrapping the body in Rack::BodyProxy, eventually leading to SystemStackError ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ On branch fix-return-response-mutation-rack-logger - Tue 3 Apr 2018 19:54:28 PDT by Geoff Lee <geoff.lee@lendesk.com>
* | Add missing dots at the end of comments in environment file templatesbogdanvlviv2018-04-033-7/+7
|/ | | | Add dots in order to keep consistency between other comments in these files.
* Add `action_view.finalize_compiled_template_methods` config optionSimon Coffey2018-04-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | ActionView::Template instances compile their source to methods on the ActionView::CompiledTemplates module. To prevent leaks in development mode, where templates can frequently change, a finalizer is added that undefines these methods[1] when the templates are garbage-collected. This is undesirable in the test environment, however, as templates don't change during the life of the test. Moreover, the cost of undefining a method is proportional to the number of descendants a class or module has, since the method cache must be cleared for all descendant classes. As ActionView::CompiledTemplates is mixed into every ActionView::TestCase (or in RSpec suites, every view spec example group), it can end up with a very large number of descendants, and undefining its methods can become very expensive. In large test suites, this results in a long delay at the end of the test suite as all template finalizers are run, only for the process to then exit. To avoid this unnecessary cost, this change adds a config option, `action_view.finalize_compiled_template_methods`, defaulting to true, and sets it to false in the test environment only. [1] https://github.com/rails/rails/blob/09b2348f7fc8d4e7191e70e06608c5909067e2aa/actionview/lib/action_view/template.rb#L118-L126
* Merge pull request #32065 from ↵Kasper Timm Hansen2018-04-023-121/+130
|\ | | | | | | | | sikachu/move-SourceAnnotationExtractor-under-rails-namespec Move SourceAnnotationExtractor under Rails module
| * Add deprecation note for SourceAnnotationExtractorPrem Sichanugrist2018-03-221-0/+7
| |
| * Make Annotation into a proper classPrem Sichanugrist2018-03-221-1/+1
| | | | | | | | | | This cleans up the documentation for SourceAnnotationExtractor because RDoc does not seems to know how to parse `Struct.new() do` block.
| * Move SourceAnnotationExtractor under Rails modulePrem Sichanugrist2018-03-223-121/+123
| | | | | | | | This class should be under Rails module as it belongs to Rails.
* | Deriving `secret_key_base` breaks `key_generator` defined in 5.1.Yoshiyuki Kinjo2018-03-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | If one created Rails 5.1 app and then updated to 5.2, `secret_key_base` defined in `config/secrets.yml` is ignored for `development` and `test` environment. A change in `secret_key_base` in turn breaks `Rails.application.key_generator`. If one encrypt data in Rails 5.1, she cannot decrypt it in Rails 5.2 for `development` and `test` environment.
* | Remove unnecessary line break and quotesyuuji.yaginuma2018-03-301-2/+2
| |
* | Fix "--frozen-lockfile" argument used in yarn install rake taskGuillermo Iguaran2018-03-291-1/+1
| | | | | | --frozen-lockfile is the right name of the argument
* | Merge pull request #32289 from gsamokovarov/did-you-mean-suggestionsGuillermo Iguaran2018-03-293-52/+9
|\ \ | | | | | | Use `did_you_mean` spell checker for option suggestions
| * | Use `did_you_mean` spell checker for option suggestionsGenadi Samokovarov2018-03-233-52/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we require Ruby over `2.3`, we can replace the current suggestion methods we have with tooling from the `did_you_mean` gem. There is a small user visible change and this is that we now offer a single suggestion for misspelled options. We are suggesting fixes during generator invocation and during a mistyped rails server rack handler. In both cases, if we don't make a proper prediction on the first match, we won't do so in the second or third one, so in my mind, this is okay.
* | | Merge pull request #32243 from maschwenk/patch-2Guillermo Iguaran2018-03-291-1/+1
|\ \ \ | | | | | | | | [Webpack] Raise an error when lockfile diff is generated
| * | | Raise an error when lockfile diff is generatedMax Schwenk2018-03-131-1/+1
| | | | | | | | | | | | https://yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile
* | | | Compare ruby version with correct wayShia2018-03-291-1/+1
| | | |
* | | | Merge pull request #32274 from eileencodes/part-1-add-rake-tasks-for-multi-dbEileen M. Uchitelle2018-03-261-0/+12
|\ \ \ \ | |_|_|/ |/| | | Part 1 Easy Multi db in Rails: Add basic rake tasks for multi db setup
| * | | Refactor configs_for and friendseileencodes2018-03-211-0/+12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moves the configs_for and DatabaseConfig struct into it's own file. I was considering doing this in a future refactoring but our set up forced me to move it now. You see there are `mattr_accessor`'s on the Core module that have default settings. For example the `schema_format` defaults to Ruby. So if I call `configs_for` or any methods in the Core module it will reset the `schema_format` to `:ruby`. By moving it to it's own class we can keep the logic contained and avoid this unfortunate issue. The second change here does a double loop over the yaml files. Bear with me... Our tests dictate that we need to load an environment before our rake tasks because we could have something in an environment that the database.yml depends on. There are side-effects to this and I think there's a deeper bug that needs to be fixed but that's for another issue. The gist of the problem is when I was creating the dynamic rake tasks if the yaml that that rake task is calling evaluates code (like erb) that calls the environment configs the code will blow up because the environment is not loaded yet. To avoid this issue we added a new method that simply loads the yaml and does not evaluate the erb or anything in it. We then use that yaml to create the task name. Inside the task name we can then call `load_config` and load the real config to actually call the code internal to the task. I admit, this is gross, but refactoring can't all be pretty all the time and I'm working hard with `@tenderlove` to refactor much more of this code to get to a better place re connection management and rake tasks.
* / | Support mysql2 0.4.x and 0.5.xAaron Stone2018-03-201-1/+1
|/ /
* | Merge pull request #32271 from eileencodes/fix-three-tier-default-connectionEileen M. Uchitelle2018-03-161-1/+1
|\ \ | |/ |/| Fix default connection handling with three-tier config
| * Switch dbconsole config loader checkeileencodes2018-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In a three-tier config environment `configurations[environment].presence` will return `{ :primary => { :key => value, :key => value }, :secondary => { :key => value, :key => value} }, which means it's not given a single config to connect to. If we flip these however it will connect to primary because that's the default connection, and on a two tier it will be `nil` so the code will select the connection from the configurations rather than the connection.
* | Rely on Rails::Command's help output.Kasper Timm Hansen2018-03-131-15/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We end up with: ``` Usage: bin/rails routes [options] Options: -c, [--controller=CONTROLLER] # Filter by a specific controller, e.g. PostsController or Admin::PostsController. -g, [--grep=GREP] # Grep routes by a specific pattern. -E, [--expanded], [--no-expanded] # Print routes expanded vertically with parts explained. ``` which does miss the bit about routes being printed in order. Also: * Renames options to ease help output readability, then clarifies each option. * Fixes a bunch of indentation.
* | Extract details to methods to clarify command.Kasper Timm Hansen2018-03-131-8/+12
| |
* | Introduce `ActionDispatch::Routing::ConsoleFormatter::Base`bogdanvlviv2018-03-131-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Create `Base` and inherit `Sheet` and `Expanded` in order to - prevent code duplication. - Remove trailing "\n" for components of `Expanded`. - There is no need for `Expanded#header` to return `@buffer` so return `nil` instead. - Change `no_routes` message "No routes were found for this controller" since if use `-g`, it sounds incorrect. - Display `No routes were found for this controller.` if apply `-c`. - Display `No routes were found for this grep pattern.` if apply `-g`. Related to #32130
* | Remove path option from AzureStorage configYuji Yaginuma2018-03-131-1/+0
| | | | | | | | Follow up of 309bb6c4d068b0d480681cf4ef1b90158527dfe5
* | Do not show unnecessary message during server startupyuuji.yaginuma2018-03-101-6/+5
|/ | | | | | | | | | | | | | | | | | | | Currently, `Exiting` is showed during server startup. ``` ./bin/rails s => Booting Puma => Rails 6.0.0.alpha application starting in development => Run `rails server --help` for more startup options Exiting Puma starting in single mode... * Version 3.11.2 (ruby 2.5.0-p0), codename: Love Song ``` This is because processing at server stop is passed as a block, and `Rack::Serve#start` receives a block and executes it during startup processing. https://github.com/rack/rack/blob/50db1ffdf8b98503fb7c6e6648622b5d7d78d58e/lib/rack/server.rb#L258 In order to avoid this, stop processing is passed as argument.
* Always yield a CSP policy instanceAndrew White2018-03-081-4/+2
| | | | | If the app has the CSP disabled globally allow a controller action to enable the policy for that request.
* Allow using inline style and script in the internal controllersyuuji.yaginuma2018-03-081-0/+13
| | | | | | | | | | We use inline style and script for the view held inside Rails like welcome page and mailer preview. Therefore, if inline is prohibited by CSP, they will not work properly. I think that this is not as expected.   For that reason, I have made it possible to use inline style and script regardless of application settings.
* Allow Capybara 3.x (#32151)Thomas Walpole2018-03-051-1/+1
|
* Merge pull request #32170 from koic/deprecate_safe_level_of_erb_new_in_ruby_2_6Ryuta Kamizono2018-03-051-1/+6
|\ | | | | Deprecate safe_level of `ERB.new` in Ruby 2.6
| * Deprecate safe_level of `ERB.new` in Ruby 2.6Koichi ITO2018-03-051-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### Summary In a Rails application using Ruby 2.6.0-dev, when running `bin/rails g migration` with `RUBYOPT=-w`, an ERB deprecation warnings will be displayed. ```console % ruby -v ruby 2.6.0dev (2018-03-03 trunk 62644) [x86_64-darwin17] % bin/rails -v Rails 6.0.0.alpha % RUBYOPT=-w bin/rails g migration create_foos (snip) /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing safe_level with the 2nd argument of ERB.new is deprecated. Do not use it, and specify other arguments as keyword arguments. /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing trim_mode with the 3rd argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, trim_mode: ...) instead. /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing eoutvar with the 4th argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, eoutvar: ...) instead. create db/migrate/20180304002144_create_foos.rb ``` This PR suppresses the above deprecation warnings in Ruby 2.6.0-dev. This warning is due to the interface of `ERB.new` will change from Ruby 2.6. > Add :trim_mode and :eoutvar keyword arguments to ERB.new. > Now non-keyword arguments other than first one are softly deprecated > and will be removed when Ruby 2.5 becomes EOL. [Feature #14256] https://github.com/ruby/ruby/blob/2311087b685e8dc0f21f4a89875f25c22f5c39a9/NEWS#stdlib-updates-outstanding-ones-only The following addresses are related Ruby's commit. https://github.com/ruby/ruby/commit/cc777d0 Also this PR will change `ERB.new` used in `tasks/release.rb`. ### Other Information This PR uses `ERB.version` to switch `ERB.new` interface. Because Rails 6 supports multiple Ruby versions (Ruby 2.4.1 or higher), it need to use the appropriate interface. Using `ERB.version` instead of `RUBY_VERSON` is based on the following patch. https://github.com/ruby/ruby/pull/1826 This patch is built into Ruby. https://github.com/ruby/ruby/commit/40db89c0934c23d7464d47946bb682b9035411f9
* | Fix "NameError: undefined local variable or method `host'"yuuji.yaginuma2018-03-051-1/+1
| | | | | | | | The `host` and `port` can't use this context.
* | Extract Rails::Command::SpellcheckerGenadi Samokovarov2018-03-044-41/+55
| |
* | Introduce explicit rails server handler optionGenadi Samokovarov2018-03-041-16/+72
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I mistype `rails server production` instead of `rails server -e production` expecting to lunch a server in the production environment all the time. However, the signature of `rails server --help` is: ``` Usage: rails server [puma, thin etc] [options] ``` This means that the `production` argument is being interpreted as a Rack server handler like Puma, Thin or Unicorn. Should we argue for the `rails server production`? I'm not sure of the reasons, but the `rails console production` behavior was deprecated in: https://github.com/rails/rails/pull/29358, so parity with the existing `rails console production` usage may not hold anymore. In any case, this PR introduces an explicit option for the Rack servers configuration. The option is called `--using` (or `-u` for short) to avoid the `rails server --server` tantrum. The new interface of `rails server` is: ``` Usage: rails server [using] [options] Options: -p, [--port=port] # Runs Rails on the specified port - defaults to 3000. -b, [--binding=IP] # Binds Rails to the specified IP - defaults to 'localhost' in development and '0.0.0.0' in other environments'. -c, [--config=file] # Uses a custom rackup configuration. # Default: config.ru -d, [--daemon], [--no-daemon] # Runs server as a Daemon. -e, [--environment=name] # Specifies the environment to run this server under (development/test/production). -u, [--using=name] # Specifies the Rack server used to run the application (thin/puma/webrick). -P, [--pid=PID] # Specifies the PID file. # Default: tmp/pids/server.pid -C, [--dev-caching], [--no-dev-caching] # Specifies whether to perform caching in development. [--early-hints], [--no-early-hints] # Enables HTTP/2 early hints. ``` As a bonus, if you mistype the server to use, you'll get an auto-correction message: ``` $ rails s tin Could not find handler "tin". Maybe you meant "thin" or "cgi"? Run `rails server --help` for more options. ```
* Merge pull request #32130 from benoittgt/rake-routes-compact-modeRafael França2018-02-281-1/+7
|\ | | | | Add "rails routes --expanded" mode
| * Add --expanded option to "rails routes"Benoit Tigeot2018-02-281-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using rails routes with small terminal or complicated routes it can be very difficult to understand where is the element listed in header. psql had the same issue, that's why they created "expanded mode" you can switch using `\x` or by starting psql with ``` -x --expanded Turn on the expanded table formatting mode. This is equivalent to the \x command. ``` The output is similar to one implemented here for rails routes: db_user-# \du List of roles -[ RECORD 1 ]---------------------------------------------- Role name | super Attributes | Superuser, Create role, Create DB Member of | {} -[ RECORD 2 ]---------------------------------------------- Role name | role Attributes | Superuser, Create role, Create DB, Replication Member of | {}
* | Fix `new_framework_defaults_6_0.rb`bogdanvlviv2018-02-271-1/+1
|/ | | | | | | | | `default_enforce_utf8` belongs to `config.action_view` Update info about `:skip_enforcing_utf8` since we can change default behavior via `config.action_controller.default_enforce_utf8` Related to #32125
* Merge pull request #32121 from benoittgt/move-rails-routes-to-rails-commandRafael França2018-02-273-32/+43
|\ | | | | Move rake routes task to rails command
| * Move rake routes task to rails commandBenoit Tigeot2018-02-273-32/+43
| | | | | | | | | | | | After a discussion with matthewd. It was mentioned that rake tasks need to be moved to rails command. See: https://github.com/rails/rails/issues/32117
* | Don't enforce UTF-8 by defaultAndrew White2018-02-274-31/+14
|/ | | | | | With the disabling of TLS 1.0 by most major websites, continuing to run IE8 or lower becomes increasingly difficult so default to not enforcing UTF-8 encoding as it's not relevant to other browsers.
* [ci skip] Spell out the full variable in generated code.Kasper Timm Hansen2018-02-241-1/+1
|
* Correctly set `content_security_policy_nonce_generator`yuuji.yaginuma2018-02-241-1/+1
| | | | | | | `content_security_policy_nonce_generator` specifies request as an argument when calling. https://github.com/rails/rails/blob/ddb7da8535b07f51b7a8f5e3062cc8ffbd4ff23b/actionpack/lib/action_dispatch/http/content_security_policy.rb#L100 So without this fix, will raise `ArgumentError` when start server.
* Improve generated file `app/assets/javascripts/application.js` of pluginbogdanvlviv2018-02-231-0/+1
| | | | | | Add `//= require rails-ujs` Closes #32094
* Merge pull request #32089 from bogdanvlviv/fix-plugin-generated-filesRafael França2018-02-222-2/+6
|\ | | | | Fix plugin generated files
| * Improve generated file `app/views/application.html.erb` of pluginbogdanvlviv2018-02-231-1/+5
| | | | | | | | | | - Do not generate `javascript_include_tag` if `--skip-javascript` - Generate `<%= csp_meta_tag %>`. Related to #32018.
| * Comment `require "active_storage/engine"` in `bin/rails` of plugin if ↵bogdanvlviv2018-02-231-1/+1
| | | | | | | | `--skip-active-storage`
* | Revert "Merge pull request #32075 from eileencodes/delete-default-configuration"eileencodes2018-02-221-1/+0
| | | | | | | | | | | | | | | | | | | | This reverts commit 16f279ebd474626577ced858e3626ac4535a33df, reversing changes made to 6c6a30a7c357ce1eafa093d77d2b08684fe50887. The config can be named anything, not just default (although all generated apps will be named default). We can't just delete configs that don't have a database because that will break three-tier configs. Oh well.
* | Revert "Reject empty database yamls"eileencodes2018-02-221-1/+1
|/ | | | | | | | | | | | This reverts commit 0979713abe2e22083e1beca01a1d113408c9ab36. I originally wanted to delete the default config but found out it can be called anything which means the code would blow up in unexpected ways. I thought "cool ill just delete the configs without dbs" and realized that totally 100% breaks the three-tier config. So I'm reverting this and the other commit.
* Merge pull request #32018 from rails/add-nonce-support-to-cspAndrew White2018-02-224-39/+45
|\ | | | | Add support for automatic nonce generation for Rails UJS
| * Add support for automatic nonce generation for Rails UJSAndrew White2018-02-194-39/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.