| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Stop mutating body response
|
| |
| |
| |
| |
| |
| | |
If @app.call returns an object that is saved (for e.g., in a constant), the mutation results in a continuing cycle of wrapping the body in Rack::BodyProxy, eventually leading to SystemStackError
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
On branch fix-return-response-mutation-rack-logger - Tue 3 Apr 2018 19:54:28 PDT by Geoff Lee <geoff.lee@lendesk.com>
|
|/
|
|
| |
Add dots in order to keep consistency between other comments in these files.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ActionView::Template instances compile their source to methods on the
ActionView::CompiledTemplates module. To prevent leaks in development
mode, where templates can frequently change, a finalizer is added that
undefines these methods[1] when the templates are garbage-collected.
This is undesirable in the test environment, however, as templates don't
change during the life of the test. Moreover, the cost of undefining a
method is proportional to the number of descendants a class or module
has, since the method cache must be cleared for all descendant classes.
As ActionView::CompiledTemplates is mixed into every
ActionView::TestCase (or in RSpec suites, every view spec example
group), it can end up with a very large number of descendants, and
undefining its methods can become very expensive.
In large test suites, this results in a long delay at the end of the
test suite as all template finalizers are run, only for the process to
then exit.
To avoid this unnecessary cost, this change adds a config option,
`action_view.finalize_compiled_template_methods`, defaulting to true,
and sets it to false in the test environment only.
[1] https://github.com/rails/rails/blob/09b2348f7fc8d4e7191e70e06608c5909067e2aa/actionview/lib/action_view/template.rb#L118-L126
|
|\
| |
| |
| |
| | |
sikachu/move-SourceAnnotationExtractor-under-rails-namespec
Move SourceAnnotationExtractor under Rails module
|
| | |
|
| |
| |
| |
| |
| | |
This cleans up the documentation for SourceAnnotationExtractor because
RDoc does not seems to know how to parse `Struct.new() do` block.
|
| |
| |
| |
| | |
This class should be under Rails module as it belongs to Rails.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If one created Rails 5.1 app and then updated to 5.2,
`secret_key_base` defined in `config/secrets.yml` is ignored for
`development` and `test` environment.
A change in `secret_key_base` in turn breaks
`Rails.application.key_generator`.
If one encrypt data in Rails 5.1, she cannot decrypt it in Rails 5.2
for `development` and `test` environment.
|
| | |
|
| |
| |
| | |
--frozen-lockfile is the right name of the argument
|
|\ \
| | |
| | | |
Use `did_you_mean` spell checker for option suggestions
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that we require Ruby over `2.3`, we can replace the current
suggestion methods we have with tooling from the `did_you_mean` gem.
There is a small user visible change and this is that we now offer a
single suggestion for misspelled options. We are suggesting fixes during
generator invocation and during a mistyped rails server rack handler. In
both cases, if we don't make a proper prediction on the first match, we
won't do so in the second or third one, so in my mind, this is okay.
|
|\ \ \
| | | |
| | | | |
[Webpack] Raise an error when lockfile diff is generated
|
| | | |
| | | |
| | | | |
https://yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile
|
| | | | |
|
|\ \ \ \
| |_|_|/
|/| | | |
Part 1 Easy Multi db in Rails: Add basic rake tasks for multi db setup
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Moves the configs_for and DatabaseConfig struct into it's own file. I
was considering doing this in a future refactoring but our set up forced
me to move it now. You see there are `mattr_accessor`'s on the Core
module that have default settings. For example the `schema_format`
defaults to Ruby. So if I call `configs_for` or any methods in the Core
module it will reset the `schema_format` to `:ruby`. By moving it to
it's own class we can keep the logic contained and avoid this
unfortunate issue.
The second change here does a double loop over the yaml files. Bear with
me...
Our tests dictate that we need to load an environment before our rake
tasks because we could have something in an environment that the
database.yml depends on. There are side-effects to this and I think
there's a deeper bug that needs to be fixed but that's for another
issue. The gist of the problem is when I was creating the dynamic rake
tasks if the yaml that that rake task is calling evaluates code (like
erb) that calls the environment configs the code will blow up because
the environment is not loaded yet.
To avoid this issue we added a new method that simply loads the yaml and
does not evaluate the erb or anything in it. We then use that yaml to
create the task name. Inside the task name we can then call
`load_config` and load the real config to actually call the code
internal to the task. I admit, this is gross, but refactoring can't all
be pretty all the time and I'm working hard with `@tenderlove` to
refactor much more of this code to get to a better place re connection
management and rake tasks.
|
|/ / |
|
|\ \
| |/
|/| |
Fix default connection handling with three-tier config
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a three-tier config environment
`configurations[environment].presence` will return `{ :primary => {
:key => value, :key => value }, :secondary => { :key => value, :key =>
value} }, which means it's not given a single config to connect to.
If we flip these however it will connect to primary because that's the
default connection, and on a two tier it will be `nil` so the code will
select the connection from the configurations rather than the
connection.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We end up with:
```
Usage:
bin/rails routes [options]
Options:
-c, [--controller=CONTROLLER] # Filter by a specific controller, e.g. PostsController or Admin::PostsController.
-g, [--grep=GREP] # Grep routes by a specific pattern.
-E, [--expanded], [--no-expanded] # Print routes expanded vertically with parts explained.
```
which does miss the bit about routes being printed in order.
Also:
* Renames options to ease help output readability, then clarifies each option.
* Fixes a bunch of indentation.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Create `Base` and inherit `Sheet` and `Expanded` in order to
- prevent code duplication.
- Remove trailing "\n" for components of `Expanded`.
- There is no need for `Expanded#header` to return `@buffer` so return `nil` instead.
- Change `no_routes` message "No routes were found for this controller"
since if use `-g`, it sounds incorrect.
- Display `No routes were found for this controller.` if apply `-c`.
- Display `No routes were found for this grep pattern.` if apply `-g`.
Related to #32130
|
| |
| |
| |
| | |
Follow up of 309bb6c4d068b0d480681cf4ef1b90158527dfe5
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, `Exiting` is showed during server startup.
```
./bin/rails s
=> Booting Puma
=> Rails 6.0.0.alpha application starting in development
=> Run `rails server --help` for more startup options
Exiting
Puma starting in single mode...
* Version 3.11.2 (ruby 2.5.0-p0), codename: Love Song
```
This is because processing at server stop is passed as a block, and
`Rack::Serve#start` receives a block and executes it during startup processing.
https://github.com/rack/rack/blob/50db1ffdf8b98503fb7c6e6648622b5d7d78d58e/lib/rack/server.rb#L258
In order to avoid this, stop processing is passed as argument.
|
|
|
|
|
| |
If the app has the CSP disabled globally allow a controller action
to enable the policy for that request.
|
|
|
|
|
|
|
|
|
|
| |
We use inline style and script for the view held inside Rails like
welcome page and mailer preview.
Therefore, if inline is prohibited by CSP, they will not work properly.
I think that this is not as expected.
For that reason, I have made it possible to use inline style and script
regardless of application settings.
|
| |
|
|\
| |
| | |
Deprecate safe_level of `ERB.new` in Ruby 2.6
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
### Summary
In a Rails application using Ruby 2.6.0-dev, when running `bin/rails g migration`
with `RUBYOPT=-w`, an ERB deprecation warnings will be displayed.
```console
% ruby -v
ruby 2.6.0dev (2018-03-03 trunk 62644) [x86_64-darwin17]
% bin/rails -v
Rails 6.0.0.alpha
% RUBYOPT=-w bin/rails g migration create_foos
(snip)
/Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66:
warning: Passing safe_level with the 2nd argument of ERB.new is
deprecated. Do not use it, and specify other arguments as keyword
arguments.
/Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66:
warning: Passing trim_mode with the 3rd argument of ERB.new is
deprecated. Use keyword argument like ERB.new(str, trim_mode: ...)
instead.
/Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66:
warning: Passing eoutvar with the 4th argument of ERB.new is
deprecated. Use keyword argument like ERB.new(str, eoutvar: ...)
instead.
create db/migrate/20180304002144_create_foos.rb
```
This PR suppresses the above deprecation warnings in Ruby 2.6.0-dev.
This warning is due to the interface of `ERB.new` will change from Ruby 2.6.
> Add :trim_mode and :eoutvar keyword arguments to ERB.new.
> Now non-keyword arguments other than first one are softly deprecated
> and will be removed when Ruby 2.5 becomes EOL. [Feature #14256]
https://github.com/ruby/ruby/blob/2311087b685e8dc0f21f4a89875f25c22f5c39a9/NEWS#stdlib-updates-outstanding-ones-only
The following addresses are related Ruby's commit.
https://github.com/ruby/ruby/commit/cc777d0
Also this PR will change `ERB.new` used in `tasks/release.rb`.
### Other Information
This PR uses `ERB.version` to switch `ERB.new` interface. Because Rails 6
supports multiple Ruby versions (Ruby 2.4.1 or higher), it need to
use the appropriate interface.
Using `ERB.version` instead of `RUBY_VERSON` is based on the following patch.
https://github.com/ruby/ruby/pull/1826
This patch is built into Ruby.
https://github.com/ruby/ruby/commit/40db89c0934c23d7464d47946bb682b9035411f9
|
| |
| |
| |
| | |
The `host` and `port` can't use this context.
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I mistype `rails server production` instead of `rails server -e
production` expecting to lunch a server in the production environment
all the time. However, the signature of `rails server --help` is:
```
Usage:
rails server [puma, thin etc] [options]
```
This means that the `production` argument is being interpreted as a Rack
server handler like Puma, Thin or Unicorn.
Should we argue for the `rails server production`? I'm not sure of the
reasons, but the `rails console production` behavior was deprecated in:
https://github.com/rails/rails/pull/29358, so parity with the existing
`rails console production` usage may not hold anymore.
In any case, this PR introduces an explicit option for the Rack servers
configuration. The option is called `--using` (or `-u` for short) to
avoid the `rails server --server` tantrum.
The new interface of `rails server` is:
```
Usage:
rails server [using] [options]
Options:
-p, [--port=port] # Runs Rails on the specified port - defaults to 3000.
-b, [--binding=IP] # Binds Rails to the specified IP - defaults to 'localhost' in development and '0.0.0.0' in other environments'.
-c, [--config=file] # Uses a custom rackup configuration.
# Default: config.ru
-d, [--daemon], [--no-daemon] # Runs server as a Daemon.
-e, [--environment=name] # Specifies the environment to run this server under (development/test/production).
-u, [--using=name] # Specifies the Rack server used to run the application (thin/puma/webrick).
-P, [--pid=PID] # Specifies the PID file.
# Default: tmp/pids/server.pid
-C, [--dev-caching], [--no-dev-caching] # Specifies whether to perform caching in development.
[--early-hints], [--no-early-hints] # Enables HTTP/2 early hints.
```
As a bonus, if you mistype the server to use, you'll get an
auto-correction message:
```
$ rails s tin
Could not find handler "tin". Maybe you meant "thin" or "cgi"?
Run `rails server --help` for more options.
```
|
|\
| |
| | |
Add "rails routes --expanded" mode
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using rails routes with small terminal or complicated routes it can be
very difficult to understand where is the element listed in header. psql
had the same issue, that's why they created "expanded mode" you can
switch using `\x` or by starting psql with
```
-x
--expanded
Turn on the expanded table formatting mode. This is equivalent to the \x command.
```
The output is similar to one implemented here for rails routes:
db_user-# \du
List of roles
-[ RECORD 1 ]----------------------------------------------
Role name | super
Attributes | Superuser, Create role, Create DB
Member of | {}
-[ RECORD 2 ]----------------------------------------------
Role name | role
Attributes | Superuser, Create role, Create DB, Replication
Member of | {}
|
|/
|
|
|
|
|
|
|
| |
`default_enforce_utf8` belongs to `config.action_view`
Update info about `:skip_enforcing_utf8` since we can change default
behavior via `config.action_controller.default_enforce_utf8`
Related to #32125
|
|\
| |
| | |
Move rake routes task to rails command
|
| |
| |
| |
| |
| |
| | |
After a discussion with matthewd. It was mentioned that rake tasks need
to be moved to rails command.
See: https://github.com/rails/rails/issues/32117
|
|/
|
|
|
|
| |
With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.
|
| |
|
|
|
|
|
|
|
| |
`content_security_policy_nonce_generator` specifies request as an argument when calling.
https://github.com/rails/rails/blob/ddb7da8535b07f51b7a8f5e3062cc8ffbd4ff23b/actionpack/lib/action_dispatch/http/content_security_policy.rb#L100
So without this fix, will raise `ArgumentError` when start server.
|
|
|
|
|
|
| |
Add `//= require rails-ujs`
Closes #32094
|
|\
| |
| | |
Fix plugin generated files
|
| |
| |
| |
| |
| | |
- Do not generate `javascript_include_tag` if `--skip-javascript`
- Generate `<%= csp_meta_tag %>`. Related to #32018.
|
| |
| |
| |
| | |
`--skip-active-storage`
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 16f279ebd474626577ced858e3626ac4535a33df, reversing
changes made to 6c6a30a7c357ce1eafa093d77d2b08684fe50887.
The config can be named anything, not just default (although all
generated apps will be named default). We can't just delete configs that
don't have a database because that will break three-tier configs. Oh
well.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0979713abe2e22083e1beca01a1d113408c9ab36.
I originally wanted to delete the default config but found out it can
be called anything which means the code would blow up in unexpected
ways.
I thought "cool ill just delete the configs without dbs" and realized
that totally 100% breaks the three-tier config. So I'm reverting this
and the other commit.
|
|\
| |
| | |
Add support for automatic nonce generation for Rails UJS
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because the UJS library creates a script tag to process responses it
normally requires the script-src attribute of the content security
policy to include 'unsafe-inline'.
To work around this we generate a per-request nonce value that is
embedded in a meta tag in a similar fashion to how CSRF protection
embeds its token in a meta tag. The UJS library can then read the
nonce value and set it on the dynamically generated script tag to
enable it to execute without needing 'unsafe-inline' enabled.
Nonce generation isn't 100% safe - if your script tag is including
user generated content in someway then it may be possible to exploit
an XSS vulnerability which can take advantage of the nonce. It is
however an improvement on a blanket permission for inline scripts.
It is also possible to use the nonce within your own script tags by
using `nonce: true` to set the nonce value on the tag, e.g
<%= javascript_tag nonce: true do %>
alert('Hello, World!');
<% end %>
Fixes #31689.
|