| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Add the ability to set the CSP nonce only to the specified directives
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).
So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.
Fixes #35137.
|
|/
|
|
| |
The robots.txt site is moved permanently to https URL.
|
|
|
|
|
|
|
|
|
| |
I changed return value of `ActionDispatch::Response#content_type` in #36034.
But this change seems to an obstacle to upgrading. https://github.com/rails/rails/pull/36034#issuecomment-498795893
Therefore, I restored the behavior of `ActionDispatch::Response#content_type`
to 5.2 and deprecated old behavior. Also, made it possible to control the
behavior with the config.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it was only possible to specify the location of the pidfile
for the 'rails server' command with the '-P' flag. This adds support for
specifying the pidfile using a PIDFILE env var, which can still be
overridden by the '-P' flag and with the default pidfile path unchanged.
The motivation for this feature comes from using Docker to run multiple
instances of the same rails app. When developing a rails app with
Docker, it's common to bind-mount the rails root directory in the
running container, so that changes to files are shared between the
container and the host. However, this doesn't work so well with the
pidfile and it's necessary to (remember to) add a '-P' flag to the
'rails server' command line; being able to specify this flag using an
env var would make developing with Rails+Docker a bit simpler.
|
|
|
|
|
|
|
|
|
|
|
| |
We sometimes say "✂️ newline after `private`" in a code review (e.g.
https://github.com/rails/rails/pull/18546#discussion_r23188776,
https://github.com/rails/rails/pull/34832#discussion_r244847195).
Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style
`EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059).
That cop and enforced style will reduce the our code review cost.
|
| |
|
|
|
|
|
|
| |
This allows customize a default log file(e.g. `reopen`) by an application.
Fixes #32211.
|
| |
|
|
|
| |
Do not clear deprecated initializer dependencies if using classic autoloader
|
|
|
|
|
| |
At class level `:nodoc:` all elements are prevented. Instead, use
`:stopdoc:` / `:startdoc:` to make `after_bundle` appear.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
jbuilder 2.6.4 is the first version that relaxes the version constraint to allow
Rails 6. I also did some more tests in #25183, although not with 2.6.4
explicitly.
To simplify the version requirement, I went for 2.7.
https://github.com/rails/jbuilder/blob/v2.6.4/jbuilder.gemspec
https://github.com/rails/rails/issues/25183#issuecomment-494342406
|
|
|
|
|
|
| |
Fixes https://github.com/rails/rails/issues/36285.
Follow up of https://github.com/rails/rails/pull/36237.
|
|\
| |
| | |
Fix database loading when ERB is single line ternary
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
*sigh* this seems like the never ending bug. I don't love or even like
this fix but it does _work_.
Rafael suggested using `dummy_key: dummy_value` but unfortunately
that doesn't work. So we're left with checking whethere there might be
ternary type things in the content and then assuming that we want to
replace the line with a key value pair.
Technically fixes https://github.com/rails/rails/issues/36088
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
supported version
|
|\ \
| | |
| | |
| | |
| | | |
deivid-rodriguez/workaround_sass_rails_requirement
Use a better requirement for sass-rails 6 prereleases
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the behavior I naively expect for the operator when used with a
single digit, but it's definitely an edge case for it, and it doesn't
seem to work as expected for including prereleases.
Using >= works fine and make the intention more clear anyways.
|
|/ / |
|
|/ |
|
|
|
|
|
|
|
|
|
| |
The virtual attributes(`attachment` and `rich_text`) can't set value
with `fill_in`. So avoid using it. Once #35885 is merged, will be
modified to use it.
Also, add checking attachment attached or not for avoiding
`DelegationError` when attachment didn't attach.
|
| |
|
| |
|
|
|
|
| |
- Refs https://github.com/Shopify/bootsnap/pull/257
|
| |
|
|\
| |
| | |
Remove action_controller.perform_caching from api app's configs
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested in https://github.com/rails/rails/issues/35602#issuecomment-485833483, because we don't provide view caching and doesn't include `ActionController::Caching` for api apps, we should also avoid generating
```ruby
config.action_controller.perform_caching = true
```
for those api apps. So it won't confuse people.
**But because `perform_caching` will be `true` if not set, the behavior of the app would still be the same without these configs.**
|
|\ \
| |/
|/| |
Resurrect external JS/CS generation
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
[Matilda Smeds & Xavier Noria]
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
- Also deprecate passing {required} to the model generator.
- Also made sure the global config `belongs_to_required_by_default` is
applied correctly to the model generator for `null: false` option.
|
|\ \
| | |
| | | |
Introduce Actionable Errors
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
$ rails --help > tmp/before
$ bundle update rails
...
$ rails --help > tmp/after
$ diff -u tmp/before tmp/after
--- tmp/before 2019-04-19 00:12:08.000000000 -0700
+++ tmp/after 2019-04-19 00:14:55.000000000 -0700
@@ -52,7 +52,6 @@
db:version
destroy
dev:cache
- dev:help
encrypted:edit
encrypted:show
initializers
```
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`bin/setup` and `bin/update` are currently almost the same file. The
only thing that keeps them apart is that one is running `bin/rails
db:setup` and the other `bin/rails db:migrate`.
I'm suggesting here that they should be a unique script, which needs to
be idempotent.
- New to a project, need to get started? `bin/setup`
- Need to install new dependencies that were added recently? `bin/setup`.
Before deprecating `bin/update`, I'm suggesting we just have it call
`bin/setup`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cache versioning enables the same cache key to be reused when the object
being cached changes by moving the volatile part of the cache key out of
the cache key and into a version that is embedded in the cache entry.
This is already occurring when the object being cached is an
`ActiveRecord::Base`, but when caching an `ActiveRecord::Relation`
we are currently still putting the volatile information (max updated at
and count) as part of the cache key.
This PR moves the volatile part of the relations `cache_key` into the
`cache_version` to support recycling cache keys for
`ActiveRecord::Relation`s.
|
| | |
|
|\ \
| | |
| | | |
Notes tags registration
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
See rationale in the warning message included in the patch.
|