aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | Introduce a guard against DNS rebinding attacksGenadi Samokovarov2018-12-154-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ActionDispatch::HostAuthorization is a new middleware that prevent against DNS rebinding and other Host header attacks. By default it is included only in the development environment with the following configuration: Rails.application.config.hosts = [ IPAddr.new("0.0.0.0/0"), # All IPv4 addresses. IPAddr.new("::/0"), # All IPv6 addresses. "localhost" # The localhost reserved domain. ] In other environments, `Rails.application.config.hosts` is empty and no Host header checks will be done. If you want to guard against header attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" The host of a request is checked against the hosts entries with the case operator (#===), which lets hosts support entries of type RegExp, Proc and IPAddr to name a few. Here is an example with a regexp. # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << ".product.com"
* | Ruby can show a little bit more detailed info in shorter codeAkira Matsuda2018-12-151-1/+1
| | | | | | | | This follows up adb0c7bc5116e0f6020a4ec32b7e19ea8b26f1ec
* | http://localhost:3000/rails/info/properties shows more details for ease of ↵ujihisa2018-12-141-1/+1
| | | | | | | | | | | | bug reporting Hand-merging @ujihisa's ancient patch at https://lighthouseapp.com/projects/8994/tickets/3644
* | Do not show post install message on rails newRafael Mendonça França2018-12-131-4/+4
| |
* | Fix warning: shadowing outer local variable - attributeRyuta Kamizono2018-12-131-1/+1
| |
* | Merge pull request #34691 from gmcgibbon/rm_helper_generator_suffixRyuta Kamizono2018-12-131-0/+5
|\ \ | | | | | | | | | Remove redundant suffixes on generated helpers.
| * | Remove redundant suffixes on generated helpers.Gannon McGibbon2018-12-121-0/+5
| | |
* | | Remove redundant suffixes on generated integration tests.Gannon McGibbon2018-12-121-0/+6
|/ /
* | Fix boolean interaction in scaffold system testsGannon McGibbon2018-12-122-0/+13
| |
* | Remove redundant suffixes on generated system tests.Gannon McGibbon2018-12-111-0/+5
| |
* | Upgrade Rubocop to 0.61.1 and fix offensesVinicius Stock2018-12-101-16/+16
| |
* | Abort early if generator command fails (#34420)David Rodríguez2018-12-071-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * No need to go through ruby * Abort early if a generator command fails * Reuse `rails_command` method * Bump thor minimum dependency to 0.20.3 * Add some minimal docs * Add a changelog entry * Restore original logging
* | Improve deprecation message for enqueue returning falseRafael Mendonça França2018-12-051-0/+4
| | | | | | | | | | | | And make sure new applications in Rails 6.0 has this config enabled. Also, improve test coverage and add a CHANGELOG entry.
* | Merge pull request #33992 from kirs/enqueue-return-falseRafael França2018-12-051-0/+3
|\ \ | | | | | | Make AJ::Base#enqueue return false if the job wasn't enqueued
| * | Make AJ::Base#enqueue return false if the job wasn't enqueuedKir Shatrov2018-10-281-0/+3
| | |
* | | Merge pull request #33882 from ↵Rafael França2018-11-301-3/+5
|\ \ \ | | | | | | | | | | | | | | | | mberlanda/mberlanda/as-inheritable-options-intialization [Realties] config_for as ActiveSupport::OrderedOptions
| * | | chore: implement config_for as ActiveSupport::OrderedOptionsMauro Berlanda2018-10-191-3/+5
| | | |
* | | | Bump the minimum version of PostgreSQL to 9.3Yasuo Honda2018-11-252-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://www.postgresql.org/support/versioning/ - 9.1 EOLed on September 2016. - 9.2 EOLed on September 2017. 9.3 is also not supported since Nov 8, 2018. https://www.postgresql.org/about/news/1905/ I think it may be a little bit early to drop PostgreSQL 9.3 yet. * Deprecated `supports_ranges?` since no other databases support range data type * Add `supports_materialized_views?` to abstract adapter Materialized views itself is supported by other databases, other connection adapters may support them * Remove `with_manual_interventions` It was only necessary for PostgreSQL 9.1 or earlier * Drop CI against PostgreSQL 9.2
* | | | Homogenize rails help outputAlberto Almagro2018-11-191-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit 6567464bedd1e39ee7390da9484ba0caa7eb3e07 we homogenized rails commands with former rake tasks. We decided to display all commands at the same level and merged the list of commands displayed by `rails help`. We however forgot to actually merge the output in the command itself. This commit fixes that.
* | | | Merge pull request #34410 from gmcgibbon/test_support_windowsEileen M. Uchitelle2018-11-191-1/+1
|\ \ \ \ | | | | | | | | | | Windows support for parallelization and instrumenter
| * | | | Windows support for parallelization and instrumenterGannon McGibbon2018-11-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Add Windows support for `ActiveSupport::Testing::Parallelization` and `ActiveSupport::Notifications::Instrumenter`.
* | | | | Fix a method call in bin/setup fileNihad Abbasov2018-11-151-1/+1
| | | | | | | | | | | | | | | | | | | | Follow up to a725539de677adbea0ced19d65647e975dbd3f84
* | | | | Merge pull request #34400 from gmcgibbon/rm_autoload_app_javascriptsRafael França2018-11-132-10/+22
|\ \ \ \ \ | | | | | | | | | | | | Remove asset paths from autoload_paths
| * | | | | Remove asset paths from eager_load_paths and autoload_pathsGannon McGibbon2018-11-092-10/+22
| |/ / / / | | | | | | | | | | | | | | | | | | | | Remove `app/assets` and `app/javascript` from `eager_load_paths` and `autoload_paths`.
* / / / / add a nice alias for the --webpack optionAlessandro Rodi2018-11-131-2/+2
|/ / / /
* | | | Merge pull request #34387 from yhirano55/rails_info_properties_jsonRyuta Kamizono2018-11-072-2/+14
|\ \ \ \ | | | | | | | | | | Respond /rails/info/properties.json
| * | | | Add JSON support to rails properties route (`/rails/info/properties`).Yoshiyuki Hirano2018-11-072-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added json format, like this: { "Rails version": "6.0.0.alpha", "Ruby version": "2.5.1-p57 (x86_64-darwin17)", "RubyGems version": "2.7.6", "Rack version": "2.0.6", "JavaScript Runtime": "Node.js (V8)", "Middleware": ["Rack::Sendfile", "ActionDispatch::Static", "ActionDispatch::Executor", "ActiveSupport::Cache::Strategy::LocalCache::Middleware", "Rack::Runtime", "Rack::MethodOverride", "ActionDispatch::RequestId", "ActionDispatch::RemoteIp", "Sprockets::Rails::QuietAssets", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "WebConsole::Middleware", "ActionDispatch::DebugExceptions", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::Migration::CheckPending", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ContentSecurityPolicy::Middleware", "Rack::Head", "Rack::ConditionalGet", "Rack::ETag", "Rack::TempfileReaper"], "Application root": "/path/to/app", "Environment": "development", "Database adapter": "sqlite3", "Database schema version": 0 }
* | | | | Add `connect_src` example to content security policy initializeryuuji.yaginuma2018-11-041-0/+4
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If want to use `webpack-dev-server` with CSP enabled, need to specify `connect-src`. Related to: https://github.com/rails/webpacker/commit/cd7ecf4d48496341aecd81c0c2f69fe4e50a7cd4 This is a matter of `webpacker`. But since `webpacker` is now used by default, to prevent user confusion, I think that better to include an example of `connect-src.`
* | | | Keep new line after the last dependencyyuuji.yaginuma2018-11-041-1/+1
| | | | | | | | | | | | | | | | | | | | If add a package with `yarn`, it will have a newline after the last dependency so let's match with that.
* | | | Restore `encoding: utf8mb4` in database.ymlYasuo Honda2018-10-301-0/+1
| |/ / |/| | | | | | | | | | | | | | | | | rails/rails#33853 and rails/rails#33929 removed `encoding: utf8mb4` from database.yml since at that time MySQL 5.1 is supported with the master branch. Since MySQL 5.1 has been dropped, we can restore `encoding: utf8mb4` in database.yml
* | | Do not need to mention the method that is being called in the exceptionRafael Mendonça França2018-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | | What is important to tell is that the database configuration could not be loaded. Fixes #34296.
* | | Merge pull request #34275 from bogdanvlviv/skip_yarn-to-skip_javascriptRafael França2018-10-238-19/+12
|\ \ \ | | | | | | | | Remove `--skip-yarn` in favor of `--skip-javascript`
| * | | Remove node_modules path from assets load paths since we use webpack by defaultbogdanvlviv2018-10-221-4/+0
| | | | | | | | | | | | | | | | Related to #33079
| * | | Remove `--skip-yarn` in favor of `--skip-javascript`bogdanvlviv2018-10-228-16/+13
| | | | | | | | | | | | | | | | | | | | | | | | Since #33079 Webpacker the default JavaScript compiler for Rails. Webpacker uses `yarn` so seems like it doesn't make sense for Rails to keep `--skip-yarn` option.
* | | | Add missing dot in comment in .gitignore templateJochem Schulenklopper2018-10-221-1/+1
|/ / / | | | | | | | | | My submission for the tiniest commit and PR contest: add a missing dot in a comment line in the generator template for .gitignore. (I just noticed this missing; consistency is king :-)
* | | Merge pull request #34279 from ↵Ryuta Kamizono2018-10-221-1/+0
|\ \ \ | | | | | | | | | | | | | | | | bogdanvlviv/remove-extra-remove_file-skip_action_cable Remove extra call `remove_file` on `rails new` with `--skip_action_cable`
| * | | Remove extra call `remove_file` on `rails new` with `--skip_action_cable`bogdanvlviv2018-10-221-1/+0
| | | | | | | | | | | | | | | | | | | | There is no need to remove this file since the line below removes entire directory in which that file is placed.
* | | | Merge pull request #34274 from ↵Ryuta Kamizono2018-10-221-6/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | bogdanvlviv/remove-yarn-files-from-gitignore-template Remove yarn's files from `.gitignore` template
| * | | Remove yarn's files from `.gitignore` template for new rails appbogdanvlviv2018-10-211-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Webpacker already does it, see https://github.com/rails/webpacker/blob/895d2cfc15eda2edae9e667c642a02523d958f53/lib/install/template.rb#L25-L33 I also opened PR https://github.com/rails/webpacker/pull/1765 in order to make it add `/yarn-error.log` file too.
* | | | Merge pull request #34277 from ↵Ryuta Kamizono2018-10-221-2/+0
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | bogdanvlviv/remove-javascripts-javascripts_engine-options-for-generators Remove `javascripts` and `javascript_engine` options for generators
| * | | | Remove `javascripts` and `javascript_engine` options for generatorsbogdanvlviv2018-10-221-2/+0
| |/ / / | | | | | | | | | | | | It is unused since #33079
* / / / Remove `:javascript` from `Rails::PluginBuilder::PASSTHROUGH_OPTIONS`bogdanvlviv2018-10-221-1/+1
|/ / / | | | | | | | | | `--javascript` option was removed by 42198064c35ff3b701496309f90df2abc229efbe
* / / Remove unnecessary escape characterFrancesco Rodríguez2018-10-191-2/+2
|/ /
* | Fix generated Gemfile missing gems on jrubyDavid Rodríguez2018-10-171-1/+1
| |
* | Show object ids in scaffold pages when displaying referenced objectsRasesh Patel2018-10-142-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Resolve Issue#29200 When scaffolding a model that references another model the generated show and index html pages display the object directly on the page. Basically, it just shows a memory address. That is not very helpful. In this commit we show the object's id rather than the memory address. This updates the scaffold templates and the json builder files.
* | Use `--skip-webpack-install` by defaultyuuji.yaginuma2018-10-091-1/+1
| | | | | | | | To remove extra `--no-skip-javascript` tests.
* | Avoid `webpacker:install` if unnecessaryyuuji.yaginuma2018-10-091-0/+1
| | | | | | | | | | `webpacker:install` also includes execution of yarn, it takes time to execute, so avoid unnecessary tests.
* | Add `skip-webpack-install` optionyuuji.yaginuma2018-10-092-1/+8
|/ | | | | This option is useful when want to check only the files generated by `rails new`, or if want to do something before `webpacker:install`.
* Merge pull request #34084 from trustvox/masterRafael França2018-10-052-4/+2
|\ | | | | Remove "include FileUtils" sentence in setup/update bin files
| * Remove "include FileUtils" sentence in setup/update bin filesBruno Casali2018-09-172-4/+2
| | | | | | | | | | According with rubocop style guide "Style/MixinUsage" is good to use only in class/module not directly in file.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 20:40:11 +0000