| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
We're already running Performance/RegexpMatch cop, but it seems like the cop is not always =~ justice
|
| |\
| |
| | |
Prettify diff generated by git for encrypted file:
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- @sinsoku had the idea and started implementing it few months ago
but sadly didn't finish it.
This PR is taking over his work.
The credentials feature has changed a lot since @sinsoku opened hi
PR, it was easier to just restart from scratch instead of checking
out his branch.
Sinsoku will get all the credit he deserves for this idea :)
TL;DR on that that feature is to make the `git diff` or `git log`
of encrypted files to be readable.
The previous implementation was only setting up the git required
configuration for the first time Rails was bootstraped, so I decided
to instead provide the user a choice to opt-in for readable diff
credential whenever a user types the `bin/rails credentials:edit`
command.
The question won't be asked in the future the user has already
answered or if the user already opted in.
Co-authored-by: Takumi Shotoku <insoku.listy@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
y-yagi/add_mention_about_collection_cache_versioning
Add mention about `active_record.collection_cache_versioning` to the `new_framework_defaults.rb`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`new_framework_defaults.rb`
All other recommended new configurations that set in `load_defaults` are
already mentioned in `new_framework_defaults.rb`.
So `active_record.collection_cache_versioning` should also be mentioned.
|
| |\ \ \
| |_|/
|/| | |
Use Dir.glob(base: ...) to avoid chdir
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* read config/webpacker.yml to determine which path to exclude for zeitwerk:check
* fix test errors
* more changes to fix test errors
* refactor webpacker_path
[Andrew Kress + Rafael Mendonça França]
|
| |\ \ \
| | | |
| | | | |
Add common sensitive names to generated filter parameters
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
These added names are distilled from the filter_parameters config of a
number of open source Rails applications.
|
| | | | | |
|
| |\ \ \ \
| |_|/ /
|/| | | |
Add pidfile option to puma config template
|
| | | | |
| | | |
| | | |
| | | | |
This allow to call `pumactl` directly without extra parameters needed
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- If we create the deprecation before the new class is defined this
creates an issue in case you use a `TracePoint`. The
`Tracepoint#return_value` will try to get the new class constant
resulting in a uninitialized constant Rails::SourceAnnotationExtractor
The problem can be reproduced like this:
```ruby
@defined = Set.new
ANONYMOUS_CLASS_DEFINITION_TRACEPOINT = TracePoint.new(:c_return) do |tp|
next unless @defined.add?(tp.return_value)
end
ANONYMOUS_CLASS_DEFINITION_TRACEPOINT.enable
require 'rails'
require "rails/source_annotation_extractor"
```
|
| | | | |
| | | |
| | | |
| | | | |
called.
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
masakazutakewaka/fix_railtie_add_newline_to_gemfile_insertion
Add a newline at the end of a Gemfile when it doesn't end with a newline
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Assigning to a collection of attachments appends rather than replacing, as in 5.2. Existing 5.2 apps that rely on this behavior will no longer break when they're upgraded to 6.0.
For apps generated on 6.0 or newer, assigning replaces the existing attachments in the collection. #attach should be used to add new attachments to the collection without removing existing ones.
I expect that we'll deprecate the old behavior in 6.1.
Closes #36374.
|
| |\ \ \ \
| | | | |
| | | | | |
Add `skip-collision-check` option to generator
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Until Rails 5.2, generators can run same name multi times without destroying.
But Rails 6.0(with Zeitwerk) can't this. In Rails 6.0, an error occurs
due to class name collision check.
The check uses `const_defined?`, which assumes that the autoload object
is also defined.
https://ruby-doc.org/core-2.6.3/Module.html#method-i-const_defined-3F
It did not work until Rails 5.2, but Zeitwerk seems to be able to
correctly check this against the application's code.
However, this is a little inconvenient if want to run the generator
again like mistake an attribute name(need to run `destoy` before).
In order to solve this, this PR adds an option to skip the collision check.
With this option, you can overwrite files just as did until Rails 5.2.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Prevent exception of loading database yaml with blank config file
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
#36661]
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Updates the generator output to use a reserved domain[1] instead of a
potentially real world domain.
[1]: https://tools.ietf.org/html/rfc2606#section-3
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A HTTP feature policy is Yet Another HTTP header for instructing the
browser about which features the application intends to make use of and
to lock down access to others. This is a new security mechanism that
ensures that should an application become compromised or a third party
attempts an unexpected action, the browser will override it and maintain
the intended UX.
WICG specification: https://wicg.github.io/feature-policy/
The end result is a HTTP header that looks like the following:
```
Feature-Policy: geolocation 'none'; autoplay https://example.com
```
This will prevent the browser from using geolocation and only allow
autoplay on `https://example.com`. Full feature list can be found over
in the WICG repository[1].
As of today Chrome and Safari have public support[2] for this
functionality with Firefox working on support[3] and Edge still pending
acceptance of the suggestion[4].
#### Examples
Using an initializer
```rb
# config/initializers/feature_policy.rb
Rails.application.config.feature_policy do |f|
f.geolocation :none
f.camera :none
f.payment "https://secure.example.com"
f.fullscreen :self
end
```
In a controller
```rb
class SampleController < ApplicationController
def index
feature_policy do |f|
f.geolocation "https://example.com"
end
end
end
```
Some of you might realise that the HTTP feature policy looks pretty
close to that of a Content Security Policy; and you're right. So much so
that I used the Content Security Policy DSL from #31162 as the starting
point for this change.
This change *doesn't* introduce support for defining a feature policy on
an iframe and this has been intentionally done to split the HTTP header
and the HTML element (`iframe`) support. If this is successful, I'll
look to add that on it's own.
Full documentation on HTTP feature policies can be found at
https://wicg.github.io/feature-policy/. Google have also published[5] a
great in-depth write up of this functionality.
[1]: https://github.com/WICG/feature-policy/blob/master/features.md
[2]: https://www.chromestatus.com/feature/5694225681219584
[3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801
[4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy
[5]: https://developers.google.com/web/updates/2018/06/feature-policy
|
| |\ \ \
| | | |
| | | | |
Add the ability to set the CSP nonce only to the specified directives
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).
So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.
Fixes #35137.
|
| |/ /
| |
| |
| | |
The robots.txt site is moved permanently to https URL.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
I changed return value of `ActionDispatch::Response#content_type` in #36034.
But this change seems to an obstacle to upgrading. https://github.com/rails/rails/pull/36034#issuecomment-498795893
Therefore, I restored the behavior of `ActionDispatch::Response#content_type`
to 5.2 and deprecated old behavior. Also, made it possible to control the
behavior with the config.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously it was only possible to specify the location of the pidfile
for the 'rails server' command with the '-P' flag. This adds support for
specifying the pidfile using a PIDFILE env var, which can still be
overridden by the '-P' flag and with the default pidfile path unchanged.
The motivation for this feature comes from using Docker to run multiple
instances of the same rails app. When developing a rails app with
Docker, it's common to bind-mount the rails root directory in the
running container, so that changes to files are shared between the
container and the host. However, this doesn't work so well with the
pidfile and it's necessary to (remember to) add a '-P' flag to the
'rails server' command line; being able to specify this flag using an
env var would make developing with Rails+Docker a bit simpler.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We sometimes say "✂️ newline after `private`" in a code review (e.g.
https://github.com/rails/rails/pull/18546#discussion_r23188776,
https://github.com/rails/rails/pull/34832#discussion_r244847195).
Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style
`EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059).
That cop and enforced style will reduce the our code review cost.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This allows customize a default log file(e.g. `reopen`) by an application.
Fixes #32211.
|
| | | |
|
| | |
| |
| | |
Do not clear deprecated initializer dependencies if using classic autoloader
|
| | |
| |
| |
| |
| | |
At class level `:nodoc:` all elements are prevented. Instead, use
`:stopdoc:` / `:startdoc:` to make `after_bundle` appear.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
jbuilder 2.6.4 is the first version that relaxes the version constraint to allow
Rails 6. I also did some more tests in #25183, although not with 2.6.4
explicitly.
To simplify the version requirement, I went for 2.7.
https://github.com/rails/jbuilder/blob/v2.6.4/jbuilder.gemspec
https://github.com/rails/rails/issues/25183#issuecomment-494342406
|
| | |
| |
| |
| |
| |
| | |
Fixes https://github.com/rails/rails/issues/36285.
Follow up of https://github.com/rails/rails/pull/36237.
|
| |\ \
| | |
| | | |
Fix database loading when ERB is single line ternary
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
*sigh* this seems like the never ending bug. I don't love or even like
this fix but it does _work_.
Rafael suggested using `dummy_key: dummy_value` but unfortunately
that doesn't work. So we're left with checking whethere there might be
ternary type things in the content and then assuming that we want to
replace the line with a key value pair.
Technically fixes https://github.com/rails/rails/issues/36088
|
| | | | |
|
| | | | |
|
