aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test
Commit message (Collapse)AuthorAgeFilesLines
* Avoid running `webpacker:install` on tests that don't need ityuuji.yaginuma2018-10-202-6/+10
| | | | | | | | | | | If use `run_generator` to run the generator, `--skip-webpack-install` is specified automatically. https://github.com/rails/rails/blob/3101a4136bd62787e252d2658eee23001036fa0f/railties/lib/rails/generators/testing/behaviour.rb#L71 However, when executing the generator independently (for example, to use stub), `webpacker:install` was executed. Since this includes `yarn install`, it should be avoided in unnecessary testing.
* Avoid running bundler on tests that don't need ityuuji.yaginuma2018-10-191-3/+3
| | | | | If the dev option is specified, Gemfile contains gem which specifies GitHub. This will take time to execute, so should avoid it in unnecessary tests.
* Show object ids in scaffold pages when displaying referenced objectsRasesh Patel2018-10-141-3/+13
| | | | | | | | | | | | Resolve Issue#29200 When scaffolding a model that references another model the generated show and index html pages display the object directly on the page. Basically, it just shows a memory address. That is not very helpful. In this commit we show the object's id rather than the memory address. This updates the scaffold templates and the json builder files.
* Runs the generator before assertionsyuuji.yaginuma2018-10-121-0/+1
|
* Add test retries for railtiesGannon McGibbon2018-10-111-0/+3
|
* Add multi-db support to rails db:migrate:statusGannon McGibbon2018-10-091-19/+51
|
* Use `--skip-webpack-install` by defaultyuuji.yaginuma2018-10-092-6/+6
| | | | To remove extra `--no-skip-javascript` tests.
* Avoid `webpacker:install` if unnecessaryyuuji.yaginuma2018-10-092-6/+6
| | | | | `webpacker:install` also includes execution of yarn, it takes time to execute, so avoid unnecessary tests.
* Add `skip-webpack-install` optionyuuji.yaginuma2018-10-091-0/+14
| | | | | This option is useful when want to check only the files generated by `rails new`, or if want to do something before `webpacker:install`.
* Remove bundler warnings from bin/setup outputGannon McGibbon2018-10-051-8/+10
|
* Fix tests related to new JavaScript path for generatorsPrathamesh Sonpatki2018-10-054-8/+6
| | | | - Followup of https://github.com/rails/rails/commit/4838c1716a0340137d858fab49bf460e23be5a4b
* Avoid `webpacker:install` if unnecessaryyuuji.yaginuma2018-10-051-2/+2
| | | | | Since this is a test to check the behavior of `load_defaults`, webpacker is unnecessary.
* Make Webpacker the default JavaScript compiler for Rails 6 (#33079)David Heinemeier Hansson2018-09-3013-163/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Use Webpacker by default on new apps * Stop including coffee-rails by default * Drop using a js_compressor by default * Drop extra test for coffeescript inclusion by default * Stick with skip_javascript to signify skipping webpack * Don't install a JS runtime by default any more * app/javascript will be the new default directory for JS * Make it clear that this is just for configuring the default Webpack framework setup now * Start using the Webpack tag in the default layout * Irrelevant test * jQuery is long gone * Stop having asset pipeline compile default application.js * Add rails-ujs by default to the Webpack setup * Add Active Storage JavaScript to application.js pack by default * Consistent quoting * Add Turbolinks to default pack * Add Action Cable to default pack Need some work on how to set the global consumer that channels will work with. @javan? * Require all channels by default and use a separate consumer stub * Channel generator now targets Webpack style * Update task docs to match new generator style * Use uniform import style * Drop the JS assets generator It was barely helpful as it was. It’s no longer helpful in a Webpacked world. Sayonara! * Add app/javascript to the stats directories * Simpler import style Which match the other imports. * Address test failures from dropping JS compilation (and compression) * webpacker-default: Modify `AssetsGeneratorTest` Before: ``` $ bin/test test/generators/assets_generator_test.rb Run options: --seed 46201 F Failure: AssetsGeneratorTest#test_assets [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/assets_generator_test.rb:12]: Expected file "app/assets/javascripts/posts.js" to exist, but does not bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/assets_generator_test.rb:10 . Finished in 0.031343s, 63.8101 runs/s, 95.7152 assertions/s. 2 runs, 3 assertions, 1 failures, 0 errors, 0 skips ``` After: ``` $ bin/test test/generators/assets_generator_test.rb Run options: --seed 43571 .. Finished in 0.030370s, 65.8545 runs/s, 65.8545 assertions/s. 2 runs, 2 assertions, 0 failures, 0 errors, 0 skips ``` * webpacker-default: Modify `ChannelGeneratorTest` Before: ``` $ bin/test test/generators/channel_generator_test.rb Run options: --seed 8986 .F Failure: ChannelGeneratorTest#test_channel_with_multiple_actions_is_created [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:43]: Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:34 .F Failure: ChannelGeneratorTest#test_channel_is_created [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:29]: Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:22 E Error: ChannelGeneratorTest#test_cable_js_is_created_if_not_present_already: Errno::ENOENT: No such file or directory @ apply2files - /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/fixtures/tmp/app/assets/javascripts/cable.js bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:60 F Failure: ChannelGeneratorTest#test_channel_suffix_is_not_duplicated [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:87]: Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:80 F Failure: ChannelGeneratorTest#test_channel_on_revoke [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:77]: Expected file "app/assets/javascripts/cable.js" to exist, but does not bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:68 Finished in 0.064384s, 108.7227 runs/s, 481.4861 assertions/s. 7 runs, 31 assertions, 4 failures, 1 errors, 0 skips ``` After: ``` $ bin/test test/generators/channel_generator_test.rb Run options: --seed 44857 ....... Finished in 0.060243s, 116.1961 runs/s, 697.1764 assertions/s. 7 runs, 42 assertions, 0 failures, 0 errors, 0 skips ``` * Fix shared generator tests. * webpacker-default: Modify `ControllerGeneratorTest` The JS assets generator was dropped. ref. https://github.com/rails/rails/commit/46215b179483d3e4d264555f5a4952f43eb8142a * Revert "Simpler import style". It's currently failing with an error of "TypeError: undefined is not an object (evaluating '__WEBPACK_IMPORTED_MODULE_2_activestorage___default.a.start')". Waiting for @javan to have a look. This reverts commit 5d3ebb71059f635d3756cbda4ab9752027e09256. * require webpacker in test app * Add webpacker without making the build hang/timeout. (#33640) * use yarn workspaces to allow for installing unreleased packages and only generate js/bootsnap when required * no longer need to have webpacker in env templates as webpacker moved this config to yml file * Fix rubocop violation * Got the test passing for the running scaffold * update expected lines of code * update middleware tests to account for webpacker * disable js in plugins be default to get the tests passing (#34009) * clear codeclimate report issues * Anything newer than currently released is good * Use Webpacker development version during development of Rails * Edge should get development webpacker as well * Add changelog entry for Webpacker change
* Add `Style/RedundantFreeze` to remove redudant `.freeze`Yasuo Honda2018-09-292-3/+3
| | | | | | | | | | | | | | | | | | | | | Since Rails 6.0 will support Ruby 2.4.1 or higher `# frozen_string_literal: true` magic comment is enough to make string object frozen. This magic comment is enabled by `Style/FrozenStringLiteralComment` cop. * Exclude these files not to auto correct false positive `Regexp#freeze` - 'actionpack/lib/action_dispatch/journey/router/utils.rb' - 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb' It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333 Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed. * Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required - 'actionpack/test/controller/test_case_test.rb' - 'activemodel/test/cases/type/string_test.rb' - 'activesupport/lib/active_support/core_ext/string/strip.rb' - 'activesupport/test/core_ext/string_ext_test.rb' - 'railties/test/generators/actions_test.rb'
* Reset `ActiveRecord::Base.configurations` to the value beforeyuuji.yaginuma2018-09-291-1/+2
|
* Refactor migrations_path command option to databaseGannon McGibbon2018-09-284-13/+33
|
* Add migrations_paths option to model generatorGannon McGibbon2018-09-272-0/+15
|
* Change the empty block style to have space inside of the blockRafael Mendonça França2018-09-251-1/+1
|
* Eagerly define attribute methods in productionEugene Kenny2018-09-241-0/+47
| | | | | | | | | | | | | The attribute methods for a model are currently defined lazily the first time that model is instantiated, even when `config.eager_load` is true. This means the first request to use each model incurs the cost, which usually involves a database round trip to fetch the schema definition. By defining the attribute methods for all models while the application is booting, we move that work out of any individual request. When using a forking web server, this also reduces the number of times the schema definition is queried by doing it once in the parent process instead of from each forked process during their first request.
* Merge pull request #33949 from sjain1107/no-private-defKasper Timm Hansen2018-09-231-8/+10
|\ | | | | Remove private def
| * Remove private defSakshi Jain2018-09-231-8/+10
| |
* | Enable `Performance/UnfreezeString` copyuuji.yaginuma2018-09-235-5/+5
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`. ```ruby # frozen_string_literal: true require "bundler/inline" gemfile(true) do source "https://rubygems.org" gem "benchmark-ips" end Benchmark.ips do |x| x.report('+@') { +"" } x.report('dup') { "".dup } x.compare! end ``` ``` $ ruby -v benchmark.rb ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux] Warming up -------------------------------------- +@ 282.289k i/100ms dup 187.638k i/100ms Calculating ------------------------------------- +@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s Comparison: +@: 6775299.3 i/s dup: 3320400.7 i/s - 2.04x slower ```
* Make sure this test check the issue solved in #31135Rafael Mendonça França2018-09-221-6/+12
| | | | | | | | | | | | | | | Before this change this test was passing even if we revert #31135. The reason for that is that `app 'development'` will load the environment in the test process and it is happening before db_create_and_drop is called. This was not asserting that the environment was loaded in the db:create task itself. To test it we enhance the db:create task with a block that writes to a tmp file the value of the config. If the environment is loaded before that task enhancement runs the content of the file will have "true" insteand of "false".
* Switch to supports_cache_versioning? check to a class methodschneems2018-09-201-1/+1
| | | | | - Moving the `supports_cache_versioning?` check to a class method. - Shorten the method doc. - Expand on the error message.
* [close #33907] Error when using "recyclable" cache keys with a store that ↵schneems2018-09-201-0/+12
| | | | | | | | | | | | | | does not support it If you are using the "in cache versioning" also known as "recyclable cache keys" the cache store must be aware of this scheme, otherwise you will generate cache entries that never invalidate. This PR adds a check to the initialization process to ensure that if recyclable cache keys are being used via ``` config.active_record.cache_versioning = true ``` Then the cache store needs to show that it supports this versioning scheme. Cache stores can let Rails know that they support this scheme by adding a method `supports_in_cache_versioning?` and returning true.
* Support environment specific credentials file. (#33521)Wojciech Wnętrzak2018-09-192-5/+70
| | | | | | For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
* Add test for `config.active_storage.routes_prefix`yuuji.yaginuma2018-09-151-0/+18
| | | | Follow up #33883.
* Remove mysql2 gem version requirement "< 0.6.0"Yasuo Honda2018-09-141-1/+1
| | | | Suggested at https://github.com/rails/rails/pull/33876#issuecomment-421176221
* Add a test that exercice better the behavior we expect in the query cacheRafael Mendonça França2018-09-121-2/+43
| | | | | | | In production the query cache was already being loaded before the first request even without #33856, so added a test to make sure of it. This new test is passing even if #33856 is reverted.
* Build string set when `filter_attributes` is assignedbogdanvlviv2018-09-121-1/+2
| | | | | | | | | It would allow `filter_attributes` to be reused across multiple calls to `#inspect` or `#pretty_print`. - Add `require "set"` - Remove `filter_attributes` instance reader. I think there is no need to keep it.
* Fix query cache to load before first requestEileen Uchitelle2018-09-121-0/+33
| | | | | | | | | | | | | | | | In a test app we observed that the query cache was not enabled on the first request. This was because the query cache hooks are installed on load and active record is loaded in the middle of the first request. If we remove the `on_load` from the railtie the query cache hooks will be installed before the first request, allowing the cache to be enabled on that first request. This is ok because query cache doesn't load anything else, only itself so we're not eager loading all of active record before the first request, just the query cache hooks. [Eileen M. Uchitelle & Matthew Draper]
* Merge pull request #33815 from mberlanda/mberlanda/enhance-config-forRafael França2018-09-111-2/+49
|\ | | | | Use ActiveSupport::InheritableOptions and deep_symbolize_keys in config_for
| * refacto: config_for with ActiveSupport::InheritableOptions and symbolized keysMauro Berlanda2018-09-111-2/+49
| |
* | use "minitest" consistentlyXavier Noria2018-09-111-1/+1
| | | | | | | | | | | | | | | | | | The name of the minitest library is spelled that way: regular font, and lowercase. Lowercase is used even at the beginning of sentences, see http://docs.seattlerb.org/minitest/ I double-checked this with @zenspider too (thanks!).
* | Use correct variableyuuji.yaginuma2018-09-112-6/+6
| | | | | | | | Follow up of 3e81490717a314437f9123d86fa3e9dc55558e95.
* | Remove all references to slave in the codebaseRafael Mendonça França2018-09-104-30/+30
|/
* Configuration item `config.filter_parameters` could also filter out ↵Zhang Kang2018-09-071-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | sensitive value of database column when call `#inspect` * Why Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g. ```ruby @account = Account.find params[:id] payload = { account: @account } logger.info "payload will be #{ payload }" ``` All the information of `@account` will be exposed in log. * Solution Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed. This attribute equals to `Rails.application.config.filter_parameters` by default. ```ruby Rails.application.config.filter_parameters += [:credit_card_number] Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...> ```
* Use canonical name for block localyuuji.yaginuma2018-09-071-3/+3
| | | | | | | | `spec` is the same variable name as gemspec generated by bundler, and its intention is easier to understand than a one-letter variable. https://github.com/bundler/bundler/blob/00fd58eaa69015092ee272c4cb5aa92a5e7ee45c/lib/bundler/templates/newgem/newgem.gemspec.tt#L11 This is follow up on 1c59b4840c58097186022f68427c46e0046c5d0d. `spec` is already in use there.
* Respect config setting when output deprecation notice in rake tasksyuuji.yaginuma2018-09-044-1/+4
| | | | | | | | | The rake tasks which became deprecate now does not load the environment. Therefore, even if the application specifies the behavior of deprecating, the message is output to stderr ignoring the specification. It seems that this is not the expected behavior. We should respect the setting even in the rake tasks.
* Merge pull request #33770 from eileencodes/multi-db-improvements-part-3Eileen M. Uchitelle2018-09-012-7/+37
|\ | | | | Part 3: Multi-db Improvements, identifying replica configurations
| * Convert configs_for to kwargs, add include_replicasEileen Uchitelle2018-08-312-7/+37
| | | | | | | | | | | | | | | | | | | | | | Changes the `configs_for` method from using traditional arguments to using kwargs. This is so I can add the `include_replicas` kwarg without having to always include `env_name` and `spec_name` in the method call. `include_replicas` defaults to false because everywhere internally in Rails we don't want replicas. `configs_for` is for iterating over configurations to create / run rake tasks, so we really don't ever need replicas in that case.
* | Remove needless test order configyuuji.yaginuma2018-09-011-2/+0
| | | | | | | | | | | | | | | | These were added for avoiding warnings and for testing in e4c529ea1d94ef548975e45b91a7fec045aeefbc and 6ea7065a18671872f1486cff3fdaeb4f78fa6332. Now the default is `:random`, and since the tests added with it are removed. That config is unnecessary.
* | Merge pull request #33743 from ↵Rafael França2018-08-311-0/+38
|\ \ | | | | | | | | | | | | steakknife/steakknife/improve-template-generator-actions add github to template actions, template actions minor refactor
| * | add github to template actions, light DSL refactorBarry Allard2018-08-301-0/+38
| | |
* | | Emit warning for unknown inflection rule when generating model.Yoshiyuki Kinjo2018-08-312-2/+23
| |/ |/| | | | | | | | | For words like "abuse", Rails cannot derive its singular form from plural form "abuses" without defining custom inflection rule. `rails generate model` and its families now emit warning for this case.
* | Merge pull request #33637 from eileencodes/ar-connection-management-refactoringEileen M. Uchitelle2018-08-301-10/+10
|\ \ | | | | | | Refactor Active Record configurations
| * | Refactors Active Record connection managementEileen Uchitelle2018-08-301-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While the three-tier config makes it easier to define databases for multiple database applications, it quickly became clear to offer full support for multiple databases we need to change the way the connections hash was handled. A three-tier config means that when Rails needed to choose a default configuration (in the case a user doesn't ask for a specific configuration) it wasn't clear to Rails which the default was. I [bandaid fixed this so the rake tasks could work](#32271) but that fix wasn't correct because it actually doubled up the configuration hashes. Instead of attemping to manipulate the hashes @tenderlove and I decided that it made more sense if we converted the hashes to objects so we can easily ask those object questions. In a three tier config like this: ``` development: primary: database: "my_primary_db" animals: database; "my_animals_db" ``` We end up with an object like this: ``` @configurations=[ #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10 @env_name="development",@spec_name="primary", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>, #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90 @env_name="development",@spec_name="animals", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}> ]> ``` The configurations setter takes the database configuration set by your application and turns them into an `ActiveRecord::DatabaseConfigurations` object that has one getter - `@configurations` which is an array of all the database objects. The configurations getter returns this object by default since it acts like a hash in most of the cases we need. For example if you need to access the default `development` database we can simply request it as we did before: ``` ActiveRecord::Base.configurations["development"] ``` This will return primary development database configuration hash: ``` { "database" => "my_primary_db" } ``` Internally all of Active Record has been converted to use the new objects. I've built this to be backwards compatible but allow for accessing the hash if needed for a deprecation period. To get the original hash instead of the object you can either add `to_h` on the configurations call or pass `legacy: true` to `configurations. ``` ActiveRecord::Base.configurations.to_h => { "development => { "database" => "my_primary_db" } } ActiveRecord::Base.configurations(legacy: true) => { "development => { "database" => "my_primary_db" } } ``` The new configurations object allows us to iterate over the Active Record configurations without losing the known environment or specification name for that configuration. You can also select all the configs for an env or env and spec. With this we can always ask any object what environment it belongs to: ``` db_configs = ActiveRecord::Base.configurations.configurations_for("development") => #<ActiveRecord::DatabaseConfigurations:0x00007fd1acbdf800 @configurations=[ #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10 @env_name="development",@spec_name="primary", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>, #<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90 @env_name="development",@spec_name="animals", @config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}> ]> db_config.env_name => "development" db_config.spec_name => "primary" db_config.config => { "adapter"=>"sqlite3", "database"=>"db/development.sqlite3" } ``` The configurations object is more flexible than the configurations hash and will allow us to build on top of the connection management in order to add support for primary/replica connections, sharding, and constructing queries for associations that live in multiple databases.
* | | Add migrations_paths option to migration generatorEileen Uchitelle2018-08-301-0/+9
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Adds an option to the migration generator to allow setting the migrations paths for that migration. This is useful for applications that use multiple databases and put migrations per database in their own directories. ``` bin/rails g migration CreateHouses address:string --migrations-paths=db/kingston_migrate invoke active_record create db/kingston_migrate/20180830151055_create_houses.rb ```
* | Merge pull request #33744 from bogdanvlviv/fixes-27852Ryuta Kamizono2018-08-301-1/+1
|\ \ | | | | | | Prevent leaking of user's DB credentials on `rails db:create` failure
| * | Prevent leaking of user's DB credentials on `rails db:create` failurebogdanvlviv2018-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #27852 reports that when `rails db:create` fails, it causes leaking of user's DB credentials to $stderr. We print a DB's configuration hash in order to help users more quickly to figure out what could be wrong with his configuration. This commit changes message from "Couldn't create database for #{configuration.inspect}" to "Couldn't create '#{configuration['database']}' database. Please check your configuration.". There are two PRs that fixing it #27878, #27879, but they need a bit more work. I decided help to finish this and added Author of those PRs credit in this commit. Since it is a security issue, I think we should backport it to `5-2-stable`, and `5-1-stable`. Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues Fixes #27852 Closes #27879 Related to #27878 [Alexander Marrs & bogdanvlviv]