| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| | |
Correctly set user_supplied_options when there is no whitespace in option specification
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
specification
Current `user_supplied_options` method can not set the value correctly
if there is no space between option and value (e.g., `-p9000`).
This makes it possible to set the value correctly in the case like the above.
Fixes #29138
|
|\ \
| | |
| | | |
AEAD encrypted cookies and sessions
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
| |
| |
| |
| | |
The app is booted by then, so there's no need to stash the code away in
some other script.
|
| |
| |
| |
| | |
Fixes #29247
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
singleton (#29180)
* Add ActiveSupport::CurrentAttributes to provide a thread-isolated attributes singleton
* Need to require first
* Move stubs into test namespace.
Thus they won't conflict with other Current and Person stubs.
* End of the line for you, whitespace!
* Support super in attribute methods.
Define instance level accessors in an included module such that
`super` in an overriden accessor works, akin to Active Model.
* Spare users the manual require.
Follow the example of concerns, autoload in the top level Active Support file.
* Add bidelegation support
* Rename #expose to #set. Simpler, clearer
* Automatically reset every instance.
Skips the need for users to actively embed something that resets
their CurrentAttributes instances.
* Fix test name; add tangible name value when blank.
* Try to ensure we run after a request as well.
* Delegate all missing methods to the instance
This allows regular `delegate` to serve, so we don't need bidelegate.
* Properly test resetting after execution cycle.
Also remove the stale puts debugging.
* Update documentation to match new autoreset
|
|\ \
| | |
| | | |
Define path with __dir__
|
| |/
| |
| |
| |
| |
| | |
".. with __dir__ we can restore order in the Universe." - by @fxn
Related to 5b8738c2df003a96f0e490c43559747618d10f5f
|
| | |
|
|/
|
|
|
|
| |
Setup config/secrets.yml.enc with template contents for people to edit.
Then generate encryption key and encrypt the initial secrets.
|
| |
|
|
|
|
| |
Fixes #28988
|
| |
|
| |
|
|
|
|
| |
Fix #28905
|
|\
| |
| | |
Added a shared section to config/database.yml that will be loaded for all envs
|
| |
| |
| |
| | |
environments
|
|\ \
| | |
| | | |
Do not try to encoding the parameters when the controller is not defined
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you have a route that points to an nonexistent controller we raise
an exception.
This exception was being caught by the DebugExceptions middleware in
development, but when trying to render the error page, we are reading
the request format[[1][]]. To determine the request format we are reading
the format parameters[[2][]], and to be able to read the parameters we need
to encode them[[3][]]. This was raising another exception that to encode the
parameter we try to load the controller to determine if we need to
encode the parameters are binary[[4][]]. This new exception inside the
DebugExceptions middleware makes Rails to render a generic error page.
To avoid this new exception now we only encode the parameters when the
controller can be loaded.
Fixes #28892
[1]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb#L80
[2]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63
[3]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/parameters.rb#L58
[4]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/parameters.rb#L88
|
|\ \
| |/
|/| |
Pass request params to ActionMailer::Preview
|
| | |
|
| |
| |
| |
| | |
\Z was a mistake of \z. Replace \Z to \z to prevent newly \Z added.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
specified
Without this check, even if config is not specified, `ActionView::Helpers::FormHelper.form_with_generates_remote_forms`
always be set to nil and remote form not be generated.
Follow up to 128b804c6ce40fcbde744f294f8cb98654f6efec
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This configuration is not present in ActionView::Base so we can't let
the action_view.set_configs initializer set it.
Also add tests to make sure this config works.
Fixes #28824
|
|\ \
| | |
| | | |
Don't generate system test files if `skip_system_test` option is specified
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Raise error on the movement of migrations
when the current migration does not exist.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Smooth form with upgrading
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Allows users to not have remote forms by default, since there's
more JS harness, e.g. bundling rails-ujs, otherwise.
Also don't skip creating defaults file anymore. Sprockets isn't the only new config.
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, `read_encrypted_secrets` is set with initializer.
Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false,
so can not get the value of `secrets.yml.enc`.
In order to be able to refer to secrets in config, modified to refer to
`config.read_encrypted_secrets` when calling `secrets`.
Fixes #28618.
|
| | |
|
|\ \
| | |
| | | |
Clear active connections after initialization
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Any connections that were checked out during initialization should be
checked back in before the first request is processed, for two reasons:
- Returning the connection to the pool allows it to be health checked
before it's used again. If the connection dies before the first
request arrives, the health check will replace it with a new one.
- If the thread that initialized Rails is not the same thread that will
be performing work, checking in the connection will allow it to be
reused instead of being stuck to the initialization thread forever.
|
|\ \ \
| | | |
| | | | |
Raise when using a bad symlink
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There was a case where a dev made a symlink that worked on some machines and not on others. The issue manifested itself on a machine with `RAILS_ENV=staging` as the had their `config/environments/staging.rb` symlinked to another config file. The behavior was very hard to track down.
Current behavior: If you use a bad symlink in a file, you get no warnings or failures or anything. If you have a bad symlink it just ignores the file as if it didn't exist (`File.exist?` returns false for a bad symlink).
Patch behavior: With this patch when a file is not present we check if a symlink exists. If it does, that indicates there is a bad symlink and we should raise
```
File "config/environments/staging.rb" is a symlink that does not point to a valid file
```
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With Rack::Test the headers needs to match the `HTTP_` format. The tests
were passing before because they are not asserting the response was a
cache hit.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
y-yagi/remove_unnecessary_files_to_api_applications_when_app_task_task_executed
Remove unnecessary files to API-only Applications when `app:task` task executed
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Remove -j (--javascript) option from `rails new`
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The "-j" option was added 5 years ago (https://github.com/rails/rails/commit/d9c39c3a)
when we wanted to support prototype-rails and jquery-rails.
Prototype is not as popular and jQuery is not a requirement anymore.
Still the "-j" option can be used to install *any* gem that ends in "-rails".
This "might" open security issues and does not bring great benefits anymore.
If you know which "-rails"-ending gem you want to install, you can manually
add it to the Gemfile just like any other gem.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
fix migrate with empty version
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add stronger assertions to rake migration tasks to make sure the user is providing a numeric VERSION
An empty string was getting converted to version = 0. This would in turn pass the presence check.
Address linting warning
Add test for rake task and refactor code to meet expectations
In particular passing VERSION=0 should not raise an error.
Addressed Comments for PR #28485. Trimmed empty lines + change of wording for error message
Adjust test for change of wording in error message
Change condition to follow rails idioms
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
y-yagi/do_not_display_hidden_namespaces_in_destroy_command_help
Do not show hidden namespaces in destroy commnad help
|
| |/ / / / / |
|