aboutsummaryrefslogtreecommitdiffstats
path: root/railties
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant empty line when we don't use system testmeganemura2019-07-291-1/+1
|
* Use match? where we don't need MatchDataAkira Matsuda2019-07-2910-16/+16
|
* Let the generated initializers/backtrace_silencers.rb code use Regexp#match?Akira Matsuda2019-07-291-1/+1
|
* Add viewport meta tag to default application templateLachlan Campbell2019-07-281-0/+1
|
* Improves compatibility of require_dependency in zeitwerk mode [Closes #36774]Xavier Noria2019-07-281-0/+29
| | | | | | | | | | | | | | | Applications are not supposed to use require_dependency in their own code if running in zeitwerk mode, and require_dependency was initially aliased to require with that use case in mind. However, there are situations in which you cannot control the mode and need to be compatible with both. There, you might need require_dependency in case you are being executed in classic mode. Think about engines that want to support both modes in their parent applications, for example. Furthermore, Rails itself loads helpers using require_dependency. Therefore, we need better compatibility.
* Use match? where we don't need MatchDataAkira Matsuda2019-07-275-5/+5
| | | | We're already running Performance/RegexpMatch cop, but it seems like the cop is not always =~ justice
* Do not use the same temp file in different testsyuuji.yaginuma2019-07-271-4/+5
| | | | | It causes unexpected results when running tests in parallel. Ref: https://buildkite.com/rails/rails/builds/62610#0165f6d9-b9c8-4948-9319-07b58bfbfd4f/989-998
* Merge pull request #36777 from Edouard-chin/ec-git-pretty-credentialsRafael França2019-07-264-9/+185
|\ | | | | Prettify diff generated by git for encrypted file:
| * Prettify diff generated by git for encripted file:Edouard CHIN2019-07-264-9/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - @sinsoku had the idea and started implementing it few months ago but sadly didn't finish it. This PR is taking over his work. The credentials feature has changed a lot since @sinsoku opened hi PR, it was easier to just restart from scratch instead of checking out his branch. Sinsoku will get all the credit he deserves for this idea :) TL;DR on that that feature is to make the `git diff` or `git log` of encrypted files to be readable. The previous implementation was only setting up the git required configuration for the first time Rails was bootstraped, so I decided to instead provide the user a choice to opt-in for readable diff credential whenever a user types the `bin/rails credentials:edit` command. The question won't be asked in the future the user has already answered or if the user already opted in. Co-authored-by: Takumi Shotoku <insoku.listy@gmail.com>
* | Removed webpacker:compile step from scaffold test as it is not required and ↵Abhay Nikam2019-07-261-2/+0
| | | | | | | | assets are already precompiled in build_app step
* | Merge pull request #36747 from ↵y-yagi2019-07-261-0/+5
|\ \ | | | | | | | | | | | | y-yagi/add_mention_about_collection_cache_versioning Add mention about `active_record.collection_cache_versioning` to the `new_framework_defaults.rb`
| * | Add mention about `active_record.collection_cache_versioning` to the ↵yuuji.yaginuma2019-07-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | `new_framework_defaults.rb` All other recommended new configurations that set in `load_defaults` are already mentioned in `new_framework_defaults.rb`. So `active_record.collection_cache_versioning` should also be mentioned.
* | | Merge pull request #36731 from jhawthorn/dir_glob_base_instead_of_chdirJohn Hawthorn2019-07-251-6/+4
|\ \ \ | |_|/ |/| | Use Dir.glob(base: ...) to avoid chdir
| * | Use Dir.glob(base: ...) to avoid chdirJohn Hawthorn2019-07-221-6/+4
| | |
* | | let autoloaded? support modules with overridden names [closes #36757]Xavier Noria2019-07-251-0/+9
| | |
* | | read configuration to determine excluded eager loaded directory (#36354)Andrew Kress2019-07-252-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * read config/webpacker.yml to determine which path to exclude for zeitwerk:check * fix test errors * more changes to fix test errors * refactor webpacker_path [Andrew Kress + Rafael Mendonça França]
* | | Merge pull request #34218 from eliotsykes/filter-common-sensitive-paramsRafael França2019-07-241-1/+3
|\ \ \ | | | | | | | | Add common sensitive names to generated filter parameters
| * | | Add common sensitive names to generated filter parametersEliot Sykes2018-11-201-1/+3
| | | | | | | | | | | | | | | | | | | | These added names are distilled from the filter_parameters config of a number of open source Rails applications.
| * | | Add secret to generated filter parametersEliot Sykes2018-11-201-1/+1
| | | |
* | | | Merge pull request #36741 from Edouard-chin/ec-system-test-url-optionsEileen M. Uchitelle2019-07-241-0/+45
|\ \ \ \ | | | | | | | | | | Define the `url_options` needed for SytemTest inside the route proxy:
| * | | | Define the `url_options` needed for SytemTest inside the route proxy:Edouard CHIN2019-07-241-0/+45
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - I made a change in https://github.com/rails/rails/pull/36691 to delegate route helper to a proxy class. This didn't take into account that the `url_options` we redefine in SystemTest would be ignored. This PR fixes that by definin the url_options inside the proxy
* | | | Merge pull request #36744 from freeletics/fix-db-prepareEileen M. Uchitelle2019-07-241-0/+16
|\ \ \ \ | | | | | | | | | | Fixed db:prepare task to not touch schema when it is disabled
| * | | | Fixed db:prepare task to not touch schema when dump_schema_after_migration ↵Wojciech Wnętrzak2019-07-241-0/+16
| |/ / / | | | | | | | | | | | | is false.
* | | | Merge pull request #36542 from spk/add-pidfile-option-to-puma-confRafael França2019-07-231-0/+3
|\ \ \ \ | |/ / / |/| | | Add pidfile option to puma config template
| * | | Add pidfile option to puma config templateLaurent Arnoud2019-06-231-0/+3
| | | | | | | | | | | | | | | | This allow to call `pumactl` directly without extra parameters needed
* | | | Make Active Storage routes optionalGannon McGibbon2019-07-221-0/+15
| | | | | | | | | | | | | | | | Add configuration option to turn off drawing of Active Storage routes.
* | | | Move the deprecation call after the new class has been defined:Edouard CHIN2019-07-221-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - If we create the deprecation before the new class is defined this creates an issue in case you use a `TracePoint`. The `Tracepoint#return_value` will try to get the new class constant resulting in a uninitialized constant Rails::SourceAnnotationExtractor The problem can be reproduced like this: ```ruby @defined = Set.new ANONYMOUS_CLASS_DEFINITION_TRACEPOINT = TracePoint.new(:c_return) do |tp| next unless @defined.add?(tp.return_value) end ANONYMOUS_CLASS_DEFINITION_TRACEPOINT.enable require 'rails' require "rails/source_annotation_extractor" ```
* | | | create a newline between blocks when gem_group, github and add_source was ↵masakazutakewaka2019-07-212-12/+51
| | | | | | | | | | | | | | | | called.
* | | | Merge pull request #35285 from ↵y-yagi2019-07-212-16/+63
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | masakazutakewaka/fix_railtie_add_newline_to_gemfile_insertion Add a newline at the end of a Gemfile when it doesn't end with a newline
| * | | Append a newline to the Gemfile if it doesn't end with a newlinemasakazutakewaka2019-07-192-16/+63
| | | |
* | | | Preserve existing attachment assignment behavior for upgraded appsGeorge Claghorn2019-07-202-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assigning to a collection of attachments appends rather than replacing, as in 5.2. Existing 5.2 apps that rely on this behavior will no longer break when they're upgraded to 6.0. For apps generated on 6.0 or newer, assigning replaces the existing attachments in the collection. #attach should be used to add new attachments to the collection without removing existing ones. I expect that we'll deprecate the old behavior in 6.1. Closes #36374.
* | | | Merge pull request #36603 from y-yagi/add_skip_collision_check_optionYuji Yaginuma2019-07-182-2/+15
|\ \ \ \ | | | | | | | | | | Add `skip-collision-check` option to generator
| * | | | Add `skip-collision-check` option to generatoryuuji.yaginuma2019-07-052-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until Rails 5.2, generators can run same name multi times without destroying. But Rails 6.0(with Zeitwerk) can't this. In Rails 6.0, an error occurs due to class name collision check. The check uses `const_defined?`, which assumes that the autoload object is also defined. https://ruby-doc.org/core-2.6.3/Module.html#method-i-const_defined-3F It did not work until Rails 5.2, but Zeitwerk seems to be able to correctly check this against the application's code. However, this is a little inconvenient if want to run the generator again like mistake an attribute name(need to run `destoy` before). In order to solve this, this PR adds an option to skip the collision check. With this option, you can overwrite files just as did until Rails 5.2.
* | | | | Merge pull request #36663 from igor04/load_database_yaml_fixEileen M. Uchitelle2019-07-152-1/+6
|\ \ \ \ \ | | | | | | | | | | | | Prevent exception of loading database yaml with blank config file
| * | | | | Prevent exception of loading database yaml with blank config file [closes: ↵igor042019-07-122-1/+6
| |/ / / / | | | | | | | | | | | | | | | #36661]
* | / / / Use reserved domain for example configurationJacob Bednarz2019-07-151-1/+1
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | Updates the generator output to use a reserved domain[1] instead of a potentially real world domain. [1]: https://tools.ietf.org/html/rfc2606#section-3
* | | | improves zeitwerk:checkXavier Noria2019-07-121-73/+25
| | | |
* | | | make sure zeitwerk:check only deals with directories [closes #36461]Xavier Noria2019-07-121-4/+5
| | | |
* | | | active_support/dependencies/autoload is already required via active_support.rbAkira Matsuda2019-07-122-2/+0
| | | |
* | | | These are already required via rails/command.rbAkira Matsuda2019-07-121-2/+0
| | | |
* | | | Adds support for configuring HTTP Feature Policy (#33439)Jacob Bednarz2019-07-106-1/+215
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A HTTP feature policy is Yet Another HTTP header for instructing the browser about which features the application intends to make use of and to lock down access to others. This is a new security mechanism that ensures that should an application become compromised or a third party attempts an unexpected action, the browser will override it and maintain the intended UX. WICG specification: https://wicg.github.io/feature-policy/ The end result is a HTTP header that looks like the following: ``` Feature-Policy: geolocation 'none'; autoplay https://example.com ``` This will prevent the browser from using geolocation and only allow autoplay on `https://example.com`. Full feature list can be found over in the WICG repository[1]. As of today Chrome and Safari have public support[2] for this functionality with Firefox working on support[3] and Edge still pending acceptance of the suggestion[4]. #### Examples Using an initializer ```rb # config/initializers/feature_policy.rb Rails.application.config.feature_policy do |f| f.geolocation :none f.camera :none f.payment "https://secure.example.com" f.fullscreen :self end ``` In a controller ```rb class SampleController < ApplicationController def index feature_policy do |f| f.geolocation "https://example.com" end end end ``` Some of you might realise that the HTTP feature policy looks pretty close to that of a Content Security Policy; and you're right. So much so that I used the Content Security Policy DSL from #31162 as the starting point for this change. This change *doesn't* introduce support for defining a feature policy on an iframe and this has been intentionally done to split the HTTP header and the HTML element (`iframe`) support. If this is successful, I'll look to add that on it's own. Full documentation on HTTP feature policies can be found at https://wicg.github.io/feature-policy/. Google have also published[5] a great in-depth write up of this functionality. [1]: https://github.com/WICG/feature-policy/blob/master/features.md [2]: https://www.chromestatus.com/feature/5694225681219584 [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 [4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy [5]: https://developers.google.com/web/updates/2018/06/feature-policy
* | | Merge pull request #36534 from y-yagi/fixes_35137Yuji Yaginuma2019-07-034-3/+40
|\ \ \ | | | | | | | | Add the ability to set the CSP nonce only to the specified directives
| * | | Add the ability to set the CSP nonce only to the specified directivesyuuji.yaginuma2019-06-224-3/+40
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I changed to set CSP nonce to `style-src` directive in #32932. But this causes an issue when `unsafe-inline` is specified to `style-src` (If a nonce is present, a nonce takes precedence over `unsafe-inline`). So, I fixed to nonce directives configurable. By configure this, users can make CSP as before. Fixes #35137.
* | | Make `bin/setup` test pass even if the database does not existyuuji.yaginuma2019-06-301-1/+1
| | |
* | | Merge pull request #36560 from eileencodes/warn-if-database-yml-cant-be-readEileen M. Uchitelle2019-06-271-0/+28
|\ \ \ | | | | | | | | Warn if we can't read the yaml to create database tasks
| * | | Load initial database.yml once, and warn if we can't create taskseileencodes2019-06-271-0/+28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For multiple databases we attempt to generate the tasks by reading the database.yml before the Rails application is booted. This means that we need to strip out ERB since it could be reading Rails configs. In some cases like https://github.com/rails/rails/issues/36540 the ERB is too complex and we can't overwrite with the DummyCompilier we used in https://github.com/rails/rails/pull/35497. For the complex causes we simply issue a warning that says we couldn't infer the database tasks from the database.yml. While working on this I decided to update the code to only load the database.yml once initially so that we avoid having to issue the same warning multiple times. Note that this had no performance impact in my testing and is merely for not having to save the error off somewhere. Also this feels cleaner. Note that this will not break running tasks that exist, it will just mean that tasks for multi-db like `db:create:other_db` will not be generated. If the database.yml is actually unreadable it will blow up during normal rake task calls. Fixes #36540
* / / Replace the www.robotstxt.org URL with https one [ci skip]Tatsuya Hoshino2019-06-251-1/+1
|/ / | | | | | | The robots.txt site is moved permanently to https URL.
* | Make `ActionDispatch::Response#content_type` behavior configurableyuuji.yaginuma2019-06-213-0/+31
| | | | | | | | | | | | | | | | | | I changed return value of `ActionDispatch::Response#content_type` in #36034. But this change seems to an obstacle to upgrading. https://github.com/rails/rails/pull/36034#issuecomment-498795893 Therefore, I restored the behavior of `ActionDispatch::Response#content_type` to 5.2 and deprecated old behavior. Also, made it possible to control the behavior with the config.
* | Merge pull request #36486 from benthorner/masterYuji Yaginuma2019-06-203-5/+31
|\ \ | | | | | | Allow using env var to specify pidfile
| * | Allow using env var to specify pidfileBen Thorner2019-06-193-5/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously it was only possible to specify the location of the pidfile for the 'rails server' command with the '-P' flag. This adds support for specifying the pidfile using a PIDFILE env var, which can still be overridden by the '-P' flag and with the default pidfile path unchanged. The motivation for this feature comes from using Docker to run multiple instances of the same rails app. When developing a rails app with Docker, it's common to bind-mount the rails root directory in the running container, so that changes to files are shared between the container and the host. However, this doesn't work so well with the pidfile and it's necessary to (remember to) add a '-P' flag to the 'rails server' command line; being able to specify this flag using an env var would make developing with Rails+Docker a bit simpler.