| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The ActionDispatch::HostAuthorization is a new middleware that prevent
against DNS rebinding and other Host header attacks. By default it is
included only in the development environment with the following
configuration:
Rails.application.config.hosts = [
IPAddr.new("0.0.0.0/0"), # All IPv4 addresses.
IPAddr.new("::/0"), # All IPv6 addresses.
"localhost" # The localhost reserved domain.
]
In other environments, `Rails.application.config.hosts` is empty and no
Host header checks will be done. If you want to guard against header
attacks on production, you have to manually permit the allowed hosts
with:
Rails.application.config.hosts << "product.com"
The host of a request is checked against the hosts entries with the case
operator (#===), which lets hosts support entries of type RegExp,
Proc and IPAddr to name a few. Here is an example with a regexp.
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << /.*\.product\.com/
A special case is supported that allows you to permit all sub-domains:
# Allow requests from subdomains like `www.product.com` and
# `beta1.product.com`.
Rails.application.config.hosts << ".product.com"
|
| | |
| | |
| | |
| | | |
This follows up adb0c7bc5116e0f6020a4ec32b7e19ea8b26f1ec
|
| | |
| | |
| | |
| | |
| | |
| | | |
bug reporting
Hand-merging @ujihisa's ancient patch at https://lighthouseapp.com/projects/8994/tickets/3644
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When actually execute from the command, the value of ARGV is passed to the
server. So they are String. So let's use the same type in the test.
Also, this removes the following warning in Ruby 2.6.
```
lib/rails/commands/server/server_command.rb:195: warning: deprecated Object#=~ is called on Integer; it always returns nil
```
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | | |
Remove redundant suffixes on generated helpers.
|
| | | | |
|
|/ / / |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* No need to go through ruby
* Abort early if a generator command fails
* Reuse `rails_command` method
* Bump thor minimum dependency to 0.20.3
* Add some minimal docs
* Add a changelog entry
* Restore original logging
|
| | |
| | |
| | |
| | |
| | |
| | | |
And make sure new applications in Rails 6.0 has this config enabled.
Also, improve test coverage and add a CHANGELOG entry.
|
|\ \ \
| | | |
| | | | |
Make AJ::Base#enqueue return false if the job wasn't enqueued
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
mberlanda/mberlanda/as-inheritable-options-intialization
[Realties] config_for as ActiveSupport::OrderedOptions
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
https://www.postgresql.org/support/versioning/
- 9.1 EOLed on September 2016.
- 9.2 EOLed on September 2017.
9.3 is also not supported since Nov 8, 2018. https://www.postgresql.org/about/news/1905/
I think it may be a little bit early to drop PostgreSQL 9.3 yet.
* Deprecated `supports_ranges?` since no other databases support range data type
* Add `supports_materialized_views?` to abstract adapter
Materialized views itself is supported by other databases, other connection adapters may support them
* Remove `with_manual_interventions`
It was only necessary for PostgreSQL 9.1 or earlier
* Drop CI against PostgreSQL 9.2
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Sometimes `test_scaffold_tests_pass_by_default` test fails in CI.
https://travis-ci.org/rails/rails/jobs/457621750#L2095-L2120
It seems `manifest.json` was broken.
`webpacker` will compile automatically if packs is not compiled.
If parallel test is enabled, it seems that this compilation process is
executed simultaneously in multiple processes, and it may become an
inconsistent state.
In order to avoid this, compile before running the test.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In commit 6567464bedd1e39ee7390da9484ba0caa7eb3e07 we homogenized rails
commands with former rake tasks. We decided to display all commands at
the same level and merged the list of commands displayed by `rails help`.
We however forgot to actually merge the output in the command itself.
This commit fixes that.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Windows support for parallelization and instrumenter
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add Windows support for `ActiveSupport::Testing::Parallelization`
and `ActiveSupport::Notifications::Instrumenter`.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Correctly handle unknown object in parallel tests
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
DRb wraps in `DRbUnknown` if the data contains a type that can not be
resolved locally. This can happen if an error occurs in the test and the
error class can not be resolved on the server side.
When this happens, an instance of `DRbUnknown` is passed to the `result`
of `Server#record`. This causes another error(undefined method assertions
for #<DRb::DRbUnknown:> (NoMethodError)) in `reporter.record`.
This can confirm by the following steps.
```
$ rails new app -B --dev; cd app
$ rails g scaffold user name:string
$ edit `config.action_controller.allow_forgery_protection = true` in environments/test.rb
$ bin/rails t
```
In the case of `DRbUnknown` occurs, can't resolve error exception. So wrap
exception with `DRbRemoteError` in the same way as an unmarshalled object.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
These tests are for testing the `rake` method.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Follow up to a725539de677adbea0ced19d65647e975dbd3f84
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Remove asset paths from autoload_paths
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Remove `app/assets` and `app/javascript` from `eager_load_paths`
and `autoload_paths`.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Reset Capybara sessions if failed system test screenshot raising an exception
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Reset Capybara sessions if `take_failed_screenshot` raise exception
in system test `after_teardown`.
|
| | | | | | | | |
|
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Addressing warnings are important but it should be out of this test scope.
https://travis-ci.org/rails/rails/jobs/454145524#L4122-L4131
```
.F
Failure:
ApplicationTests::BinSetupTest#test_bin_setup_output [test/application/bin_setup_test.rb:49]:
--- expected
+++ actual
@@ -1,4 +1,5 @@
"== Installing dependencies ==
+warning: Passing permitted_classes with the 2nd argument of Psych.safe_load is deprecated. Use keyword argument like Psych.safe_load(yaml, permitted_classes: ...) instead.
The Gemfile's dependencies are satisfied
== Preparing database ==
rails test test/application/bin_setup_test.rb:38
```
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
Follow up #34131.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This argument was added in fa5a028ed9f, and #34137 but hasn't been used.
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | | |
`Webpacker` handles testing / development packs separately by default.
If do not specify `RAILS_ENV`, there is no merit to precompile.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds support for multiple databases to `rails db:schema:cache:dump`
and `rails db:schema:cache:clear`.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Respond /rails/info/properties.json
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Added json format, like this:
{
"Rails version": "6.0.0.alpha",
"Ruby version": "2.5.1-p57 (x86_64-darwin17)",
"RubyGems version": "2.7.6",
"Rack version": "2.0.6",
"JavaScript Runtime": "Node.js (V8)",
"Middleware": ["Rack::Sendfile", "ActionDispatch::Static", "ActionDispatch::Executor", "ActiveSupport::Cache::Strategy::LocalCache::Middleware", "Rack::Runtime", "Rack::MethodOverride", "ActionDispatch::RequestId", "ActionDispatch::RemoteIp", "Sprockets::Rails::QuietAssets", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "WebConsole::Middleware", "ActionDispatch::DebugExceptions", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::Migration::CheckPending", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ContentSecurityPolicy::Middleware", "Rack::Head", "Rack::ConditionalGet", "Rack::ETag", "Rack::TempfileReaper"],
"Application root": "/path/to/app",
"Environment": "development",
"Database adapter": "sqlite3",
"Database schema version": 0
}
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Amend CVE note and security guide section wordings
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.
[ci skip]
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Add `connect_src` example to content security policy initializer
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If want to use `webpack-dev-server` with CSP enabled, need to specify
`connect-src`.
Related to: https://github.com/rails/webpacker/commit/cd7ecf4d48496341aecd81c0c2f69fe4e50a7cd4
This is a matter of `webpacker`. But since `webpacker` is now used by
default, to prevent user confusion, I think that better to include an
example of `connect-src.`
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
[ci skip]
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If add a package with `yarn`, it will have a newline after the last
dependency so let's match with that.
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
rails/rails#33853 and rails/rails#33929 removed `encoding: utf8mb4` from database.yml
since at that time MySQL 5.1 is supported with the master branch.
Since MySQL 5.1 has been dropped, we can restore `encoding: utf8mb4` in database.yml
|
|\ \ \ \
| | | | |
| | | | | |
Implement AR#inspect using ParameterFilter
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
AR instance support `filter_parameters` since #33756.
Though Regex or Proc is valid as `filter_parameters`,
they are not supported as AR#inspect.
I also add :mask option and #filter_params to
`ActiveSupport::ParameterFilter#new` to implement this.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
What is important to tell is that the database configuration could not
be loaded.
Fixes #34296.
|