| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
no_color! is already defined in [`Rails::Command::Behavior`][behavior],
which gets [included into `Rails:Generators`][include]. This duplication
came about in 6813edc7d9 when we introduced the Thor command structure.
We have [test coverage][] to ensure this method still behaves correctly
on `Rails:Generators`.
[behavior]: https://github.com/rails/rails/blob/f7e91c7224560fbd3e95c238a0e8bb362799bcb7/railties/lib/rails/command/behavior.rb#L12-L14
[include]: https://github.com/rails/rails/blob/f7e91c7224560fbd3e95c238a0e8bb362799bcb7/railties/lib/rails/generators.rb#L18
[test coverage]: https://github.com/rails/rails/blob/f7e91c7224560fbd3e95c238a0e8bb362799bcb7/railties/test/generators_test.rb#L163-L168
|
|
|
|
|
|
|
|
| |
This hack prevails everywhere in the codebase by being copy & pasted, and it's actually not a negative thing but a necessary thing for framework implementors,
so it should better have a name and be a thing.
And with this commit, activesupport/test/abstract_unit.rb now doesn't silently autoload AS::TestCase,
so we're ready to establish clearner environment for running AS tests (probably in later commits)
|
|
|
|
| |
It's used everywhere, clean and mature enough
|
|
|
|
|
|
| |
In most cases it works now without explicit require because it's accidentally required through
active_support/core_ext/date_and_time/calculations.rb where we still call `try`,
but that would stop working if we changed the Calculations implementation and remove the require call there.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `rake db:seed` command was broken for the primary environment if the
application is using multiple databases. We never implemented `rake
db:seed` for other databases (coming soon), but that shouldn't break the
default case.
The reason this was broken was because `abort_if_pending_migrations`
would loop through the configs for all databases and check for
migrations but would leave the last established connection. So `db:seed`
was looking in the wrong database for the table to seed.
This PR doesn't fix the fact that `db:seed` doesn't work for multiple
databases but does fix the default case.
Fixes #36817
Co-authored-by: John Crepezzi <john.crepezzi@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Applications are not supposed to use require_dependency in their own
code if running in zeitwerk mode, and require_dependency was initially
aliased to require with that use case in mind.
However, there are situations in which you cannot control the mode and
need to be compatible with both. There, you might need require_dependency
in case you are being executed in classic mode. Think about engines that
want to support both modes in their parent applications, for example.
Furthermore, Rails itself loads helpers using require_dependency.
Therefore, we need better compatibility.
|
|
|
|
| |
We're already running Performance/RegexpMatch cop, but it seems like the cop is not always =~ justice
|
|
|
|
|
| |
It causes unexpected results when running tests in parallel.
Ref: https://buildkite.com/rails/rails/builds/62610#0165f6d9-b9c8-4948-9319-07b58bfbfd4f/989-998
|
|\
| |
| | |
Prettify diff generated by git for encrypted file:
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- @sinsoku had the idea and started implementing it few months ago
but sadly didn't finish it.
This PR is taking over his work.
The credentials feature has changed a lot since @sinsoku opened hi
PR, it was easier to just restart from scratch instead of checking
out his branch.
Sinsoku will get all the credit he deserves for this idea :)
TL;DR on that that feature is to make the `git diff` or `git log`
of encrypted files to be readable.
The previous implementation was only setting up the git required
configuration for the first time Rails was bootstraped, so I decided
to instead provide the user a choice to opt-in for readable diff
credential whenever a user types the `bin/rails credentials:edit`
command.
The question won't be asked in the future the user has already
answered or if the user already opted in.
Co-authored-by: Takumi Shotoku <insoku.listy@gmail.com>
|
| |
| |
| |
| | |
assets are already precompiled in build_app step
|
|\ \
| | |
| | |
| | |
| | | |
y-yagi/add_mention_about_collection_cache_versioning
Add mention about `active_record.collection_cache_versioning` to the `new_framework_defaults.rb`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`new_framework_defaults.rb`
All other recommended new configurations that set in `load_defaults` are
already mentioned in `new_framework_defaults.rb`.
So `active_record.collection_cache_versioning` should also be mentioned.
|
|\ \ \
| |_|/
|/| | |
Use Dir.glob(base: ...) to avoid chdir
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* read config/webpacker.yml to determine which path to exclude for zeitwerk:check
* fix test errors
* more changes to fix test errors
* refactor webpacker_path
[Andrew Kress + Rafael Mendonça França]
|
|\ \ \
| | | |
| | | | |
Add common sensitive names to generated filter parameters
|
| | | |
| | | |
| | | |
| | | |
| | | | |
These added names are distilled from the filter_parameters config of a
number of open source Rails applications.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Define the `url_options` needed for SytemTest inside the route proxy:
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- I made a change in https://github.com/rails/rails/pull/36691 to
delegate route helper to a proxy class.
This didn't take into account that the `url_options` we redefine
in SystemTest would be ignored.
This PR fixes that by definin the url_options inside the proxy
|
|\ \ \ \
| | | | |
| | | | | |
Fixed db:prepare task to not touch schema when it is disabled
|
| |/ / /
| | | |
| | | |
| | | | |
is false.
|
|\ \ \ \
| |/ / /
|/| | | |
Add pidfile option to puma config template
|
| | | |
| | | |
| | | |
| | | | |
This allow to call `pumactl` directly without extra parameters needed
|
| | | |
| | | |
| | | |
| | | | |
Add configuration option to turn off drawing of Active Storage routes.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- If we create the deprecation before the new class is defined this
creates an issue in case you use a `TracePoint`. The
`Tracepoint#return_value` will try to get the new class constant
resulting in a uninitialized constant Rails::SourceAnnotationExtractor
The problem can be reproduced like this:
```ruby
@defined = Set.new
ANONYMOUS_CLASS_DEFINITION_TRACEPOINT = TracePoint.new(:c_return) do |tp|
next unless @defined.add?(tp.return_value)
end
ANONYMOUS_CLASS_DEFINITION_TRACEPOINT.enable
require 'rails'
require "rails/source_annotation_extractor"
```
|
| | | |
| | | |
| | | |
| | | | |
called.
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
masakazutakewaka/fix_railtie_add_newline_to_gemfile_insertion
Add a newline at the end of a Gemfile when it doesn't end with a newline
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Assigning to a collection of attachments appends rather than replacing, as in 5.2. Existing 5.2 apps that rely on this behavior will no longer break when they're upgraded to 6.0.
For apps generated on 6.0 or newer, assigning replaces the existing attachments in the collection. #attach should be used to add new attachments to the collection without removing existing ones.
I expect that we'll deprecate the old behavior in 6.1.
Closes #36374.
|
|\ \ \ \
| | | | |
| | | | | |
Add `skip-collision-check` option to generator
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Until Rails 5.2, generators can run same name multi times without destroying.
But Rails 6.0(with Zeitwerk) can't this. In Rails 6.0, an error occurs
due to class name collision check.
The check uses `const_defined?`, which assumes that the autoload object
is also defined.
https://ruby-doc.org/core-2.6.3/Module.html#method-i-const_defined-3F
It did not work until Rails 5.2, but Zeitwerk seems to be able to
correctly check this against the application's code.
However, this is a little inconvenient if want to run the generator
again like mistake an attribute name(need to run `destoy` before).
In order to solve this, this PR adds an option to skip the collision check.
With this option, you can overwrite files just as did until Rails 5.2.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Prevent exception of loading database yaml with blank config file
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
#36661]
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Updates the generator output to use a reserved domain[1] instead of a
potentially real world domain.
[1]: https://tools.ietf.org/html/rfc2606#section-3
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A HTTP feature policy is Yet Another HTTP header for instructing the
browser about which features the application intends to make use of and
to lock down access to others. This is a new security mechanism that
ensures that should an application become compromised or a third party
attempts an unexpected action, the browser will override it and maintain
the intended UX.
WICG specification: https://wicg.github.io/feature-policy/
The end result is a HTTP header that looks like the following:
```
Feature-Policy: geolocation 'none'; autoplay https://example.com
```
This will prevent the browser from using geolocation and only allow
autoplay on `https://example.com`. Full feature list can be found over
in the WICG repository[1].
As of today Chrome and Safari have public support[2] for this
functionality with Firefox working on support[3] and Edge still pending
acceptance of the suggestion[4].
#### Examples
Using an initializer
```rb
# config/initializers/feature_policy.rb
Rails.application.config.feature_policy do |f|
f.geolocation :none
f.camera :none
f.payment "https://secure.example.com"
f.fullscreen :self
end
```
In a controller
```rb
class SampleController < ApplicationController
def index
feature_policy do |f|
f.geolocation "https://example.com"
end
end
end
```
Some of you might realise that the HTTP feature policy looks pretty
close to that of a Content Security Policy; and you're right. So much so
that I used the Content Security Policy DSL from #31162 as the starting
point for this change.
This change *doesn't* introduce support for defining a feature policy on
an iframe and this has been intentionally done to split the HTTP header
and the HTML element (`iframe`) support. If this is successful, I'll
look to add that on it's own.
Full documentation on HTTP feature policies can be found at
https://wicg.github.io/feature-policy/. Google have also published[5] a
great in-depth write up of this functionality.
[1]: https://github.com/WICG/feature-policy/blob/master/features.md
[2]: https://www.chromestatus.com/feature/5694225681219584
[3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801
[4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy
[5]: https://developers.google.com/web/updates/2018/06/feature-policy
|
|\ \ \
| | | |
| | | | |
Add the ability to set the CSP nonce only to the specified directives
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).
So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.
Fixes #35137.
|