From 2e5ec9a6efc80fd266b974fc50b2775afa73130b Mon Sep 17 00:00:00 2001
From: Ben Thorner <ben.thorner@digital.cabinet-office.gov.uk>
Date: Mon, 10 Jun 2019 16:46:52 +0100
Subject: Allow using env var to specify pidfile

Previously it was only possible to specify the location of the pidfile
for the 'rails server' command with the '-P' flag. This adds support for
specifying the pidfile using a PIDFILE env var, which can still be
overridden by the '-P' flag and with the default pidfile path unchanged.

The motivation for this feature comes from using Docker to run multiple
instances of the same rails app. When developing a rails app with
Docker, it's common to bind-mount the rails root directory in the
running container, so that changes to files are shared between the
container and the host. However, this doesn't work so well with the
pidfile and it's necessary to (remember to) add a '-P' flag to the
'rails server' command line; being able to specify this flag using an
env var would make developing with Rails+Docker a bit simpler.
---
 railties/test/commands/server_test.rb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'railties/test')

diff --git a/railties/test/commands/server_test.rb b/railties/test/commands/server_test.rb
index b78370a233..c9026e2d95 100644
--- a/railties/test/commands/server_test.rb
+++ b/railties/test/commands/server_test.rb
@@ -116,6 +116,13 @@ class Rails::Command::ServerCommandTest < ActiveSupport::TestCase
     end
   end
 
+  def test_environment_with_pidfile
+    switch_env "PIDFILE", "/tmp/rails.pid" do
+      options = parse_arguments
+      assert_equal "/tmp/rails.pid", options[:pid]
+    end
+  end
+
   def test_caching_without_option
     args = []
     options = parse_arguments(args)
@@ -234,6 +241,12 @@ class Rails::Command::ServerCommandTest < ActiveSupport::TestCase
       options = parse_arguments(args)
       assert_equal "127.0.0.1", options[:Host]
     end
+
+    switch_env "PIDFILE", "/tmp/rails.pid" do
+      args = ["-P", "/somewhere/else.pid"]
+      options = parse_arguments(args)
+      assert_equal "/somewhere/else.pid", options[:pid]
+    end
   end
 
   def test_records_user_supplied_options
@@ -253,6 +266,16 @@ class Rails::Command::ServerCommandTest < ActiveSupport::TestCase
       server_options = parse_arguments
       assert_equal [:Host], server_options[:user_supplied_options]
     end
+
+    switch_env "PORT", "3001" do
+      server_options = parse_arguments
+      assert_equal [:Port], server_options[:user_supplied_options]
+    end
+
+    switch_env "PIDFILE", "/tmp/server.pid" do
+      server_options = parse_arguments
+      assert_equal [:pid], server_options[:user_supplied_options]
+    end
   end
 
   def test_default_options
-- 
cgit v1.2.3


From ddb6d788d6a611fd1ba6cf92ad6d1342079517a8 Mon Sep 17 00:00:00 2001
From: "yuuji.yaginuma" <yuuji.yaginuma@gmail.com>
Date: Sat, 15 Jun 2019 12:54:26 +0900
Subject: Make `ActionDispatch::Response#content_type` behavior configurable

I changed return value of `ActionDispatch::Response#content_type` in #36034.
But this change seems to an obstacle to upgrading. https://github.com/rails/rails/pull/36034#issuecomment-498795893

Therefore, I restored the behavior of `ActionDispatch::Response#content_type`
to 5.2 and deprecated old behavior. Also, made it possible to control the
behavior with the config.
---
 railties/test/application/configuration_test.rb | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'railties/test')

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 6f9711cb37..f6bec3242a 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -2436,6 +2436,33 @@ module ApplicationTests
       assert_nil ActiveStorage.queues[:purge]
     end
 
+    test "ActionDispatch::Response.return_only_media_type_on_content_type is false by default" do
+      app "development"
+
+      assert_equal false, ActionDispatch::Response.return_only_media_type_on_content_type
+    end
+
+    test "ActionDispatch::Response.return_only_media_type_on_content_type is true in the 5.x defaults" do
+      remove_from_config '.*config\.load_defaults.*\n'
+      add_to_config 'config.load_defaults "5.2"'
+
+      app "development"
+
+      assert_equal true, ActionDispatch::Response.return_only_media_type_on_content_type
+    end
+
+    test "ActionDispatch::Response.return_only_media_type_on_content_type can be configured in the new framework defaults" do
+      remove_from_config '.*config\.load_defaults.*\n'
+
+      app_file "config/initializers/new_framework_defaults_6_0.rb", <<-RUBY
+        Rails.application.config.action_dispatch.return_only_media_type_on_content_type = true
+      RUBY
+
+      app "development"
+
+      assert_equal true, ActionDispatch::Response.return_only_media_type_on_content_type
+    end
+
     test "ActionMailbox.logger is Rails.logger by default" do
       app "development"
 
-- 
cgit v1.2.3


From 09d55b302266cf002a4b307f8d37a105d2838a18 Mon Sep 17 00:00:00 2001
From: "yuuji.yaginuma" <yuuji.yaginuma@gmail.com>
Date: Sun, 3 Feb 2019 11:33:44 +0900
Subject: Add the ability to set the CSP nonce only to the specified directives

I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).

So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.

Fixes #35137.
---
 .../application/content_security_policy_test.rb    | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'railties/test')

diff --git a/railties/test/application/content_security_policy_test.rb b/railties/test/application/content_security_policy_test.rb
index 3338bcb47d..0bb6ee917a 100644
--- a/railties/test/application/content_security_policy_test.rb
+++ b/railties/test/application/content_security_policy_test.rb
@@ -119,6 +119,38 @@ module ApplicationTests
       assert_policy "default-src 'self' https:", report_only: true
     end
 
+    test "global content security policy nonce directives in an initializer" do
+      controller :pages, <<-RUBY
+        class PagesController < ApplicationController
+          def index
+            render html: "<h1>Welcome to Rails!</h1>"
+          end
+        end
+      RUBY
+
+      app_file "config/initializers/content_security_policy.rb", <<-RUBY
+        Rails.application.config.content_security_policy do |p|
+          p.default_src :self, :https
+          p.script_src  :self, :https
+          p.style_src   :self, :https
+        end
+
+        Rails.application.config.content_security_policy_nonce_generator = proc { "iyhD0Yc0W+c=" }
+        Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
+      RUBY
+
+      app_file "config/routes.rb", <<-RUBY
+        Rails.application.routes.draw do
+          root to: "pages#index"
+        end
+      RUBY
+
+      app("development")
+
+      get "/"
+      assert_policy "default-src 'self' https:; script-src 'self' https: 'nonce-iyhD0Yc0W+c='; style-src 'self' https:"
+    end
+
     test "override content security policy in a controller" do
       controller :pages, <<-RUBY
         class PagesController < ApplicationController
-- 
cgit v1.2.3


From df6b0de7d9522c46c140c556ee61e09df14ef97a Mon Sep 17 00:00:00 2001
From: eileencodes <eileencodes@gmail.com>
Date: Wed, 26 Jun 2019 14:25:11 -0400
Subject: Load initial database.yml once, and warn if we can't create tasks

For multiple databases we attempt to generate the tasks by reading the
database.yml before the Rails application is booted. This means that we
need to strip out ERB since it could be reading Rails configs.

In some cases like https://github.com/rails/rails/issues/36540 the ERB
is too complex and we can't overwrite with the DummyCompilier we used in
https://github.com/rails/rails/pull/35497. For the complex causes we
simply issue a warning that says we couldn't infer the database tasks
from the database.yml.

While working on this I decided to update the code to only load the
database.yml once initially so that we avoid having to issue the same
warning multiple times. Note that this had no performance impact in my
testing and is merely for not having to save the error off somewhere.
Also this feels cleaner.

Note that this will not break running tasks that exist, it will just
mean that tasks for multi-db like `db:create:other_db` will not be
generated. If the database.yml is actually unreadable it will blow up
during normal rake task calls.

Fixes #36540
---
 railties/test/application/rake/dbs_test.rb | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'railties/test')

diff --git a/railties/test/application/rake/dbs_test.rb b/railties/test/application/rake/dbs_test.rb
index e08cd09abd..79c521dbf6 100644
--- a/railties/test/application/rake/dbs_test.rb
+++ b/railties/test/application/rake/dbs_test.rb
@@ -40,6 +40,15 @@ module ApplicationTests
         end
       end
 
+      def db_create_with_warning(expected_database)
+        Dir.chdir(app_path) do
+          output = rails("db:create")
+          assert_match(/Rails couldn't infer whether you are using multiple databases/, output)
+          assert_match(/Created database/, output)
+          assert File.exist?(expected_database)
+        end
+      end
+
       test "db:create and db:drop without database URL" do
         require "#{app_path}/config/environment"
         db_create_and_drop ActiveRecord::Base.configurations[Rails.env]["database"]
@@ -86,6 +95,25 @@ module ApplicationTests
         db_create_and_drop("db/development.sqlite3", environment_loaded: false)
       end
 
+      test "db:create and db:drop show warning but doesn't raise errors when loading YAML with alias ERB" do
+        app_file "config/database.yml", <<-YAML
+          sqlite: &sqlite
+            adapter: sqlite3
+            database: db/development.sqlite3
+
+          development:
+            <<: *<%= ENV["DB"] || "sqlite" %>
+        YAML
+
+        app_file "config/environments/development.rb", <<-RUBY
+          Rails.application.configure do
+            config.database = "db/development.sqlite3"
+          end
+        RUBY
+
+        db_create_with_warning("db/development.sqlite3")
+      end
+
       test "db:create and db:drop don't raise errors when loading YAML containing conditional statements in ERB" do
         app_file "config/database.yml", <<-YAML
           development:
-- 
cgit v1.2.3


From 4b621df3840542c369a2db40529396033af3ec55 Mon Sep 17 00:00:00 2001
From: "yuuji.yaginuma" <yuuji.yaginuma@gmail.com>
Date: Sun, 30 Jun 2019 10:15:26 +0900
Subject: Make `bin/setup` test pass even if the database does not exist

---
 railties/test/application/bin_setup_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/test')

diff --git a/railties/test/application/bin_setup_test.rb b/railties/test/application/bin_setup_test.rb
index aa0da0931d..d84ab61cf9 100644
--- a/railties/test/application/bin_setup_test.rb
+++ b/railties/test/application/bin_setup_test.rb
@@ -31,7 +31,7 @@ module ApplicationTests
       Dir.chdir(app_path) do
         # SQLite3 seems to auto-create the database on first checkout.
         rails "db:system:change", "--to=postgresql"
-        rails "db:drop"
+        rails "db:drop", allow_failure: true
 
         app_file "db/schema.rb", ""
 
-- 
cgit v1.2.3