From 69a70955a0f080ee8b640902181a209cd07039e5 Mon Sep 17 00:00:00 2001 From: Justin Coyne Date: Thu, 13 Jan 2022 08:50:39 -0600 Subject: [PATCH] Upgrade to Rails 7 --- Gemfile | 5 +- Gemfile.lock | 167 +++++++++++------- bin/rails | 3 +- bin/rake | 1 - bin/setup | 21 +-- config/environments/development.rb | 32 ++-- config/environments/production.rb | 64 ++----- config/environments/test.rb | 25 ++- config/initializers/assets.rb | 14 ++ .../initializers/content_security_policy.rb | 42 ++--- .../initializers/filter_parameter_logging.rb | 4 +- .../new_framework_defaults_7_0.rb | 118 +++++++++++++ ...e_storage_blobs_checksum.active_storage.rb | 6 + db/structure.sql | 5 +- 14 files changed, 328 insertions(+), 179 deletions(-) create mode 100644 config/initializers/assets.rb create mode 100644 config/initializers/new_framework_defaults_7_0.rb create mode 100644 db/migrate/20220113144801_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb diff --git a/Gemfile b/Gemfile index 5f5153ed2..1da62f281 100644 --- a/Gemfile +++ b/Gemfile @@ -62,7 +62,7 @@ gem 'jsbundling-rails', '~> 0.1.9' gem 'lograge', '~> 0.11.2' gem 'okcomputer' gem 'pg' -gem 'rails', '~> 6.1' +gem 'rails', '~> 7.0.1' gem 'redis', '~> 4.0' # pinned because 2.6.0 broke the build: [Reform] Your :populator did not return a Reform::Form instance for `authors`. gem 'reform', '~> 2.5.0' @@ -70,8 +70,9 @@ gem 'reform-rails', '~> 0.2.0' gem 'sdr-client', '~> 0.63' gem 'sidekiq', '~> 6.1' gem 'sneakers', '~> 2.11' # rabbitMQ background processing +gem 'sprockets-rails' gem 'state_machines-activerecord' gem 'turbo-rails', '~> 0.8.2' gem 'view_component', '~> 2.18' gem 'whenever' -gem 'zipline', '~> 1.3' +gem 'zipline', github: 'fringd/zipline' # awaiting 1.4 diff --git a/Gemfile.lock b/Gemfile.lock index 50919bfb8..fb85ba6b9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,67 +1,81 @@ +GIT + remote: https://github.com/fringd/zipline.git + revision: 90ceca20210914ed859b289b6b6c5921f6e3e6af + specs: + zipline (1.3.1) + actionpack (>= 3.2.1, < 8.0) + zip_tricks (>= 4.2.1, < 6.0) + GEM remote: https://rubygems.org/ specs: action_policy (0.5.7) ruby-next-core (>= 0.11.0) - actioncable (6.1.4.4) - actionpack (= 6.1.4.4) - activesupport (= 6.1.4.4) + actioncable (7.0.1) + actionpack (= 7.0.1) + activesupport (= 7.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4.4) - actionpack (= 6.1.4.4) - activejob (= 6.1.4.4) - activerecord (= 6.1.4.4) - activestorage (= 6.1.4.4) - activesupport (= 6.1.4.4) + actionmailbox (7.0.1) + actionpack (= 7.0.1) + activejob (= 7.0.1) + activerecord (= 7.0.1) + activestorage (= 7.0.1) + activesupport (= 7.0.1) mail (>= 2.7.1) - actionmailer (6.1.4.4) - actionpack (= 6.1.4.4) - actionview (= 6.1.4.4) - activejob (= 6.1.4.4) - activesupport (= 6.1.4.4) + net-imap + net-pop + net-smtp + actionmailer (7.0.1) + actionpack (= 7.0.1) + actionview (= 7.0.1) + activejob (= 7.0.1) + activesupport (= 7.0.1) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.4.4) - actionview (= 6.1.4.4) - activesupport (= 6.1.4.4) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.1) + actionview (= 7.0.1) + activesupport (= 7.0.1) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4.4) - actionpack (= 6.1.4.4) - activerecord (= 6.1.4.4) - activestorage (= 6.1.4.4) - activesupport (= 6.1.4.4) + actiontext (7.0.1) + actionpack (= 7.0.1) + activerecord (= 7.0.1) + activestorage (= 7.0.1) + activesupport (= 7.0.1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.4.4) - activesupport (= 6.1.4.4) + actionview (7.0.1) + activesupport (= 7.0.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.4.4) - activesupport (= 6.1.4.4) + activejob (7.0.1) + activesupport (= 7.0.1) globalid (>= 0.3.6) - activemodel (6.1.4.4) - activesupport (= 6.1.4.4) - activerecord (6.1.4.4) - activemodel (= 6.1.4.4) - activesupport (= 6.1.4.4) - activestorage (6.1.4.4) - actionpack (= 6.1.4.4) - activejob (= 6.1.4.4) - activerecord (= 6.1.4.4) - activesupport (= 6.1.4.4) - marcel (~> 1.0.0) + activemodel (7.0.1) + activesupport (= 7.0.1) + activerecord (7.0.1) + activemodel (= 7.0.1) + activesupport (= 7.0.1) + activestorage (7.0.1) + actionpack (= 7.0.1) + activejob (= 7.0.1) + activerecord (= 7.0.1) + activesupport (= 7.0.1) + marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.4.4) + activesupport (7.0.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) airbrussh (1.4.0) @@ -71,7 +85,7 @@ GEM attr_extras (6.2.5) bcrypt (3.1.16) bindex (0.8.1) - bootsnap (1.9.3) + bootsnap (1.9.4) msgpack (~> 1.0) builder (3.2.4) bundler-audit (0.9.0.1) @@ -114,7 +128,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - capybara-screenshot (1.0.25) + capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy chronic (0.10.2) @@ -157,6 +171,7 @@ GEM devise-remote-user (1.1.0) devise diff-lcs (1.5.0) + digest (3.1.0) disposable (0.4.7) declarative (>= 0.0.9, < 1.0.0) declarative-builder (< 0.2.0) @@ -210,7 +225,7 @@ GEM dry-core (~> 0.5, >= 0.5) dry-initializer (~> 3.0) dry-schema (~> 1.8, >= 1.8.0) - edtf (3.0.7) + edtf (3.0.8) activesupport (>= 3.0, < 8.0) erubi (1.10.0) factory_bot (6.2.0) @@ -250,7 +265,7 @@ GEM cliver (~> 0.3) concurrent-ruby (~> 1.1) websocket-driver (>= 0.6, < 0.8) - ffi (1.15.4) + ffi (1.15.5) globalid (1.0.0) activesupport (>= 5.0) hashdiff (1.0.1) @@ -258,6 +273,7 @@ GEM i18n (1.8.11) concurrent-ruby (~> 1.0) ice_nine (0.11.2) + io-wait (0.2.1) jbuilder (2.11.5) actionview (>= 5.0.0) activesupport (>= 5.0.0) @@ -287,8 +303,23 @@ GEM msgpack (1.4.2) multi_json (1.15.0) multipart-post (2.1.1) + net-imap (0.2.3) + digest + net-protocol + strscan + net-pop (0.1.1) + digest + net-protocol + timeout + net-protocol (0.1.2) + io-wait + timeout net-scp (3.0.0) net-ssh (>= 2.6.5, < 7.0.0) + net-smtp (0.3.1) + digest + net-protocol + timeout net-ssh (6.1.0) nio4r (2.5.8) nokogiri (1.13.0) @@ -319,33 +350,33 @@ GEM rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.4.4) - actioncable (= 6.1.4.4) - actionmailbox (= 6.1.4.4) - actionmailer (= 6.1.4.4) - actionpack (= 6.1.4.4) - actiontext (= 6.1.4.4) - actionview (= 6.1.4.4) - activejob (= 6.1.4.4) - activemodel (= 6.1.4.4) - activerecord (= 6.1.4.4) - activestorage (= 6.1.4.4) - activesupport (= 6.1.4.4) + rails (7.0.1) + actioncable (= 7.0.1) + actionmailbox (= 7.0.1) + actionmailer (= 7.0.1) + actionpack (= 7.0.1) + actiontext (= 7.0.1) + actionview (= 7.0.1) + activejob (= 7.0.1) + activemodel (= 7.0.1) + activerecord (= 7.0.1) + activestorage (= 7.0.1) + activesupport (= 7.0.1) bundler (>= 1.15.0) - railties (= 6.1.4.4) - sprockets-rails (>= 2.0.0) + railties (= 7.0.1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.4.4) - actionpack (= 6.1.4.4) - activesupport (= 6.1.4.4) + railties (7.0.1) + actionpack (= 7.0.1) + activesupport (= 7.0.1) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) - rainbow (3.0.0) + zeitwerk (~> 2.5) + rainbow (3.1.1) rake (12.3.3) rb-fsevent (0.11.0) rb-inotify (0.10.1) @@ -470,11 +501,13 @@ GEM state_machines-graphviz (0.0.2) ruby-graphviz state_machines + strscan (3.0.1) super_diff (0.8.0) attr_extras (>= 6.2.4) diff-lcs patience_diff thor (1.2.1) + timeout (0.2.0) turbo-rails (0.8.3) rails (>= 6.0.0) tzinfo (2.0.4) @@ -504,9 +537,6 @@ GEM nokogiri (~> 1.8) zeitwerk (2.5.3) zip_tricks (5.6.0) - zipline (1.3.1) - actionpack (>= 3.2.1, < 7.0) - zip_tricks (>= 4.2.1, < 6.0) PLATFORMS ruby @@ -548,7 +578,7 @@ DEPENDENCIES okcomputer pg puma (~> 5.5) - rails (~> 6.1) + rails (~> 7.0.1) redis (~> 4.0) reform (~> 2.5.0) reform-rails (~> 0.2.0) @@ -565,6 +595,7 @@ DEPENDENCIES sneakers (~> 2.11) spring spring-watcher-listen (~> 2.0.0) + sprockets-rails state_machines-activerecord state_machines-graphviz super_diff @@ -573,7 +604,7 @@ DEPENDENCIES web-console (>= 3.3.0) webmock whenever - zipline (~> 1.3) + zipline! BUNDLED WITH 2.3.4 diff --git a/bin/rails b/bin/rails index 21d3e02d8..efc037749 100755 --- a/bin/rails +++ b/bin/rails @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) -APP_PATH = File.expand_path('../config/application', __dir__) +APP_PATH = File.expand_path("../config/application", __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/bin/rake b/bin/rake index 7327f471e..4fbf10b96 100755 --- a/bin/rake +++ b/bin/rake @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) require_relative "../config/boot" require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 90700ac4f..ec47b79b3 100755 --- a/bin/setup +++ b/bin/setup @@ -2,7 +2,7 @@ require "fileutils" # path to your application root. -APP_ROOT = File.expand_path('..', __dir__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") @@ -13,24 +13,21 @@ FileUtils.chdir APP_ROOT do # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - # Install JavaScript dependencies - system! 'bin/yarn' + puts "== Installing dependencies ==" + system! "gem install bundler --conservative" + system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! 'bin/rails db:prepare' + system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + system! "bin/rails log:clear tmp:clear" puts "\n== Restarting application server ==" - system! 'bin/rails restart' + system! "bin/rails restart" end diff --git a/config/environments/development.rb b/config/environments/development.rb index b7f86f2d6..84a57f401 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -14,6 +16,9 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. if Rails.root.join('tmp/caching-dev.txt').exist? @@ -41,8 +46,11 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Use Sidekiq as the queuing backend for ActiveJob - config.active_job.queue_adapter = :sidekiq + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load @@ -50,21 +58,15 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - config.assets.debug = true - # Suppress logger output for asset requests. config.assets.quiet = true # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true - # This is nice for debugging, but we found that it breaks dropzone - config.action_view.annotate_rendered_view_with_filenames = false + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - config.file_watcher = ActiveSupport::EventedFileUpdateChecker + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/production.rb b/config/environments/production.rb index f7f5f18f2..df7c88c8a 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -28,34 +30,29 @@ # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. - # config.assets.compile = false + config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local - # Allow ActionCable connections from Hydrus/H2 URLs in all deployed environments - # - # NOTE: We don't have access to the config gem at this point in Rails' - # initialization order, so we can't supply more specific URLs in - # shared_configs here. - config.action_cable.allowed_request_origins = [ - %r{https://sul-h2.*\.stanford\.edu}, - %r{https://(new-)?sdr\.stanford\.edu} - ] + # Mount Action Cable outside main process or domain. + # config.action_cable.mount_path = nil + # config.action_cable.url = "wss://example.com/cable" + # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = :info # Prepend all log lines with the following tags. config.log_tags = [:request_id] @@ -64,11 +61,10 @@ # config.cache_store = :mem_cache_store # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque + config.active_job.queue_adapter = :sidekiq # config.active_job.queue_name_prefix = "happy_heron_production" config.action_mailer.perform_caching = false - config.action_mailer.asset_host = "https://#{Settings.host}" # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. @@ -78,18 +74,15 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Use Sidekiq as the queuing backend for ActiveJob - config.active_job.queue_adapter = :sidekiq + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + # require "syslog/logger" + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") if ENV['RAILS_LOG_TO_STDOUT'].present? logger = ActiveSupport::Logger.new($stdout) @@ -99,25 +92,4 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end diff --git a/config/environments/test.rb b/config/environments/test.rb index b1b878257..10206a6a8 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -10,13 +12,13 @@ require 'test_shibboleth_headers' config.middleware.use TestShibbolethHeaders - config.cache_classes = false - config.action_view.cache_template_loading = true + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV['CI'].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true @@ -48,8 +50,17 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true # Use the test adapter as the queuing backend for ActiveJob config.active_job.queue_adapter = :test diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb new file mode 100644 index 000000000..bcafccdd3 --- /dev/null +++ b/config/initializers/assets.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. + +# Version of your assets, change this if you want to expire all your assets. +Rails.application.config.assets.version = '1.0' + +# Add additional assets to the asset load path. +# Rails.application.config.assets.paths << Emoji.images_path + +# Precompile additional assets. +# application.js, application.css, and all non-JS/CSS in the app/assets +# folder are already added. +# Rails.application.config.assets.precompile += %w( admin.js admin.css ) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index f3bcce546..f37ed8de4 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -5,27 +5,23 @@ # For further information see the following documentation # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report CSP violations to a specified URI. See: +# # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 7a4f47b4c..3babc73f0 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -3,4 +3,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += %i[ + passw secret token _key crypt salt certificate otp ssn +] diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 000000000..9cf319f0a --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,118 @@ +# frozen_string_literal: true +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `