From fbc06182cc802bab682cf43c919b091b617bc520 Mon Sep 17 00:00:00 2001 From: Earlopain Date: Mon, 10 Oct 2022 13:22:35 +0200 Subject: [PATCH 1/3] [Rails] Update to 7 and run app:update --- Gemfile | 5 +- Gemfile.lock | 274 +++++++++--------- bin/rails | 2 +- bin/setup | 4 +- bin/sprockets | 29 -- config/application.rb | 52 ++-- config/boot.rb | 2 +- config/environment.rb | 2 +- config/environments/development.rb | 9 +- config/environments/production.rb | 31 +- config/environments/test.rb | 16 +- .../initializers/content_security_policy.rb | 57 ++-- config/initializers/cors.rb | 4 +- .../initializers/filter_parameter_logging.rb | 6 +- config/initializers/inflections.rb | 8 +- .../new_framework_defaults_7_0.rb | 135 +++++++++ 16 files changed, 352 insertions(+), 284 deletions(-) delete mode 100755 bin/sprockets create mode 100644 config/initializers/new_framework_defaults_7_0.rb diff --git a/Gemfile b/Gemfile index 944e8ca4f..1273cbef3 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org/' gem 'dotenv-rails', require: 'dotenv/rails-now' -gem "rails", "~> 6.1" +gem "rails", "~> 7.0" gem "pg" gem "dalli", :platforms => :ruby gem "simple_form" @@ -37,9 +37,6 @@ gem 'elasticsearch-rails' gem 'mailgun-ruby' gem 'resolv' -gem 'net-smtp' -gem 'net-pop' -gem 'net-imap' group :production, :staging do gem 'unicorn', :platforms => :ruby diff --git a/Gemfile.lock b/Gemfile.lock index 5fab1ce6b..02348c4f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,79 +9,85 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.6.1) - actionpack (= 6.1.6.1) - activesupport (= 6.1.6.1) + actioncable (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.6.1) - actionpack (= 6.1.6.1) - activejob (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + actionmailbox (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) mail (>= 2.7.1) - actionmailer (6.1.6.1) - actionpack (= 6.1.6.1) - actionview (= 6.1.6.1) - activejob (= 6.1.6.1) - activesupport (= 6.1.6.1) + net-imap + net-pop + net-smtp + actionmailer (7.0.4) + actionpack (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activesupport (= 7.0.4) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.6.1) - actionview (= 6.1.6.1) - activesupport (= 6.1.6.1) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.4) + actionview (= 7.0.4) + activesupport (= 7.0.4) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.6.1) - actionpack (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + actiontext (7.0.4) + actionpack (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.6.1) - activesupport (= 6.1.6.1) + actionview (7.0.4) + activesupport (= 7.0.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - active_model_serializers (0.10.12) - actionpack (>= 4.1, < 6.2) - activemodel (>= 4.1, < 6.2) + active_model_serializers (0.10.13) + actionpack (>= 4.1, < 7.1) + activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (6.1.6.1) - activesupport (= 6.1.6.1) + activejob (7.0.4) + activesupport (= 7.0.4) globalid (>= 0.3.6) - activemodel (6.1.6.1) - activesupport (= 6.1.6.1) + activemodel (7.0.4) + activesupport (= 7.0.4) activemodel-serializers-xml (1.0.2) activemodel (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (6.1.6.1) - activemodel (= 6.1.6.1) - activesupport (= 6.1.6.1) - activestorage (6.1.6.1) - actionpack (= 6.1.6.1) - activejob (= 6.1.6.1) - activerecord (= 6.1.6.1) - activesupport (= 6.1.6.1) + activerecord (7.0.4) + activemodel (= 7.0.4) + activesupport (= 7.0.4) + activestorage (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activesupport (= 7.0.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.6.1) + activesupport (7.0.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - bcrypt (3.1.16) - bootsnap (1.9.3) - msgpack (~> 1.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + bcrypt (3.1.18) + bootsnap (1.13.0) + msgpack (~> 1.2) brpoplpush-redis_script (0.1.2) concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, <= 5.0) @@ -93,18 +99,17 @@ GEM cityhash (0.9.0) coderay (1.1.3) concurrent-ruby (1.1.10) - connection_pool (2.2.5) + connection_pool (2.3.0) crack (0.4.5) rexml crass (1.0.6) - dalli (3.1.5) + dalli (3.2.2) diff-lcs (1.5.0) - digest (3.1.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dotenv (2.7.6) - dotenv-rails (2.7.6) - dotenv (= 2.7.6) + dotenv (2.8.1) + dotenv-rails (2.8.1) + dotenv (= 2.8.1) railties (>= 3.2) draper (4.0.2) actionpack (>= 5.0) @@ -113,44 +118,48 @@ GEM activesupport (>= 5.0) request_store (>= 1.0) ruby2_keywords - elasticsearch (7.16.1) - elasticsearch-api (= 7.16.1) - elasticsearch-transport (= 7.16.1) - elasticsearch-api (7.16.1) + elasticsearch (7.17.1) + elasticsearch-api (= 7.17.1) + elasticsearch-transport (= 7.17.1) + elasticsearch-api (7.17.1) multi_json - elasticsearch-model (7.2.0) + elasticsearch-model (7.2.1) activesupport (> 3) elasticsearch (~> 7) hashie - elasticsearch-rails (7.2.0) - elasticsearch-transport (7.16.1) + elasticsearch-rails (7.2.1) + elasticsearch-transport (7.17.1) faraday (~> 1) multi_json - erubi (1.10.0) - factory_bot (6.2.0) + erubi (1.11.0) + factory_bot (6.2.1) activesupport (>= 5.0.0) - faraday (1.8.0) + faraday (1.10.2) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) + faraday-net_http_persistent (~> 1.0) faraday-patron (~> 1.0) faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday-retry (~> 1.0) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) + faraday-multipart (1.0.4) + multipart-post (~> 2) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) - ffaker (2.20.0) - ffi (1.15.4) - ffi (1.15.4-x64-mingw32) + faraday-retry (1.0.3) + ffaker (2.21.0) + ffi (1.15.5) + ffi (1.15.5-x64-mingw32) get_process_mem (0.2.7) ffi (~> 1.0) globalid (1.0.0) @@ -158,20 +167,20 @@ GEM hashdiff (1.0.1) hashie (5.0.0) http-accept (1.7.0) - http-cookie (1.0.4) + http-cookie (1.0.5) domain_name (~> 0.5) httparty (0.20.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) i18n (1.12.0) concurrent-ruby (~> 1.0) - json (2.6.1) + json (2.6.2) jsonapi-renderer (0.2.2) kgio (2.11.4) - listen (3.7.0) + listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.18.0) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -183,89 +192,82 @@ GEM method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.1115) + mime-types-data (3.2022.0105) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.16.2) - mocha (1.13.0) - mock_redis (0.29.0) + minitest (5.16.3) + mocha (1.15.0) + mock_redis (0.34.0) ruby2_keywords - msgpack (1.4.2) + msgpack (1.6.0) multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.1.1) - net-imap (0.2.3) - digest + multipart-post (2.2.3) + net-imap (0.3.1) net-protocol - strscan - net-pop (0.1.1) - digest + net-pop (0.1.2) net-protocol - timeout net-protocol (0.1.3) timeout - net-smtp (0.3.1) - digest + net-smtp (0.3.2) net-protocol - timeout netrc (0.11.0) - newrelic_rpm (8.2.0) + newrelic_rpm (8.10.1) nio4r (2.5.8) nokogiri (1.13.8) mini_portile2 (~> 2.8.0) racc (~> 1.4) - pg (1.2.3) - pg (1.2.3-x64-mingw32) - pry (0.13.1) + pg (1.4.3) + pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) - public_suffix (4.0.6) - puma (5.6.4) + pry (>= 0.13, < 0.15) + public_suffix (5.0.0) + puma (5.6.5) nio4r (~> 2.0) racc (1.6.0) rack (2.2.4) - rack-proxy (0.7.0) + rack-proxy (0.7.4) rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.6.1) - actioncable (= 6.1.6.1) - actionmailbox (= 6.1.6.1) - actionmailer (= 6.1.6.1) - actionpack (= 6.1.6.1) - actiontext (= 6.1.6.1) - actionview (= 6.1.6.1) - activejob (= 6.1.6.1) - activemodel (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + rails (7.0.4) + actioncable (= 7.0.4) + actionmailbox (= 7.0.4) + actionmailer (= 7.0.4) + actionpack (= 7.0.4) + actiontext (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activemodel (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) bundler (>= 1.15.0) - railties (= 6.1.6.1) - sprockets-rails (>= 2.0.0) + railties (= 7.0.4) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.3) loofah (~> 2.3) - railties (6.1.6.1) - actionpack (= 6.1.6.1) - activesupport (= 6.1.6.1) + railties (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) raindrops (0.20.0) rake (13.0.6) - rb-fsevent (0.11.0) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - recaptcha (5.8.1) + recaptcha (5.12.3) json - redis (4.6.0) - request_store (1.5.0) + redis (4.8.0) + request_store (1.5.1) rack (>= 1.4) resolv (0.2.1) responders (3.0.1) @@ -292,13 +294,13 @@ GEM nokogiri (>= 1.12.0) semantic_range (3.0.0) shoulda-context (2.0.0) - shoulda-matchers (5.1.0) + shoulda-matchers (5.2.0) activesupport (>= 5.2.0) - sidekiq (6.4.1) - connection_pool (>= 2.2.2) + sidekiq (6.5.7) + connection_pool (>= 2.2.5) rack (~> 2.0) - redis (>= 4.2.0) - sidekiq-unique-jobs (7.1.12) + redis (>= 4.5.0, < 5) + sidekiq-unique-jobs (7.1.27) brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) sidekiq (>= 5.0, < 8.0) @@ -306,32 +308,23 @@ GEM simple_form (5.1.0) actionpack (>= 5.2) activemodel (>= 5.2) - sprockets (4.1.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - sprockets (>= 3.0.0) streamio-ffmpeg (3.0.2) multi_json (~> 1.8) - strscan (3.0.3) thor (1.2.1) - timecop (0.9.4) - timeout (0.2.0) - tzinfo (2.0.4) + timecop (0.9.5) + timeout (0.3.0) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext - unf_ext (0.0.8) - unf_ext (0.0.8-x64-mingw32) + unf_ext (0.0.8.2) unicorn (6.1.0) kgio (~> 2.6) raindrops (~> 0.7) unicorn-worker-killer (0.4.5) get_process_mem (~> 0) unicorn (>= 4, < 7) - webmock (3.14.0) + webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -345,7 +338,7 @@ GEM websocket-extensions (0.1.5) whenever (1.0.0) chronic (>= 0.6.3) - zeitwerk (2.6.0) + zeitwerk (2.6.1) PLATFORMS ruby @@ -373,14 +366,11 @@ DEPENDENCIES memoist mocha mock_redis - net-imap - net-pop - net-smtp newrelic_rpm pg pry-byebug puma - rails (~> 6.1) + rails (~> 7.0) recaptcha redis request_store diff --git a/bin/rails b/bin/rails index 6fb4e4051..efc037749 100755 --- a/bin/rails +++ b/bin/rails @@ -1,4 +1,4 @@ #!/usr/bin/env ruby -APP_PATH = File.expand_path('../config/application', __dir__) +APP_PATH = File.expand_path("../config/application", __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/bin/setup b/bin/setup index 1d8613d92..c5513aaf7 100755 --- a/bin/setup +++ b/bin/setup @@ -9,8 +9,8 @@ def system!(*args) end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' diff --git a/bin/sprockets b/bin/sprockets deleted file mode 100755 index 510e03004..000000000 --- a/bin/sprockets +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'sprockets' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -require "pathname" -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", - Pathname.new(__FILE__).realpath) - -bundle_binstub = File.expand_path("../bundle", __FILE__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 150) =~ /This file was generated by Bundler/ - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - -require "rubygems" -require "bundler/setup" - -load Gem.bin_path("sprockets", "sprockets") diff --git a/config/application.rb b/config/application.rb index 4cf8ac9ea..6d59fb92b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,17 +1,21 @@ -require_relative 'boot' -require "rails" -require "active_record/railtie" -#require "active_storage/engine" -require "action_controller/railtie" -require "action_view/railtie" -require "action_mailer/railtie" -require "active_job/railtie" -#require "action_cable/engine" -#require "action_mailbox/engine" -#require "action_text/engine" -require "rails/test_unit/railtie" -#require "sprockets/railtie" +require_relative "boot" +require "rails" +# Pick the frameworks you want: +require "active_model/railtie" +require "active_job/railtie" +require "active_record/railtie" +# require "active_storage/engine" +require "action_controller/railtie" +require "action_mailer/railtie" +# require "action_mailbox/engine" +# require "action_text/engine" +require "action_view/railtie" +# require "action_cable/engine" +require "rails/test_unit/railtie" + +# Require the gems listed in Gemfile, including any gems +# you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) require_relative "danbooru_default_config" @@ -22,16 +26,8 @@ require 'elasticsearch/rails/instrumentation' module Danbooru class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults '6.1' + config.load_defaults 6.1 config.active_record.schema_format = :sql - config.encoding = "utf-8" - config.filter_parameters += [:password, :password_hash, :api_key] - #config.assets.enabled = true - #config.assets.version = '1.0' - config.autoload_paths += %W(#{config.root}/app/presenters #{config.root}/app/logical #{config.root}/app/mailers #{config.root}/app/indexes) - config.plugins = [:all] - config.time_zone = 'UTC' - config.action_mailer.perform_deliveries = true config.log_tags = [->(req) {"PID:#{Process.pid}"}] config.action_controller.action_on_unpermitted_parameters = :raise config.force_ssl = true @@ -60,7 +56,15 @@ module Danbooru host: Danbooru.config.hostname, } end - end - I18n.enforce_available_locales = false + config.i18n.enforce_available_locales = false + + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") + end end diff --git a/config/boot.rb b/config/boot.rb index 3cda23b4d..988a5ddc4 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,4 @@ -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. require "bootsnap/setup" # Speed up boot time by caching expensive operations. diff --git a/config/environment.rb b/config/environment.rb index f38575b7c..efd84d945 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" Dotenv.load(Rails.root + ".env.local") diff --git a/config/environments/development.rb b/config/environments/development.rb index 53d506df0..755bfb9eb 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -14,10 +14,13 @@ Rails.application.configure do # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. # Does not affect the cache_store - if Rails.root.join('tmp', 'caching-dev.txt').exist? + if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true @@ -55,10 +58,6 @@ Rails.application.configure do # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - config.file_watcher = ActiveSupport::EventedFileUpdateChecker - # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true diff --git a/config/environments/production.rb b/config/environments/production.rb index d6084af4f..dd9789d83 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -22,14 +22,14 @@ Rails.application.configure do # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true @@ -77,7 +77,7 @@ Rails.application.configure do # Use a different logger for distributed setups. # require "syslog/logger" - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") if ENV["RAILS_LOG_TO_STDOUT"].present? logger = ActiveSupport::Logger.new(STDOUT) @@ -87,25 +87,4 @@ Rails.application.configure do # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end diff --git a/config/environments/test.rb b/config/environments/test.rb index 090cd19c1..bc90e9edd 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -8,17 +8,18 @@ require "active_support/core_ext/integer/time" Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. + # Turn false under Spring and add config.action_view.cache_template_loading = true. config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" + "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. @@ -52,9 +53,4 @@ Rails.application.configure do # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - - - # config.logger = Logger.new(STDOUT) - # config.log_level = :info - end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index f6e90fb12..3634ffad4 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,36 +1,31 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header - Rails.application.config.content_security_policy do |policy| - policy.default_src :self - policy.script_src :self, 'ads.dragonfru.it', 'js-agent.newrelic.com', 'bam.nr-data.net', 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/', 'https://www.recaptcha.net/' - policy.style_src :self, :unsafe_inline - policy.connect_src :self, 'ads.dragonfru.it', 'bam.nr-data.net', 'plausible.dragonfru.it' - policy.object_src :self, 'static1.e621.net', 'static1.e926.net' - policy.media_src :self, 'static1.e621.net', 'static1.e926.net' - policy.frame_ancestors :none - policy.frame_src 'https://www.google.com/recaptcha/', 'https://www.recaptcha.net/' - policy.font_src :self - policy.img_src :self, :data, 'static1.e621.net', 'static1.e926.net', 'ads.dragonfru.it' - policy.child_src :none - policy.form_action :self, 'discord.e621.net', 'discord.com' -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? +Rails.application.configure do + config.content_security_policy do |policy| + policy.default_src :self + policy.script_src :self, 'ads.dragonfru.it', 'js-agent.newrelic.com', 'bam.nr-data.net', 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/', 'https://www.recaptcha.net/' + policy.style_src :self, :unsafe_inline + policy.connect_src :self, 'ads.dragonfru.it', 'bam.nr-data.net', 'plausible.dragonfru.it' + policy.object_src :self, 'static1.e621.net', 'static1.e926.net' + policy.media_src :self, 'static1.e621.net', 'static1.e926.net' + policy.frame_ancestors :none + policy.frame_src 'https://www.google.com/recaptcha/', 'https://www.recaptcha.net/' + policy.font_src :self + policy.img_src :self, :data, 'static1.e621.net', 'static1.e926.net', 'ads.dragonfru.it' + policy.child_src :none + policy.form_action :self, 'discord.e621.net', 'discord.com' + # Specify URI for violation reports + # policy.report_uri "/csp-violation-report-endpoint" + end -# # Specify URI for violation reports -# policy.report_uri "/csp-violation" - end + # Generate session nonces for permitted importmap and inline scripts + config.content_security_policy_nonce_generator = ->(request) { SecureRandom.base64(16) } + config.content_security_policy_nonce_directives = %w(script-src) -# If you are using UJS then enable automatic nonce generation - Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives - Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only - Rails.application.config.content_security_policy_report_only = false + # Report violations without enforcing the policy. + config.content_security_policy_report_only = false +end diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 3b1c1b5ed..e5a82f162 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -7,9 +7,9 @@ # Rails.application.config.middleware.insert_before 0, Rack::Cors do # allow do -# origins 'example.com' +# origins "example.com" # -# resource '*', +# resource "*", # headers: :any, # methods: [:get, :post, :put, :patch, :delete, :options, :head] # end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index fcffd9514..adc6568ce 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += [ - :password, :passw, :api_key, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf9d..3860f659e 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,13 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 000000000..4d580245a --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,135 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `