diff --git a/Gemfile b/Gemfile index 60f72767e..ad8bb7a82 100644 --- a/Gemfile +++ b/Gemfile @@ -1,9 +1,11 @@ source 'https://rubygems.org' ruby '3.2.2' -gem 'rails', '6.1.7.4' +gem 'rails', '7.0.6' +# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails] +gem 'sprockets-rails' # Reduces boot times through caching; required in config/boot.rb -gem 'bootsnap', '>= 1.4.4', require: false +gem 'bootsnap', require: false gem 'acts-as-taggable-on' gem 'carrierwave' @@ -28,17 +30,17 @@ gem 'omniauth-rails_csrf_protection' gem 'pg' gem 'pickadate-rails' gem 'premailer-rails' -gem 'puma', '~> 5.0' + gem 'pundit' gem 'rails4-autocomplete' gem 'rolify' -gem 'sass-rails', '>= 6' +# Use Sass to process CSS +gem 'sassc-rails' gem 'simple_form' gem 'terser' gem 'will_paginate' -gem 'sprockets-rails' gem 'icalendar' gem 'tzinfo-data' @@ -52,10 +54,16 @@ gem 'stripe' gem 'rails-html-sanitizer', '~> 1.4.4' -# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks -gem 'turbolinks', '~> 5' -# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder -gem 'jbuilder', '~> 2.7' +# Use the Puma web server [https://github.com/puma/puma] +gem 'puma', '~> 5.0' +# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails] +gem 'importmap-rails' +# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev] +gem 'turbo-rails' +# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev] +gem 'stimulus-rails' +# Build JSON APIs with ease [https://github.com/rails/jbuilder] +gem 'jbuilder' gem 'public_activity' group :development do @@ -67,7 +75,7 @@ group :development do gem 'rack-mini-profiler', '~> 2.0' gem 'listen', '~> 3.3' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring - gem 'spring' + # gem 'spring' end group :development, :test do @@ -87,10 +95,12 @@ group :development, :test do end group :test do - gem 'capybara', '>= 3.26' + # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing] + gem 'capybara' + gem 'selenium-webdriver' + gem 'webdrivers' gem 'database_cleaner' gem 'shoulda-matchers', '~> 4.5' - gem 'webdrivers' gem 'simplecov', require: false gem 'simplecov-lcov', require: false end diff --git a/Gemfile.lock b/Gemfile.lock index 76a816a10..a94de6f57 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,68 +11,74 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + actioncable (7.0.6) + actionpack (= 7.0.6) + activesupport (= 7.0.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionmailbox (7.0.6) + actionpack (= 7.0.6) + activejob (= 7.0.6) + activerecord (= 7.0.6) + activestorage (= 7.0.6) + activesupport (= 7.0.6) mail (>= 2.7.1) - actionmailer (6.1.7.4) - actionpack (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activesupport (= 6.1.7.4) + net-imap + net-pop + net-smtp + actionmailer (7.0.6) + actionpack (= 7.0.6) + actionview (= 7.0.6) + activejob (= 7.0.6) + activesupport (= 7.0.6) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.4) - actionview (= 6.1.7.4) - activesupport (= 6.1.7.4) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.6) + actionview (= 7.0.6) + activesupport (= 7.0.6) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.4) - actionpack (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actiontext (7.0.6) + actionpack (= 7.0.6) + activerecord (= 7.0.6) + activestorage (= 7.0.6) + activesupport (= 7.0.6) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.4) - activesupport (= 6.1.7.4) + actionview (7.0.6) + activesupport (= 7.0.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.4) - activesupport (= 6.1.7.4) + activejob (7.0.6) + activesupport (= 7.0.6) globalid (>= 0.3.6) - activemodel (6.1.7.4) - activesupport (= 6.1.7.4) - activerecord (6.1.7.4) - activemodel (= 6.1.7.4) - activesupport (= 6.1.7.4) - activestorage (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activesupport (= 6.1.7.4) + activemodel (7.0.6) + activesupport (= 7.0.6) + activerecord (7.0.6) + activemodel (= 7.0.6) + activesupport (= 7.0.6) + activestorage (7.0.6) + actionpack (= 7.0.6) + activejob (= 7.0.6) + activerecord (= 7.0.6) + activesupport (= 7.0.6) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.4) + activesupport (7.0.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) - addressable (2.8.4) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) autoprefixer-rails (10.4.13.0) @@ -85,9 +91,9 @@ GEM bindex (0.8.1) bootsnap (1.16.0) msgpack (~> 1.2) - bootstrap (5.2.3) + bootstrap (5.3.1) autoprefixer-rails (>= 9.1.0) - popper_js (>= 2.11.6, < 3) + popper_js (>= 2.11.8, < 3) sassc-rails (>= 2.0.0) builder (3.2.4) bullet (7.0.7) @@ -103,7 +109,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - carrierwave (3.0.1) + carrierwave (3.0.2) activemodel (>= 6.0.0) activesupport (>= 6.0.0) addressable (~> 2.6) @@ -168,7 +174,7 @@ GEM multi_json (>= 1.11.0) globalid (1.1.0) activesupport (>= 5.0) - haml (6.1.1) + haml (6.1.2) temple (>= 0.8.2) thor tilt @@ -177,12 +183,15 @@ GEM htmlentities (4.3.4) i18n (1.14.1) concurrent-ruby (~> 1.0) - icalendar (2.8.0) + icalendar (2.9.0) ice_cube (~> 0.16) ice_cube (0.16.4) image_processing (1.12.2) mini_magick (>= 4.9.5, < 5) ruby-vips (>= 2.0.17, < 3) + importmap-rails (1.2.1) + actionpack (>= 6.0.0) + railties (>= 6.0.0) jbuilder (2.11.5) actionview (>= 5.0.0) activesupport (>= 5.0.0) @@ -214,7 +223,7 @@ GEM matrix (0.4.2) method_source (1.0.0) mini_magick (4.12.0) - mini_mime (1.1.2) + mini_mime (1.1.5) mini_portile2 (2.8.4) minitest (5.19.0) msgpack (1.7.2) @@ -233,7 +242,7 @@ GEM net-protocol net-ssh (7.2.0) nio4r (2.5.9) - nokogiri (1.15.3) + nokogiri (1.15.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (2.0.9) @@ -263,7 +272,7 @@ GEM pg (1.5.3) pickadate-rails (3.5.6.0) railties (>= 3.1.0) - popper_js (2.11.7) + popper_js (2.11.8) premailer (1.21.0) addressable css_parser (>= 1.12.0) @@ -287,7 +296,7 @@ GEM i18n (>= 0.5.0) railties (>= 5.0.0) public_suffix (5.0.3) - puma (5.6.6) + puma (5.6.7) nio4r (~> 2.0) pundit (2.3.1) activesupport (>= 3.0.0) @@ -295,26 +304,25 @@ GEM rack (2.2.8) rack-mini-profiler (2.3.4) rack (>= 1.2.0) - rack-protection (3.0.6) - rack + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.4) - actioncable (= 6.1.7.4) - actionmailbox (= 6.1.7.4) - actionmailer (= 6.1.7.4) - actionpack (= 6.1.7.4) - actiontext (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activemodel (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + rails (7.0.6) + actioncable (= 7.0.6) + actionmailbox (= 7.0.6) + actionmailer (= 7.0.6) + actionpack (= 7.0.6) + actiontext (= 7.0.6) + actionview (= 7.0.6) + activejob (= 7.0.6) + activemodel (= 7.0.6) + activerecord (= 7.0.6) + activestorage (= 7.0.6) + activesupport (= 7.0.6) bundler (>= 1.15.0) - railties (= 6.1.7.4) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.1.1) + railties (= 7.0.6) + rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) @@ -327,12 +335,13 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + railties (7.0.6) + actionpack (= 7.0.6) + activesupport (= 7.0.6) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.11.2) @@ -376,23 +385,26 @@ GEM unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.29.0) parser (>= 3.2.1.0) - rubocop-performance (1.18.0) + rubocop-capybara (2.18.0) + rubocop (~> 1.41) + rubocop-factory_bot (2.23.1) + rubocop (~> 1.33) + rubocop-performance (1.19.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) - rubocop-rails (2.15.2) + rubocop-rails (2.20.2) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.4.0) - rubocop (~> 1.0) - rubocop-ast (>= 1.1.0) + rubocop (>= 1.33.0, < 2.0) + rubocop-rspec (2.23.2) + rubocop (~> 1.33) + rubocop-capybara (~> 2.17) + rubocop-factory_bot (~> 2.22) ruby-progressbar (1.13.0) ruby-vips (2.1.4) ffi (~> 1.12) ruby2_keywords (0.0.5) rubyzip (2.3.2) - sass-rails (6.0.0) - sassc-rails (~> 2.1, >= 2.1.1) sassc (2.4.0) ffi (~> 1.9) sassc-rails (2.1.2) @@ -423,7 +435,6 @@ GEM snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - spring (2.1.1) sprockets (4.2.0) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -432,16 +443,19 @@ GEM activesupport (>= 5.2) sprockets (>= 3.0.0) ssrf_filter (1.1.1) - stripe (8.6.0) + stimulus-rails (1.2.2) + railties (>= 6.0.0) + stripe (9.0.0) temple (0.10.2) terser (1.1.17) execjs (>= 0.3.0, < 3) thor (1.2.2) tilt (2.2.0) timeout (0.4.0) - turbolinks (5.2.1) - turbolinks-source (~> 5.2) - turbolinks-source (5.2.0) + turbo-rails (1.4.0) + actionpack (>= 6.0.0) + activejob (>= 6.0.0) + railties (>= 6.0.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) tzinfo-data (1.2023.3) @@ -465,7 +479,7 @@ GEM will_paginate (4.0.0) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.10) + zeitwerk (2.6.11) PLATFORMS ruby @@ -473,10 +487,10 @@ PLATFORMS DEPENDENCIES acts-as-taggable-on better_errors - bootsnap (>= 1.4.4) + bootsnap bootstrap (~> 5) bullet - capybara (>= 3.26) + capybara carrierwave carrierwave-ftp! chosen-rails @@ -496,7 +510,8 @@ DEPENDENCIES high_voltage icalendar image_processing (~> 1.2) - jbuilder (~> 2.7) + importmap-rails + jbuilder jquery-rails jquery-ui-rails launchy @@ -515,7 +530,7 @@ DEPENDENCIES puma (~> 5.0) pundit rack-mini-profiler (~> 2.0) - rails (= 6.1.7.4) + rails (= 7.0.6) rails-html-sanitizer (~> 1.4.4) rails4-autocomplete rails_12factor @@ -527,17 +542,18 @@ DEPENDENCIES rubocop-performance rubocop-rails rubocop-rspec - sass-rails (>= 6) + sassc-rails + selenium-webdriver shoulda-matchers (~> 4.5) simple_form simplecov simplecov-lcov skylight - spring sprockets-rails + stimulus-rails stripe terser - turbolinks (~> 5) + turbo-rails tzinfo-data web-console (>= 4.1.0) webdrivers diff --git a/app/assets/stylesheets/_bootstrap-custom.scss b/app/assets/stylesheets/_bootstrap-custom.scss index 6f0237c55..ef4f62ac2 100644 --- a/app/assets/stylesheets/_bootstrap-custom.scss +++ b/app/assets/stylesheets/_bootstrap-custom.scss @@ -11,7 +11,7 @@ $enable-negative-margins: true; // Configuration @import "bootstrap/functions"; @import "bootstrap/variables"; -// https://stackoverflow.com/questions/73054062/sasserror-undefined-variable-failing-dependencies +@import "bootstrap/variables-dark"; @import "bootstrap/maps"; @import "bootstrap/mixins"; @import "bootstrap/utilities"; diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 4e703e97e..be514b707 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -1,4 +1,4 @@ # See https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#upgrading-from-rails-4-2-to-rails-5-0 class ApplicationRecord < ActiveRecord::Base - self.abstract_class = true + primary_abstract_class end diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index f85b049d6..55da31eca 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -9,9 +9,9 @@ %title = retrieve_title = favicon_link_tag 'favicon.ico' - = stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' + = stylesheet_link_tag 'application', media: 'all', 'data-turbo-track': 'reload' - = javascript_include_tag 'application', 'data-turbolinks-track': 'reload' + = javascript_include_tag 'application', 'data-turbo-track': 'reload' %link{ href: 'https://fonts.googleapis.com/css?family=Open+Sans:400,300', rel:'stylesheet', type:'text/css' } %link{ href: 'https://fonts.googleapis.com/icon?family=Material+Icons', rel:'stylesheet', type:'text/css' } diff --git a/bin/dadmin b/bin/dadmin index 268407566..211f795f2 100755 --- a/bin/dadmin +++ b/bin/dadmin @@ -1,9 +1,11 @@ #!/usr/bin/env bash set -e +docker-compose up -d web + if [ $# -gt 0 ] then - docker-compose run --rm web rails runner "Member.find_by(email: '$@').add_role(:admin)" + docker-compose exec web rails runner "Member.find_by(email: '$@').add_role(:admin)" else - docker-compose run --rm web rails runner "Member.last.add_role(:admin)" + docker-compose exec web rails runner "Member.last.add_role(:admin)" fi diff --git a/bin/rails b/bin/rails index 21d3e02d8..6fb4e4051 100755 --- a/bin/rails +++ b/bin/rails @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) APP_PATH = File.expand_path('../config/application', __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/bin/rake b/bin/rake index 7327f471e..4fbf10b96 100755 --- a/bin/rake +++ b/bin/rake @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) require_relative "../config/boot" require "rake" Rake.application.run diff --git a/bin/spring b/bin/spring deleted file mode 100755 index b4147e843..000000000 --- a/bin/spring +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env ruby -if !defined?(Spring) && [nil, "development", "test"].include?(ENV["RAILS_ENV"]) - gem "bundler" - require "bundler" - - # Load Spring without loading other gems in the Gemfile, for speed. - Bundler.locked_gems&.specs&.find { |spec| spec.name == "spring" }&.tap do |spring| - Gem.use_paths Gem.dir, Bundler.bundle_path.to_s, *Gem.path - gem "spring", spring.version - require "spring/binstub" - rescue Gem::LoadError - # Ignore when Spring is not installed. - end -end diff --git a/config/application.rb b/config/application.rb index b56b93ed6..b3094236d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -22,7 +22,7 @@ module Planner class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 6.1 + config.load_defaults 7.0 # Configuration for the application, engines, and railties goes here. # diff --git a/config/environments/development.rb b/config/environments/development.rb index 527015177..027057416 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -14,9 +14,12 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp', 'caching-dev.txt').exist? + if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true @@ -35,10 +38,6 @@ # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - # To debug locally, you can use letter opener by uncommenting the line below. - # Delayed emails will not send. To debug delayed tasks, comment out - # 'handle_asynchronously' in the controller. - # config.action_mailer.delivery_method = :letter_opener config.action_mailer.perform_caching = false @@ -57,11 +56,6 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - config.assets.debug = true - # Suppress logger output for asset requests. config.assets.quiet = true @@ -71,10 +65,6 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - config.file_watcher = ActiveSupport::EventedFileUpdateChecker - # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true diff --git a/config/environments/production.rb b/config/environments/production.rb index 883e9ae85..987ab41d2 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -70,14 +70,8 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new @@ -95,27 +89,6 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session - # Required default host to link to! config.action_mailer.default_url_options = { host: 'codebar.io' } diff --git a/config/environments/test.rb b/config/environments/test.rb index b74f8d401..6cae5335e 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -8,13 +8,13 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - config.cache_classes = false - config.action_view.cache_template_loading = true + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index bbacf241d..b06e02cd8 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -5,8 +5,6 @@ # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path -# Add Yarn node_modules folder to the asset load path. -Rails.application.config.assets.paths << Rails.root.join('node_modules') # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 35d0f26fc..54f47cf15 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,30 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4b34a0366..adc6568ce 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += [ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 000000000..0f8d42054 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,148 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `