rails: update framework files and settings to 7.0.

* Update framework files with `bin/rails app:update`. * Update to use new Rails 7.0 default settings, except for a couple things regarding new cookie and cache formats that would prevent us from rolling back to Rails 6.1 if necessary.
2022-01-07 15:23:45 -06:00
parent 346aeca791
commit 87dfc66073
10 changed files with 171 additions and 83 deletions
--- a/app/views/layouts/default.html.erb
+++ b/app/views/layouts/default.html.erb
@@ -29,7 +29,7 @@
  <%= stylesheet_pack_tag "application" %>
  <% if CurrentUser.user.custom_style.present? && params.fetch(:css, "true").truthy?  %>
-    <%= stylesheet_link_tag custom_style_users_path(md5: Digest::MD5.hexdigest(CurrentUser.user.custom_style)), media: "screen" %>
+    <%= stylesheet_link_tag custom_style_users_path(md5: Digest::MD5.hexdigest(CurrentUser.user.custom_style)) %>
  <% end %>
  <% if current_page?(root_url) %>
--- a/bin/rails
+++ b/bin/rails
@@ -1,4 +1,4 @@
 #!/usr/bin/env ruby
-APP_PATH = File.expand_path('../config/application', __dir__)
+APP_PATH = File.expand_path("../config/application", __dir__)
 require_relative "../config/boot"
 require "rails/commands"
--- a/bin/setup
+++ b/bin/setup
@@ -2,7 +2,7 @@
 require "fileutils"
 # path to your application root.
-APP_ROOT = File.expand_path('..', __dir__)
+APP_ROOT = File.expand_path("..", __dir__)
 def system!(*args)
  system(*args) || abort("\n== Command #{args} failed ==")
@@ -13,24 +13,21 @@ FileUtils.chdir APP_ROOT do
  # This script is idempotent, so that you can run it at any time and get an expectable outcome.
  # Add necessary setup steps to this file.
-  puts '== Installing dependencies =='
+  puts "== Installing dependencies =="
-  system! 'gem install bundler --conservative'
+  system! "gem install bundler --conservative"
-  system('bundle check') || system!('bundle install')
+  system("bundle check") || system!("bundle install")
  # Install JavaScript dependencies
  system! 'bin/yarn'
  # puts "\n== Copying sample files =="
-  # unless File.exist?('config/database.yml')
+  # unless File.exist?("config/database.yml")
-  #   FileUtils.cp 'config/database.yml.sample', 'config/database.yml'
+  #   FileUtils.cp "config/database.yml.sample", "config/database.yml"
  # end
  puts "\n== Preparing database =="
-  system! 'bin/rails db:prepare'
+  system! "bin/rails db:prepare"
  puts "\n== Removing old logs and tempfiles =="
-  system! 'bin/rails log:clear tmp:clear'
+  system! "bin/rails log:clear tmp:clear"
  puts "\n== Restarting application server =="
-  system! 'bin/rails restart'
+  system! "bin/rails restart"
 end
--- a/config/application.rb
+++ b/config/application.rb
@@ -7,15 +7,16 @@
 require_relative 'boot'
 require "rails"
 require "active_model/railtie"
 require "active_job/railtie"
 require "active_record/railtie"
 # require "active_storage/engine"
 require "action_controller/railtie"
 require "action_view/railtie"
 require "action_mailer/railtie"
 require "active_job/railtie"
 # require "action_cable/engine"
 # require "action_mailbox/engine"
 # require "action_text/engine"
 require "action_view/railtie"
 # require "action_cable/engine"
 require "rails/test_unit/railtie"
 # Load the gems for the current Rails environment from the Gemfile.
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -14,15 +14,18 @@ Rails.application.configure do
  # Show full error reports.
  config.consider_all_requests_local = true
  # Enable server timing
  config.server_timing = true
  # Enable/disable caching. By default caching is disabled.
  # Run rails dev:cache to toggle caching.
-  if Rails.root.join('tmp', 'caching-dev.txt').exist?
+  if Rails.root.join("tmp/caching-dev.txt").exist?
    config.action_controller.perform_caching = true
    config.action_controller.enable_fragment_cache_logging = true
    config.cache_store = :memory_store
    config.public_file_server.headers = {
-      'Cache-Control' => "public, max-age=#{2.days.to_i}"
+      "Cache-Control" => "public, max-age=#{2.days.to_i}"
    }
  else
    config.action_controller.perform_caching = false
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -22,14 +22,14 @@ Rails.application.configure do
  # Disable serving static files from the `/public` folder by default since
  # Apache or NGINX already handles this.
-  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+  config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
-  # config.asset_host = 'http://assets.example.com'
+  # config.asset_host = "http://assets.example.com"
  # Specifies the header that your server uses for sending files.
-  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+  # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
  # config.force_ssl = true
@@ -60,21 +60,15 @@ Rails.application.configure do
  # the I18n.default_locale when a translation cannot be found).
  config.i18n.fallbacks = true
-  # Send deprecation notices to registered listeners.
+  # Don't log any deprecations.
-  config.active_support.deprecation = :notify
+  config.active_support.report_deprecations = false
  # Log disallowed deprecations.
  config.active_support.disallowed_deprecation = :log
  # Tell Active Support which deprecation messages to disallow.
  config.active_support.disallowed_deprecation_warnings = []
  # Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new
  # Use a different logger for distributed setups.
  # require "syslog/logger"
-  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
  logger           = ActiveSupport::Logger.new(STDERR)
  logger.formatter = config.log_formatter
@@ -82,25 +76,4 @@ Rails.application.configure do
  # Do not dump schema after migrations.
  config.active_record.dump_schema_after_migration = false
  # Inserts middleware to perform automatic connection switching.
  # The `database_selector` hash is used to pass options to the DatabaseSelector
  # middleware. The `delay` is used to determine how long to wait after a write
  # to send a subsequent read to the primary.
  #
  # The `database_resolver` class is used by the middleware to determine which
  # database is appropriate to use based on the time delay.
  #
  # The `database_resolver_context` class is used by the middleware to set
  # timestamps for the last write to the primary. The resolver uses the context
  # class timestamps to determine how long to wait before reading from the
  # replica.
  #
  # By default Rails will store a last write timestamp in the session. The
  # DatabaseSelector middleware is designed as such you can define your own
  # strategy for connection switching and pass that into the middleware through
  # these configuration options.
  # config.active_record.database_selector = { delay: 2.seconds }
  # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
  # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
 end
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -8,17 +8,18 @@ require "active_support/core_ext/integer/time"
 Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.
  # Turn false under Spring and add config.action_view.cache_template_loading = true.
  config.cache_classes = true
-  # Do not eager load code on boot. This avoids loading your whole application
+  # Eager loading loads your whole application. When running a single test locally,
-  # just for the purpose of running a single test. If you are using a tool that
+  # this probably isn't necessary. It's a good idea to do in a continuous integration
-  # preloads Rails for running tests, you may have to set it to true.
+  # system, or in some way before deploying your code.
-  config.eager_load = false
+  config.eager_load = ENV["CI"].present?
  # Configure public file server for tests with Cache-Control for performance.
  config.public_file_server.enabled = true
  config.public_file_server.headers = {
-    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+    "Cache-Control" => "public, max-age=#{1.hour.to_i}"
  }
  # Show full error reports and disable caching.
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -4,27 +4,23 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-# Rails.application.config.content_security_policy do |policy|
+# Rails.application.configure do
-#   policy.default_src :self, :https
+#   config.content_security_policy do |policy|
-#   policy.font_src    :self, :https, :data
+#     policy.default_src :self, :https
-#   policy.img_src     :self, :https, :data
+#     policy.font_src    :self, :https, :data
-#   policy.object_src  :none
+#     policy.img_src     :self, :https, :data
-#   policy.script_src  :self, :https
+#     policy.object_src  :none
-#   policy.style_src   :self, :https
+#     policy.script_src  :self, :https
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
+#     policy.style_src   :self, :https
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+#     # Specify URI for violation reports
-
+#     # policy.report_uri "/csp-violation-report-endpoint"
-#   # Specify URI for violation reports
+#   end
-#   # policy.report_uri "/csp-violation-report-endpoint"
+#
 #   # Generate session nonces for permitted importmap and inline scripts
 #   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 #   config.content_security_policy_nonce_directives = %w(script-src)
 #
 #   # Report CSP violations to a specified URI. See:
 #   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 #   # config.content_security_policy_report_only = true
 # end
 # If you are using UJS then enable automatic nonce generation
 # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
 # Set the nonce only to specific directives
 # Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
 # Report CSP violations to a specified URI
 # For further information see the following documentation:
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -7,9 +7,9 @@
 # Rails.application.config.middleware.insert_before 0, Rack::Cors do
 #   allow do
-#     origins 'example.com'
+#     origins "example.com"
 #
-#     resource '*',
+#     resource "*",
 #       headers: :any,
 #       methods: [:get, :post, :put, :patch, :delete, :options, :head]
 #   end
--- a/config/initializers/new_framework_defaults_7_0.rb
+++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -0,0 +1,117 @@
 # Be sure to restart your server when you modify this file.
 #
 # This file eases your Rails 7.0 framework defaults upgrade.
 #
 # Uncomment each configuration one by one to switch to the new default.
 # Once your application is ready to run with all new defaults, you can remove
 # this file and set the `config.load_defaults` to `7.0`.
 #
 # Read the Guide for Upgrading Ruby on Rails for more info on each option.
 # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
 # `button_to` view helper will render `<button>` element, regardless of whether
 # or not the content is passed as the first argument or as a block.
 Rails.application.config.action_view.button_to_generates_button_tag = true
 # `stylesheet_link_tag` view helper will not render the media attribute by default.
 Rails.application.config.action_view.apply_stylesheet_media_default = false
 # Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
 # Changing this default means invalidate all encrypted messages generated by
 # your application and, all the encrypted cookies. Only change this after you
 # rotated all the messages using the key rotator.
 #
 # See upgrading guide for more information on how to build a rotator.
 # https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
 # Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
 # Change the digest class for ActiveSupport::Digest.
 # Changing this default means that for example Etags change and
 # various cache keys leading to cache invalidation.
 # Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
 # Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
 # implementation.
 # Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
 # Change the format of the cache entry.
 # Changing this default means that all new cache entries added to the cache
 # will have a different format that is not supported by Rails 6.1 applications.
 # Only change this value after your application is fully deployed to Rails 7.0
 # and you have no plans to rollback.
 # Rails.application.config.active_support.cache_format_version = 7.0
 # Calls `Rails.application.executor.wrap` around test cases.
 # This makes test cases behave closer to an actual request or job.
 # Several features that are normally disabled in test, such as Active Record query cache
 # and asynchronous queries will then be enabled.
 Rails.application.config.active_support.executor_around_test_case = true
 # Define the isolation level of most of Rails internal state.
 # If you use a fiber based server or job processor, you should set it to `:fiber`.
 # Otherwise the default of `:thread` if preferable.
 Rails.application.config.active_support.isolation_level = :thread
 # Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
 Rails.application.config.action_mailer.smtp_timeout = 5
 # The ActiveStorage video previewer will now use scene change detection to generate
 # better preview images (rather than the previous default of using the first frame
 # of the video).
 # Rails.application.config.active_storage.video_preview_arguments =
 #   "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
 # Automatically infer `inverse_of` for associations with a scope.
 Rails.application.config.active_record.automatic_scope_inversing = true
 # Raise when running tests if fixtures contained foreign key violations
 Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
 # Disable partial inserts.
 # This default means that all columns will be referenced in INSERT queries
 # regardless of whether they have a default or not.
 Rails.application.config.active_record.partial_inserts = false
 #
 # Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
 Rails.application.config.action_controller.raise_on_open_redirects = true
 # Change the variant processor for Active Storage.
 # Changing this default means updating all places in your code that
 # generate variants to use image processing macros and ruby-vips
 # operations. See the upgrading guide for detail on the changes required.
 # The `:mini_magick` option is not deprecated; it's fine to keep using it.
 # Rails.application.config.active_storage.variant_processor = :vips
 # If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
 # was `:marshal`. Convert all cookies to JSON, using the `:hybrid` formatter.
 #
 # If you're confident all your cookies are JSON formatted, you can switch to the `:json` formatter.
 #
 # Continue to use `:marshal` for backward-compatibility with old cookies.
 #
 # If you have configured the serializer elsewhere, you can remove this.
 #
 # See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
 # Rails.application.config.action_dispatch.cookies_serializer = :hybrid
 # Enable parameter wrapping for JSON.
 # Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
 # To disable parameter wrapping entirely, set this config to `false`.
 Rails.application.config.action_controller.wrap_parameters_by_default = true
 # Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
 # `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
 #
 # See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
 # more information.
 Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
 # Change the default headers to disable browsers' flawed legacy XSS protection.
 Rails.application.config.action_dispatch.default_headers = {
  "X-Frame-Options" => "SAMEORIGIN",
  "X-XSS-Protection" => "0",
  "X-Content-Type-Options" => "nosniff",
  "X-Download-Options" => "noopen",
  "X-Permitted-Cross-Domain-Policies" => "none",
  "Referrer-Policy" => "strict-origin-when-cross-origin"
 }