2018-06-14 04:09:00 -04:00
|
|
|
* Introduce guard against DNS rebinding attacks
|
|
|
|
|
|
|
|
The `ActionDispatch::HostAuthorization` is a new middleware that prevent
|
|
|
|
against DNS rebinding and other `Host` header attacks. It is included in
|
|
|
|
the development environment by default with the following configuration:
|
|
|
|
|
|
|
|
Rails.application.config.hosts = [
|
|
|
|
IPAddr.new("0.0.0.0/0"), # All IPv4 addresses.
|
|
|
|
IPAddr.new("::/0"), # All IPv6 addresses.
|
|
|
|
"localhost" # The localhost reserved domain.
|
|
|
|
]
|
|
|
|
|
|
|
|
In other environments `Rails.application.config.hosts` is empty and no
|
|
|
|
`Host` header checks will be done. If you want to guard against header
|
|
|
|
attacks on production, you have to manually whitelist the allowed hosts
|
|
|
|
with:
|
|
|
|
|
|
|
|
Rails.application.config.hosts << "product.com"
|
|
|
|
|
|
|
|
The host of a request is checked against the `hosts` entries with the case
|
|
|
|
operator (`#===`), which lets `hosts` support entries of type `RegExp`,
|
|
|
|
`Proc` and `IPAddr` to name a few. Here is an example with a regexp.
|
|
|
|
|
|
|
|
# Allow requests from subdomains like `www.product.com` and
|
|
|
|
# `beta1.product.com`.
|
|
|
|
Rails.application.config.hosts << /.*\.product\.com/
|
|
|
|
|
|
|
|
A special case is supported that allows you to whitelist all sub-domains:
|
|
|
|
|
|
|
|
# Allow requests from subdomains like `www.product.com` and
|
|
|
|
# `beta1.product.com`.
|
|
|
|
Rails.application.config.hosts << ".product.com"
|
|
|
|
|
|
|
|
*Genadi Samokovarov*
|
|
|
|
|
2018-12-12 12:22:59 -05:00
|
|
|
* Remove redundant suffixes on generated helpers.
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2018-12-12 12:10:45 -05:00
|
|
|
* Remove redundant suffixes on generated integration tests.
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2018-12-11 17:11:45 -05:00
|
|
|
* Fix boolean interaction in scaffold system tests.
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2018-12-11 18:09:16 -05:00
|
|
|
* Remove redundant suffixes on generated system tests.
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2018-12-07 01:01:32 -05:00
|
|
|
* Add an `abort_on_failure` boolean option to the generator method that shell
|
|
|
|
out (`generate`, `rake`, `rails_command`) to abort the generator if the
|
|
|
|
command fails.
|
|
|
|
|
|
|
|
*David Rodríguez*
|
|
|
|
|
2018-11-07 18:12:17 -05:00
|
|
|
* Remove `app/assets` and `app/javascript` from `eager_load_paths` and `autoload_paths`.
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
Add JSON support to rails properties route (`/rails/info/properties`).
Added json format, like this:
{
"Rails version": "6.0.0.alpha",
"Ruby version": "2.5.1-p57 (x86_64-darwin17)",
"RubyGems version": "2.7.6",
"Rack version": "2.0.6",
"JavaScript Runtime": "Node.js (V8)",
"Middleware": ["Rack::Sendfile", "ActionDispatch::Static", "ActionDispatch::Executor", "ActiveSupport::Cache::Strategy::LocalCache::Middleware", "Rack::Runtime", "Rack::MethodOverride", "ActionDispatch::RequestId", "ActionDispatch::RemoteIp", "Sprockets::Rails::QuietAssets", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "WebConsole::Middleware", "ActionDispatch::DebugExceptions", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::Migration::CheckPending", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ContentSecurityPolicy::Middleware", "Rack::Head", "Rack::ConditionalGet", "Rack::ETag", "Rack::TempfileReaper"],
"Application root": "/path/to/app",
"Environment": "development",
"Database adapter": "sqlite3",
"Database schema version": 0
}
2018-11-06 09:20:56 -05:00
|
|
|
* Add JSON support to rails properties route (`/rails/info/properties`).
|
|
|
|
|
|
|
|
Now, `Rails::Info` properties may be accessed in JSON format at `/rails/info/properties.json`.
|
|
|
|
|
|
|
|
*Yoshiyuki Hirano*
|
|
|
|
|
2018-10-15 21:27:35 -04:00
|
|
|
* Use Ids instead of memory addresses when displaying references in scaffold views.
|
|
|
|
|
2017-05-24 01:34:07 -04:00
|
|
|
Fixes #29200.
|
|
|
|
|
|
|
|
*Rasesh Patel*
|
|
|
|
|
2018-10-04 15:30:50 -04:00
|
|
|
* Adds support for multiple databases to `rails db:migrate:status`.
|
|
|
|
Subtasks are also added to get the status of individual databases (eg. `rails db:migrate:status:animals`).
|
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
Make Webpacker the default JavaScript compiler for Rails 6 (#33079)
* Use Webpacker by default on new apps
* Stop including coffee-rails by default
* Drop using a js_compressor by default
* Drop extra test for coffeescript inclusion by default
* Stick with skip_javascript to signify skipping webpack
* Don't install a JS runtime by default any more
* app/javascript will be the new default directory for JS
* Make it clear that this is just for configuring the default Webpack framework setup now
* Start using the Webpack tag in the default layout
* Irrelevant test
* jQuery is long gone
* Stop having asset pipeline compile default application.js
* Add rails-ujs by default to the Webpack setup
* Add Active Storage JavaScript to application.js pack by default
* Consistent quoting
* Add Turbolinks to default pack
* Add Action Cable to default pack
Need some work on how to set the global consumer that channels will
work with. @javan?
* Require all channels by default and use a separate consumer stub
* Channel generator now targets Webpack style
* Update task docs to match new generator style
* Use uniform import style
* Drop the JS assets generator
It was barely helpful as it was. It’s no longer helpful in a Webpacked
world. Sayonara!
* Add app/javascript to the stats directories
* Simpler import style
Which match the other imports.
* Address test failures from dropping JS compilation (and compression)
* webpacker-default: Modify `AssetsGeneratorTest`
Before:
```
$ bin/test test/generators/assets_generator_test.rb
Run options: --seed 46201
F
Failure:
AssetsGeneratorTest#test_assets [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/assets_generator_test.rb:12]:
Expected file "app/assets/javascripts/posts.js" to exist, but does not
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/assets_generator_test.rb:10
.
Finished in 0.031343s, 63.8101 runs/s, 95.7152 assertions/s.
2 runs, 3 assertions, 1 failures, 0 errors, 0 skips
```
After:
```
$ bin/test test/generators/assets_generator_test.rb
Run options: --seed 43571
..
Finished in 0.030370s, 65.8545 runs/s, 65.8545 assertions/s.
2 runs, 2 assertions, 0 failures, 0 errors, 0 skips
```
* webpacker-default: Modify `ChannelGeneratorTest`
Before:
```
$ bin/test test/generators/channel_generator_test.rb
Run options: --seed 8986
.F
Failure:
ChannelGeneratorTest#test_channel_with_multiple_actions_is_created [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:43]:
Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:34
.F
Failure:
ChannelGeneratorTest#test_channel_is_created [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:29]:
Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:22
E
Error:
ChannelGeneratorTest#test_cable_js_is_created_if_not_present_already:
Errno::ENOENT: No such file or directory @ apply2files - /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/fixtures/tmp/app/assets/javascripts/cable.js
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:60
F
Failure:
ChannelGeneratorTest#test_channel_suffix_is_not_duplicated [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:87]:
Expected file "app/assets/javascripts/channels/chat.js" to exist, but does not
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:80
F
Failure:
ChannelGeneratorTest#test_channel_on_revoke [/Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:77]:
Expected file "app/assets/javascripts/cable.js" to exist, but does not
bin/test /Users/ttanimichi/ghq/github.com/ttanimichi/rails/railties/test/generators/channel_generator_test.rb:68
Finished in 0.064384s, 108.7227 runs/s, 481.4861 assertions/s.
7 runs, 31 assertions, 4 failures, 1 errors, 0 skips
```
After:
```
$ bin/test test/generators/channel_generator_test.rb
Run options: --seed 44857
.......
Finished in 0.060243s, 116.1961 runs/s, 697.1764 assertions/s.
7 runs, 42 assertions, 0 failures, 0 errors, 0 skips
```
* Fix shared generator tests.
* webpacker-default: Modify `ControllerGeneratorTest`
The JS assets generator was dropped. ref. https://github.com/rails/rails/commit/46215b179483d3e4d264555f5a4952f43eb8142a
* Revert "Simpler import style". It's currently failing with an error of "TypeError: undefined is not an object (evaluating '__WEBPACK_IMPORTED_MODULE_2_activestorage___default.a.start')". Waiting for @javan to have a look.
This reverts commit 5d3ebb71059f635d3756cbda4ab9752027e09256.
* require webpacker in test app
* Add webpacker without making the build hang/timeout. (#33640)
* use yarn workspaces to allow for installing unreleased packages and only generate js/bootsnap when required
* no longer need to have webpacker in env templates as webpacker moved this config to yml file
* Fix rubocop violation
* Got the test passing for the running scaffold
* update expected lines of code
* update middleware tests to account for webpacker
* disable js in plugins be default to get the tests passing (#34009)
* clear codeclimate report issues
* Anything newer than currently released is good
* Use Webpacker development version during development of Rails
* Edge should get development webpacker as well
* Add changelog entry for Webpacker change
2018-10-01 01:31:21 -04:00
|
|
|
* Use Webpacker by default to manage app-level JavaScript through the new app/javascript directory.
|
|
|
|
Sprockets is now solely in charge, by default, of compiling CSS and other static assets.
|
|
|
|
Action Cable channel generators will create ES6 stubs rather than use CoffeeScript.
|
|
|
|
Active Storage, Action Cable, Turbolinks, and Rails-UJS are loaded by a new application.js pack.
|
|
|
|
Generators no longer generate JavaScript stubs.
|
|
|
|
|
|
|
|
*DHH*, *Lachlan Sylvester*
|
|
|
|
|
2018-10-15 18:42:15 -04:00
|
|
|
* Add `database` (aliased as `db`) option to model generator to allow
|
|
|
|
setting the database. This is useful for applications that use
|
|
|
|
multiple databases and put migrations per database in their own directories.
|
2018-09-28 13:36:06 -04:00
|
|
|
|
|
|
|
```
|
2018-10-15 18:42:15 -04:00
|
|
|
bin/rails g model Room capacity:integer --database=kingston
|
2018-09-26 17:16:54 -04:00
|
|
|
invoke active_record
|
|
|
|
create db/kingston_migrate/20180830151055_create_rooms.rb
|
|
|
|
```
|
|
|
|
|
|
|
|
Because rails scaffolding uses the model generator, you can
|
2018-10-15 18:42:15 -04:00
|
|
|
also specify a database with the scaffold generator.
|
2018-09-26 17:16:54 -04:00
|
|
|
|
|
|
|
*Gannon McGibbon*
|
|
|
|
|
2018-09-20 14:56:07 -04:00
|
|
|
* Raise an error when "recyclable cache keys" are being used by a cache store
|
2018-09-20 21:40:31 -04:00
|
|
|
that does not explicitly support it. Custom cache keys that do support this feature
|
|
|
|
can bypass this error by implementing the `supports_cache_versioning?` method on their
|
|
|
|
class and returning a truthy value.
|
2018-09-20 14:56:07 -04:00
|
|
|
|
|
|
|
*Richard Schneeman*
|
|
|
|
|
2018-09-19 17:02:00 -04:00
|
|
|
* Support environment specific credentials file.
|
|
|
|
|
|
|
|
For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by
|
2018-09-20 06:23:47 -04:00
|
|
|
`ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key.
|
2018-09-19 17:02:00 -04:00
|
|
|
Edit given environment credentials file by command `rails credentials:edit --environment production`.
|
|
|
|
Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
|
|
|
|
|
|
|
|
*Wojciech Wnętrzak*
|
|
|
|
|
2018-09-03 12:15:14 -04:00
|
|
|
* Make `ActiveSupport::Cache::NullStore` the default cache store in the test environment.
|
2018-09-02 18:18:46 -04:00
|
|
|
|
|
|
|
*Michael C. Nelson*
|
|
|
|
|
2018-08-31 01:12:53 -04:00
|
|
|
* Emit warning for unknown inflection rule when generating model.
|
|
|
|
|
|
|
|
*Yoshiyuki Kinjo*
|
|
|
|
|
2018-10-15 18:42:15 -04:00
|
|
|
* Add `database` (aliased as `db`) option to migration generator.
|
2018-08-30 11:18:40 -04:00
|
|
|
|
|
|
|
If you're using multiple databases and have a folder for each database
|
|
|
|
for migrations (ex db/migrate and db/new_db_migrate) you can now pass the
|
2018-10-15 18:42:15 -04:00
|
|
|
`--database` option to the generator to make sure the the migration
|
2018-08-30 11:18:40 -04:00
|
|
|
is inserted into the correct folder.
|
|
|
|
|
|
|
|
```
|
2018-10-15 18:42:15 -04:00
|
|
|
rails g migration CreateHouses --database=kingston
|
2018-08-30 11:18:40 -04:00
|
|
|
invoke active_record
|
|
|
|
create db/kingston_migrate/20180830151055_create_houses.rb
|
|
|
|
```
|
|
|
|
|
|
|
|
*Eileen M. Uchitelle*
|
|
|
|
|
2018-08-19 18:26:25 -04:00
|
|
|
* Deprecate `rake routes` in favor of `rails routes`.
|
|
|
|
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
|
2018-08-16 10:11:31 -04:00
|
|
|
* Deprecate `rake initializers` in favor of `rails initializers`.
|
|
|
|
|
|
|
|
*Annie-Claude Côté*
|
|
|
|
|
2018-08-08 13:21:19 -04:00
|
|
|
* Deprecate `rake dev:cache` in favor of `rails dev:cache`.
|
|
|
|
|
|
|
|
*Annie-Claude Côté*
|
|
|
|
|
2018-07-06 10:21:07 -04:00
|
|
|
* Deprecate `rails notes` subcommands in favor of passing an `annotations` argument to `rails notes`.
|
|
|
|
|
|
|
|
The following subcommands are replaced by passing `--annotations` or `-a` to `rails notes`:
|
2018-08-15 07:11:36 -04:00
|
|
|
- `rails notes:custom ANNOTATION=custom` is deprecated in favor of using `rails notes -a custom`.
|
|
|
|
- `rails notes:optimize` is deprecated in favor of using `rails notes -a OPTIMIZE`.
|
|
|
|
- `rails notes:todo` is deprecated in favor of using`rails notes -a TODO`.
|
|
|
|
- `rails notes:fixme` is deprecated in favor of using `rails notes -a FIXME`.
|
2018-07-06 10:21:07 -04:00
|
|
|
|
|
|
|
*Annie-Claude Côté*
|
|
|
|
|
|
|
|
* Deprecate `SOURCE_ANNOTATION_DIRECTORIES` environment variable used by `rails notes`
|
|
|
|
through `Rails::SourceAnnotationExtractor::Annotation` in favor of using `config.annotations.register_directories`.
|
|
|
|
|
|
|
|
*Annie-Claude Côté*
|
|
|
|
|
|
|
|
* Deprecate `rake notes` in favor of `rails notes`.
|
|
|
|
|
|
|
|
*Annie-Claude Côté*
|
|
|
|
|
2018-09-06 18:56:31 -04:00
|
|
|
* Don't generate unused files in `app:update` task.
|
2018-05-07 04:25:01 -04:00
|
|
|
|
2018-09-06 18:56:31 -04:00
|
|
|
Skip the assets' initializer when sprockets isn't loaded.
|
2018-05-07 04:25:01 -04:00
|
|
|
|
2018-09-06 18:56:31 -04:00
|
|
|
Skip `config/spring.rb` when spring isn't loaded.
|
2018-05-01 10:08:31 -04:00
|
|
|
|
2018-09-06 18:56:31 -04:00
|
|
|
Skip yarn's contents when yarn integration isn't used.
|
2018-05-08 03:31:47 -04:00
|
|
|
|
2018-05-01 10:08:31 -04:00
|
|
|
*Tsukuru Tanimichi*
|
|
|
|
|
2018-04-18 17:29:27 -04:00
|
|
|
* Make the master.key file read-only for the owner upon generation on
|
|
|
|
POSIX-compliant systems.
|
|
|
|
|
|
|
|
Previously:
|
|
|
|
|
|
|
|
$ ls -l config/master.key
|
|
|
|
-rw-r--r-- 1 owner group 32 Jan 1 00:00 master.key
|
|
|
|
|
|
|
|
Now:
|
|
|
|
|
|
|
|
$ ls -l config/master.key
|
|
|
|
-rw------- 1 owner group 32 Jan 1 00:00 master.key
|
|
|
|
|
|
|
|
Fixes #32604.
|
|
|
|
|
|
|
|
*Jose Luis Duran*
|
|
|
|
|
2018-04-16 01:35:13 -04:00
|
|
|
* Deprecate support for using the `HOST` environment to specify the server IP.
|
|
|
|
|
|
|
|
The `BINDING` environment should be used instead.
|
|
|
|
|
|
|
|
Fixes #29516.
|
|
|
|
|
|
|
|
*Yuji Yaginuma*
|
|
|
|
|
Introduce explicit rails server handler option
I mistype `rails server production` instead of `rails server -e
production` expecting to lunch a server in the production environment
all the time. However, the signature of `rails server --help` is:
```
Usage:
rails server [puma, thin etc] [options]
```
This means that the `production` argument is being interpreted as a Rack
server handler like Puma, Thin or Unicorn.
Should we argue for the `rails server production`? I'm not sure of the
reasons, but the `rails console production` behavior was deprecated in:
https://github.com/rails/rails/pull/29358, so parity with the existing
`rails console production` usage may not hold anymore.
In any case, this PR introduces an explicit option for the Rack servers
configuration. The option is called `--using` (or `-u` for short) to
avoid the `rails server --server` tantrum.
The new interface of `rails server` is:
```
Usage:
rails server [using] [options]
Options:
-p, [--port=port] # Runs Rails on the specified port - defaults to 3000.
-b, [--binding=IP] # Binds Rails to the specified IP - defaults to 'localhost' in development and '0.0.0.0' in other environments'.
-c, [--config=file] # Uses a custom rackup configuration.
# Default: config.ru
-d, [--daemon], [--no-daemon] # Runs server as a Daemon.
-e, [--environment=name] # Specifies the environment to run this server under (development/test/production).
-u, [--using=name] # Specifies the Rack server used to run the application (thin/puma/webrick).
-P, [--pid=PID] # Specifies the PID file.
# Default: tmp/pids/server.pid
-C, [--dev-caching], [--no-dev-caching] # Specifies whether to perform caching in development.
[--early-hints], [--no-early-hints] # Enables HTTP/2 early hints.
```
As a bonus, if you mistype the server to use, you'll get an
auto-correction message:
```
$ rails s tin
Could not find handler "tin". Maybe you meant "thin" or "cgi"?
Run `rails server --help` for more options.
```
2018-02-19 13:31:56 -05:00
|
|
|
* Deprecate passing Rack server name as a regular argument to `rails server`.
|
|
|
|
|
|
|
|
Previously:
|
|
|
|
|
|
|
|
$ bin/rails server thin
|
|
|
|
|
|
|
|
There wasn't an explicit option for the Rack server to use, now we have the
|
|
|
|
`--using` option with the `-u` short switch.
|
|
|
|
|
|
|
|
Now:
|
|
|
|
|
|
|
|
$ bin/rails server -u thin
|
|
|
|
|
|
|
|
This change also improves the error message if a missing or mistyped rack
|
|
|
|
server is given.
|
|
|
|
|
|
|
|
*Genadi Samokovarov*
|
|
|
|
|
2018-02-25 12:25:55 -05:00
|
|
|
* Add "rails routes --expanded" option to output routes in expanded mode like
|
|
|
|
"psql --expanded". Result looks like:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ rails routes --expanded
|
|
|
|
--[ Route 1 ]------------------------------------------------------------
|
|
|
|
Prefix | high_scores
|
|
|
|
Verb | GET
|
|
|
|
URI | /high_scores(.:format)
|
|
|
|
Controller#Action | high_scores#index
|
|
|
|
--[ Route 2 ]------------------------------------------------------------
|
|
|
|
Prefix | new_high_score
|
|
|
|
Verb | GET
|
|
|
|
URI | /high_scores/new(.:format)
|
|
|
|
Controller#Action | high_scores#new
|
|
|
|
```
|
|
|
|
|
|
|
|
*Benoit Tigeot*
|
|
|
|
|
2018-12-19 15:09:34 -05:00
|
|
|
* Rails 6 requires Ruby 2.5.0 or newer.
|
2018-02-17 16:02:18 -05:00
|
|
|
|
2018-12-19 15:09:34 -05:00
|
|
|
*Jeremy Daer*, *Kasper Timm Hansen*
|
2018-02-17 16:02:18 -05:00
|
|
|
|
|
|
|
|
2018-01-30 18:51:17 -05:00
|
|
|
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/railties/CHANGELOG.md) for previous changes.
|