1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"

We had a discussion on the Core team and we don't want to expose this information
as a JSON endpoint and not by default.

It doesn't make sense to expose this JSON locally and this controller is only
accessible in dev, so the proposed access from a production app seems off.

This reverts commit 8eaffe7e89, reversing
changes made to b6e4305c3b.
This commit is contained in:
Kasper Timm Hansen 2019-01-08 22:16:58 +01:00
parent 842bc43f7f
commit f66a977fc7
No known key found for this signature in database
GPG key ID: 191153215EDA53D8
13 changed files with 0 additions and 50 deletions

View file

@ -25,9 +25,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actioncable/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "actionpack", version
s.add_dependency "nio4r", "~> 2.0"

View file

@ -26,9 +26,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionmailer/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "actionpack", version
s.add_dependency "actionview", version
s.add_dependency "activejob", version

View file

@ -26,9 +26,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionpack/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
s.add_dependency "rack", "~> 2.0"

View file

@ -26,9 +26,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionview/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
s.add_dependency "builder", "~> 3.1"

View file

@ -25,9 +25,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activejob/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
s.add_dependency "globalid", ">= 0.3.6"
end

View file

@ -25,8 +25,5 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activemodel/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
end

View file

@ -28,9 +28,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activerecord/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
s.add_dependency "activemodel", version
end

View file

@ -25,9 +25,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activestorage/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "actionpack", version
s.add_dependency "activerecord", version

View file

@ -27,9 +27,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activesupport/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "i18n", ">= 0.7", "< 2"
s.add_dependency "tzinfo", "~> 1.1"
s.add_dependency "minitest", "~> 5.1"

View file

@ -1235,11 +1235,6 @@ version:
Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key is blank
```
Dependency Management and CVEs
------------------------------
We dont bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
Additional Resources
--------------------

View file

@ -11,10 +11,6 @@
# policy.object_src :none
# policy.script_src :self, :https
# policy.style_src :self, :https
<%- unless options[:skip_javascript] -%>
# # If you are using webpack-dev-server then specify webpack-dev-server host
# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
<%- end -%>
# # Specify URI for violation reports
# # policy.report_uri "/csp-violation-report-endpoint"

View file

@ -30,9 +30,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md"
}
# NOTE: Please read our dependency guidelines before updating versions:
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
s.add_dependency "activesupport", version
s.add_dependency "actionpack", version

View file

@ -230,14 +230,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
assert_equal "false\n", output
end
def test_csp_initializer_include_connect_src_example
run_generator
assert_file "config/initializers/content_security_policy.rb" do |content|
assert_match(/# policy\.connect_src/, content)
end
end
def test_app_update_keep_the_cookie_serializer_if_it_is_already_configured
app_root = File.join(destination_root, "myapp")
run_generator [app_root]
@ -845,9 +837,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
end
assert_no_gem "webpacker"
assert_file "config/initializers/content_security_policy.rb" do |content|
assert_no_match(/policy\.connect_src/, content)
end
end
def test_webpack_option_with_js_framework