mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"
We had a discussion on the Core team and we don't want to expose this information as a JSON endpoint and not by default. It doesn't make sense to expose this JSON locally and this controller is only accessible in dev, so the proposed access from a production app seems off. This reverts commit8eaffe7e89
, reversing changes made tob6e4305c3b
.
This commit is contained in:
parent
842bc43f7f
commit
f66a977fc7
13 changed files with 0 additions and 50 deletions
|
@ -25,9 +25,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actioncable/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "actionpack", version
|
||||
|
||||
s.add_dependency "nio4r", "~> 2.0"
|
||||
|
|
|
@ -26,9 +26,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionmailer/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "actionpack", version
|
||||
s.add_dependency "actionview", version
|
||||
s.add_dependency "activejob", version
|
||||
|
|
|
@ -26,9 +26,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionpack/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
|
||||
s.add_dependency "rack", "~> 2.0"
|
||||
|
|
|
@ -26,9 +26,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/actionview/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
|
||||
s.add_dependency "builder", "~> 3.1"
|
||||
|
|
|
@ -25,9 +25,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activejob/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
s.add_dependency "globalid", ">= 0.3.6"
|
||||
end
|
||||
|
|
|
@ -25,8 +25,5 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activemodel/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
end
|
||||
|
|
|
@ -28,9 +28,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activerecord/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
s.add_dependency "activemodel", version
|
||||
end
|
||||
|
|
|
@ -25,9 +25,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activestorage/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "actionpack", version
|
||||
s.add_dependency "activerecord", version
|
||||
|
||||
|
|
|
@ -27,9 +27,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activesupport/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "i18n", ">= 0.7", "< 2"
|
||||
s.add_dependency "tzinfo", "~> 1.1"
|
||||
s.add_dependency "minitest", "~> 5.1"
|
||||
|
|
|
@ -1235,11 +1235,6 @@ version:
|
|||
Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key is blank
|
||||
```
|
||||
|
||||
Dependency Management and CVEs
|
||||
------------------------------
|
||||
|
||||
We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
|
||||
|
||||
Additional Resources
|
||||
--------------------
|
||||
|
||||
|
|
|
@ -11,10 +11,6 @@
|
|||
# policy.object_src :none
|
||||
# policy.script_src :self, :https
|
||||
# policy.style_src :self, :https
|
||||
<%- unless options[:skip_javascript] -%>
|
||||
# # If you are using webpack-dev-server then specify webpack-dev-server host
|
||||
# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
|
||||
<%- end -%>
|
||||
|
||||
# # Specify URI for violation reports
|
||||
# # policy.report_uri "/csp-violation-report-endpoint"
|
||||
|
|
|
@ -30,9 +30,6 @@ Gem::Specification.new do |s|
|
|||
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md"
|
||||
}
|
||||
|
||||
# NOTE: Please read our dependency guidelines before updating versions:
|
||||
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
||||
|
||||
s.add_dependency "activesupport", version
|
||||
s.add_dependency "actionpack", version
|
||||
|
||||
|
|
|
@ -230,14 +230,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
|
|||
assert_equal "false\n", output
|
||||
end
|
||||
|
||||
def test_csp_initializer_include_connect_src_example
|
||||
run_generator
|
||||
|
||||
assert_file "config/initializers/content_security_policy.rb" do |content|
|
||||
assert_match(/# policy\.connect_src/, content)
|
||||
end
|
||||
end
|
||||
|
||||
def test_app_update_keep_the_cookie_serializer_if_it_is_already_configured
|
||||
app_root = File.join(destination_root, "myapp")
|
||||
run_generator [app_root]
|
||||
|
@ -845,9 +837,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
|
|||
end
|
||||
|
||||
assert_no_gem "webpacker"
|
||||
assert_file "config/initializers/content_security_policy.rb" do |content|
|
||||
assert_no_match(/policy\.connect_src/, content)
|
||||
end
|
||||
end
|
||||
|
||||
def test_webpack_option_with_js_framework
|
||||
|
|
Loading…
Reference in a new issue