Upgrade to Rails 6.1 and apply new framework defaults

2021-05-12 16:45:43 +02:00
parent 504bb07ae1
commit 11962a1d65
20 changed files with 226 additions and 152 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -11,17 +11,12 @@ require 'telegraf/rails'
 module CodeOcean
  class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 6.0
+    config.load_defaults 6.1

-    # In Rails 5.2.5, the CSRF token format is accidentally changed to urlsafe-encoded.
-    # If you upgrade apps from 5.2.5, set the config `urlsafe_csrf_tokens = true`.
-    # ToDo: Remove after upgrade to Rails 6.1
-    Rails.application.config.action_controller.urlsafe_csrf_tokens = true
-
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration can go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded after loading
-    # the framework and any gems in your application.
+    # Configuration for the application, engines, and railties goes here.
+    #
+    # These settings can be overridden in specific environments using the files
+    # in config/environments, which are processed later.

    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -1,12 +1,14 @@
 # frozen_string_literal: true

+require "active_support/core_ext/integer/time"
+
 Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  config.web_console.whitelisted_ips = '192.168.0.0/16'

-  # In the development environment your application's code is reloaded on
-  # every request. This slows down response time but is perfect for development
+  # In the development environment your application's code is reloaded any time
+  # it changes. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
  config.cache_classes = false

@ -43,6 +45,12 @@ Rails.application.configure do
  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log

+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
  # Raise an error on page load if there are pending migrations.
  config.active_record.migration_error = :page_load

@ -57,9 +65,12 @@ Rails.application.configure do
  # Suppress logger output for asset requests.
  config.assets.quiet = true

-  # Raises error for missing translations
+  # Raises error for missing translations.
  config.action_view.raise_on_missing_translations = true

+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+
  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
@ -72,4 +83,7 @@ Rails.application.configure do
  config.file_watcher = ActiveSupport::EventedFileUpdateChecker
  # If the evented file watcher doesn't work (in Vagrant), use another one:
  # config.file_watcher = ActiveSupport::FileUpdateChecker
+
+  # Uncomment if you wish to allow Action Cable access from any origin.
+  # config.action_cable.disable_request_forgery_protection = true
 end
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -1,5 +1,7 @@
 # frozen_string_literal: true

+require "active_support/core_ext/integer/time"
+
 Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

@ -33,7 +35,7 @@ Rails.application.configure do
  config.assets.compile = false

  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
-  # config.action_controller.asset_host = 'http://assets.example.com'
+  # config.asset_host = 'http://assets.example.com'

  # Specifies the header that your server uses for sending files.
  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
@ -50,9 +52,9 @@ Rails.application.configure do
  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
  # config.force_ssl = true

-  # Use the lowest log level to ensure availability of diagnostic information
-  # when problems arise.
-  config.log_level = :error
+  # Include generic and useful information about system operation, but avoid logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII).
+  config.log_level = :info

  # Prepend all log lines with the following tags.
  # config.log_tags = [ :subdomain, :uuid, :request_id ]
@ -77,6 +79,12 @@ Rails.application.configure do
  # Send deprecation notices to registered listeners.
  config.active_support.deprecation = :notify

+  # Log disallowed deprecations.
+  config.active_support.disallowed_deprecation = :log
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
  # Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new

--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@ -1,5 +1,7 @@
 # frozen_string_literal: true

+require "active_support/core_ext/integer/time"
+
 # The test environment is used exclusively to run your application's
 # test suite. You never need to work with it otherwise. Remember that
 # your test database is "scratch space" for the test suite and is wiped
@ -9,6 +11,7 @@ Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  config.cache_classes = false
+  config.action_view.cache_template_loading = true

  # Do not eager load code on boot. This avoids loading your whole application
  # just for the purpose of running a single test. If you are using a tool that
@ -49,6 +52,15 @@ Rails.application.configure do
  # Print deprecation notices to the stderr.
  config.active_support.deprecation = :stderr

+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
  # Raises error for missing translations.
-  # config.action_view.raise_on_missing_translations = true
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
 end
--- a/config/initializers/backtrace_silencers.rb
+++ b/config/initializers/backtrace_silencers.rb
@ -1,7 +1,8 @@
 # Be sure to restart your server when you modify this file.

 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
-# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) }

-# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
-# Rails.backtrace_cleaner.remove_silencers!
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code
+# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'".
+Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"]
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@ -1,4 +1,6 @@
 # Be sure to restart your server when you modify this file.

 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password]
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]
--- a/config/initializers/permissions_policy.rb
+++ b/config/initializers/permissions_policy.rb
@ -0,0 +1,11 @@
+# Define an application-wide HTTP permissions policy. For further
+# information see https://developers.google.com/web/updates/2018/06/feature-policy
+#
+# Rails.application.config.permissions_policy do |f|
+#   f.camera      :none
+#   f.gyroscope   :none
+#   f.microphone  :none
+#   f.usb         :none
+#   f.fullscreen  :self
+#   f.payment     :self, "https://secure.example.com"
+# end
--- a/config/puma.rb
+++ b/config/puma.rb
@ -8,6 +8,11 @@ max_threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
 min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count }
 threads min_threads_count, max_threads_count

+# Specifies the `worker_timeout` threshold that Puma will use to wait before
+# terminating a worker in development environments.
+#
+worker_timeout 3600 if ENV.fetch("RAILS_ENV", "development") == "development"
+
 # Specifies the `port` that Puma will listen on to receive requests; default is 7000.
 #
 port        ENV.fetch("PORT") { 7000 }