Use urlsafe_csrf_tokens to allow migrating from Rails 5.2.5+
This commit is contained in:
Sebastian Serth
3
Gemfile
3
Gemfile
@ -25,7 +25,8 @@ gem 'prometheus_exporter'
|
||||
gem 'pry-byebug'
|
||||
gem 'puma'
|
||||
gem 'pundit'
|
||||
gem 'rails', '6.0.3.7'
|
||||
# Switch to a newer 6.0 release while 6.0.3.7 is the newest version with the CSRF bug
|
||||
gem 'rails', git: 'https://github.com/rails/rails', branch: '6-0-stable'
|
||||
gem 'rails_admin'
|
||||
gem 'rails-i18n'
|
||||
gem 'rails-timeago'
|
||||
|
||||
72
Gemfile.lock
72
Gemfile.lock
@ -18,10 +18,11 @@ GIT
|
||||
nokogiri (>= 1.10.2, < 1.12.0)
|
||||
rubyzip (>= 1.2.2, < 2.4.0)
|
||||
|
||||
GEM
|
||||
remote: https://rubygems.org/
|
||||
GIT
|
||||
remote: https://github.com/rails/rails
|
||||
revision: ef97441036e0ebbe1aa2108d59c408707f998ffd
|
||||
branch: 6-0-stable
|
||||
specs:
|
||||
ZenTest (4.12.0)
|
||||
actioncable (6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
nio4r (~> 2.0)
|
||||
@ -63,10 +64,6 @@ GEM
|
||||
globalid (>= 0.3.6)
|
||||
activemodel (6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
activemodel-serializers-xml (1.0.2)
|
||||
activemodel (> 5.x)
|
||||
activesupport (> 5.x)
|
||||
builder (~> 3.1)
|
||||
activerecord (6.0.3.7)
|
||||
activemodel (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
@ -81,6 +78,36 @@ GEM
|
||||
minitest (~> 5.1)
|
||||
tzinfo (~> 1.1)
|
||||
zeitwerk (~> 2.2, >= 2.2.2)
|
||||
rails (6.0.3.7)
|
||||
actioncable (= 6.0.3.7)
|
||||
actionmailbox (= 6.0.3.7)
|
||||
actionmailer (= 6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
actiontext (= 6.0.3.7)
|
||||
actionview (= 6.0.3.7)
|
||||
activejob (= 6.0.3.7)
|
||||
activemodel (= 6.0.3.7)
|
||||
activerecord (= 6.0.3.7)
|
||||
activestorage (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
bundler (>= 1.3.0)
|
||||
railties (= 6.0.3.7)
|
||||
sprockets-rails (>= 2.0.0)
|
||||
railties (6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
method_source
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.20.3, < 2.0)
|
||||
|
||||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
ZenTest (4.12.0)
|
||||
activemodel-serializers-xml (1.0.2)
|
||||
activemodel (> 5.x)
|
||||
activesupport (> 5.x)
|
||||
builder (~> 3.1)
|
||||
addressable (2.7.0)
|
||||
public_suffix (>= 2.0.2, < 5.0)
|
||||
amq-protocol (2.3.2)
|
||||
@ -277,7 +304,7 @@ GEM
|
||||
pry-rails (0.3.9)
|
||||
pry (>= 0.10.4)
|
||||
public_suffix (4.0.6)
|
||||
puma (5.3.0)
|
||||
puma (5.3.1)
|
||||
nio4r (~> 2.0)
|
||||
pundit (2.1.0)
|
||||
activesupport (>= 3.0.0)
|
||||
@ -292,21 +319,6 @@ GEM
|
||||
rack
|
||||
rack-test (1.1.0)
|
||||
rack (>= 1.0, < 3)
|
||||
rails (6.0.3.7)
|
||||
actioncable (= 6.0.3.7)
|
||||
actionmailbox (= 6.0.3.7)
|
||||
actionmailer (= 6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
actiontext (= 6.0.3.7)
|
||||
actionview (= 6.0.3.7)
|
||||
activejob (= 6.0.3.7)
|
||||
activemodel (= 6.0.3.7)
|
||||
activerecord (= 6.0.3.7)
|
||||
activestorage (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
bundler (>= 1.3.0)
|
||||
railties (= 6.0.3.7)
|
||||
sprockets-rails (>= 2.0.0)
|
||||
rails-controller-testing (1.0.5)
|
||||
actionpack (>= 5.0.1.rc1)
|
||||
actionview (>= 5.0.1.rc1)
|
||||
@ -334,12 +346,6 @@ GEM
|
||||
rails (>= 5.0, < 7)
|
||||
remotipart (~> 1.3)
|
||||
sassc-rails (>= 1.3, < 3)
|
||||
railties (6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
method_source
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.20.3, < 2.0)
|
||||
rainbow (3.0.0)
|
||||
rake (13.0.3)
|
||||
ransack (2.4.2)
|
||||
@ -425,11 +431,11 @@ GEM
|
||||
sentry-rails (4.4.0)
|
||||
railties (>= 5.0)
|
||||
sentry-ruby-core (~> 4.4.0.pre.beta)
|
||||
sentry-ruby (4.4.1)
|
||||
sentry-ruby (4.4.2)
|
||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||
faraday (>= 1.0)
|
||||
sentry-ruby-core (= 4.4.1)
|
||||
sentry-ruby-core (4.4.1)
|
||||
sentry-ruby-core (= 4.4.2)
|
||||
sentry-ruby-core (4.4.2)
|
||||
concurrent-ruby
|
||||
faraday
|
||||
shoulda-matchers (4.5.1)
|
||||
@ -546,7 +552,7 @@ DEPENDENCIES
|
||||
puma
|
||||
pundit
|
||||
rack-mini-profiler
|
||||
rails (= 6.0.3.7)
|
||||
rails!
|
||||
rails-controller-testing
|
||||
rails-i18n
|
||||
rails-timeago
|
||||
|
||||
@ -13,6 +13,11 @@ module CodeOcean
|
||||
# Initialize configuration defaults for originally generated Rails version.
|
||||
config.load_defaults 6.0
|
||||
|
||||
# In Rails 5.2.5, the CSRF token format is accidentally changed to urlsafe-encoded.
|
||||
# If you upgrade apps from 5.2.5, set the config `urlsafe_csrf_tokens = true`.
|
||||
# ToDo: Remove after upgrade to Rails 6.1
|
||||
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
|
||||
|
||||
# Settings in config/environments/* take precedence over those specified here.
|
||||
# Application configuration can go into files in config/initializers
|
||||
# -- all .rb files in that directory are automatically loaded after loading
|
||||
|
||||
@ -5689,9 +5689,9 @@ postcss-selector-parser@^5.0.0-rc.3, postcss-selector-parser@^5.0.0-rc.4:
|
||||
uniq "^1.0.1"
|
||||
|
||||
postcss-selector-parser@^6.0.0, postcss-selector-parser@^6.0.2:
|
||||
version "6.0.5"
|
||||
resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.5.tgz#042d74e137db83e6f294712096cb413f5aa612c4"
|
||||
integrity sha512-aFYPoYmXbZ1V6HZaSvat08M97A8HqO6Pjz+PiNpw/DhuRrC72XWAdp3hL6wusDCN31sSmcZyMGa2hZEuX+Xfhg==
|
||||
version "6.0.6"
|
||||
resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.6.tgz#2c5bba8174ac2f6981ab631a42ab0ee54af332ea"
|
||||
integrity sha512-9LXrvaaX3+mcv5xkg5kFwqSzSH1JIObIx51PrndZwlmznwXRfxMddDvo9gve3gVR8ZTKgoFDdWkbRFmEhT4PMg==
|
||||
dependencies:
|
||||
cssesc "^3.0.0"
|
||||
util-deprecate "^1.0.2"
|
||||
|
||||
Reference in New Issue
Block a user