Use urlsafe_csrf_tokens to allow migrating from Rails 5.2.5+
This commit is contained in:
Sebastian Serth
3
Gemfile
3
Gemfile
@ -25,7 +25,8 @@ gem 'prometheus_exporter'
|
|||||||
gem 'pry-byebug'
|
gem 'pry-byebug'
|
||||||
gem 'puma'
|
gem 'puma'
|
||||||
gem 'pundit'
|
gem 'pundit'
|
||||||
gem 'rails', '6.0.3.7'
|
# Switch to a newer 6.0 release while 6.0.3.7 is the newest version with the CSRF bug
|
||||||
|
gem 'rails', git: 'https://github.com/rails/rails', branch: '6-0-stable'
|
||||||
gem 'rails_admin'
|
gem 'rails_admin'
|
||||||
gem 'rails-i18n'
|
gem 'rails-i18n'
|
||||||
gem 'rails-timeago'
|
gem 'rails-timeago'
|
||||||
|
|||||||
72
Gemfile.lock
72
Gemfile.lock
@ -18,10 +18,11 @@ GIT
|
|||||||
nokogiri (>= 1.10.2, < 1.12.0)
|
nokogiri (>= 1.10.2, < 1.12.0)
|
||||||
rubyzip (>= 1.2.2, < 2.4.0)
|
rubyzip (>= 1.2.2, < 2.4.0)
|
||||||
|
|
||||||
GEM
|
GIT
|
||||||
remote: https://rubygems.org/
|
remote: https://github.com/rails/rails
|
||||||
|
revision: ef97441036e0ebbe1aa2108d59c408707f998ffd
|
||||||
|
branch: 6-0-stable
|
||||||
specs:
|
specs:
|
||||||
ZenTest (4.12.0)
|
|
||||||
actioncable (6.0.3.7)
|
actioncable (6.0.3.7)
|
||||||
actionpack (= 6.0.3.7)
|
actionpack (= 6.0.3.7)
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
@ -63,10 +64,6 @@ GEM
|
|||||||
globalid (>= 0.3.6)
|
globalid (>= 0.3.6)
|
||||||
activemodel (6.0.3.7)
|
activemodel (6.0.3.7)
|
||||||
activesupport (= 6.0.3.7)
|
activesupport (= 6.0.3.7)
|
||||||
activemodel-serializers-xml (1.0.2)
|
|
||||||
activemodel (> 5.x)
|
|
||||||
activesupport (> 5.x)
|
|
||||||
builder (~> 3.1)
|
|
||||||
activerecord (6.0.3.7)
|
activerecord (6.0.3.7)
|
||||||
activemodel (= 6.0.3.7)
|
activemodel (= 6.0.3.7)
|
||||||
activesupport (= 6.0.3.7)
|
activesupport (= 6.0.3.7)
|
||||||
@ -81,6 +78,36 @@ GEM
|
|||||||
minitest (~> 5.1)
|
minitest (~> 5.1)
|
||||||
tzinfo (~> 1.1)
|
tzinfo (~> 1.1)
|
||||||
zeitwerk (~> 2.2, >= 2.2.2)
|
zeitwerk (~> 2.2, >= 2.2.2)
|
||||||
|
rails (6.0.3.7)
|
||||||
|
actioncable (= 6.0.3.7)
|
||||||
|
actionmailbox (= 6.0.3.7)
|
||||||
|
actionmailer (= 6.0.3.7)
|
||||||
|
actionpack (= 6.0.3.7)
|
||||||
|
actiontext (= 6.0.3.7)
|
||||||
|
actionview (= 6.0.3.7)
|
||||||
|
activejob (= 6.0.3.7)
|
||||||
|
activemodel (= 6.0.3.7)
|
||||||
|
activerecord (= 6.0.3.7)
|
||||||
|
activestorage (= 6.0.3.7)
|
||||||
|
activesupport (= 6.0.3.7)
|
||||||
|
bundler (>= 1.3.0)
|
||||||
|
railties (= 6.0.3.7)
|
||||||
|
sprockets-rails (>= 2.0.0)
|
||||||
|
railties (6.0.3.7)
|
||||||
|
actionpack (= 6.0.3.7)
|
||||||
|
activesupport (= 6.0.3.7)
|
||||||
|
method_source
|
||||||
|
rake (>= 0.8.7)
|
||||||
|
thor (>= 0.20.3, < 2.0)
|
||||||
|
|
||||||
|
GEM
|
||||||
|
remote: https://rubygems.org/
|
||||||
|
specs:
|
||||||
|
ZenTest (4.12.0)
|
||||||
|
activemodel-serializers-xml (1.0.2)
|
||||||
|
activemodel (> 5.x)
|
||||||
|
activesupport (> 5.x)
|
||||||
|
builder (~> 3.1)
|
||||||
addressable (2.7.0)
|
addressable (2.7.0)
|
||||||
public_suffix (>= 2.0.2, < 5.0)
|
public_suffix (>= 2.0.2, < 5.0)
|
||||||
amq-protocol (2.3.2)
|
amq-protocol (2.3.2)
|
||||||
@ -277,7 +304,7 @@ GEM
|
|||||||
pry-rails (0.3.9)
|
pry-rails (0.3.9)
|
||||||
pry (>= 0.10.4)
|
pry (>= 0.10.4)
|
||||||
public_suffix (4.0.6)
|
public_suffix (4.0.6)
|
||||||
puma (5.3.0)
|
puma (5.3.1)
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
pundit (2.1.0)
|
pundit (2.1.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
@ -292,21 +319,6 @@ GEM
|
|||||||
rack
|
rack
|
||||||
rack-test (1.1.0)
|
rack-test (1.1.0)
|
||||||
rack (>= 1.0, < 3)
|
rack (>= 1.0, < 3)
|
||||||
rails (6.0.3.7)
|
|
||||||
actioncable (= 6.0.3.7)
|
|
||||||
actionmailbox (= 6.0.3.7)
|
|
||||||
actionmailer (= 6.0.3.7)
|
|
||||||
actionpack (= 6.0.3.7)
|
|
||||||
actiontext (= 6.0.3.7)
|
|
||||||
actionview (= 6.0.3.7)
|
|
||||||
activejob (= 6.0.3.7)
|
|
||||||
activemodel (= 6.0.3.7)
|
|
||||||
activerecord (= 6.0.3.7)
|
|
||||||
activestorage (= 6.0.3.7)
|
|
||||||
activesupport (= 6.0.3.7)
|
|
||||||
bundler (>= 1.3.0)
|
|
||||||
railties (= 6.0.3.7)
|
|
||||||
sprockets-rails (>= 2.0.0)
|
|
||||||
rails-controller-testing (1.0.5)
|
rails-controller-testing (1.0.5)
|
||||||
actionpack (>= 5.0.1.rc1)
|
actionpack (>= 5.0.1.rc1)
|
||||||
actionview (>= 5.0.1.rc1)
|
actionview (>= 5.0.1.rc1)
|
||||||
@ -334,12 +346,6 @@ GEM
|
|||||||
rails (>= 5.0, < 7)
|
rails (>= 5.0, < 7)
|
||||||
remotipart (~> 1.3)
|
remotipart (~> 1.3)
|
||||||
sassc-rails (>= 1.3, < 3)
|
sassc-rails (>= 1.3, < 3)
|
||||||
railties (6.0.3.7)
|
|
||||||
actionpack (= 6.0.3.7)
|
|
||||||
activesupport (= 6.0.3.7)
|
|
||||||
method_source
|
|
||||||
rake (>= 0.8.7)
|
|
||||||
thor (>= 0.20.3, < 2.0)
|
|
||||||
rainbow (3.0.0)
|
rainbow (3.0.0)
|
||||||
rake (13.0.3)
|
rake (13.0.3)
|
||||||
ransack (2.4.2)
|
ransack (2.4.2)
|
||||||
@ -425,11 +431,11 @@ GEM
|
|||||||
sentry-rails (4.4.0)
|
sentry-rails (4.4.0)
|
||||||
railties (>= 5.0)
|
railties (>= 5.0)
|
||||||
sentry-ruby-core (~> 4.4.0.pre.beta)
|
sentry-ruby-core (~> 4.4.0.pre.beta)
|
||||||
sentry-ruby (4.4.1)
|
sentry-ruby (4.4.2)
|
||||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||||
faraday (>= 1.0)
|
faraday (>= 1.0)
|
||||||
sentry-ruby-core (= 4.4.1)
|
sentry-ruby-core (= 4.4.2)
|
||||||
sentry-ruby-core (4.4.1)
|
sentry-ruby-core (4.4.2)
|
||||||
concurrent-ruby
|
concurrent-ruby
|
||||||
faraday
|
faraday
|
||||||
shoulda-matchers (4.5.1)
|
shoulda-matchers (4.5.1)
|
||||||
@ -546,7 +552,7 @@ DEPENDENCIES
|
|||||||
puma
|
puma
|
||||||
pundit
|
pundit
|
||||||
rack-mini-profiler
|
rack-mini-profiler
|
||||||
rails (= 6.0.3.7)
|
rails!
|
||||||
rails-controller-testing
|
rails-controller-testing
|
||||||
rails-i18n
|
rails-i18n
|
||||||
rails-timeago
|
rails-timeago
|
||||||
|
|||||||
@ -13,6 +13,11 @@ module CodeOcean
|
|||||||
# Initialize configuration defaults for originally generated Rails version.
|
# Initialize configuration defaults for originally generated Rails version.
|
||||||
config.load_defaults 6.0
|
config.load_defaults 6.0
|
||||||
|
|
||||||
|
# In Rails 5.2.5, the CSRF token format is accidentally changed to urlsafe-encoded.
|
||||||
|
# If you upgrade apps from 5.2.5, set the config `urlsafe_csrf_tokens = true`.
|
||||||
|
# ToDo: Remove after upgrade to Rails 6.1
|
||||||
|
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
|
||||||
|
|
||||||
# Settings in config/environments/* take precedence over those specified here.
|
# Settings in config/environments/* take precedence over those specified here.
|
||||||
# Application configuration can go into files in config/initializers
|
# Application configuration can go into files in config/initializers
|
||||||
# -- all .rb files in that directory are automatically loaded after loading
|
# -- all .rb files in that directory are automatically loaded after loading
|
||||||
|
|||||||
@ -5689,9 +5689,9 @@ postcss-selector-parser@^5.0.0-rc.3, postcss-selector-parser@^5.0.0-rc.4:
|
|||||||
uniq "^1.0.1"
|
uniq "^1.0.1"
|
||||||
|
|
||||||
postcss-selector-parser@^6.0.0, postcss-selector-parser@^6.0.2:
|
postcss-selector-parser@^6.0.0, postcss-selector-parser@^6.0.2:
|
||||||
version "6.0.5"
|
version "6.0.6"
|
||||||
resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.5.tgz#042d74e137db83e6f294712096cb413f5aa612c4"
|
resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.6.tgz#2c5bba8174ac2f6981ab631a42ab0ee54af332ea"
|
||||||
integrity sha512-aFYPoYmXbZ1V6HZaSvat08M97A8HqO6Pjz+PiNpw/DhuRrC72XWAdp3hL6wusDCN31sSmcZyMGa2hZEuX+Xfhg==
|
integrity sha512-9LXrvaaX3+mcv5xkg5kFwqSzSH1JIObIx51PrndZwlmznwXRfxMddDvo9gve3gVR8ZTKgoFDdWkbRFmEhT4PMg==
|
||||||
dependencies:
|
dependencies:
|
||||||
cssesc "^3.0.0"
|
cssesc "^3.0.0"
|
||||||
util-deprecate "^1.0.2"
|
util-deprecate "^1.0.2"
|
||||||
|
|||||||
Reference in New Issue
Block a user