Rails 7 update (#24241)

2023-07-02 04:38:53 -04:00 · 2023-07-02 04:38:53 -04:00 · 50c2a03695
commit 50c2a03695
parent 4fe2d7cb59
22 changed files with 242 additions and 144 deletions
--- a/config/initializers/assets.rb
+++ b/config/initializers/assets.rb
@ -3,11 +3,12 @@
 # Version of your assets, change this if you want to expire all your assets.
 Rails.application.config.assets.version = '1.0'

-# Add additional assets to the asset load path
-# Rails.application.config.assets.paths << 'node_modules'
+# Add additional assets to the asset load path.
+# Rails.application.config.assets.paths << Emoji.images_path

 # Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w()
+# application.js, application.css, and all non-JS/CSS in the app/assets
+# folder are already added.
+# Rails.application.config.assets.precompile += %w( admin.js admin.css )

 Rails.application.config.assets.initialize_on_precompile = true
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@ -1,4 +1,8 @@
 # Be sure to restart your server when you modify this file.

-# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, :private_key, :public_key, :otp_attempt]
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]
--- a/config/initializers/new_framework_defaults_7_0.rb
+++ b/config/initializers/new_framework_defaults_7_0.rb
@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# TODO
+# The Rails 7.0 framework default here is to set this true. However, we have a
+# location in devise that redirects where we don't have an easy ability to
+# override a method or set a config option, but where the redirect does not
+# provide this option.
+# https://github.com/heartcombo/devise/blob/v4.9.2/app/controllers/devise/confirmations_controller.rb#L28
+# Once a solution is found, this line can be removed.
+Rails.application.config.action_controller.raise_on_open_redirects = false