Enable "low risk" Rails 7.1 setting defaults (#28626)

shrike
Matt Jankowski 2024-01-09 07:50:57 -05:00 committed by GitHub
parent 1ad908e0c0
commit 4e02838832
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 18 deletions

View File

@ -29,7 +29,7 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# Do not treat an `ActionController::Parameters` instance # Do not treat an `ActionController::Parameters` instance
# as equal to an equivalent `Hash` by default. # as equal to an equivalent `Hash` by default.
# Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality = false Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality = false
# Active Record Encryption now uses SHA-256 as its hash digest algorithm. Important: If you have # Active Record Encryption now uses SHA-256 as its hash digest algorithm. Important: If you have
# data encrypted with previous Rails versions, there are two scenarios to consider: # data encrypted with previous Rails versions, there are two scenarios to consider:
@ -50,7 +50,7 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# Instead, run these callbacks on the instance most likely to have internal # Instead, run these callbacks on the instance most likely to have internal
# state which matches what was committed to the database, typically the last # state which matches what was committed to the database, typically the last
# instance to save. # instance to save.
# Rails.application.config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction = false Rails.application.config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction = false
# Configures SQLite with a strict strings mode, which disables double-quoted string literals. # Configures SQLite with a strict strings mode, which disables double-quoted string literals.
# #
@ -59,10 +59,10 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# it then considers them as string literals. Because of this, typos can silently go unnoticed. # it then considers them as string literals. Because of this, typos can silently go unnoticed.
# For example, it is possible to create an index for a non existing column. # For example, it is possible to create an index for a non existing column.
# See https://www.sqlite.org/quirks.html#double_quoted_string_literals_are_accepted for more details. # See https://www.sqlite.org/quirks.html#double_quoted_string_literals_are_accepted for more details.
# Rails.application.config.active_record.sqlite3_adapter_strict_strings_by_default = true Rails.application.config.active_record.sqlite3_adapter_strict_strings_by_default = true
# Disable deprecated singular associations names # Disable deprecated singular associations names
# Rails.application.config.active_record.allow_deprecated_singular_associations_name = false Rails.application.config.active_record.allow_deprecated_singular_associations_name = false
# Enable the Active Job `BigDecimal` argument serializer, which guarantees # Enable the Active Job `BigDecimal` argument serializer, which guarantees
# roundtripping. Without this serializer, some queue adapters may serialize # roundtripping. Without this serializer, some queue adapters may serialize
@ -78,12 +78,12 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# `write` are given an invalid `expires_at` or `expires_in` time. # `write` are given an invalid `expires_at` or `expires_in` time.
# Options are `true`, and `false`. If `false`, the exception will be reported # Options are `true`, and `false`. If `false`, the exception will be reported
# as `handled` and logged instead. # as `handled` and logged instead.
# Rails.application.config.active_support.raise_on_invalid_cache_expiration_time = true Rails.application.config.active_support.raise_on_invalid_cache_expiration_time = true
# Specify whether Query Logs will format tags using the SQLCommenter format # Specify whether Query Logs will format tags using the SQLCommenter format
# (https://open-telemetry.github.io/opentelemetry-sqlcommenter/), or using the legacy format. # (https://open-telemetry.github.io/opentelemetry-sqlcommenter/), or using the legacy format.
# Options are `:legacy` and `:sqlcommenter`. # Options are `:legacy` and `:sqlcommenter`.
# Rails.application.config.active_record.query_log_tags_format = :sqlcommenter Rails.application.config.active_record.query_log_tags_format = :sqlcommenter
# Specify the default serializer used by `MessageEncryptor` and `MessageVerifier` # Specify the default serializer used by `MessageEncryptor` and `MessageVerifier`
# instances. # instances.
@ -129,39 +129,37 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# `config.load_defaults 7.1` does not set this value for environments other than # `config.load_defaults 7.1` does not set this value for environments other than
# development and test. # development and test.
# #
# if Rails.env.local? Rails.application.config.log_file_size = 100 * 1024 * 1024 if Rails.env.local?
# Rails.application.config.log_file_size = 100 * 1024 * 1024
# end
# Enable raising on assignment to attr_readonly attributes. The previous # Enable raising on assignment to attr_readonly attributes. The previous
# behavior would allow assignment but silently not persist changes to the # behavior would allow assignment but silently not persist changes to the
# database. # database.
# Rails.application.config.active_record.raise_on_assign_to_attr_readonly = true Rails.application.config.active_record.raise_on_assign_to_attr_readonly = true
# Enable validating only parent-related columns for presence when the parent is mandatory. # Enable validating only parent-related columns for presence when the parent is mandatory.
# The previous behavior was to validate the presence of the parent record, which performed an extra query # The previous behavior was to validate the presence of the parent record, which performed an extra query
# to get the parent every time the child record was updated, even when parent has not changed. # to get the parent every time the child record was updated, even when parent has not changed.
# Rails.application.config.active_record.belongs_to_required_validates_foreign_key = false Rails.application.config.active_record.belongs_to_required_validates_foreign_key = false
# Enable precompilation of `config.filter_parameters`. Precompilation can # Enable precompilation of `config.filter_parameters`. Precompilation can
# improve filtering performance, depending on the quantity and types of filters. # improve filtering performance, depending on the quantity and types of filters.
# Rails.application.config.precompile_filter_parameters = true Rails.application.config.precompile_filter_parameters = true
# Enable before_committed! callbacks on all enrolled records in a transaction. # Enable before_committed! callbacks on all enrolled records in a transaction.
# The previous behavior was to only run the callbacks on the first copy of a record # The previous behavior was to only run the callbacks on the first copy of a record
# if there were multiple copies of the same record enrolled in the transaction. # if there were multiple copies of the same record enrolled in the transaction.
# Rails.application.config.active_record.before_committed_on_all_records = true Rails.application.config.active_record.before_committed_on_all_records = true
# Disable automatic column serialization into YAML. # Disable automatic column serialization into YAML.
# To keep the historic behavior, you can set it to `YAML`, however it is # To keep the historic behavior, you can set it to `YAML`, however it is
# recommended to explicitly define the serialization method for each column # recommended to explicitly define the serialization method for each column
# rather than to rely on a global default. # rather than to rely on a global default.
# Rails.application.config.active_record.default_column_serializer = nil Rails.application.config.active_record.default_column_serializer = nil
# Run `after_commit` and `after_*_commit` callbacks in the order they are defined in a model. # Run `after_commit` and `after_*_commit` callbacks in the order they are defined in a model.
# This matches the behaviour of all other callbacks. # This matches the behaviour of all other callbacks.
# In previous versions of Rails, they ran in the inverse order. # In previous versions of Rails, they ran in the inverse order.
# Rails.application.config.active_record.run_after_transaction_callbacks_in_order_defined = true Rails.application.config.active_record.run_after_transaction_callbacks_in_order_defined = true
# Whether a `transaction` block is committed or rolled back when exited via `return`, `break` or `throw`. # Whether a `transaction` block is committed or rolled back when exited via `return`, `break` or `throw`.
# #
@ -169,7 +167,7 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# Controls when to generate a value for <tt>has_secure_token</tt> declarations. # Controls when to generate a value for <tt>has_secure_token</tt> declarations.
# #
# Rails.application.config.active_record.generate_secure_token_on = :initialize Rails.application.config.active_record.generate_secure_token_on = :initialize
# ** Please read carefully, this must be configured in config/application.rb ** # ** Please read carefully, this must be configured in config/application.rb **
# Change the format of the cache entry. # Change the format of the cache entry.
@ -190,7 +188,7 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# #
# In previous versions of Rails, Action View always used `Rails::HTML4::Sanitizer` as its vendor. # In previous versions of Rails, Action View always used `Rails::HTML4::Sanitizer` as its vendor.
# #
# Rails.application.config.action_view.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor Rails.application.config.action_view.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor
# Configure Action Text to use an HTML5 standards-compliant sanitizer when it is supported on your # Configure Action Text to use an HTML5 standards-compliant sanitizer when it is supported on your
# platform. # platform.
@ -213,4 +211,4 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# #
# In previous versions of Rails, these test helpers always used an HTML4 parser. # In previous versions of Rails, these test helpers always used an HTML4 parser.
# #
# Rails.application.config.dom_testing_default_html_version = :html5 Rails.application.config.dom_testing_default_html_version = :html5