From 217ffa1aff0cbb207e8113522bdbc3e6ebbdadff Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 22:12:50 +0900 Subject: [PATCH 01/19] update ruby version 3.1.6 From 0dabce2f2e7071f68128f9eb3ccee875583e504c Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 22:47:02 +0900 Subject: [PATCH 02/19] update gem to rails 7.0 --- Gemfile | 46 ++++++------- Gemfile.lock | 184 ++++++++++++++++++++++++++------------------------- 2 files changed, 117 insertions(+), 113 deletions(-) diff --git a/Gemfile b/Gemfile index e032ee1f3..a2a9e5d75 100644 --- a/Gemfile +++ b/Gemfile @@ -1,23 +1,23 @@ source 'https://rubygems.org' ruby '3.1.6' -gem 'rails', '~> 6.1' -gem 'puma' -gem "puma_worker_killer" -gem 'pg' gem 'bootsnap' +gem 'pg' +gem 'puma' +gem 'puma_worker_killer' +gem 'rails', '~> 7.0' gem 'coffee-rails' gem 'jbuilder' gem 'jquery-rails' -gem 'simple_grid_rails' -gem "bootstrap-sass" -gem 'sass-rails', '>= 5' -gem 'uglifier' +gem 'bootstrap-sass' gem 'font-awesome-rails' gem 'haml-rails' gem 'rails-html-sanitizer', '~> 1.4.4' +gem 'sass-rails', '>= 5' +gem 'simple_grid_rails' +gem 'uglifier' # For handling error # https://github.com/yuki24/rambulance @@ -39,14 +39,14 @@ gem 'kramdown-parser-gfm' gem 'faraday' gem 'faraday_middleware' +gem 'google_drive' gem 'koala' -gem 'rack-user_agent' +gem 'lazy_high_charts', '1.5.8' gem 'rack-attack' -gem 'google_drive' -gem 'lazy_high_charts', "1.5.8" +gem 'rack-user_agent' # For RSS feed -gem 'ruby-mp3info', :require => 'mp3info' +gem 'ruby-mp3info', require: 'mp3info' # For Sitemap (Google Search Console) gem 'sitemap_generator' @@ -61,30 +61,30 @@ gem 'net-http' gem 'uri' group :development do - gem 'web-console' - gem "solargraph" - gem 'spring' - gem 'listen' - gem 'letter_opener_web' - gem 'stackprof', require: false gem 'flamegraph', require: false - gem 'memory_profiler', require: false + gem 'letter_opener_web' + gem 'listen' + gem 'memory_profiler', require: false gem 'rack-mini-profiler', require: false + gem 'solargraph' + gem 'spring' + gem 'stackprof', require: false + gem 'web-console' end group :development, :test do - gem 'pry-rails' + gem 'minitest-retry' gem 'pry-byebug' gem 'pry-doc' + gem 'pry-rails' gem 'pry-stack_explorer' gem 'rake' - gem 'minitest-retry' gem 'rspec-retry' - gem 'selenium-webdriver' gem 'capybara' - gem 'rspec-rails', '~> 4.0' gem 'factory_bot_rails' + gem 'rspec-rails', '~> 4.0' + gem 'selenium-webdriver' gem 'dotenv-rails' end diff --git a/Gemfile.lock b/Gemfile.lock index 1ea94e1d5..13442fb9b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,85 +1,91 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) + actioncable (7.0.8.4) + actionpack (= 7.0.8.4) + activesupport (= 7.0.8.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + actionmailbox (7.0.8.4) + actionpack (= 7.0.8.4) + activejob (= 7.0.8.4) + activerecord (= 7.0.8.4) + activestorage (= 7.0.8.4) + activesupport (= 7.0.8.4) mail (>= 2.7.1) - actionmailer (6.1.7.8) - actionpack (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activesupport (= 6.1.7.8) + net-imap + net-pop + net-smtp + actionmailer (7.0.8.4) + actionpack (= 7.0.8.4) + actionview (= 7.0.8.4) + activejob (= 7.0.8.4) + activesupport (= 7.0.8.4) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.8) - actionview (= 6.1.7.8) - activesupport (= 6.1.7.8) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.8.4) + actionview (= 7.0.8.4) + activesupport (= 7.0.8.4) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.8) - actionpack (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + actiontext (7.0.8.4) + actionpack (= 7.0.8.4) + activerecord (= 7.0.8.4) + activestorage (= 7.0.8.4) + activesupport (= 7.0.8.4) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.8) - activesupport (= 6.1.7.8) + actionview (7.0.8.4) + activesupport (= 7.0.8.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.8) - activesupport (= 6.1.7.8) + activejob (7.0.8.4) + activesupport (= 7.0.8.4) globalid (>= 0.3.6) - activemodel (6.1.7.8) - activesupport (= 6.1.7.8) - activerecord (6.1.7.8) - activemodel (= 6.1.7.8) - activesupport (= 6.1.7.8) - activestorage (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activesupport (= 6.1.7.8) + activemodel (7.0.8.4) + activesupport (= 7.0.8.4) + activerecord (7.0.8.4) + activemodel (= 7.0.8.4) + activesupport (= 7.0.8.4) + activestorage (7.0.8.4) + actionpack (= 7.0.8.4) + activejob (= 7.0.8.4) + activerecord (= 7.0.8.4) + activesupport (= 7.0.8.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.8) + activesupport (7.0.8.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) autoprefixer-rails (10.4.19.0) execjs (~> 2) aws-eventstream (1.3.0) - aws-partitions (1.966.0) - aws-sdk-core (3.201.5) + aws-partitions (1.976.0) + aws-sdk-core (3.206.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.9) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.88.0) - aws-sdk-core (~> 3, >= 3.201.0) + aws-sdk-kms (1.91.0) + aws-sdk-core (~> 3, >= 3.205.0) aws-sigv4 (~> 1.5) - aws-sdk-s3 (1.158.0) - aws-sdk-core (~> 3, >= 3.201.0) + aws-sdk-s3 (1.162.0) + aws-sdk-core (~> 3, >= 3.205.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.5) - aws-sigv4 (1.9.1) + aws-sigv4 (1.10.0) aws-eventstream (~> 1, >= 1.0.2) backport (1.2.0) base64 (0.2.0) @@ -120,14 +126,14 @@ GEM debug_inspector (1.2.0) declarative (0.0.20) diff-lcs (1.5.1) - dotenv (3.1.2) - dotenv-rails (3.1.2) - dotenv (= 3.1.2) + dotenv (3.1.4) + dotenv-rails (3.1.4) + dotenv (= 3.1.4) railties (>= 6.1) e2mmap (0.1.0) erubi (1.13.0) execjs (2.9.1) - factory_bot (6.4.6) + factory_bot (6.5.0) activesupport (>= 5.0.0) factory_bot_rails (6.4.3) factory_bot (~> 6.4) @@ -201,10 +207,10 @@ GEM railties (>= 5.1) hash-deep-merge (0.1.1) httpclient (2.8.3) - i18n (1.14.5) + i18n (1.14.6) concurrent-ruby (~> 1.0) jaro_winkler (1.6.0) - jbuilder (2.12.0) + jbuilder (2.13.0) actionview (>= 5.0.0) activesupport (>= 5.0.0) jmespath (1.6.2) @@ -213,7 +219,7 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.7.2) - jwt (2.8.2) + jwt (2.9.0) base64 koala (3.6.0) addressable @@ -243,7 +249,7 @@ GEM listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.0) + logger (1.6.1) loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -255,21 +261,21 @@ GEM marcel (1.0.4) matrix (0.4.2) memoist (0.16.2) - memory_profiler (1.0.2) + memory_profiler (1.1.0) method_source (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.7) - mini_racer (0.14.1) + mini_racer (0.16.0) libv8-node (~> 18.19.0.0) minitest (5.25.1) - minitest-retry (0.2.2) + minitest-retry (0.2.3) minitest (>= 5.0) msgpack (1.7.2) multi_json (1.15.0) multipart-post (2.4.1) net-http (0.4.1) uri - net-imap (0.4.14) + net-imap (0.4.16) date net-protocol net-pop (0.1.2) @@ -284,10 +290,10 @@ GEM racc (~> 1.4) os (1.1.4) parallel (1.26.3) - parser (3.3.4.2) + parser (3.3.5.0) ast (~> 2.4.1) racc - pg (1.5.7) + pg (1.5.8) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) @@ -322,21 +328,20 @@ GEM rack-user_agent (0.5.3) rack (>= 1.5) woothee (>= 1.0.0) - rails (6.1.7.8) - actioncable (= 6.1.7.8) - actionmailbox (= 6.1.7.8) - actionmailer (= 6.1.7.8) - actionpack (= 6.1.7.8) - actiontext (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activemodel (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + rails (7.0.8.4) + actioncable (= 7.0.8.4) + actionmailbox (= 7.0.8.4) + actionmailer (= 7.0.8.4) + actionpack (= 7.0.8.4) + actiontext (= 7.0.8.4) + actionview (= 7.0.8.4) + activejob (= 7.0.8.4) + activemodel (= 7.0.8.4) + activerecord (= 7.0.8.4) + activestorage (= 7.0.8.4) + activesupport (= 7.0.8.4) bundler (>= 1.15.0) - railties (= 6.1.7.8) - sprockets-rails (>= 2.0.0) + railties (= 7.0.8.4) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -347,12 +352,13 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.4.4) loofah (~> 2.19, >= 2.19.1) - railties (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) + railties (7.0.8.4) + actionpack (= 7.0.8.4) + activesupport (= 7.0.8.4) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.2.1) rambulance (3.3.0) @@ -371,11 +377,10 @@ GEM retriable (3.1.2) reverse_markdown (2.1.1) nokogiri - rexml (3.3.6) - strscan - rspec-core (3.13.0) + rexml (3.3.7) + rspec-core (3.13.1) rspec-support (~> 3.13.0) - rspec-expectations (3.13.1) + rspec-expectations (3.13.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-mocks (3.13.1) @@ -405,7 +410,7 @@ GEM rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.32.1) + rubocop-ast (1.32.3) parser (>= 3.3.1.0) ruby-mp3info (0.8.10) ruby-progressbar (1.13.0) @@ -422,7 +427,7 @@ GEM sprockets-rails tilt secure_headers (6.7.0) - selenium-webdriver (4.23.0) + selenium-webdriver (4.24.0) base64 (~> 0.2) logger (~> 1.4) rexml (~> 3.2, >= 3.2.5) @@ -461,9 +466,8 @@ GEM activesupport (>= 6.1) sprockets (>= 3.0.0) stackprof (0.2.26) - strscan (3.1.0) temple (0.10.3) - thor (1.3.1) + thor (1.3.2) tilt (2.4.0) timeout (0.4.1) trailblazer-option (0.1.2) @@ -472,8 +476,8 @@ GEM uber (0.1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unicode-display_width (2.5.0) - uri (0.13.0) + unicode-display_width (2.6.0) + uri (0.13.1) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -486,8 +490,8 @@ GEM woothee (1.13.0) xpath (3.2.0) nokogiri (~> 1.8) - yard (0.9.36) - zeitwerk (2.6.17) + yard (0.9.37) + zeitwerk (2.6.18) PLATFORMS ruby @@ -529,7 +533,7 @@ DEPENDENCIES rack-host-redirect rack-mini-profiler rack-user_agent - rails (~> 6.1) + rails (~> 7.0) rails-controller-testing rails-html-sanitizer (~> 1.4.4) rake From 1d3a5d1fab076f89e1d4d4704dac4466e0ffb10a Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:34:02 +0900 Subject: [PATCH 03/19] app:update bin/setup --- bin/setup | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/bin/setup b/bin/setup index 1e189ba9d..e57a3b32d 100755 --- a/bin/setup +++ b/bin/setup @@ -34,12 +34,9 @@ FileUtils.chdir APP_ROOT do system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') - # Install JavaScript dependencies - # system! 'bin/yarn' - # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') - # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' + # FileUtils.cp 'config/database.yml.sample', 'config/database.yml" # end puts "\n== Preparing database ==" From 29b52bc0c47c534628c449ec434df5fd3622e587 Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:34:40 +0900 Subject: [PATCH 04/19] app:update config/environments/development.rb --- config/environments/development.rb | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index f9bdb377b..9cc391a39 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -12,13 +12,14 @@ config.eager_load = false # Show full error reports. - # Set this `false` for quick debugging and the set back to `true`. config.consider_all_requests_local = true - #config.consider_all_requests_local = false + + # Enable server timing + config.server_timing = true # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp', 'caching-dev.txt').exist? + if Rails.root.join('tmp/caching-dev.txt').exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true @@ -55,11 +56,6 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - config.assets.debug = true - # Suppress logger output for asset requests. config.assets.quiet = true @@ -69,10 +65,6 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - config.file_watcher = ActiveSupport::EventedFileUpdateChecker - # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true From f9767bd678ac48b117377f3257ece10ba0be81da Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:35:12 +0900 Subject: [PATCH 05/19] app:update config/environments/production.rb --- config/environments/production.rb | 35 ++++--------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 23db97493..3b7b65877 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -42,8 +42,8 @@ # Mount Action Cable outside main process or domain. # config.action_cable.mount_path = nil - # config.action_cable.url = 'wss://example.com/cable' - # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] + # config.action_cable.url = "wss://example.com/cable" + # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true @@ -72,14 +72,8 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new @@ -97,27 +91,6 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session - # Redirect if not in correct domains config.middleware.use Rack::HostRedirect, { %w(coderdojo-japan.herokuapp.com www.coderdojo.jp) => 'coderdojo.jp' From 58bab53f86c9958ecd2bb83cd2118b4362a131c0 Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:35:36 +0900 Subject: [PATCH 06/19] app:update config/environments/test.rb --- config/environments/test.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/environments/test.rb b/config/environments/test.rb index 93ed4f1b7..21119c1c4 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -8,13 +8,13 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - config.cache_classes = false - config.action_view.cache_template_loading = true + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true From d935753421b64ebf5c9796fbb7b92109450d7130 Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:35:59 +0900 Subject: [PATCH 07/19] app:update config/initializers/assets.rb --- config/initializers/assets.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 4b828e80c..fe48fc34e 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -5,8 +5,6 @@ # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path -# Add Yarn node_modules folder to the asset load path. -Rails.application.config.assets.paths << Rails.root.join('node_modules') # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets From c399269887b4e93da6aec2e53a6dacd1a11d339c Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:36:19 +0900 Subject: [PATCH 08/19] app:update config/initializers/content_security_policy.rb --- .../initializers/content_security_policy.rb | 47 +++++++++---------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 35d0f26fc..54f47cf15 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,30 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true From 6d4ecc1ce0ff7674421de2396a9b3e92c09fd2b7 Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:36:41 +0900 Subject: [PATCH 09/19] app:update config/initializers/filter_parameter_logging.rb --- config/initializers/filter_parameter_logging.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1e7..a9a173b9f 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. +Rails.application.config.filter_parameters += [ + :password, :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] From d573bdb42dd6958f87741625538ac4e151ce3eed Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:37:04 +0900 Subject: [PATCH 10/19] app:update config/initializers/inflections.rb --- config/initializers/inflections.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf9d..037d80e83 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,9 +4,9 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end From 105d203f13b53759fb84127efe0d763f789e818a Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:37:19 +0900 Subject: [PATCH 11/19] app:update db/schema.rb --- db/schema.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index 186e6b894..1ecd769ff 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2024_06_18_025325) do +ActiveRecord::Schema[6.1].define(version: 2024_06_18_025325) do # These are extensions that must be enabled in order to support this database enable_extension "pg_stat_statements" From e20dbd6d5627ce24331e4302b56a7d4ac1cfe51e Mon Sep 17 00:00:00 2001 From: Naoya Matayoshi Date: Wed, 18 Sep 2024 23:39:23 +0900 Subject: [PATCH 12/19] app:update config/initializers/new_framework_defaults_7_0.rb --- .../new_framework_defaults_7_0.rb | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 config/initializers/new_framework_defaults_7_0.rb diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 000000000..b13ef5ed1 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,143 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `