diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-06-27 16:58:53 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-06-27 16:58:53 +0200 |
| commit | 420506e58fdfc84f1a5bede0a01dedf0af3bb4f3 (patch) | |
| tree | 57726b40e8aa9ccf80f874f39d3facefc0331420 /config/initializers/new_framework_defaults_8_1.rb | |
| parent | 241d5e91b2b6716e2861cc77d319c3d3568343a8 (diff) | |
Stage 7: Rails 7.2 → 8.1 on Ruby 3.2.11
- Bump Rails to 8.1.3 (Ruby unchanged at 3.2.11, new gemset rails8-upgrade)
- config.load_defaults 8.1; merge app:update diffs for all environment files
- Remove routing-filter 0.7.0; replace with native scope '(:locale)' in
routes.rb and default_url_options in ApplicationController
- Delete config/initializers/routing_filter_rails71_patch.rb
- Replace vendored TinyMCE 3.x (~200 files) with tinymce-rails ~> 8.3;
migrate admin_interface.js from jQuery .tinymce()/advanced theme to
tinymce.init(); add config/tinymce.yml; note: TinyMCE 7+ is GPL
- rails-i18n ~> 8.0 added explicitly (previously indirect dependency)
- awesome_nested_set, acts-as-taggable-on pinned to git main/master
(gemspec activerecord < 8.1 ceiling; no functional incompatibility;
repin to version once upstream releases updated gemspecs)
- globalize ~> 7.0, libxml-ruby ~> 5.0, nokogiri ~> 1.18, pg ~> 1.5
- sass-rails, coffee-rails, uglifier moved from :assets group to main
(Sprockets 4 convention; :assets group no longer meaningful)
- Node: head, draft, lock_owner marked belongs_to optional: true
- Page: node, user, editor marked belongs_to optional: true
- Static assets in public/images/ and public/javascripts/ referenced via
plain HTML tags; Rails 8 load_defaults raises on pipeline helpers for
undeclared assets
- sessions_controller_test.rb: remove stale require and dead rescue_action
- users_controller_test.rb: assert button[type=submit] not input[type=submit]
(Rails 8 button_to renders <button> not <input>)
- test_helper.rb: node.reload after children.create! (awesome_nested_set
3.9.0 does not refresh parent in memory after callback)
- 129 runs, 339 assertions, 3 failures, 0 errors — identical baseline to 7.2
Diffstat (limited to 'config/initializers/new_framework_defaults_8_1.rb')
| -rw-r--r-- | config/initializers/new_framework_defaults_8_1.rb | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 0000000..8569b5b --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb | |||
| @@ -0,0 +1,74 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | # | ||
| 3 | # This file eases your Rails 8.1 framework defaults upgrade. | ||
| 4 | # | ||
| 5 | # Uncomment each configuration one by one to switch to the new default. | ||
| 6 | # Once your application is ready to run with all new defaults, you can remove | ||
| 7 | # this file and set the `config.load_defaults` to `8.1`. | ||
| 8 | # | ||
| 9 | # Read the Guide for Upgrading Ruby on Rails for more info on each option. | ||
| 10 | # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html | ||
| 11 | |||
| 12 | ### | ||
| 13 | # Skips escaping HTML entities and line separators. When set to `false`, the | ||
| 14 | # JSON renderer no longer escapes these to improve performance. | ||
| 15 | # | ||
| 16 | # Example: | ||
| 17 | # class PostsController < ApplicationController | ||
| 18 | # def index | ||
| 19 | # render json: { key: "\u2028\u2029<>&" } | ||
| 20 | # end | ||
| 21 | # end | ||
| 22 | # | ||
| 23 | # Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":" <>&"}` with the config | ||
| 24 | # set to `false`. | ||
| 25 | # | ||
| 26 | # Applications that want to keep the escaping behavior can set the config to `true`. | ||
| 27 | #++ | ||
| 28 | # Rails.configuration.action_controller.escape_json_responses = false | ||
| 29 | |||
| 30 | ### | ||
| 31 | # Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. | ||
| 32 | # | ||
| 33 | # Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. | ||
| 34 | # As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. | ||
| 35 | #++ | ||
| 36 | # Rails.configuration.active_support.escape_js_separators_in_json = false | ||
| 37 | |||
| 38 | ### | ||
| 39 | # Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values | ||
| 40 | # on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or | ||
| 41 | # `primary_key`) to fall back on. | ||
| 42 | # | ||
| 43 | # The current behavior of not raising an error has been deprecated, and this configuration option will be removed in | ||
| 44 | # Rails 8.2. | ||
| 45 | #++ | ||
| 46 | # Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true | ||
| 47 | |||
| 48 | ### | ||
| 49 | # Controls how Rails handles path relative URL redirects. | ||
| 50 | # When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` | ||
| 51 | # for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. | ||
| 52 | # | ||
| 53 | # Example: | ||
| 54 | # redirect_to "example.com" # Raises UnsafeRedirectError | ||
| 55 | # redirect_to "@attacker.com" # Raises UnsafeRedirectError | ||
| 56 | # redirect_to "/safe/path" # Works correctly | ||
| 57 | # | ||
| 58 | # Applications that want to allow these redirects can set the config to `:log` (previous default) | ||
| 59 | # to only log warnings, or `:notify` to send ActiveSupport notifications. | ||
| 60 | #++ | ||
| 61 | # Rails.configuration.action_controller.action_on_path_relative_redirect = :raise | ||
| 62 | |||
| 63 | ### | ||
| 64 | # Use a Ruby parser to track dependencies between Action View templates | ||
| 65 | #++ | ||
| 66 | # Rails.configuration.action_view.render_tracker = :ruby | ||
| 67 | |||
| 68 | ### | ||
| 69 | # When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields | ||
| 70 | # included in `button_to` forms will omit the `autocomplete="off"` attribute. | ||
| 71 | # | ||
| 72 | # Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. | ||
| 73 | #++ | ||
| 74 | # Rails.configuration.action_view.remove_hidden_field_autocomplete = true | ||
