diff options
Diffstat (limited to 'config/initializers/new_framework_defaults_8_1.rb')
| -rw-r--r-- | config/initializers/new_framework_defaults_8_1.rb | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 0000000..8569b5b --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb | |||
| @@ -0,0 +1,74 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | # | ||
| 3 | # This file eases your Rails 8.1 framework defaults upgrade. | ||
| 4 | # | ||
| 5 | # Uncomment each configuration one by one to switch to the new default. | ||
| 6 | # Once your application is ready to run with all new defaults, you can remove | ||
| 7 | # this file and set the `config.load_defaults` to `8.1`. | ||
| 8 | # | ||
| 9 | # Read the Guide for Upgrading Ruby on Rails for more info on each option. | ||
| 10 | # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html | ||
| 11 | |||
| 12 | ### | ||
| 13 | # Skips escaping HTML entities and line separators. When set to `false`, the | ||
| 14 | # JSON renderer no longer escapes these to improve performance. | ||
| 15 | # | ||
| 16 | # Example: | ||
| 17 | # class PostsController < ApplicationController | ||
| 18 | # def index | ||
| 19 | # render json: { key: "\u2028\u2029<>&" } | ||
| 20 | # end | ||
| 21 | # end | ||
| 22 | # | ||
| 23 | # Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":" <>&"}` with the config | ||
| 24 | # set to `false`. | ||
| 25 | # | ||
| 26 | # Applications that want to keep the escaping behavior can set the config to `true`. | ||
| 27 | #++ | ||
| 28 | # Rails.configuration.action_controller.escape_json_responses = false | ||
| 29 | |||
| 30 | ### | ||
| 31 | # Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. | ||
| 32 | # | ||
| 33 | # Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. | ||
| 34 | # As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. | ||
| 35 | #++ | ||
| 36 | # Rails.configuration.active_support.escape_js_separators_in_json = false | ||
| 37 | |||
| 38 | ### | ||
| 39 | # Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values | ||
| 40 | # on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or | ||
| 41 | # `primary_key`) to fall back on. | ||
| 42 | # | ||
| 43 | # The current behavior of not raising an error has been deprecated, and this configuration option will be removed in | ||
| 44 | # Rails 8.2. | ||
| 45 | #++ | ||
| 46 | # Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true | ||
| 47 | |||
| 48 | ### | ||
| 49 | # Controls how Rails handles path relative URL redirects. | ||
| 50 | # When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` | ||
| 51 | # for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. | ||
| 52 | # | ||
| 53 | # Example: | ||
| 54 | # redirect_to "example.com" # Raises UnsafeRedirectError | ||
| 55 | # redirect_to "@attacker.com" # Raises UnsafeRedirectError | ||
| 56 | # redirect_to "/safe/path" # Works correctly | ||
| 57 | # | ||
| 58 | # Applications that want to allow these redirects can set the config to `:log` (previous default) | ||
| 59 | # to only log warnings, or `:notify` to send ActiveSupport notifications. | ||
| 60 | #++ | ||
| 61 | # Rails.configuration.action_controller.action_on_path_relative_redirect = :raise | ||
| 62 | |||
| 63 | ### | ||
| 64 | # Use a Ruby parser to track dependencies between Action View templates | ||
| 65 | #++ | ||
| 66 | # Rails.configuration.action_view.render_tracker = :ruby | ||
| 67 | |||
| 68 | ### | ||
| 69 | # When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields | ||
| 70 | # included in `button_to` forms will omit the `autocomplete="off"` attribute. | ||
| 71 | # | ||
| 72 | # Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. | ||
| 73 | #++ | ||
| 74 | # Rails.configuration.action_view.remove_hidden_field_autocomplete = true | ||
