diff options
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/activesupport_duration_patch.rb | 53 | ||||
| -rw-r--r-- | config/initializers/backtrace_silencers.rb | 7 | ||||
| -rw-r--r-- | config/initializers/content_security_policy.rb | 29 | ||||
| -rw-r--r-- | config/initializers/exception_notifier.rb | 6 | ||||
| -rw-r--r-- | config/initializers/filter_parameter_logging.rb | 8 | ||||
| -rw-r--r-- | config/initializers/i18n.rb | 3 | ||||
| -rw-r--r-- | config/initializers/inflections.rb | 18 | ||||
| -rw-r--r-- | config/initializers/new_framework_defaults_8_1.rb | 74 | ||||
| -rw-r--r-- | config/initializers/new_rails_defaults.rb | 19 | ||||
| -rw-r--r-- | config/initializers/postgresql_adapter_patch.rb | 30 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 16 | ||||
| -rw-r--r-- | config/initializers/xmlparser.rb | 9 |
12 files changed, 220 insertions, 52 deletions
diff --git a/config/initializers/activesupport_duration_patch.rb b/config/initializers/activesupport_duration_patch.rb new file mode 100644 index 0000000..c2b431d --- /dev/null +++ b/config/initializers/activesupport_duration_patch.rb | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | class Integer | ||
| 2 | def days | ||
| 3 | ActiveSupport::Duration.new(self * 86400, [[:days, self]]) | ||
| 4 | end | ||
| 5 | alias :day :days | ||
| 6 | |||
| 7 | def weeks | ||
| 8 | ActiveSupport::Duration.new(self * 7 * 86400, [[:days, self * 7]]) | ||
| 9 | end | ||
| 10 | alias :week :weeks | ||
| 11 | |||
| 12 | def hours | ||
| 13 | ActiveSupport::Duration.new(self * 3600, [[:seconds, self * 3600]]) | ||
| 14 | end | ||
| 15 | alias :hour :hours | ||
| 16 | |||
| 17 | def minutes | ||
| 18 | ActiveSupport::Duration.new(self * 60, [[:seconds, self * 60]]) | ||
| 19 | end | ||
| 20 | alias :minute :minutes | ||
| 21 | |||
| 22 | def seconds | ||
| 23 | ActiveSupport::Duration.new(self, [[:seconds, self]]) | ||
| 24 | end | ||
| 25 | alias :second :seconds | ||
| 26 | |||
| 27 | def months | ||
| 28 | ActiveSupport::Duration.new(self * 30 * 86400, [[:months, self]]) | ||
| 29 | end | ||
| 30 | alias :month :months | ||
| 31 | |||
| 32 | def years | ||
| 33 | ActiveSupport::Duration.new((self * 365.25 * 86400).to_i, [[:years, self]]) | ||
| 34 | end | ||
| 35 | alias :year :years | ||
| 36 | end | ||
| 37 | |||
| 38 | class Float | ||
| 39 | def days | ||
| 40 | ActiveSupport::Duration.new((self * 86400).to_i, [[:days, self]]) | ||
| 41 | end | ||
| 42 | alias :day :days | ||
| 43 | |||
| 44 | def hours | ||
| 45 | ActiveSupport::Duration.new((self * 3600).to_i, [[:seconds, (self * 3600).to_i]]) | ||
| 46 | end | ||
| 47 | alias :hour :hours | ||
| 48 | |||
| 49 | def minutes | ||
| 50 | ActiveSupport::Duration.new((self * 60).to_i, [[:seconds, (self * 60).to_i]]) | ||
| 51 | end | ||
| 52 | alias :minute :minutes | ||
| 53 | end | ||
diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb deleted file mode 100644 index c2169ed..0000000 --- a/config/initializers/backtrace_silencers.rb +++ /dev/null | |||
| @@ -1,7 +0,0 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | |||
| 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. | ||
| 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } | ||
| 5 | |||
| 6 | # You can also remove all the silencers if you're trying do debug a problem that might steem from framework code. | ||
| 7 | # Rails.backtrace_cleaner.remove_silencers! \ No newline at end of file | ||
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..d51d713 --- /dev/null +++ b/config/initializers/content_security_policy.rb | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | |||
| 3 | # Define an application-wide content security policy. | ||
| 4 | # See the Securing Rails Applications Guide for more information: | ||
| 5 | # https://guides.rubyonrails.org/security.html#content-security-policy-header | ||
| 6 | |||
| 7 | # Rails.application.configure do | ||
| 8 | # config.content_security_policy do |policy| | ||
| 9 | # policy.default_src :self, :https | ||
| 10 | # policy.font_src :self, :https, :data | ||
| 11 | # policy.img_src :self, :https, :data | ||
| 12 | # policy.object_src :none | ||
| 13 | # policy.script_src :self, :https | ||
| 14 | # policy.style_src :self, :https | ||
| 15 | # # Specify URI for violation reports | ||
| 16 | # # policy.report_uri "/csp-violation-report-endpoint" | ||
| 17 | # end | ||
| 18 | # | ||
| 19 | # # Generate session nonces for permitted importmap, inline scripts, and inline styles. | ||
| 20 | # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } | ||
| 21 | # config.content_security_policy_nonce_directives = %w(script-src style-src) | ||
| 22 | # | ||
| 23 | # # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag` | ||
| 24 | # # if the corresponding directives are specified in `content_security_policy_nonce_directives`. | ||
| 25 | # # config.content_security_policy_nonce_auto = true | ||
| 26 | # | ||
| 27 | # # Report violations without enforcing the policy. | ||
| 28 | # # config.content_security_policy_report_only = true | ||
| 29 | # end | ||
diff --git a/config/initializers/exception_notifier.rb b/config/initializers/exception_notifier.rb new file mode 100644 index 0000000..bc7c385 --- /dev/null +++ b/config/initializers/exception_notifier.rb | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | Cccms::Application.config.middleware.use ExceptionNotification::Rack, | ||
| 2 | :email => { | ||
| 3 | :email_prefix => "[CCCMS] ", | ||
| 4 | :sender_address => %("CCCMS Error" <error@www.ccc.de>), | ||
| 5 | :exception_recipients => %w(erdgeist@ccc.de) | ||
| 6 | } | ||
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 0000000..c0b717f --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | |||
| 3 | # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. | ||
| 4 | # Use this to limit dissemination of sensitive information. | ||
| 5 | # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. | ||
| 6 | Rails.application.config.filter_parameters += [ | ||
| 7 | :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc | ||
| 8 | ] | ||
diff --git a/config/initializers/i18n.rb b/config/initializers/i18n.rb deleted file mode 100644 index 0190f63..0000000 --- a/config/initializers/i18n.rb +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | require "i18n/backend/fallbacks" | ||
| 2 | I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks) | ||
| 3 | I18n.fallbacks.map "en" => ["de"] | ||
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index d531b8b..3860f65 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb | |||
| @@ -1,10 +1,16 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | 1 | # Be sure to restart your server when you modify this file. |
| 2 | 2 | ||
| 3 | # Add new inflection rules using the following format | 3 | # Add new inflection rules using the following format. Inflections |
| 4 | # (all these examples are active by default): | 4 | # are locale specific, and you may define rules for as many different |
| 5 | # ActiveSupport::Inflector.inflections do |inflect| | 5 | # locales as you wish. All of these examples are active by default: |
| 6 | # inflect.plural /^(ox)$/i, '\1en' | 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| |
| 7 | # inflect.singular /^(ox)en/i, '\1' | 7 | # inflect.plural /^(ox)$/i, "\\1en" |
| 8 | # inflect.irregular 'person', 'people' | 8 | # inflect.singular /^(ox)en/i, "\\1" |
| 9 | # inflect.irregular "person", "people" | ||
| 9 | # inflect.uncountable %w( fish sheep ) | 10 | # inflect.uncountable %w( fish sheep ) |
| 10 | # end | 11 | # end |
| 12 | |||
| 13 | # These inflection rules are supported but not enabled by default: | ||
| 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| | ||
| 15 | # inflect.acronym "RESTful" | ||
| 16 | # end | ||
diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 0000000..8569b5b --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb | |||
| @@ -0,0 +1,74 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | # | ||
| 3 | # This file eases your Rails 8.1 framework defaults upgrade. | ||
| 4 | # | ||
| 5 | # Uncomment each configuration one by one to switch to the new default. | ||
| 6 | # Once your application is ready to run with all new defaults, you can remove | ||
| 7 | # this file and set the `config.load_defaults` to `8.1`. | ||
| 8 | # | ||
| 9 | # Read the Guide for Upgrading Ruby on Rails for more info on each option. | ||
| 10 | # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html | ||
| 11 | |||
| 12 | ### | ||
| 13 | # Skips escaping HTML entities and line separators. When set to `false`, the | ||
| 14 | # JSON renderer no longer escapes these to improve performance. | ||
| 15 | # | ||
| 16 | # Example: | ||
| 17 | # class PostsController < ApplicationController | ||
| 18 | # def index | ||
| 19 | # render json: { key: "\u2028\u2029<>&" } | ||
| 20 | # end | ||
| 21 | # end | ||
| 22 | # | ||
| 23 | # Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":" <>&"}` with the config | ||
| 24 | # set to `false`. | ||
| 25 | # | ||
| 26 | # Applications that want to keep the escaping behavior can set the config to `true`. | ||
| 27 | #++ | ||
| 28 | # Rails.configuration.action_controller.escape_json_responses = false | ||
| 29 | |||
| 30 | ### | ||
| 31 | # Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. | ||
| 32 | # | ||
| 33 | # Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. | ||
| 34 | # As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. | ||
| 35 | #++ | ||
| 36 | # Rails.configuration.active_support.escape_js_separators_in_json = false | ||
| 37 | |||
| 38 | ### | ||
| 39 | # Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values | ||
| 40 | # on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or | ||
| 41 | # `primary_key`) to fall back on. | ||
| 42 | # | ||
| 43 | # The current behavior of not raising an error has been deprecated, and this configuration option will be removed in | ||
| 44 | # Rails 8.2. | ||
| 45 | #++ | ||
| 46 | # Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true | ||
| 47 | |||
| 48 | ### | ||
| 49 | # Controls how Rails handles path relative URL redirects. | ||
| 50 | # When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` | ||
| 51 | # for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. | ||
| 52 | # | ||
| 53 | # Example: | ||
| 54 | # redirect_to "example.com" # Raises UnsafeRedirectError | ||
| 55 | # redirect_to "@attacker.com" # Raises UnsafeRedirectError | ||
| 56 | # redirect_to "/safe/path" # Works correctly | ||
| 57 | # | ||
| 58 | # Applications that want to allow these redirects can set the config to `:log` (previous default) | ||
| 59 | # to only log warnings, or `:notify` to send ActiveSupport notifications. | ||
| 60 | #++ | ||
| 61 | # Rails.configuration.action_controller.action_on_path_relative_redirect = :raise | ||
| 62 | |||
| 63 | ### | ||
| 64 | # Use a Ruby parser to track dependencies between Action View templates | ||
| 65 | #++ | ||
| 66 | # Rails.configuration.action_view.render_tracker = :ruby | ||
| 67 | |||
| 68 | ### | ||
| 69 | # When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields | ||
| 70 | # included in `button_to` forms will omit the `autocomplete="off"` attribute. | ||
| 71 | # | ||
| 72 | # Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. | ||
| 73 | #++ | ||
| 74 | # Rails.configuration.action_view.remove_hidden_field_autocomplete = true | ||
diff --git a/config/initializers/new_rails_defaults.rb b/config/initializers/new_rails_defaults.rb deleted file mode 100644 index 8ec3186..0000000 --- a/config/initializers/new_rails_defaults.rb +++ /dev/null | |||
| @@ -1,19 +0,0 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | |||
| 3 | # These settings change the behavior of Rails 2 apps and will be defaults | ||
| 4 | # for Rails 3. You can remove this initializer when Rails 3 is released. | ||
| 5 | |||
| 6 | if defined?(ActiveRecord) | ||
| 7 | # Include Active Record class name as root for JSON serialized output. | ||
| 8 | ActiveRecord::Base.include_root_in_json = true | ||
| 9 | |||
| 10 | # Store the full class name (including module namespace) in STI type column. | ||
| 11 | ActiveRecord::Base.store_full_sti_class = true | ||
| 12 | end | ||
| 13 | |||
| 14 | # Use ISO 8601 format for JSON serialized times and dates. | ||
| 15 | ActiveSupport.use_standard_json_time_format = true | ||
| 16 | |||
| 17 | # Don't escape HTML entities in JSON, leave that for the #json_escape helper. | ||
| 18 | # if you're including raw json in an HTML page. | ||
| 19 | ActiveSupport.escape_html_entities_in_json = false \ No newline at end of file | ||
diff --git a/config/initializers/postgresql_adapter_patch.rb b/config/initializers/postgresql_adapter_patch.rb new file mode 100644 index 0000000..57df6a2 --- /dev/null +++ b/config/initializers/postgresql_adapter_patch.rb | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | require 'active_record/connection_adapters/postgresql_adapter' | ||
| 2 | |||
| 3 | module ActiveRecord | ||
| 4 | module ConnectionAdapters | ||
| 5 | class PostgreSQLAdapter | ||
| 6 | def create_database(name, options = {}) | ||
| 7 | options = options.reverse_merge(:encoding => "utf8") | ||
| 8 | |||
| 9 | option_string = options.symbolize_keys.inject("") do |memo, (key, value)| | ||
| 10 | memo + case key | ||
| 11 | when :owner | ||
| 12 | " OWNER = \"#{value}\"" | ||
| 13 | when :template | ||
| 14 | " TEMPLATE = \"#{value}\"" | ||
| 15 | when :encoding | ||
| 16 | " ENCODING = '#{value}'" | ||
| 17 | when :tablespace | ||
| 18 | " TABLESPACE = \"#{value}\"" | ||
| 19 | when :connection_limit | ||
| 20 | " CONNECTION LIMIT = #{value}" | ||
| 21 | else | ||
| 22 | "" | ||
| 23 | end | ||
| 24 | end | ||
| 25 | |||
| 26 | execute "CREATE DATABASE #{quote_table_name(name)}#{option_string}" | ||
| 27 | end | ||
| 28 | end | ||
| 29 | end | ||
| 30 | end | ||
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index b3e1098..507dc3c 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb | |||
| @@ -1,15 +1 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | Cccms::Application.config.session_store :cookie_store, :key => '_cccms_session' | |
| 2 | |||
| 3 | # Your secret key for verifying cookie session data integrity. | ||
| 4 | # If you change this key, all old sessions will become invalid! | ||
| 5 | # Make sure the secret is at least 30 characters and all random, | ||
| 6 | # no regular words or you'll be exposed to dictionary attacks. | ||
| 7 | ActionController::Base.session = { | ||
| 8 | :key => '_cccms_session', | ||
| 9 | :secret => 'b50f62033369e6039f2ece511f83f10f70301024709e189ab28d42379a26b7bfd0739fb83d89b6b76dba350569e5b9d83ee4abedbd9da468deea963512e4102b' | ||
| 10 | } | ||
| 11 | |||
| 12 | # Use the database for sessions instead of the cookie-based default, | ||
| 13 | # which shouldn't be used to store highly confidential information | ||
| 14 | # (create the session table with "rake db:sessions:create") | ||
| 15 | # ActionController::Base.session_store = :active_record_store | ||
diff --git a/config/initializers/xmlparser.rb b/config/initializers/xmlparser.rb index 9c3f1c8..1d5e06d 100644 --- a/config/initializers/xmlparser.rb +++ b/config/initializers/xmlparser.rb | |||
| @@ -1,14 +1,19 @@ | |||
| 1 | class XML::Node | 1 | class XML::Node |
| 2 | def replace_with(other) | 2 | def replace_with(other) |
| 3 | self.next = other | 3 | self.next = other |
| 4 | remove! | 4 | remove! |
| 5 | end | 5 | end |
| 6 | end | 6 | end |
| 7 | 7 | ||
| 8 | # Builder 3.x escapes content by default. Override _escape to pass text | ||
| 9 | # through raw, preserving existing behaviour from the Rails 2 era. | ||
| 10 | # Note: require builder first to ensure XmlBase < BasicObject is already | ||
| 11 | # defined before we reopen it. | ||
| 12 | require 'builder' | ||
| 8 | module Builder | 13 | module Builder |
| 9 | class XmlBase | 14 | class XmlBase |
| 10 | def _escape(text) | 15 | def _escape(text) |
| 11 | text | 16 | text |
| 12 | end | 17 | end |
| 13 | end | 18 | end |
| 14 | end \ No newline at end of file | 19 | end |
