OpenNeo/impress
OpenNeo/impress
1
0
Fork 1
Code Pull requests Activity
impress/config/initializers/new_framework_defaults_8_1.rb
Emi Matchu efd92f6367 Upgrade to Rails 8.1
2025-11-11 12:38:25 -08:00

74 lines
3.1 KiB
Ruby
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Be sure to restart your server when you modify this file.
#
# This file eases your Rails 8.1 framework defaults upgrade.
#
# Uncomment each configuration one by one to switch to the new default.
# Once your application is ready to run with all new defaults, you can remove
# this file and set the `config.load_defaults` to `8.1`.
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
###
# Skips escaping HTML entities and line separators. When set to `false`, the
# JSON renderer no longer escapes these to improve performance.
#
# Example:
# class PostsController < ApplicationController
# def index
# render json: { key: "\u2028\u2029<>&" }
# end
# end
#
# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"<>&"}` with the config
# set to `false`.
#
# Applications that want to keep the escaping behavior can set the config to `true`.
#++
# Rails.configuration.action_controller.escape_json_responses = false
###
# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.
#
# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019.
# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset.
#++
# Rails.configuration.active_support.escape_js_separators_in_json = false
###
# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values
# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or
# `primary_key`) to fall back on.
#
# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in
# Rails 8.2.
#++
# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true
###
# Controls how Rails handles path relative URL redirects.
# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError`
# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities.
#
# Example:
# redirect_to "example.com" # Raises UnsafeRedirectError
# redirect_to "@attacker.com" # Raises UnsafeRedirectError
# redirect_to "/safe/path" # Works correctly
#
# Applications that want to allow these redirects can set the config to `:log` (previous default)
# to only log warnings, or `:notify` to send ActiveSupport notifications.
#++
# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise
###
# Use a Ruby parser to track dependencies between Action View templates
#++
# Rails.configuration.action_view.render_tracker = :ruby
###
# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields
# included in `button_to` forms will omit the `autocomplete="off"` attribute.
#
# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`.
#++
# Rails.configuration.action_view.remove_hidden_field_autocomplete = true
View git blame Copy permalink