diff --git a/Gemfile b/Gemfile
index a4ba3a348927f49047c1caf1dd862e93e44d9d2d..ce28e3501962b9d5cdcb21e27f7b3e4bae6ca457 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem 'image_processing', '~> 1.12'
gem 'jquery-rails', '~> 4.5.0'
gem 'mysql2', '~> 0.5.4'
gem 'puma', '~> 5.6'
-gem 'rails', '~> 6.1.0'
+gem 'rails', '~> 7.0.0'
gem 'rails-html-sanitizer', '~> 1.4'
gem 'redis', '~> 5.0'
gem 'rotp', '~> 6.2'
@@ -83,7 +83,6 @@ group :development, :test do
gem 'byebug', '~> 11.1'
end
-# Development packages require at least ruby 2.7+ (in contrast to production, which also works on ruby 2.6)
group :development do
gem 'letter_opener_web', '~> 2.0'
gem 'listen', '~> 3.7'
diff --git a/Gemfile.lock b/Gemfile.lock
index 8eda42211ea0ee7896625355d4a8f6e603ec1620..9417a15fb0c90cc4dee6ef2030795becd5b0fef1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,72 +1,78 @@
GEM
remote: https://rubygems.org/
specs:
- actioncable (6.1.6.1)
- actionpack (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ actioncable (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (6.1.6.1)
- actionpack (= 6.1.6.1)
- activejob (= 6.1.6.1)
- activerecord (= 6.1.6.1)
- activestorage (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ actionmailbox (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
mail (>= 2.7.1)
- actionmailer (6.1.6.1)
- actionpack (= 6.1.6.1)
- actionview (= 6.1.6.1)
- activejob (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ net-imap
+ net-pop
+ net-smtp
+ actionmailer (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ actionview (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
mail (~> 2.5, >= 2.5.4)
+ net-imap
+ net-pop
+ net-smtp
rails-dom-testing (~> 2.0)
- actionpack (6.1.6.1)
- actionview (= 6.1.6.1)
- activesupport (= 6.1.6.1)
- rack (~> 2.0, >= 2.0.9)
+ actionpack (7.0.3.1)
+ actionview (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
+ rack (~> 2.0, >= 2.2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (6.1.6.1)
- actionpack (= 6.1.6.1)
- activerecord (= 6.1.6.1)
- activestorage (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ actiontext (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
+ globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (6.1.6.1)
- activesupport (= 6.1.6.1)
+ actionview (7.0.3.1)
+ activesupport (= 7.0.3.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (6.1.6.1)
- activesupport (= 6.1.6.1)
+ activejob (7.0.3.1)
+ activesupport (= 7.0.3.1)
globalid (>= 0.3.6)
- activemodel (6.1.6.1)
- activesupport (= 6.1.6.1)
- activerecord (6.1.6.1)
- activemodel (= 6.1.6.1)
- activesupport (= 6.1.6.1)
- activestorage (6.1.6.1)
- actionpack (= 6.1.6.1)
- activejob (= 6.1.6.1)
- activerecord (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ activemodel (7.0.3.1)
+ activesupport (= 7.0.3.1)
+ activerecord (7.0.3.1)
+ activemodel (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
+ activestorage (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
- activesupport (6.1.6.1)
+ activesupport (7.0.3.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
- zeitwerk (~> 2.3)
addressable (2.8.1)
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.2)
awesome_print (1.9.2)
aws-eventstream (1.2.0)
- aws-partitions (1.625.0)
- aws-sdk-core (3.139.0)
+ aws-partitions (1.626.0)
+ aws-sdk-core (3.140.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
@@ -121,6 +127,7 @@ GEM
responders
warden (~> 1.2.3)
diffy (3.4.2)
+ digest (3.1.0)
docile (1.4.0)
e2mmap (0.1.0)
erubi (1.11.0)
@@ -177,6 +184,20 @@ GEM
minitest-ci (3.4.0)
minitest (>= 5.0.6)
mysql2 (0.5.4)
+ net-imap (0.2.3)
+ digest
+ net-protocol
+ strscan
+ net-pop (0.1.1)
+ digest
+ net-protocol
+ timeout
+ net-protocol (0.1.3)
+ timeout
+ net-smtp (0.3.1)
+ digest
+ net-protocol
+ timeout
nio4r (2.5.8)
nokogiri (1.13.8-x86_64-linux)
racc (~> 1.4)
@@ -203,21 +224,20 @@ GEM
rack (>= 1.2.0)
rack-test (2.0.2)
rack (>= 1.3)
- rails (6.1.6.1)
- actioncable (= 6.1.6.1)
- actionmailbox (= 6.1.6.1)
- actionmailer (= 6.1.6.1)
- actionpack (= 6.1.6.1)
- actiontext (= 6.1.6.1)
- actionview (= 6.1.6.1)
- activejob (= 6.1.6.1)
- activemodel (= 6.1.6.1)
- activerecord (= 6.1.6.1)
- activestorage (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ rails (7.0.3.1)
+ actioncable (= 7.0.3.1)
+ actionmailbox (= 7.0.3.1)
+ actionmailer (= 7.0.3.1)
+ actionpack (= 7.0.3.1)
+ actiontext (= 7.0.3.1)
+ actionview (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activemodel (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
bundler (>= 1.15.0)
- railties (= 6.1.6.1)
- sprockets-rails (>= 2.0.0)
+ railties (= 7.0.3.1)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
@@ -227,12 +247,13 @@ GEM
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.3)
loofah (~> 2.3)
- railties (6.1.6.1)
- actionpack (= 6.1.6.1)
- activesupport (= 6.1.6.1)
+ railties (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
method_source
rake (>= 12.2)
thor (~> 1.0)
+ zeitwerk (~> 2.5)
rainbow (3.1.1)
rake (13.0.6)
rb-fsevent (0.11.2)
@@ -299,6 +320,7 @@ GEM
sprockets (>= 3.0.0)
stackprof (0.2.21)
stripe (5.55.0)
+ strscan (3.0.4)
sync (0.5.0)
term-ansicolor (1.7.1)
tins (~> 1.0)
@@ -306,6 +328,7 @@ GEM
thwait (0.2.0)
e2mmap
tilt (2.0.11)
+ timeout (0.3.0)
tins (1.31.1)
sync
tzinfo (2.0.5)
@@ -367,7 +390,7 @@ DEPENDENCIES
premailer-rails (~> 1.11)
puma (~> 5.6)
rack-mini-profiler (~> 3.0)
- rails (~> 6.1.0)
+ rails (~> 7.0.0)
rails-controller-testing (~> 1.0)
rails-html-sanitizer (~> 1.4)
redis (~> 5.0)
@@ -380,6 +403,7 @@ DEPENDENCIES
ruby-progressbar (~> 1.11)
sass-rails (~> 6.0)
spring (~> 4.0)
+ sprockets
stackprof (~> 0.2)
stripe (~> 5.55)
term-ansicolor (~> 1.7)
diff --git a/config/environments/development.rb b/config/environments/development.rb
index bf394d2b637c04c8b129a37837d45e1dc9980f2a..bea4950c288fd38c9809a985baf83ce313eea659 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -16,6 +16,9 @@ Rails.application.configure do
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
+ # Enable server timing
+ config.server_timing = true
+
# Set the cache store to the redis that was configured in the database.yml
processed = ERB.new(File.read(Rails.root.join('config', 'database.yml'))).result(binding)
redis_config = YAML.safe_load(processed, [], [], true)["redis_#{Rails.env}"]
@@ -32,6 +35,7 @@ Rails.application.configure do
config.action_mailer.raise_delivery_errors = false
config.action_mailer.delivery_method = :ses
config.action_mailer.asset_host = 'https://meta.codidact.com'
+
config.action_mailer.perform_caching = false
# Print deprecation notices to the Rails logger.
@@ -87,10 +91,6 @@ Rails.application.configure do
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Use an evented file watcher to asynchronously detect changes in source code,
- # routes, locales, etc. This feature depends on the listen gem.
- config.file_watcher = ActiveSupport::EventedFileUpdateChecker
-
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 5fef1dc82decf9bc16f72b6338de782c0ea0ab6b..9c7b0af04bf21a12d32203dfe34d582f438d6b22 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -75,14 +75,8 @@ Rails.application.configure do
# the I18n.default_locale when a translation cannot be found).
config.i18n.fallbacks = true
- # Send deprecation notices to registered listeners.
- config.active_support.deprecation = :notify
-
- # Log disallowed deprecations.
- config.active_support.disallowed_deprecation = :log
-
- # Tell Active Support which deprecation messages to disallow.
- config.active_support.disallowed_deprecation_warnings = []
+ # Don't log any deprecations.
+ config.active_support.report_deprecations = false
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
@@ -97,25 +91,4 @@ Rails.application.configure do
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
-
- # Inserts middleware to perform automatic connection switching.
- # The `database_selector` hash is used to pass options to the DatabaseSelector
- # middleware. The `delay` is used to determine how long to wait after a write
- # to send a subsequent read to the primary.
- #
- # The `database_resolver` class is used by the middleware to determine which
- # database is appropriate to use based on the time delay.
- #
- # The `database_resolver_context` class is used by the middleware to set
- # timestamps for the last write to the primary. The resolver uses the context
- # class timestamps to determine how long to wait before reading from the
- # replica.
- #
- # By default Rails will store a last write timestamp in the session. The
- # DatabaseSelector middleware is designed as such you can define your own
- # strategy for connection switching and pass that into the middleware through
- # these configuration options.
- # config.active_record.database_selector = { delay: 2.seconds }
- # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
- # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 46cdafe742773085f24a7115d9ca1ec51cb10a9d..1b6bc80c8f81c8c77247bfba03bc40213d4af1a6 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -9,7 +9,8 @@ require 'namespaced_env_cache'
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
- config.cache_classes = true
+ # Turn false under Spring and add config.action_view.cache_template_loading = true.
+ config.cache_classes = false
config.action_view.cache_template_loading = true
# Do not eager load code on boot. This avoids loading your whole application
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 41c43016f1deb08ce1d511c5ac80bd62123e0872..54f47cf15fe5026bede1bd6a9acb4ef815bf22ab 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -1,28 +1,25 @@
# Be sure to restart your server when you modify this file.
-# Define an application-wide content security policy
-# For further information see the following documentation
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# Define an application-wide content security policy.
+# See the Securing Rails Applications Guide for more information:
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
-# Rails.application.config.content_security_policy do |policy|
-# policy.default_src :self, :https
-# policy.font_src :self, :https, :data
-# policy.img_src :self, :https, :data
-# policy.object_src :none
-# policy.script_src :self, :https
-# policy.style_src :self, :https
-
-# # Specify URI for violation reports
-# # policy.report_uri "/csp-violation-report-endpoint"
+# Rails.application.configure do
+# config.content_security_policy do |policy|
+# policy.default_src :self, :https
+# policy.font_src :self, :https, :data
+# policy.img_src :self, :https, :data
+# policy.object_src :none
+# policy.script_src :self, :https
+# policy.style_src :self, :https
+# # Specify URI for violation reports
+# # policy.report_uri "/csp-violation-report-endpoint"
+# end
+#
+# # Generate session nonces for permitted importmap and inline scripts
+# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+# config.content_security_policy_nonce_directives = %w(script-src)
+#
+# # Report violations without enforcing the policy.
+# # config.content_security_policy_report_only = true
# end
-
-# If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# Rails.application.config.content_security_policy_report_only = true
diff --git a/config/initializers/cookie_rotator.rb b/config/initializers/cookie_rotator.rb
new file mode 100644
index 0000000000000000000000000000000000000000..0528cb3f57b8d1718bb05f834fbbd05c8ee79072
--- /dev/null
+++ b/config/initializers/cookie_rotator.rb
@@ -0,0 +1,22 @@
+# Rails 7 changes the cookie encryption, which means old cookies can no longer be read by it.
+# To fix this, this file provides a so-called cookie rotator to be able to understand older cookies
+# This file was provided by the official migration guide from rails 6.1 to rails 7.0
+Rails.application.config.after_initialize do
+ Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
+ authenticated_encrypted_cookie_salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt
+ signed_cookie_salt = Rails.application.config.action_dispatch.signed_cookie_salt
+
+ secret_key_base = Rails.application.secret_key_base
+
+ key_generator = ActiveSupport::KeyGenerator.new(
+ secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1
+ )
+ key_len = ActiveSupport::MessageEncryptor.key_len
+
+ old_encrypted_secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len)
+ old_signed_secret = key_generator.generate_key(signed_cookie_salt)
+
+ cookies.rotate :encrypted, old_encrypted_secret
+ cookies.rotate :signed, old_signed_secret
+ end
+end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 490e5161cc438cd0f4c70a018e9a0a8d8d6f61dc..2b2af4c0525ddbe9bc004152b68618bc1f65d1d7 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -1,3 +1,5 @@
+require 'devise/mailer'
+
Devise::Mailer.layout 'devise_mailer'
# Use this hook to configure devise mailer, warden hooks and so forth.
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index 4b34a036689c21f4ccddb82823b2c2de065bb7fc..adc6568ce83724d2b01d7232b0873bda7c249b11 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -1,6 +1,8 @@
# Be sure to restart your server when you modify this file.
-# Configure sensitive parameters which will be filtered from the log file.
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb
new file mode 100644
index 0000000000000000000000000000000000000000..b623864dfe34dc170ecd6c80cd7781411b77b5ac
--- /dev/null
+++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -0,0 +1,117 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.0 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# `button_to` view helper will render `<button>` element, regardless of whether
+# or not the content is passed as the first argument or as a block.
+Rails.application.config.action_view.button_to_generates_button_tag = true
+
+# `stylesheet_link_tag` view helper will not render the media attribute by default.
+Rails.application.config.action_view.apply_stylesheet_media_default = false
+
+# Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
+# Changing this default means invalidate all encrypted messages generated by
+# your application and, all the encrypted cookies. Only change this after you
+# rotated all the messages using the key rotator.
+#
+# See upgrading guide for more information on how to build a rotator.
+# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
+Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
+
+# Change the digest class for ActiveSupport::Digest.
+# Changing this default means that for example Etags change and
+# various cache keys leading to cache invalidation.
+Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
+
+# Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
+# implementation.
+Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
+
+# Change the format of the cache entry.
+# Changing this default means that all new cache entries added to the cache
+# will have a different format that is not supported by Rails 6.1 applications.
+# Only change this value after your application is fully deployed to Rails 7.0
+# and you have no plans to rollback.
+Rails.application.config.active_support.cache_format_version = 7.0
+
+# Calls `Rails.application.executor.wrap` around test cases.
+# This makes test cases behave closer to an actual request or job.
+# Several features that are normally disabled in test, such as Active Record query cache
+# and asynchronous queries will then be enabled.
+Rails.application.config.active_support.executor_around_test_case = true
+
+# Define the isolation level of most of Rails internal state.
+# If you use a fiber based server or job processor, you should set it to `:fiber`.
+# Otherwise the default of `:thread` if preferable.
+Rails.application.config.active_support.isolation_level = :thread
+
+# Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
+Rails.application.config.action_mailer.smtp_timeout = 5
+
+# The ActiveStorage video previewer will now use scene change detection to generate
+# better preview images (rather than the previous default of using the first frame
+# of the video).
+Rails.application.config.active_storage.video_preview_arguments =
+ "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
+
+# Automatically infer `inverse_of` for associations with a scope.
+Rails.application.config.active_record.automatic_scope_inversing = true
+
+# Raise when running tests if fixtures contained foreign key violations
+Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
+
+# Disable partial inserts.
+# This default means that all columns will be referenced in INSERT queries
+# regardless of whether they have a default or not.
+Rails.application.config.active_record.partial_inserts = false
+#
+# Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
+Rails.application.config.action_controller.raise_on_open_redirects = true
+
+# Change the variant processor for Active Storage.
+# Changing this default means updating all places in your code that
+# generate variants to use image processing macros and ruby-vips
+# operations. See the upgrading guide for detail on the changes required.
+# The `:mini_magick` option is not deprecated; it's fine to keep using it.
+Rails.application.config.active_storage.variant_processor = :vips
+
+# If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
+# was `:marshal`. Convert all cookies to JSON, using the `:hybrid` formatter.
+#
+# If you're confident all your cookies are JSON formatted, you can switch to the `:json` formatter.
+#
+# Continue to use `:marshal` for backward-compatibility with old cookies.
+#
+# If you have configured the serializer elsewhere, you can remove this.
+#
+# See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
+Rails.application.config.action_dispatch.cookies_serializer = :hybrid
+
+# Enable parameter wrapping for JSON.
+# Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
+# To disable parameter wrapping entirely, set this config to `false`.
+Rails.application.config.action_controller.wrap_parameters_by_default = true
+
+# Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
+# `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
+#
+# See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
+# more information.
+Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
+
+# Change the default headers to disable browsers' flawed legacy XSS protection.
+Rails.application.config.action_dispatch.default_headers = {
+ "X-Frame-Options" => "SAMEORIGIN",
+ "X-XSS-Protection" => "0",
+ "X-Content-Type-Options" => "nosniff",
+ "X-Download-Options" => "noopen",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "strict-origin-when-cross-origin"
+}
diff --git a/db/migrate/20220903174045_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb b/db/migrate/20220903174045_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb
new file mode 100644
index 0000000000000000000000000000000000000000..93c8b85ade5aff50be236c33ca8f349905aca73d
--- /dev/null
+++ b/db/migrate/20220903174045_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb
@@ -0,0 +1,8 @@
+# This migration comes from active_storage (originally 20211119233751)
+class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0]
+ def change
+ return unless table_exists?(:active_storage_blobs)
+
+ change_column_null(:active_storage_blobs, :checksum, true)
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index d90e8beb42734aac92d7d862721e102e0d91a5b5..8f866b83772bbcdc772aa26aabdc2ebe7980d5c6 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2022_09_01_194345) do
+ActiveRecord::Schema.define(version: 2022_09_03_174045) do
create_table "abilities", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
t.bigint "community_id"
@@ -52,7 +52,7 @@ ActiveRecord::Schema.define(version: 2022_09_01_194345) do
t.string "content_type"
t.text "metadata"
t.bigint "byte_size", null: false
- t.string "checksum", null: false
+ t.string "checksum"
t.datetime "created_at", null: false
t.string "service_name", null: false
t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true