jcs.org
commits
We're likely sending a string from sinatra's halt, so log it
NOTE: activerecord now uses 0 and 1 for false and true values in
sqlite3 boolean columns, so a migration should be run to update all
rows using boolean values from f->0 and t->1
This also has to move from unicorn to puma to use rackup
We're doing all matching from ApplicationController which needs to
look at the full URL, not the controller-relative path.
Surely this won't cause unforeseen XSS vulns
This way even if we're not mailing these out, they will be logged by
unicorn or whatever is capturing STDERR.
When running this as an unprivileged user to access a production
database, it will probably not be able to write to its home. No
need to freak out.
This disables the built-in Apache-style Rack CommonLogger and uses
our own logger that logs a bunch of information including POST
parameters, timing info, etc. The format is based on how I have
Rails configured with lograge.
Also setup request.uuid and log it in an X-Request-Id response
header like Rails, which is useful for diagnosing API requests.
Controllers may need to know base_path to define routes, so we must
be able to change it before loading controllers.
Some late after-app-init configuration mechanism may still be
needed, though.
def goose
json({ "hello" => "goose" })
end
These can sometimes return nil if the body of the block is a
conditional
Just return a 403 silently
Using strict means that following a link to this site from another
site will not send cookies, which causes our site to send an empty
session cookie, logging the user out. How annoying.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
It can be far down the stack so pluck it out
Reorganize app.rb a bit
Bumps [activerecord](https://github.com/rails/rails) from 5.2.4.3 to 5.2.4.5.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.1.3/activerecord/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v5.2.4.3...v5.2.4.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
These have been modified to integrate Rack::Csrf tokens and other
minor changes, so just keep them in the tree.
This disables the built-in Apache-style Rack CommonLogger and uses
our own logger that logs a bunch of information including POST
parameters, timing info, etc. The format is based on how I have
Rails configured with lograge.
Also setup request.uuid and log it in an X-Request-Id response
header like Rails, which is useful for diagnosing API requests.
Bumps [activerecord](https://github.com/rails/rails) from 5.2.4.3 to 5.2.4.5.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.1.3/activerecord/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v5.2.4.3...v5.2.4.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>