# frozen_string_literal: true require "ipaddr" require "active_support/core_ext/kernel/reporting" require "active_support/file_update_checker" require "active_support/configuration_file" require "rails/engine/configuration" require "rails/source_annotation_extractor" module Rails class Application class Configuration < ::Rails::Engine::Configuration attr_accessor :allow_concurrency, :asset_host, :autoflush_log, :cache_classes, :cache_store, :consider_all_requests_local, :console, :eager_load, :exceptions_app, :file_watcher, :filter_parameters, :force_ssl, :helpers_paths, :hosts, :host_authorization, :logger, :log_formatter, :log_tags, :railties_order, :relative_url_root, :secret_key_base, :ssl_options, :public_file_server, :session_options, :time_zone, :reload_classes_only_on_change, :beginning_of_week, :filter_redirect, :x, :enable_dependency_loading, :read_encrypted_secrets, :log_level, :content_security_policy_report_only, :content_security_policy_nonce_generator, :content_security_policy_nonce_directives, :require_master_key, :credentials, :disable_sandbox, :add_autoload_paths_to_load_path, :rake_eager_load, :server_timing attr_reader :encoding, :api_only, :loaded_config_version def initialize(*) super self.encoding = Encoding::UTF_8 @allow_concurrency = nil @consider_all_requests_local = false @filter_parameters = [] @filter_redirect = [] @helpers_paths = [] if Rails.env.development? @hosts = ActionDispatch::HostAuthorization::ALLOWED_HOSTS_IN_DEVELOPMENT + ENV["RAILS_DEVELOPMENT_HOSTS"].to_s.split(",").map(&:strip) else @hosts = [] end @host_authorization = {} @public_file_server = ActiveSupport::OrderedOptions.new @public_file_server.enabled = true @public_file_server.index_name = "index" @force_ssl = false @ssl_options = {} @session_store = nil @time_zone = "UTC" @beginning_of_week = :monday @log_level = :debug @generators = app_generators @cache_store = [ :file_store, "#{root}/tmp/cache/" ] @railties_order = [:all] @relative_url_root = ENV["RAILS_RELATIVE_URL_ROOT"] @reload_classes_only_on_change = true @file_watcher = ActiveSupport::FileUpdateChecker @exceptions_app = nil @autoflush_log = true @log_formatter = ActiveSupport::Logger::SimpleFormatter.new @eager_load = nil @secret_key_base = nil @api_only = false @debug_exception_response_format = nil @x = Custom.new @enable_dependency_loading = false @read_encrypted_secrets = false @content_security_policy = nil @content_security_policy_report_only = false @content_security_policy_nonce_generator = nil @content_security_policy_nonce_directives = nil @require_master_key = false @loaded_config_version = nil @credentials = ActiveSupport::OrderedOptions.new @credentials.content_path = default_credentials_content_path @credentials.key_path = default_credentials_key_path @disable_sandbox = false @add_autoload_paths_to_load_path = true @permissions_policy = nil @rake_eager_load = false @server_timing = false end # Loads default configuration values for a target version. This includes # defaults for versions prior to the target version. See the # {configuration guide}[https://guides.rubyonrails.org/configuring.html] # for the default values associated with a particular version. def load_defaults(target_version) case target_version.to_s when "5.0" if respond_to?(:action_controller) action_controller.per_form_csrf_tokens = true action_controller.forgery_protection_origin_check = true action_controller.urlsafe_csrf_tokens = false end ActiveSupport.to_time_preserves_timezone = true if respond_to?(:active_record) active_record.belongs_to_required_by_default = true end self.ssl_options = { hsts: { subdomains: true } } when "5.1" load_defaults "5.0" if respond_to?(:assets) assets.unknown_asset_fallback = false end if respond_to?(:action_view) action_view.form_with_generates_remote_forms = true end when "5.2" load_defaults "5.1" if respond_to?(:active_record) active_record.cache_versioning = true end if respond_to?(:action_dispatch) action_dispatch.use_authenticated_cookie_encryption = true end if respond_to?(:active_support) active_support.use_authenticated_message_encryption = true active_support.hash_digest_class = OpenSSL::Digest::SHA1 end if respond_to?(:action_controller) action_controller.default_protect_from_forgery = true end if respond_to?(:action_view) action_view.form_with_generates_ids = true end when "6.0" load_defaults "5.2" if respond_to?(:action_view) action_view.default_enforce_utf8 = false end if respond_to?(:action_dispatch) action_dispatch.use_cookies_with_metadata = true end if respond_to?(:action_mailer) action_mailer.delivery_job = "ActionMailer::MailDeliveryJob" end if respond_to?(:active_storage) active_storage.queues.analysis = :active_storage_analysis active_storage.queues.purge = :active_storage_purge active_storage.replace_on_assign_to_many = true end if respond_to?(:active_record) active_record.collection_cache_versioning = true end when "6.1" load_defaults "6.0" if respond_to?(:active_record) active_record.has_many_inversing = true active_record.legacy_connection_handling = false end if respond_to?(:active_job) active_job.retry_jitter = 0.15 end if respond_to?(:action_dispatch) action_dispatch.cookies_same_site_protection = :lax action_dispatch.ssl_default_redirect_status = 308 end if respond_to?(:action_controller) action_controller.delete(:urlsafe_csrf_tokens) end if respond_to?(:action_view) action_view.form_with_generates_remote_forms = false action_view.preload_links_header = true end if respond_to?(:active_storage) active_storage.track_variants = true active_storage.queues.analysis = nil active_storage.queues.purge = nil end if respond_to?(:action_mailbox) action_mailbox.queues.incineration = nil action_mailbox.queues.routing = nil end if respond_to?(:action_mailer) action_mailer.deliver_later_queue_name = nil end ActiveSupport.utc_to_local_returns_utc_offset_times = true when "7.0" load_defaults "6.1" if respond_to?(:action_dispatch) action_dispatch.default_headers = { "X-Frame-Options" => "SAMEORIGIN", "X-XSS-Protection" => "0", "X-Content-Type-Options" => "nosniff", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "strict-origin-when-cross-origin" } action_dispatch.return_only_request_media_type_on_content_type = false action_dispatch.cookies_serializer = :json end if respond_to?(:action_view) action_view.button_to_generates_button_tag = true action_view.apply_stylesheet_media_default = false end if respond_to?(:active_support) active_support.hash_digest_class = OpenSSL::Digest::SHA256 active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256 active_support.remove_deprecated_time_with_zone_name = true active_support.cache_format_version = 7.0 active_support.use_rfc4122_namespaced_uuids = true active_support.executor_around_test_case = true active_support.disable_to_s_conversion = true end if respond_to?(:action_mailer) action_mailer.smtp_timeout = 5 end if respond_to?(:active_storage) active_storage.video_preview_arguments = "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1'" \ " -frames:v 1 -f image2" active_storage.variant_processor = :vips active_storage.multiple_file_field_include_hidden = true end if respond_to?(:active_record) active_record.verify_foreign_keys_for_fixtures = true active_record.partial_inserts = false active_record.automatic_scope_inversing = true end if respond_to?(:action_controller) action_controller.raise_on_open_redirects = true action_controller.wrap_parameters_by_default = true end else raise "Unknown version #{target_version.to_s.inspect}" end @loaded_config_version = target_version end def encoding=(value) @encoding = value silence_warnings do Encoding.default_external = value Encoding.default_internal = value end end def api_only=(value) @api_only = value generators.api_only = value @debug_exception_response_format ||= :api end def debug_exception_response_format @debug_exception_response_format || :default end attr_writer :debug_exception_response_format def paths @paths ||= begin paths = super paths.add "config/database", with: "config/database.yml" paths.add "config/secrets", with: "config", glob: "secrets.yml{,.enc}" paths.add "config/environment", with: "config/environment.rb" paths.add "lib/templates" paths.add "log", with: "log/#{Rails.env}.log" paths.add "public" paths.add "public/javascripts" paths.add "public/stylesheets" paths.add "tmp" paths end end # Load the database YAML without evaluating ERB. This allows us to # create the rake tasks for multiple databases without filling in the # configuration values or loading the environment. Do not use this # method. # # This uses a DummyERB custom compiler so YAML can ignore the ERB # tags and load the database.yml for the rake tasks. def load_database_yaml # :nodoc: if path = paths["config/database"].existent.first require "rails/application/dummy_erb_compiler" yaml = DummyERB.new(Pathname.new(path).read).result if YAML.respond_to?(:unsafe_load) YAML.unsafe_load(yaml) || {} else YAML.load(yaml) || {} end else {} end end # Loads and returns the entire raw configuration of database from # values stored in config/database.yml. def database_configuration path = paths["config/database"].existent.first yaml = Pathname.new(path) if path config = if yaml&.exist? loaded_yaml = ActiveSupport::ConfigurationFile.parse(yaml) if (shared = loaded_yaml.delete("shared")) loaded_yaml.each do |env, config| if config.is_a?(Hash) && config.values.all?(Hash) config.map do |name, sub_config| sub_config.reverse_merge!(shared) end else config.reverse_merge!(shared) end end end Hash.new(shared).merge(loaded_yaml) elsif ENV["DATABASE_URL"] # Value from ENV['DATABASE_URL'] is set to default database connection # by Active Record. {} else raise "Could not load database configuration. No such file - #{paths["config/database"].instance_variable_get(:@paths)}" end config rescue => e raise e, "Cannot load database configuration:\n#{e.message}", e.backtrace end def colorize_logging ActiveSupport::LogSubscriber.colorize_logging end def colorize_logging=(val) ActiveSupport::LogSubscriber.colorize_logging = val generators.colorize_logging = val end # Specifies what class to use to store the session. Possible values # are +:cookie_store+, +:mem_cache_store+, a custom store, or # +:disabled+. +:disabled+ tells Rails not to deal with sessions. # # Additional options will be set as +session_options+: # # config.session_store :cookie_store, key: "_your_app_session" # config.session_options # => {key: "_your_app_session"} # # If a custom store is specified as a symbol, it will be resolved to # the +ActionDispatch::Session+ namespace: # # # use ActionDispatch::Session::MyCustomStore as the session store # config.session_store :my_custom_store def session_store(new_session_store = nil, **options) if new_session_store if new_session_store == :active_record_store begin ActionDispatch::Session::ActiveRecordStore rescue NameError raise "`ActiveRecord::SessionStore` is extracted out of Rails into a gem. " \ "Please add `activerecord-session_store` to your Gemfile to use it." end end @session_store = new_session_store @session_options = options || {} else case @session_store when :disabled nil when :active_record_store ActionDispatch::Session::ActiveRecordStore when Symbol ActionDispatch::Session.const_get(@session_store.to_s.camelize) else @session_store end end end def session_store? # :nodoc: @session_store end def annotations Rails::SourceAnnotationExtractor::Annotation end # Configures the ActionDispatch::ContentSecurityPolicy. def content_security_policy(&block) if block_given? @content_security_policy = ActionDispatch::ContentSecurityPolicy.new(&block) else @content_security_policy end end # Configures the ActionDispatch::PermissionsPolicy. def permissions_policy(&block) if block_given? @permissions_policy = ActionDispatch::PermissionsPolicy.new(&block) else @permissions_policy end end def default_log_file path = paths["log"].first unless File.exist? File.dirname path FileUtils.mkdir_p File.dirname path end f = File.open path, "a" f.binmode f.sync = autoflush_log # if true make sure every write flushes f end class Custom # :nodoc: def initialize @configurations = Hash.new end def method_missing(method, *args) if method.end_with?("=") @configurations[:"#{method[0..-2]}"] = args.first else @configurations.fetch(method) { @configurations[method] = ActiveSupport::OrderedOptions.new } end end def respond_to_missing?(symbol, *) true end end private def default_credentials_content_path if credentials_available_for_current_env? root.join("config", "credentials", "#{Rails.env}.yml.enc") else root.join("config", "credentials.yml.enc") end end def default_credentials_key_path if credentials_available_for_current_env? root.join("config", "credentials", "#{Rails.env}.key") else root.join("config", "master.key") end end def credentials_available_for_current_env? File.exist?(root.join("config", "credentials", "#{Rails.env}.yml.enc")) end end end end