about summary refs log tree commit diff stats
path: root/config/initializers
diff options
context:
space:
mode:
authorStar Rauchenberger <fefferburbia@gmail.com>2022-12-10 12:32:44 -0500
committerStar Rauchenberger <fefferburbia@gmail.com>2022-12-10 12:32:44 -0500
commit230ab3079fd4e16ebaa593f6cc5fdbcbad3c2321 (patch)
treeb61b7d4c706de43361da73cce0d2a2a006a89b18 /config/initializers
parentdc7253d0b71f25c2e9a4547d414fa18390b74fbf (diff)
downloadthoughts-230ab3079fd4e16ebaa593f6cc5fdbcbad3c2321.tar.gz
thoughts-230ab3079fd4e16ebaa593f6cc5fdbcbad3c2321.tar.bz2
thoughts-230ab3079fd4e16ebaa593f6cc5fdbcbad3c2321.zip
Installed LINGO scoreboard
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/content_security_policy.rb25
-rw-r--r--config/initializers/filter_parameter_logging.rb8
-rw-r--r--config/initializers/inflections.rb8
-rw-r--r--config/initializers/lingo.rb1
-rw-r--r--config/initializers/new_framework_defaults_7_0.rb135
-rw-r--r--config/initializers/permissions_policy.rb11
6 files changed, 182 insertions, 6 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..54f47cf --- /dev/null +++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,25 @@
1# Be sure to restart your server when you modify this file.
2
3# Define an application-wide content security policy.
4# See the Securing Rails Applications Guide for more information:
5# https://guides.rubyonrails.org/security.html#content-security-policy-header
6
7# Rails.application.configure do
8# config.content_security_policy do |policy|
9# policy.default_src :self, :https
10# policy.font_src :self, :https, :data
11# policy.img_src :self, :https, :data
12# policy.object_src :none
13# policy.script_src :self, :https
14# policy.style_src :self, :https
15# # Specify URI for violation reports
16# # policy.report_uri "/csp-violation-report-endpoint"
17# end
18#
19# # Generate session nonces for permitted importmap and inline scripts
20# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
21# config.content_security_policy_nonce_directives = %w(script-src)
22#
23# # Report violations without enforcing the policy.
24# # config.content_security_policy_report_only = true
25# end
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..adc6568 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,8 @@
1# Be sure to restart your server when you modify this file. 1# Be sure to restart your server when you modify this file.
2 2
3# Configure sensitive parameters which will be filtered from the log file. 3# Configure parameters to be filtered from the log file. Use this to limit dissemination of
4Rails.application.config.filter_parameters += [:password] 4# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
5# notations and behaviors.
6Rails.application.config.filter_parameters += [
7 :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
8]
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf..3860f65 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb
@@ -4,13 +4,13 @@
4# are locale specific, and you may define rules for as many different 4# are locale specific, and you may define rules for as many different
5# locales as you wish. All of these examples are active by default: 5# locales as you wish. All of these examples are active by default:
6# ActiveSupport::Inflector.inflections(:en) do |inflect| 6# ActiveSupport::Inflector.inflections(:en) do |inflect|
7# inflect.plural /^(ox)$/i, '\1en' 7# inflect.plural /^(ox)$/i, "\\1en"
8# inflect.singular /^(ox)en/i, '\1' 8# inflect.singular /^(ox)en/i, "\\1"
9# inflect.irregular 'person', 'people' 9# inflect.irregular "person", "people"
10# inflect.uncountable %w( fish sheep ) 10# inflect.uncountable %w( fish sheep )
11# end 11# end
12 12
13# These inflection rules are supported but not enabled by default: 13# These inflection rules are supported but not enabled by default:
14# ActiveSupport::Inflector.inflections(:en) do |inflect| 14# ActiveSupport::Inflector.inflections(:en) do |inflect|
15# inflect.acronym 'RESTful' 15# inflect.acronym "RESTful"
16# end 16# end
diff --git a/config/initializers/lingo.rb b/config/initializers/lingo.rb new file mode 100644 index 0000000..edb76d8 --- /dev/null +++ b/config/initializers/lingo.rb
@@ -0,0 +1 @@
Lingo.secret_code = Rails.application.config_for(:lingo)[:secret_code] \ No newline at end of file
diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 0000000..4d58024 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -0,0 +1,135 @@
1# Be sure to restart your server when you modify this file.
2#
3# This file eases your Rails 7.0 framework defaults upgrade.
4#
5# Uncomment each configuration one by one to switch to the new default.
6# Once your application is ready to run with all new defaults, you can remove
7# this file and set the `config.load_defaults` to `7.0`.
8#
9# Read the Guide for Upgrading Ruby on Rails for more info on each option.
10# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
11
12# `button_to` view helper will render `<button>` element, regardless of whether
13# or not the content is passed as the first argument or as a block.
14# Rails.application.config.action_view.button_to_generates_button_tag = true
15
16# `stylesheet_link_tag` view helper will not render the media attribute by default.
17# Rails.application.config.action_view.apply_stylesheet_media_default = false
18
19# Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
20# Changing this default means invalidate all encrypted messages generated by
21# your application and, all the encrypted cookies. Only change this after you
22# rotated all the messages using the key rotator.
23#
24# See upgrading guide for more information on how to build a rotator.
25# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
26# Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
27
28# Change the digest class for ActiveSupport::Digest.
29# Changing this default means that for example Etags change and
30# various cache keys leading to cache invalidation.
31# Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
32
33# Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
34# implementation.
35# Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
36
37# Calls `Rails.application.executor.wrap` around test cases.
38# This makes test cases behave closer to an actual request or job.
39# Several features that are normally disabled in test, such as Active Record query cache
40# and asynchronous queries will then be enabled.
41# Rails.application.config.active_support.executor_around_test_case = true
42
43# Define the isolation level of most of Rails internal state.
44# If you use a fiber based server or job processor, you should set it to `:fiber`.
45# Otherwise the default of `:thread` if preferable.
46# Rails.application.config.active_support.isolation_level = :thread
47
48# Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
49# Rails.application.config.action_mailer.smtp_timeout = 5
50
51# The ActiveStorage video previewer will now use scene change detection to generate
52# better preview images (rather than the previous default of using the first frame
53# of the video).
54# Rails.application.config.active_storage.video_preview_arguments =
55# "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
56
57# Automatically infer `inverse_of` for associations with a scope.
58# Rails.application.config.active_record.automatic_scope_inversing = true
59
60# Raise when running tests if fixtures contained foreign key violations
61# Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
62
63# Disable partial inserts.
64# This default means that all columns will be referenced in INSERT queries
65# regardless of whether they have a default or not.
66# Rails.application.config.active_record.partial_inserts = false
67
68# Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
69# Rails.application.config.action_controller.raise_on_open_redirects = true
70
71# Change the variant processor for Active Storage.
72# Changing this default means updating all places in your code that
73# generate variants to use image processing macros and ruby-vips
74# operations. See the upgrading guide for detail on the changes required.
75# The `:mini_magick` option is not deprecated; it's fine to keep using it.
76# Rails.application.config.active_storage.variant_processor = :vips
77
78# Enable parameter wrapping for JSON.
79# Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
80# To disable parameter wrapping entirely, set this config to `false`.
81# Rails.application.config.action_controller.wrap_parameters_by_default = true
82
83# Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
84# `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
85#
86# See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
87# more information.
88# Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
89
90# Change the default headers to disable browsers' flawed legacy XSS protection.
91# Rails.application.config.action_dispatch.default_headers = {
92# "X-Frame-Options" => "SAMEORIGIN",
93# "X-XSS-Protection" => "0",
94# "X-Content-Type-Options" => "nosniff",
95# "X-Download-Options" => "noopen",
96# "X-Permitted-Cross-Domain-Policies" => "none",
97# "Referrer-Policy" => "strict-origin-when-cross-origin"
98# }
99
100
101# ** Please read carefully, this must be configured in config/application.rb **
102# Change the format of the cache entry.
103# Changing this default means that all new cache entries added to the cache
104# will have a different format that is not supported by Rails 6.1 applications.
105# Only change this value after your application is fully deployed to Rails 7.0
106# and you have no plans to rollback.
107# When you're ready to change format, add this to `config/application.rb` (NOT this file):
108# config.active_support.cache_format_version = 7.0
109
110
111# Cookie serializer: 2 options
112#
113# If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
114# is `:marshal`. The default for new apps is `:json`.
115#
116# Rails.application.config.action_dispatch.cookies_serializer = :json
117#
118#
119# To migrate an existing application to the `:json` serializer, use the `:hybrid` option.
120#
121# Rails transparently deserializes existing (Marshal-serialized) cookies on read and
122# re-writes them in the JSON format.
123#
124# It is fine to use `:hybrid` long term; you should do that until you're confident *all* your cookies
125# have been converted to JSON. To keep using `:hybrid` long term, move this config to its own
126# initializer or to `config/application.rb`.
127#
128# Rails.application.config.action_dispatch.cookies_serializer = :hybrid
129#
130#
131# If your cookies can't yet be serialized to JSON, keep using `:marshal` for backward-compatibility.
132#
133# If you have configured the serializer elsewhere, you can remove this section of the file.
134#
135# See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 0000000..00f64d7 --- /dev/null +++ b/config/initializers/permissions_policy.rb
@@ -0,0 +1,11 @@
1# Define an application-wide HTTP permissions policy. For further
2# information see https://developers.google.com/web/updates/2018/06/feature-policy
3#
4# Rails.application.config.permissions_policy do |f|
5# f.camera :none
6# f.gyroscope :none
7# f.microphone :none
8# f.usb :none
9# f.fullscreen :self
10# f.payment :self, "https://secure.example.com"
11# end