mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #45385 from skipkayhil/refine-configuring-docs-2 

Add docs for all Application::Configuration attr [ci skip]
This commit is contained in:
Rafael Mendonça França 2022-06-29 18:07:27 -04:00 committed by GitHub
parent 2d2fd947d4 db0f2a48a4
commit 4755259a65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 156 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
guides/source/configuring.md
View File

@ -147,28 +147,6 @@ Below are the default values associated with each target version. In cases of co
The following configuration methods are to be called on a `Rails::Railtie` object, such as a subclass of `Rails::Engine` or `Rails::Application`.
#### `config.after_initialize`
Takes a block which will be run _after_ Rails has finished initializing the application. That includes the initialization of the framework itself, engines, and all the application's initializers in `config/initializers`. Note that this block _will_ be run for rake tasks. Useful for configuring values set up by other initializers:
```ruby
config.after_initialize do
ActionView::Base.sanitized_allowed_tags.delete 'div'
end
```
#### `config.asset_host`
Sets the host for the assets. Useful when CDNs are used for hosting assets, or when you want to work around the concurrency constraints built-in in browsers using different domain aliases. Shorter version of `config.action_controller.asset_host`.
#### `config.autoload_once_paths`
Accepts an array of paths from which Rails will autoload constants that won't be wiped per request. Relevant if reloading is enabled, which it is by default in the `development` environment. Otherwise, all autoloading happens only once. All elements of this array must also be in `autoload_paths`. Default is an empty array.
#### `config.autoload_paths`
Accepts an array of paths from which Rails will autoload constants. Default is an empty array. Since [Rails 6](upgrading_ruby_on_rails.html#autoloading), it is not recommended to adjust this. See [Autoloading and Reloading Constants](autoloading_and_reloading_constants.html#autoload-paths).
#### `config.add_autoload_paths_to_load_path`
Says whether autoload paths have to be added to `$LOAD_PATH`. It is recommended to be set to `false` in `:zeitwerk` mode early, in `config/application.rb`. Zeitwerk uses absolute paths internally, and applications running in `:zeitwerk` mode do not need `require_dependency`, so models, controllers, jobs, etc. do not need to be in `$LOAD_PATH`. Setting this to `false` saves Ruby from checking these directories when resolving `require` calls with relative paths, and saves Bootsnap work and RAM, since it does not need to build an index for them.
@ -180,21 +158,47 @@ The default value depends on the `config.load_defaults` target version:
| (original) | `true` |
| 7.1 | `false` |
#### `config.enable_reloading`
#### `config.after_initialize`
If `config.enable_reloading` is true, application classes and modules are reloaded in between web requests if they change. Defaults to `true` in the `development` environment, and `false` in the `production` environment.
Takes a block which will be run _after_ Rails has finished initializing the application. That includes the initialization of the framework itself, engines, and all the application's initializers in `config/initializers`. Note that this block _will_ be run for rake tasks. Useful for configuring values set up by other initializers:
The predicate `config.reloading_enabled?` is also defined.
```ruby
config.after_initialize do
ActionView::Base.sanitized_allowed_tags.delete 'div'
end
```
#### `config.cache_classes`
#### `config.allow_concurrency`
Old setting equivalent to `!config.enable_reloading`. Supported for backwards compatibility.
Controls whether requests should be handled concurrently. This should only
be set to `false` if application code is not thread safe. Defaults to `true`.
#### `config.asset_host`
Sets the host for the assets. Useful when CDNs are used for hosting assets, or when you want to work around the concurrency constraints built-in in browsers using different domain aliases. Shorter version of `config.action_controller.asset_host`.
#### `config.autoflush_log`
Enables writing log file output immediately instead of buffering. Defaults to
`true`.
#### `config.autoload_once_paths`
Accepts an array of paths from which Rails will autoload constants that won't be wiped per request. Relevant if reloading is enabled, which it is by default in the `development` environment. Otherwise, all autoloading happens only once. All elements of this array must also be in `autoload_paths`. Default is an empty array.
#### `config.autoload_paths`
Accepts an array of paths from which Rails will autoload constants. Default is an empty array. Since [Rails 6](upgrading_ruby_on_rails.html#autoloading), it is not recommended to adjust this. See [Autoloading and Reloading Constants](autoloading_and_reloading_constants.html#autoload-paths).
#### `config.beginning_of_week`
Sets the default beginning of week for the
application. Accepts a valid day of week as a symbol (e.g. `:monday`).
#### `config.cache_classes`
Old setting equivalent to `!config.enable_reloading`. Supported for backwards compatibility.
#### `config.cache_store`
Configures which cache store to use for Rails caching. Options include one of the symbols `:memory_store`, `:file_store`, `:mem_cache_store`, `:null_store`, `:redis_cache_store`, or an object that implements the cache API. Defaults to `:file_store`. See [Cache Stores](caching_with_rails.html#cache-stores) for per-store configuration options.
@ -220,6 +224,31 @@ console do
end
```
#### `config.content_security_policy_nonce_directives`
See [Adding a Nonce](security.html#adding-a-nonce) in the Security Guide
#### `config.content_security_policy_nonce_generator`
See [Adding a Nonce](security.html#adding-a-nonce) in the Security Guide
#### `config.content_security_policy_report_only`
See [Reporting Violations](security.html#reporting-violations) in the Security
Guide
#### `config.credentials.content_path`
Configures lookup path for encrypted credentials.
#### `config.credentials.key_path`
Configures lookup path for encryption key.
#### `config.debug_exception_response_format`
Sets the format used in responses when errors occur in the development environment. Defaults to `:api` for API only apps and `:default` for normal apps.
#### `config.disable_sandbox`
Controls whether or not someone can start a console in sandbox mode. This is helpful to avoid a long running session of sandbox console, that could lead a database server to run out of memory. Defaults to `false`.
@ -236,6 +265,12 @@ Registers namespaces that are eager loaded when `config.eager_load` is set to `t
Accepts an array of paths from which Rails will eager load on boot if `config.eager_load` is true. Defaults to every folder in the `app` directory of the application.
#### `config.enable_reloading`
If `config.enable_reloading` is true, application classes and modules are reloaded in between web requests if they change. Defaults to `true` in the `development` environment, and `false` in the `production` environment.
The predicate `config.reloading_enabled?` is also defined.
#### `config.encoding`
Sets up the application-wide encoding. Defaults to UTF-8.
@ -244,10 +279,6 @@ Sets up the application-wide encoding. Defaults to UTF-8.
Sets the exceptions application invoked by the `ShowException` middleware when an exception happens. Defaults to `ActionDispatch::PublicExceptions.new(Rails.public_path)`.
#### `config.debug_exception_response_format`
Sets the format used in responses when errors occur in the development environment. Defaults to `:api` for API only apps and `:default` for normal apps.
#### `config.file_watcher`
Is the class used to detect file updates in the file system when `config.reload_classes_only_on_change` is `true`. Rails ships with `ActiveSupport::FileUpdateChecker`, the default, and `ActiveSupport::EventedFileUpdateChecker` (this one depends on the [listen](https://github.com/guard/listen) gem). Custom classes must conform to the `ActiveSupport::FileUpdateChecker` API.
@ -268,10 +299,37 @@ Rails.application.config.filter_parameters += [
Parameters filter works by partial matching regular expression.
#### `config.filter_redirect`
Used for filtering out redirect urls from application logs.
```ruby
Rails.application.config.filter_redirect += ['s3.amazonaws.com', /private-match/]
```
The redirect filter works by testing that urls include strings or match regular
expressions.
#### `config.force_ssl`
Forces all requests to be served over HTTPS, and sets "https://" as the default protocol when generating URLs. Enforcement of HTTPS is handled by the `ActionDispatch::SSL` middleware, which can be configured via `config.ssl_options`.
#### `config.helpers_paths`
Defines an array of additional paths to load view helpers.
#### `config.host_authorization`
Accepts a hash of options to configure the [HostAuthorization
middleware](#actiondispatch-hostauthorization)
#### `config.hosts`
An array of strings, regular expressions, or `IPAddr` used to validate the
`Host` header. Used by the [HostAuthorization
middleware](#actiondispatch-hostauthorization) to help prevent DNS rebinding
attacks.
#### `config.javascript_path`
Sets the path where your app's JavaScript lives relative to the `app` directory. The default is `javascript`, used by [webpacker](https://github.com/rails/webpacker). An app's configured `javascript_path` will be excluded from `autoload_paths`.
@ -314,21 +372,44 @@ config.logger = ActiveSupport::TaggedLogging.new(mylogger)
Allows you to configure the application's middleware. This is covered in depth in the [Configuring Middleware](#configuring-middleware) section below.
#### `config.public_file_server.enabled`
Configures Rails to serve static files from the public directory. This option defaults to `true`, but in the production environment it is set to `false` because the server software (e.g. NGINX or Apache) used to run the application should serve static files instead. If you are running or testing your app in production using WEBrick (it is not recommended to use WEBrick in production) set the option to `true`. Otherwise, you won't be able to use page caching and request for files that exist under the public directory.
#### `config.railties_order`
Allows manually specifying the order that Railties/Engines are loaded. The
default value is `[:all]`.
```ruby
config.railties_order = [Blog::Engine, :main_app, :all]
```
#### `config.rake_eager_load`
When `true`, eager load the application when running Rake tasks. Defaults to `false`.
#### `config.read_encrypted_secrets`
*DEPRECATED*: You should be using
[credentials](https://guides.rubyonrails.org/security.html#custom-credentials)
instead of encrypted secrets.
When `true`, will try to read encrypted secrets from `config/secrets.yml.enc`
#### `config.relative_url_root`
Can be used to tell Rails that you are [deploying to a subdirectory](
configuring.html#deploy-to-a-subdirectory-relative-url-root). The default
is `ENV['RAILS_RELATIVE_URL_ROOT']`.
#### `config.reload_classes_only_on_change`
Enables or disables reloading of classes only when tracked files change. By default tracks everything on autoload paths and is set to `true`. If `config.enable_reloading` is `false`, this option is ignored.
#### `config.credentials.content_path`
#### `config.require_master_key`
Configures lookup path for encrypted credentials.
#### `config.credentials.key_path`
Configures lookup path for encryption key.
Causes the app to not boot if a master key hasn't been made available through `ENV["RAILS_MASTER_KEY"]` or the `config/master.key` file.
#### `config.secret_key_base`
@ -338,13 +419,20 @@ in `config/credentials.yml.enc`. See the [`secret_key_base` API documentation](
https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base)
for more information and alternative configuration methods.
#### `config.require_master_key`
#### `config.server_timing`
Causes the app to not boot if a master key hasn't been made available through `ENV["RAILS_MASTER_KEY"]` or the `config/master.key` file.
When `true`, adds the [ServerTiming middleware](#actiondispatch-servertiming)
to the middleware stack
#### `config.public_file_server.enabled`
#### `config.session_options`
Configures Rails to serve static files from the public directory. This option defaults to `true`, but in the production environment it is set to `false` because the server software (e.g. NGINX or Apache) used to run the application should serve static files instead. If you are running or testing your app in production using WEBrick (it is not recommended to use WEBrick in production) set the option to `true`. Otherwise, you won't be able to use page caching and request for files that exist under the public directory.
Additional options passed to `config.session_store`. You should use
`config.session_store` to set this instead of modifying it yourself.
```ruby
config.session_store :cookie_store, key: "_your_app_session"
config.session_options # => {key: "_your_app_session"}
```
#### `config.session_store`
@ -380,6 +468,17 @@ The default value depends on the `config.load_defaults` target version:
Sets the default time zone for the application and enables time zone awareness for Active Record.
#### `config.x`
Used to easily add nested custom configuration to the application config object
```ruby
config.x.payment_processing.schedule = :daily
Rails.configuration.x.payment_processing.schedule # => :daily
```
See [Custom Configuration](#custom-configuration)
### Configuring Assets
#### `config.assets.css_compressor`
@ -541,6 +640,11 @@ Rails.application.config.host_authorization = {
}
```
#### `ActionDispatch::ServerTiming`
Adds metrics to the `Server-Timing` header to be viewed in the dev tools of a
browser.
#### `ActionDispatch::SSL`
Forces every request to be served using HTTPS. Enabled if `config.force_ssl` is set to `true`. Options passed to this can be configured by setting `config.ssl_options`.
@ -1168,7 +1272,9 @@ The default value depends on the `config.load_defaults` target version:
#### `config.action_controller.relative_url_root`
Can be used to tell Rails that you are [deploying to a subdirectory](configuring.html#deploy-to-a-subdirectory-relative-url-root). The default is `ENV['RAILS_RELATIVE_URL_ROOT']`.
Can be used to tell Rails that you are [deploying to a subdirectory](
configuring.html#deploy-to-a-subdirectory-relative-url-root). The default is
[`config.relative_url_root`](#config-relative-url-root).
#### `config.action_controller.permit_all_parameters`

8
guides/source/security.md
View File

@ -1253,6 +1253,14 @@ This generation method is compatible with ETags, however its security depends on
the session id being sufficiently random and not being exposed in insecure
cookies.
By default, nonces will be applied to `script-src` and `style-src` if a nonce
generator is defined. `config.content_security_policy_nonce_directives` can be
used to change which directives will use nonces:
```ruby
Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
```
Once nonce generation is configured in an initializer, automatic nonce values
can be added to script tags by passing `nonce: true` as part of `html_options`: