[#45463] Add rails upgrade initializer files

Nothing activated for now. We are still running mostly on Rails 4.2 defaults.
2 years ago · 3b6ed8f264
parent 8db2e22822
commit 3b6ed8f264
7 changed files with 478 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -52,6 +52,18 @@ module OpenProject
    # Application configuration should go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded.

+    # Initialize configuration defaults for a Rails version.
+    #
+    # This includes defaults for versions prior to the target version. See the
+    # configuration guide at
+    # https://guides.rubyonrails.org/configuring.html#versioned-default-values
+    # for the default values associated with a particular version.
+    #
+    # Currently, defaults from Rails 4.2 are applied. Goal is to reach 7.0
+    # defaults. Overridden defaults should be stored in specific initializers
+    # files. See https://community.openproject.org/wp/45463 for details.
+    # config.load_defaults 5.0
+
    # Sets up logging for STDOUT and configures the default logger formatter
    # so that all environments receive level and timestamp information
    #
--- a/config/initializers/new_framework_defaults_5_0.rb
+++ b/config/initializers/new_framework_defaults_5_0.rb
@ -0,0 +1,37 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 5.0 upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `5.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-per-form-csrf-tokens
+# Enable per-form CSRF tokens. Previous versions had false. Rails 5.0+ default
+# is true.
+# Rails.application.config.action_controller.per_form_csrf_tokens = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-forgery-protection-origin-check
+# Enable origin-checking CSRF mitigation. Previous versions had false. Rails
+# 5.0+ default is true.
+# Rails.application.config.action_controller.forgery_protection_origin_check = true
+
+# https://guides.rubyonrails.org/configuring.html#activesupport-to-time-preserves-timezone
+# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
+# Previous versions had false. Rails 5.0+ default is true.
+# ActiveSupport.to_time_preserves_timezone = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-belongs-to-required-by-default
+# Require `belongs_to` associations by default. Previous versions had false.
+# Rails 5.0+ default is true.
+# Rails.application.config.active_record.belongs_to_required_by_default = true
+
+# https://guides.rubyonrails.org/configuring.html#config-ssl-options
+# Configure SSL options to enable HSTS with subdomains. Previous versions had
+# false. Rails 5.0+ default is `subdomains: true` to apply HSTS to subdomains.
+# Please note that OpenProject sets it through secure_headers gem: look in
+# config/initializers/secure_headers.rb:9
+# Rails.application.config.ssl_options = { hsts: { subdomains: true } }
--- a/config/initializers/new_framework_defaults_5_1.rb
+++ b/config/initializers/new_framework_defaults_5_1.rb
@ -0,0 +1,19 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 5.1 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-form-with-generates-remote-forms
+# Make `form_with` generate non-remote forms. Previous versions had false.
+# Rails 5.1, 5.2, and 6.0 default is true. Rails 6.1+ default is false.
+# Let's keep it false as it is the definitive default
+# Rails.application.config.action_view.form_with_generates_remote_forms = true
+
+# https://guides.rubyonrails.org/configuring.html#config-assets-unknown-asset-fallback
+# Unknown asset fallback will return the path passed in when the given
+# asset is not present in the asset pipeline. Previous versions had true.
+# Rails 5.1+ default is false.
+# Rails.application.config.assets.unknown_asset_fallback = false
--- a/config/initializers/new_framework_defaults_5_2.rb
+++ b/config/initializers/new_framework_defaults_5_2.rb
@ -0,0 +1,49 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 5.2 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-cache-versioning
+# Make Active Record use stable #cache_key alongside new #cache_version method.
+# This is needed for recyclable cache keys. Previous versions had false.
+# Rails 5.2+ default is true.
+# Rails.application.config.active_record.cache_versioning = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-use-authenticated-cookie-encryption
+# Use AES-256-GCM authenticated encryption for encrypted cookies.
+# Also, embed cookie expiry in signed or encrypted cookies for increased security.
+#
+# This option is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 5.2.
+#
+# Existing cookies will be converted on read then written with the new scheme.
+# Previous versions had false. Rails 5.2+ default is true.
+# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-use-authenticated-message-encryption
+# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
+# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
+# Previous versions had false. Rails 5.2+ default is true.
+# Rails.application.config.active_support.use_authenticated_message_encryption = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-default-protect-from-forgery
+# Add default protection from forgery to ActionController::Base instead of in
+# ApplicationController.
+# Previous versions had false. Rails 5.2+ default is true.
+# Rails.application.config.action_controller.default_protect_from_forgery = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-hash-digest-class
+# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
+# Previous versions had false (OpenSSL::Digest::MD5).
+# Rails 5.2 to 6.1 default is true (OpenSSL::Digest::SHA1).
+# Rails 7.0 started using `config.active_support.hash_digest_class = OpenSSL::Digest::SHA256` instead
+# and removed `Rails.application.config.active_support.use_sha1_digests` setting
+# Rails.application.config.active_support.use_sha1_digests = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-form-with-generates-ids
+# Make `form_with` generate id attributes for any generated HTML tags.
+# Previous versions had false. Rails 5.2+ default is true.
+# Rails.application.config.action_view.form_with_generates_ids = true
--- a/config/initializers/new_framework_defaults_6_0.rb
+++ b/config/initializers/new_framework_defaults_6_0.rb
@ -0,0 +1,67 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 6.0 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-default-enforce-utf8
+# Don't force requests from old versions of IE to be UTF-8 encoded.
+# Previous versions had true. Rails 6.0+ default is false.
+# Rails.application.config.action_view.default_enforce_utf8 = false
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-use-cookies-with-metadata
+# Embed purpose and expiry metadata inside signed and encrypted
+# cookies for increased security.
+#
+# This option is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 6.0.
+# Rails 6.0+ default is true.
+# Rails.application.config.action_dispatch.use_cookies_with_metadata = true
+
+# Change the return value of `ActionDispatch::Response#content_type` to Content-Type header without modification.
+# Rails.application.config.action_dispatch.return_only_media_type_on_content_type = false
+
+# Return false instead of self when enqueuing is aborted from a callback.
+# Rails.application.config.active_job.return_false_on_aborted_enqueue = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-queues-analysis
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-queues-purge
+# Send Active Storage analysis and purge jobs to dedicated queues.
+#
+# Rails 6.0 default is :active_storage_analysis.
+# Rails 6.1+ default is nil (when nil, purge jobs are sent to the default
+# Active Job queue (see config.active_job.default_queue_name))
+# Rails.application.config.active_storage.queues.analysis = :active_storage_analysis
+#
+# Rails 6.0 default is :active_storage_purge.
+# Rails 6.1+ default is nil (when nil, analysis jobs are sent to the default
+# Active Job queue (see config.active_job.default_queue_name))
+# Rails.application.config.active_storage.queues.purge = :active_storage_purge
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-replace-on-assign-to-many
+# When assigning to a collection of attachments declared via `has_many_attached`, replace existing
+# attachments instead of appending. Use #attach to add new attachments without replacing existing ones.
+# Previous versions had false. Rails 6.0+ default is true.
+# Rails.application.config.active_storage.replace_on_assign_to_many = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-mailer-delivery-job
+# Use ActionMailer::MailDeliveryJob for sending parameterized and normal mail.
+#
+# The default delivery jobs (ActionMailer::Parameterized::DeliveryJob, ActionMailer::DeliveryJob),
+# will be removed in Rails 6.1. This setting is not backwards compatible with earlier Rails versions.
+# If you send mail in the background, job workers need to have a copy of
+# MailDeliveryJob to ensure all delivery jobs are processed properly.
+# Make sure your entire app is migrated and stable on 6.0 before using this setting.
+# Rails.application.config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-collection-cache-versioning
+# Enable the same cache key to be reused when the object being cached of type
+# `ActiveRecord::Relation` changes by moving the volatile information (max updated at and count)
+# of the relation's cache key into the cache version to support recycling cache key.
+# Previous versions had false. Rails 6.0+ default is true.
+# Rails.application.config.active_record.collection_cache_versioning = true
+
+# Enable the new autoloader zeitwerk for autoloading and reloading constants
+# Rails.application.config.autoloader = :zeitwerk if RUBY_ENGINE == "ruby"
--- a/config/initializers/new_framework_defaults_6_1.rb
+++ b/config/initializers/new_framework_defaults_6_1.rb
@ -0,0 +1,102 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 6.1 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-has-many-inversing
+# Support for inversing belongs_to -> has_many Active Record associations.
+# Previous versions had false. Rails 6.1+ default is true.
+# Rails.application.config.active_record.has_many_inversing = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-track-variants
+# Track Active Storage variants in the database.
+# Previous versions had false. Rails 6.1+ default is true.
+# Rails.application.config.active_storage.track_variants = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-job-retry-jitter
+# Apply random variation to the delay when retrying failed jobs.
+# Previous versions had 0.0. Rails 6.1+ default is 0.15.
+# Rails.application.config.active_job.retry_jitter = 0.15
+
+# Stop executing `after_enqueue`/`after_perform` callbacks if
+# `before_enqueue`/`before_perform` respectively halts with `throw :abort`.
+# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-cookies-same-site-protection
+# Specify cookies SameSite protection level: either :none, :lax, or :strict.
+#
+# This change is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 6.1.
+# Previous versions had nil. Rails 6.1+ default is :lax.
+# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-urlsafe-csrf-tokens
+# Generate CSRF tokens that are encoded in URL-safe Base64.
+#
+# This change is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 6.1.
+# Previous versions had false. Rails 6.1+ default is true.
+# Rails.application.config.action_controller.urlsafe_csrf_tokens = true
+
+# https://guides.rubyonrails.org/configuring.html#activesupport-utc-to-local-returns-utc-offset-times
+# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an
+# UTC offset or a UTC time.
+# Previous versions had false. Rails 6.1+ default is true.
+# ActiveSupport.utc_to_local_returns_utc_offset_times = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-ssl-default-redirect-status
+# Change the default HTTP status code to `308` when redirecting non-GET/HEAD
+# requests to HTTPS in `ActionDispatch::SSL` middleware.
+# Previous versions used 307. Rails 6.1+ default is 308.
+# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-legacy-connection-handling
+# Use new connection handling API. For most applications this won't have any
+# effect. For applications using multiple databases, this new API provides
+# support for granular connection swapping.
+# Previous versions had false. Rails 6.1+ default is true.
+# Rails.application.config.active_record.legacy_connection_handling = false
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-form-with-generates-remote-forms
+# Make `form_with` generate non-remote forms by default.
+# Rails 5.1 to 6.0 default was true. Rails 6.1+ default is false.
+# Rails.application.config.action_view.form_with_generates_remote_forms = false
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-queues-analysis
+# Set the default queue name for the analysis job to the queue adapter default.
+# Rails 6.0 used :active_storage_analysis.
+# Rails 6.1+ default is nil (when nil, default Active Job queue is used).
+# Rails.application.config.active_storage.queues.analysis = nil
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-queues-purge
+# Set the default queue name for the purge job to the queue adapter default.
+# Rails 6.0 used :active_storage_purge.
+# Rails 6.1+ default is nil (when nil, default Active Job queue is used).
+# Rails.application.config.active_storage.queues.purge = nil
+
+# https://guides.rubyonrails.org/configuring.html#config-action-mailbox-queues-incineration
+# Set the default queue name for the incineration job to the queue adapter default.
+# Previous versions used :action_mailbox_incineration.
+# Rails 6.1+ default is nil (when nil, default Active Job queue is used).
+# Rails.application.config.action_mailbox.queues.incineration = nil
+
+# https://guides.rubyonrails.org/configuring.html#config-action-mailbox-queues-routing
+# Set the default queue name for the routing job to the queue adapter default.
+# Previous versions used :action_mailbox_routing.
+# Rails 6.1+ default is nil (when nil, default Active Job queue is used).
+# Rails.application.config.action_mailbox.queues.routing = nil
+
+# https://guides.rubyonrails.org/configuring.html#config-action-mailer-deliver-later-queue-name
+# Set the default queue name for the mail deliver job to the queue adapter default.
+# Previous versions used :mailers.
+# Rails 6.1+ default is nil (when nil, default Active Job queue is used).
+# Rails.application.config.action_mailer.deliver_later_queue_name = nil
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-preload-links-header
+# Generate a `Link` header that gives a hint to modern browsers about
+# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`.
+# Previous versions had false. Rails 6.1+ default is true.
+# Rails.application.config.action_view.preload_links_header = true
--- a/config/initializers/new_framework_defaults_7_0.rb
+++ b/config/initializers/new_framework_defaults_7_0.rb
@ -0,0 +1,192 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.0 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-button-to-generates-button-tag
+# `button_to` view helper will render `<button>` element, regardless of whether
+# or not the content is passed as the first argument or as a block.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.action_view.button_to_generates_button_tag = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-view-apply-stylesheet-media-default
+# `stylesheet_link_tag` view helper will not render the media attribute by default.
+# Previous versions had true. Rails 7.0+ default is false.
+# Rails.application.config.action_view.apply_stylesheet_media_default = false
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-key-generator-hash-digest-class
+# Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
+# Changing this default means invalidate all encrypted messages generated by
+# your application and, all the encrypted cookies. Only change this after you
+# rotated all the messages using the key rotator.
+#
+# See upgrading guide for more information on how to build a rotator.
+# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
+# Previous versions had OpenSSL::Digest::SHA1.
+# Rails 7.0+ default is OpenSSL::Digest::SHA256.
+# Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-hash-digest-class
+# Change the digest class for ActiveSupport::Digest.
+# Changing this default means that for example Etags change and
+# various cache keys leading to cache invalidation.
+# Rails 5.1 and before used OpenSSL::Digest::MD5.
+# Rails 5.2 to 6.1 default is OpenSSL::Digest::SHA1.
+# Rails 7.0+ default is OpenSSL::Digest::SHA256.
+# Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-remove-deprecated-time-with-zone-name
+# Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
+# implementation.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-executor-around-test-case
+# Calls `Rails.application.executor.wrap` around test cases.
+# This makes test cases behave closer to an actual request or job.
+# Several features that are normally disabled in test, such as Active Record query cache
+# and asynchronous queries will then be enabled.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_support.executor_around_test_case = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-isolation-level
+# Define the isolation level of most of Rails internal state.
+# If you use a fiber based server or job processor, you should set it to `:fiber`.
+# Otherwise the default of `:thread` if preferable.
+# Previous versions had :thread. Rails 7.0+ default is :fiber.
+# Rails.application.config.active_support.isolation_level = :thread
+
+# https://guides.rubyonrails.org/configuring.html#config-action-mailer-smtp-timeout
+# Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
+# Previous versions had nil. Rails 7.0+ default is 5.
+# Rails.application.config.action_mailer.smtp_timeout = 5
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-video-preview-arguments
+# The ActiveStorage video previewer will now use scene change detection to generate
+# better preview images (rather than the previous default of using the first frame
+# of the video).
+# Previous versions used "-y -vframes 1 -f image2".
+# Rails.application.config.active_storage.video_preview_arguments =
+#   "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-automatic-scope-inversing
+# Automatically infer `inverse_of` for associations with a scope.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_record.automatic_scope_inversing = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-verify-foreign-keys-for-fixtures
+# Raise when running tests if fixtures contained foreign key violations
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-record-partial-inserts
+# Disable partial inserts.
+# This default means that all columns will be referenced in INSERT queries
+# regardless of whether they have a default or not.
+# Previous versions had true. Rails 7.0+ default is false.
+# Rails.application.config.active_record.partial_inserts = false
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-raise-on-open-redirects
+# Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.action_controller.raise_on_open_redirects = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-variant-processor
+# Change the variant processor for Active Storage.
+# Changing this default means updating all places in your code that
+# generate variants to use image processing macros and ruby-vips
+# operations. See the upgrading guide for detail on the changes required.
+# The `:mini_magick` option is not deprecated; it's fine to keep using it.
+# Previous versions had :mini_magick. Rails 7.0+ default is :vips.
+# Rails.application.config.active_storage.variant_processor = :vips
+
+# https://guides.rubyonrails.org/configuring.html#config-action-controller-wrap-parameters-by-default
+# Enable parameter wrapping for JSON.
+# Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
+# To disable parameter wrapping entirely, set this config to `false`.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.action_controller.wrap_parameters_by_default = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids
+# Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
+# `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
+#
+# See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
+# more information.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-default-headers
+# Change the default headers to disable browsers' flawed legacy XSS protection.
+# Rails.application.config.action_dispatch.default_headers = {
+#   "X-Frame-Options" => "SAMEORIGIN",
+#   "X-XSS-Protection" => "0",
+#   "X-Content-Type-Options" => "nosniff",
+#   "X-Download-Options" => "noopen",
+#   "X-Permitted-Cross-Domain-Policies" => "none",
+#   "Referrer-Policy" => "strict-origin-when-cross-origin"
+# }
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-cache-format-version
+# ** Please read carefully, this must be configured in config/application.rb **
+# Change the format of the cache entry.
+# Changing this default means that all new cache entries added to the cache
+# will have a different format that is not supported by Rails 6.1 applications.
+# Only change this value after your application is fully deployed to Rails 7.0
+# and you have no plans to rollback.
+# When you're ready to change format, add this to `config/application.rb` (NOT this file):
+#  config.active_support.cache_format_version = 7.0
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-cookies-serializer
+# Cookie serializer: 2 options
+#
+# If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
+# is `:marshal`. The default for new apps is `:json`.
+#
+# Rails.application.config.action_dispatch.cookies_serializer = :json
+#
+#
+# To migrate an existing application to the `:json` serializer, use the `:hybrid` option.
+#
+# Rails transparently deserializes existing (Marshal-serialized) cookies on read and
+# re-writes them in the JSON format.
+#
+# It is fine to use `:hybrid` long term; you should do that until you're confident *all* your cookies
+# have been converted to JSON. To keep using `:hybrid` long term, move this config to its own
+# initializer or to `config/application.rb`.
+#
+# Rails.application.config.action_dispatch.cookies_serializer = :hybrid
+#
+#
+# If your cookies can't yet be serialized to JSON, keep using `:marshal` for backward-compatibility.
+#
+# If you have configured the serializer elsewhere, you can remove this section of the file.
+#
+# See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
+
+# https://guides.rubyonrails.org/configuring.html#config-action-dispatch-return-only-request-media-type-on-content-type
+# Change the return value of `ActionDispatch::Request#content_type` to the Content-Type header without modification.
+# Previous versions had true. Rails 7.0+ default is false.
+# Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type = false
+
+# https://guides.rubyonrails.org/configuring.html#config-active-storage-multiple-file-field-include-hidden
+# Active Storage `has_many_attached` relationships will default to replacing the current
+# collection instead of appending to it. Thus, to support submitting an empty collection,
+# the `file_field` helper will render an hidden field `include_hidden` by default when
+# `multiple_file_field_include_hidden` is set to `true`.
+# See https://guides.rubyonrails.org/configuring.html#config-active-storage-multiple-file-field-include-hidden
+# for more information.
+# Previous versions had false. Rails 7.0+ default is true.
+# Rails.application.config.active_storage.multiple_file_field_include_hidden = true
+
+# https://guides.rubyonrails.org/configuring.html#config-active-support-disable-to-s-conversion
+# ** Please read carefully, this must be configured in config/application.rb (NOT this file) **
+# Disables the deprecated #to_s override in some Ruby core classes
+# See https://guides.rubyonrails.org/configuring.html#config-active-support-disable-to-s-conversion for more information.
+# config.active_support.disable_to_s_conversion = true