DEV: Upgrade to Rails 7

This patch upgrades Rails to version 7.0.2.4.
2025-02-25 18:55:32 -06:00 · 2022-03-21 15:28:52 +01:00
parent 532f9cdb1a
commit 008b700a3f
99 changed files with 724 additions and 691 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -68,7 +68,7 @@ class ApplicationController < ActionController::Base
  def use_crawler_layout?
    @use_crawler_layout ||=
      request.user_agent &&
-      (request.content_type.blank? || request.content_type.include?('html')) &&
+      (request.media_type.blank? || request.media_type.include?('html')) &&
      !['json', 'rss'].include?(params[:format]) &&
      (has_escaped_fragment? || params.key?("print") || show_browser_update? ||
      CrawlerDetection.crawler?(request.user_agent, request.headers["HTTP_VIA"])
@@ -287,7 +287,7 @@ class ApplicationController < ActionController::Base
      # cause category / topic was deleted
      if permalink.present? && permalink.target_url
        # permalink present, redirect to that URL
-        redirect_with_client_support permalink.target_url, status: :moved_permanently
+        redirect_with_client_support permalink.target_url, status: :moved_permanently, allow_other_host: true
        return
      end
    end
@@ -834,7 +834,7 @@ class ApplicationController < ActionController::Base
      end

      if UserApiKey.allowed_scopes.superset?(Set.new(["one_time_password"]))
-        redirect_to("#{params[:auth_redirect]}?otp=true")
+        redirect_to("#{params[:auth_redirect]}?otp=true", allow_other_host: true)
        return
      end
    end
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true

 class PostsController < ApplicationController
+  # Bug with Rails 7+
+  # see https://github.com/rails/rails/issues/44867
+  self._flash_types -= [:notice]

  requires_login except: [
    :show,
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -33,7 +33,7 @@ class SessionController < ApplicationController
      if SiteSetting.verbose_discourse_connect_logging
        Rails.logger.warn("Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}")
      end
-      redirect_to sso_url(sso)
+      redirect_to sso_url(sso), allow_other_host: true
    else
      render body: nil, status: 404
    end
@@ -69,14 +69,14 @@ class SessionController < ApplicationController
        # for the login modal
        cookies[:sso_destination_url] = data[:sso_redirect_url]
      else
-        redirect_to data[:sso_redirect_url]
+        redirect_to data[:sso_redirect_url], allow_other_host: true
      end
    elsif result.no_second_factors_enabled?
      if request.xhr?
        # for the login modal
        cookies[:sso_destination_url] = result.data[:sso_redirect_url]
      else
-        redirect_to result.data[:sso_redirect_url]
+        redirect_to result.data[:sso_redirect_url], allow_other_host: true
      end
    elsif result.second_factor_auth_completed?
      redirect_url = result.data[:sso_redirect_url]
@@ -169,7 +169,7 @@ class SessionController < ApplicationController
        # they are already pre-approved because they have been invited
        if SiteSetting.must_approve_users? && !user.approved? && invite.blank?
          if SiteSetting.discourse_connect_not_approved_url.present?
-            redirect_to SiteSetting.discourse_connect_not_approved_url
+            redirect_to SiteSetting.discourse_connect_not_approved_url, allow_other_host: true
          else
            render_sso_error(text: I18n.t("discourse_connect.account_not_approved"), status: 403)
          end
@@ -220,7 +220,7 @@ class SessionController < ApplicationController
          return_path = path("/")
        end

-        redirect_to return_path
+        redirect_to return_path, allow_other_host: true
      else
        render_sso_error(text: I18n.t("discourse_connect.not_found"), status: 500)
      end
@@ -583,7 +583,7 @@ class SessionController < ApplicationController
        redirect_url: redirect_url
      }
    else
-      redirect_to redirect_url
+      redirect_to redirect_url, allow_other_host: true
    end
  end

--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -30,7 +30,7 @@ class StaticController < ApplicationController
    if map.has_key?(@page)
      site_setting_key = map[@page][:redirect]
      url = SiteSetting.get(site_setting_key) if site_setting_key
-      return redirect_to(url) if url.present?
+      return redirect_to(url, allow_other_host: true) if url.present?
    end

    # The /guidelines route ALWAYS shows our FAQ, ignoring the faq_url site setting.
--- a/app/controllers/svg_sprite_controller.rb
+++ b/app/controllers/svg_sprite_controller.rb
@@ -15,7 +15,7 @@ class SvgSpriteController < ApplicationController
      theme_id = params[:theme_id].to_i if params[:theme_id].present?

      if SvgSprite.version(theme_id) != params[:version]
-        return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id)))
+        return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id))), allow_other_host: true
      end

      svg_sprite = "window.__svg_sprite = #{SvgSprite.bundle(theme_id).inspect};"
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -118,7 +118,7 @@ class UploadsController < ApplicationController
      if Discourse.store.internal?
        send_file_local_upload(upload)
      else
-        redirect_to Discourse.store.url_for(upload, force_download: force_download?)
+        redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true
      end
    else
      render_404
@@ -149,7 +149,7 @@ class UploadsController < ApplicationController
    # private, so we don't want to go to the CDN url just yet otherwise we
    # will get a 403. if the upload is not secure we assume the ACL is public
    signed_secure_url = Discourse.store.signed_url_for_path(path_with_ext)
-    redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url)
+    redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url), allow_other_host: true
  end

  def handle_secure_upload_request(upload, path_with_ext = nil)
@@ -166,14 +166,14 @@ class UploadsController < ApplicationController
    # url_for figures out the full URL, handling multisite DBs,
    # and will return a presigned URL for the upload
    if path_with_ext.blank?
-      return redirect_to Discourse.store.url_for(upload, force_download: force_download?)
+      return redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true
    end

    redirect_to Discourse.store.signed_url_for_path(
      path_with_ext,
      expires_in: S3Helper::DOWNLOAD_URL_EXPIRES_AFTER_SECONDS,
      force_download: force_download?
-    )
+    ), allow_other_host: true
  end

  def metadata
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@@ -97,7 +97,7 @@ class UserApiKeysController < ApplicationController
      query_attributes << "oneTimePassword=#{CGI.escape(otp_payload)}" if scopes.include?("one_time_password")
      uri.query = query_attributes.compact.join('&')

-      redirect_to(uri.to_s)
+      redirect_to(uri.to_s, allow_other_host: true)
    else
      respond_to do |format|
        format.html { render :show }
@@ -138,7 +138,7 @@ class UserApiKeysController < ApplicationController
    otp_payload = one_time_password(public_key, current_user.username)

    redirect_path = "#{params[:auth_redirect]}?oneTimePassword=#{CGI.escape(otp_payload)}"
-    redirect_to(redirect_path)
+    redirect_to(redirect_path, allow_other_host: true)
  end

  def revoke
--- a/app/controllers/user_avatars_controller.rb
+++ b/app/controllers/user_avatars_controller.rb
@@ -112,7 +112,7 @@ class UserAvatarsController < ApplicationController
    if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?
      closest = Discourse.avatar_sizes.to_a.min { |a, b| (size - a).abs <=> (size - b).abs }
      avatar_url = UserAvatar.local_avatar_url(hostname, user.encoded_username(lower: true), upload_id, closest)
-      return redirect_to cdn_path(avatar_url)
+      return redirect_to cdn_path(avatar_url), allow_other_host: true
    end

    upload = Upload.find_by(id: upload_id) if user&.user_avatar&.contains_upload?(upload_id)
@@ -120,7 +120,7 @@ class UserAvatarsController < ApplicationController

    if user.uploaded_avatar && !upload
      avatar_url = UserAvatar.local_avatar_url(hostname, user.encoded_username(lower: true), user.uploaded_avatar_id, size)
-      return redirect_to cdn_path(avatar_url)
+      return redirect_to cdn_path(avatar_url), allow_other_host: true
    elsif upload && optimized = get_optimized_image(upload, size)
      if optimized.local?
        optimized_path = Discourse.store.path_for(optimized)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1024,7 +1024,7 @@ class UsersController < ApplicationController
      if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
        return redirect_to(session_sso_provider_url + "?" + payload)
      elsif destination_url = cookies.delete(:destination_url)
-        return redirect_to(destination_url)
+        return redirect_to(destination_url, allow_other_host: true)
      else
        return redirect_to(path('/'))
      end
@@ -1086,7 +1086,7 @@ class UsersController < ApplicationController
        if Wizard.user_requires_completion?(@user)
          return redirect_to(wizard_path)
        elsif destination_url.present?
-          return redirect_to(destination_url)
+          return redirect_to(destination_url, allow_other_host: true)
        elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
          return redirect_to(session_sso_provider_url + "?" + payload)
        end