view config/initializers/new_framework_defaults.rb @ 211:e07f6ea17deb

Less xhtml more escaping It looks like some older tweets aren't quite escaped properly for xhtml. Example (assuming not deleted): https://twitter.com/aaaa/status/169688458900668416
author nanaya <me@nanaya.pro>
date Fri, 11 Dec 2020 03:31:25 +0900
parents d5a0d66ee457
children
line wrap: on
line source

# Be sure to restart your server when you modify this file.
#
# This file contains migration options to ease your Rails 5.0 upgrade.
#
# Read the Rails 5.0 release notes for more info on each option.

# Enable per-form CSRF tokens. Previous versions had false.
# Rails.application.config.action_controller.per_form_csrf_tokens = true

# Enable origin-checking CSRF mitigation. Previous versions had false.
# Rails.application.config.action_controller.forgery_protection_origin_check = true

# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
# Previous versions had false.
ActiveSupport.to_time_preserves_timezone = true

# Require `belongs_to` associations by default. Previous versions had false.
# Rails.application.config.active_record.belongs_to_required_by_default = true

# Do not halt callback chains when a callback returns false. Previous versions had true.
# ActiveSupport.halt_callback_chains_on_return_false = false

# Configure SSL options to enable HSTS with subdomains. Previous versions had false.
# Rails.application.config.ssl_options = { hsts: { subdomains: true } }