angular_csrf 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +54 -0
- data/Rakefile +6 -0
- data/lib/angular_csrf.rb +21 -0
- data/lib/generators/angular_csrf/USAGE +9 -0
- data/lib/generators/angular_csrf/angular_csrf_generator.rb +7 -0
- data/lib/generators/angular_csrf/templates/angular_csrf.rb +1 -0
- data/lib/version.rb +3 -0
- data/spec/angular_csrf_spec.rb +33 -0
- data/spec/rails_app/Gemfile +4 -0
- data/spec/rails_app/Gemfile.lock +86 -0
- data/spec/rails_app/Rakefile +6 -0
- data/spec/rails_app/app/assets/javascripts/application.js +13 -0
- data/spec/rails_app/app/assets/stylesheets/application.css +15 -0
- data/spec/rails_app/app/controllers/application_controller.rb +3 -0
- data/spec/rails_app/app/controllers/guinea_pig_controller.rb +14 -0
- data/spec/rails_app/app/helpers/application_helper.rb +2 -0
- data/spec/rails_app/app/views/layouts/application.html.erb +14 -0
- data/spec/rails_app/bin/bundle +3 -0
- data/spec/rails_app/bin/rails +4 -0
- data/spec/rails_app/bin/rake +4 -0
- data/spec/rails_app/config/application.rb +31 -0
- data/spec/rails_app/config/boot.rb +4 -0
- data/spec/rails_app/config/environment.rb +5 -0
- data/spec/rails_app/config/environments/development.rb +25 -0
- data/spec/rails_app/config/environments/production.rb +64 -0
- data/spec/rails_app/config/environments/test.rb +39 -0
- data/spec/rails_app/config/initializers/angular_csrf.rb +1 -0
- data/spec/rails_app/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/rails_app/config/initializers/cookies_serializer.rb +3 -0
- data/spec/rails_app/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/rails_app/config/initializers/inflections.rb +16 -0
- data/spec/rails_app/config/initializers/mime_types.rb +4 -0
- data/spec/rails_app/config/initializers/session_store.rb +3 -0
- data/spec/rails_app/config/initializers/wrap_parameters.rb +9 -0
- data/spec/rails_app/config/locales/en.yml +23 -0
- data/spec/rails_app/config/routes.rb +5 -0
- data/spec/rails_app/config/secrets.yml +22 -0
- data/spec/rails_app/config.ru +4 -0
- data/spec/rails_app/db/seeds.rb +7 -0
- data/spec/rails_app/log/development.log +20 -0
- data/spec/rails_app/log/test.log +1663 -0
- data/spec/rails_app/public/404.html +67 -0
- data/spec/rails_app/public/422.html +67 -0
- data/spec/rails_app/public/500.html +66 -0
- data/spec/rails_app/public/favicon.ico +0 -0
- data/spec/rails_app/public/robots.txt +5 -0
- data/spec/rails_helper.rb +5 -0
- data/spec/spec_helper.rb +88 -0
- metadata +177 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 95e75e2f469c61150a318e60a4ce6e371c4adefb
|
4
|
+
data.tar.gz: ed12d8d03ed7d95b1738e4002e499baa755409ce
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 941795f53de3d76c9621ccd1fae633e402b21b8d2ea606f9324a503ad256820ececa659743a9a0b3da0cb81c61fb4a50bb5418b1164fc429ead8d24d2fc38e0e
|
7
|
+
data.tar.gz: 1928154628be02e35c76c90c87c7f6d0c353b8b680e65a47e090b7afeaabdbfef779228580d27119db37c9cacd91aba0ef3d45d9b7b0c5026ed8273472a80207
|
data/README.md
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
angular_csrf
|
2
|
+
=============
|
3
|
+
|
4
|
+
Extends Rails CSRF protection to play nicely with AngularJS.
|
5
|
+
|
6
|
+
[![Build Status](https://travis-ci.org/Sinbadsoft/angular_csrf.svg)](https://travis-ci.org/Sinbadsoft/angular_csrf)
|
7
|
+
|
8
|
+
CSRF is an exploit that allows malicious websites to do unauthorized actions on a website that trusts the user.
|
9
|
+
The angular_csrf gem extends the CSRF protection in Rails to match the naming convention used in AngularJS for the HTTP
|
10
|
+
header and cookie token names
|
11
|
+
(see [Cookie-to-Header Token](http://en.wikipedia.org/wiki/Cross-site_request_forgery#Cookie-to-Header_Token) CSRF
|
12
|
+
protection strategy for more details).
|
13
|
+
|
14
|
+
Once installed, angular_csrf "just works": No need to change or configure neither the AngularJS javascript code nor the
|
15
|
+
Rails application.
|
16
|
+
|
17
|
+
angular_csrf has a very small footprint and has only the rails gem as dependency.
|
18
|
+
|
19
|
+
## Getting Started
|
20
|
+
|
21
|
+
1. Add the following line to your `Gemfile`:
|
22
|
+
```ruby
|
23
|
+
gem 'angular_csrf'
|
24
|
+
```
|
25
|
+
|
26
|
+
Run the bundle command to install it.
|
27
|
+
```sh
|
28
|
+
bundle install
|
29
|
+
```
|
30
|
+
2. Run the angular_csrf generator:
|
31
|
+
```sh
|
32
|
+
rails generate angular_csrf
|
33
|
+
```
|
34
|
+
|
35
|
+
The generator will install an initializer `initializers/angular_csrf.rb` which takes care of extending
|
36
|
+
the application controllers to handle the expected AngularJS CSRF protection data.
|
37
|
+
3. You are done! Your app CSRF protection now plays nicely with AngularJS.
|
38
|
+
|
39
|
+
## How it works
|
40
|
+
|
41
|
+
AngularJS [deals with CSRF protection](https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection) as follows:
|
42
|
+
* Reads the CSRF protection token form a cookie, by default `XSRF-TOKEN`
|
43
|
+
* Sends back the CSRF token as a http header, by default: `X-XSRF-TOKEN`
|
44
|
+
|
45
|
+
angular_csrf makes the Rails application or API set the expected cookie token and read validate the
|
46
|
+
http header sent by AngularJS. angular_csrf installs a Rails initializer
|
47
|
+
[that extends the application controllers](https://github.com/Sinbadsoft/angular_csrf/blob/master/lib/angular_csrf.rb)
|
48
|
+
to perform these tasks.
|
49
|
+
|
50
|
+
## License
|
51
|
+
|
52
|
+
Licensed under the [MIT License](http://opensource.org/licenses/MIT).
|
53
|
+
|
54
|
+
Copyright Sinbadsoft.
|
data/Rakefile
ADDED
data/lib/angular_csrf.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
module AngularCsrf
|
2
|
+
ANGULAR_CSRF_COOKIE_NAME = 'XSRF-TOKEN'
|
3
|
+
ANGULAR_CSRF_HEADER_NAME = 'X-XSRF-Token'
|
4
|
+
|
5
|
+
def self.setup
|
6
|
+
ActiveSupport.on_load(:action_controller) do
|
7
|
+
after_action :set_csrf_cookie_for_angular_js
|
8
|
+
|
9
|
+
define_method :set_csrf_cookie_for_angular_js do
|
10
|
+
cookies[ANGULAR_CSRF_COOKIE_NAME] = form_authenticity_token if protect_against_forgery?
|
11
|
+
end
|
12
|
+
private :set_csrf_cookie_for_angular_js
|
13
|
+
|
14
|
+
define_method :verified_request_with_angular_header? do
|
15
|
+
verified_request_without_angular_header? ||
|
16
|
+
form_authenticity_token == request.headers[ANGULAR_CSRF_HEADER_NAME]
|
17
|
+
end
|
18
|
+
alias_method_chain :verified_request?, :angular_header
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
AngularCsrf.setup
|
data/lib/version.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'rails_helper'
|
2
|
+
|
3
|
+
describe 'angular_csrf', type: :request do
|
4
|
+
it 'sets expected AngularJS csrf cookie' do
|
5
|
+
get '/'
|
6
|
+
expect(response.cookies[AngularCsrf::ANGULAR_CSRF_COOKIE_NAME]).to_not be_nil
|
7
|
+
expect(response.cookies[AngularCsrf::ANGULAR_CSRF_COOKIE_NAME]).to eq(session[:_csrf_token])
|
8
|
+
end
|
9
|
+
|
10
|
+
it 'checks AngularJS csrf http header for csrf protection' do
|
11
|
+
get '/'
|
12
|
+
post '/', { }, AngularCsrf::ANGULAR_CSRF_HEADER_NAME => session[:_csrf_token]
|
13
|
+
expect(response.status).to eq(201)
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'not modify behavior for default csrf http header' do
|
17
|
+
get '/'
|
18
|
+
post '/', { }, 'X-CSRF-Token' => session[:_csrf_token]
|
19
|
+
expect(response.status).to eq(201)
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'changes AngularJS csrf cookie value on csrf token change' do
|
23
|
+
get '/'
|
24
|
+
old_csrf_token = session[:_csrf_token]
|
25
|
+
|
26
|
+
post '/create_and_reset_session', { },
|
27
|
+
AngularCsrf::ANGULAR_CSRF_HEADER_NAME => response.cookies[AngularCsrf::ANGULAR_CSRF_COOKIE_NAME]
|
28
|
+
expect(response.status).to eq(201)
|
29
|
+
|
30
|
+
expect(response.cookies[AngularCsrf::ANGULAR_CSRF_COOKIE_NAME]).to_not eq(old_csrf_token)
|
31
|
+
expect(response.cookies[AngularCsrf::ANGULAR_CSRF_COOKIE_NAME]).to eq(session[:_csrf_token])
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
PATH
|
2
|
+
remote: ../../
|
3
|
+
specs:
|
4
|
+
angular_csrf (0.1.0)
|
5
|
+
rails (>= 3.1)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
actionmailer (4.1.7)
|
11
|
+
actionpack (= 4.1.7)
|
12
|
+
actionview (= 4.1.7)
|
13
|
+
mail (~> 2.5, >= 2.5.4)
|
14
|
+
actionpack (4.1.7)
|
15
|
+
actionview (= 4.1.7)
|
16
|
+
activesupport (= 4.1.7)
|
17
|
+
rack (~> 1.5.2)
|
18
|
+
rack-test (~> 0.6.2)
|
19
|
+
actionview (4.1.7)
|
20
|
+
activesupport (= 4.1.7)
|
21
|
+
builder (~> 3.1)
|
22
|
+
erubis (~> 2.7.0)
|
23
|
+
activemodel (4.1.7)
|
24
|
+
activesupport (= 4.1.7)
|
25
|
+
builder (~> 3.1)
|
26
|
+
activerecord (4.1.7)
|
27
|
+
activemodel (= 4.1.7)
|
28
|
+
activesupport (= 4.1.7)
|
29
|
+
arel (~> 5.0.0)
|
30
|
+
activesupport (4.1.7)
|
31
|
+
i18n (~> 0.6, >= 0.6.9)
|
32
|
+
json (~> 1.7, >= 1.7.7)
|
33
|
+
minitest (~> 5.1)
|
34
|
+
thread_safe (~> 0.1)
|
35
|
+
tzinfo (~> 1.1)
|
36
|
+
arel (5.0.1.20140414130214)
|
37
|
+
builder (3.2.2)
|
38
|
+
erubis (2.7.0)
|
39
|
+
hike (1.2.3)
|
40
|
+
i18n (0.6.11)
|
41
|
+
json (1.8.1)
|
42
|
+
mail (2.6.3)
|
43
|
+
mime-types (>= 1.16, < 3)
|
44
|
+
mime-types (2.4.3)
|
45
|
+
minitest (5.4.2)
|
46
|
+
multi_json (1.10.1)
|
47
|
+
rack (1.5.2)
|
48
|
+
rack-test (0.6.2)
|
49
|
+
rack (>= 1.0)
|
50
|
+
rails (4.1.7)
|
51
|
+
actionmailer (= 4.1.7)
|
52
|
+
actionpack (= 4.1.7)
|
53
|
+
actionview (= 4.1.7)
|
54
|
+
activemodel (= 4.1.7)
|
55
|
+
activerecord (= 4.1.7)
|
56
|
+
activesupport (= 4.1.7)
|
57
|
+
bundler (>= 1.3.0, < 2.0)
|
58
|
+
railties (= 4.1.7)
|
59
|
+
sprockets-rails (~> 2.0)
|
60
|
+
railties (4.1.7)
|
61
|
+
actionpack (= 4.1.7)
|
62
|
+
activesupport (= 4.1.7)
|
63
|
+
rake (>= 0.8.7)
|
64
|
+
thor (>= 0.18.1, < 2.0)
|
65
|
+
rake (10.3.2)
|
66
|
+
sprockets (2.12.3)
|
67
|
+
hike (~> 1.2)
|
68
|
+
multi_json (~> 1.0)
|
69
|
+
rack (~> 1.0)
|
70
|
+
tilt (~> 1.1, != 1.3.0)
|
71
|
+
sprockets-rails (2.2.0)
|
72
|
+
actionpack (>= 3.0)
|
73
|
+
activesupport (>= 3.0)
|
74
|
+
sprockets (>= 2.8, < 4.0)
|
75
|
+
thor (0.19.1)
|
76
|
+
thread_safe (0.3.4)
|
77
|
+
tilt (1.4.1)
|
78
|
+
tzinfo (1.2.2)
|
79
|
+
thread_safe (~> 0.1)
|
80
|
+
|
81
|
+
PLATFORMS
|
82
|
+
ruby
|
83
|
+
|
84
|
+
DEPENDENCIES
|
85
|
+
angular_csrf!
|
86
|
+
rails (= 4.1.7)
|
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
# Pick the frameworks you want:
|
4
|
+
require "active_model/railtie"
|
5
|
+
# require "active_record/railtie"
|
6
|
+
require "action_controller/railtie"
|
7
|
+
require "action_mailer/railtie"
|
8
|
+
# require "action_view/railtie"
|
9
|
+
# require "sprockets/railtie"
|
10
|
+
# require "rails/test_unit/railtie"
|
11
|
+
|
12
|
+
# Require the gems listed in Gemfile, including any gems
|
13
|
+
# you've limited to :test, :development, or :production.
|
14
|
+
Bundler.require(*Rails.groups)
|
15
|
+
|
16
|
+
|
17
|
+
module RailsApp
|
18
|
+
class Application < Rails::Application
|
19
|
+
# Settings in config/environments/* take precedence over those specified here.
|
20
|
+
# Application configuration should go into files in config/initializers
|
21
|
+
# -- all .rb files in that directory are automatically loaded.
|
22
|
+
|
23
|
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
24
|
+
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
|
25
|
+
# config.time_zone = 'Central Time (US & Canada)'
|
26
|
+
|
27
|
+
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
28
|
+
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
29
|
+
# config.i18n.default_locale = :de
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Do not eager load code on boot.
|
10
|
+
config.eager_load = false
|
11
|
+
|
12
|
+
# Show full error reports and disable caching.
|
13
|
+
config.consider_all_requests_local = true
|
14
|
+
config.action_controller.perform_caching = false
|
15
|
+
|
16
|
+
# Don't care if the mailer can't send.
|
17
|
+
config.action_mailer.raise_delivery_errors = false
|
18
|
+
|
19
|
+
# Print deprecation notices to the Rails logger.
|
20
|
+
config.active_support.deprecation = :log
|
21
|
+
|
22
|
+
|
23
|
+
# Raises error for missing translations
|
24
|
+
# config.action_view.raise_on_missing_translations = true
|
25
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# Code is not reloaded between requests.
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Eager load code on boot. This eager loads most of Rails and
|
8
|
+
# your application in memory, allowing both threaded web servers
|
9
|
+
# and those relying on copy on write to perform better.
|
10
|
+
# Rake tasks automatically ignore this option for performance.
|
11
|
+
config.eager_load = true
|
12
|
+
|
13
|
+
# Full error reports are disabled and caching is turned on.
|
14
|
+
config.consider_all_requests_local = false
|
15
|
+
config.action_controller.perform_caching = true
|
16
|
+
|
17
|
+
# Enable Rack::Cache to put a simple HTTP cache in front of your application
|
18
|
+
# Add `rack-cache` to your Gemfile before enabling this.
|
19
|
+
# For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
|
20
|
+
# config.action_dispatch.rack_cache = true
|
21
|
+
|
22
|
+
# Disable Rails's static asset server (Apache or nginx will already do this).
|
23
|
+
config.serve_static_assets = false
|
24
|
+
|
25
|
+
|
26
|
+
# Specifies the header that your server uses for sending files.
|
27
|
+
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
+
|
30
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
+
# config.force_ssl = true
|
32
|
+
|
33
|
+
# Set to :debug to see everything in the log.
|
34
|
+
config.log_level = :info
|
35
|
+
|
36
|
+
# Prepend all log lines with the following tags.
|
37
|
+
# config.log_tags = [ :subdomain, :uuid ]
|
38
|
+
|
39
|
+
# Use a different logger for distributed setups.
|
40
|
+
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
|
41
|
+
|
42
|
+
# Use a different cache store in production.
|
43
|
+
# config.cache_store = :mem_cache_store
|
44
|
+
|
45
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
|
46
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
47
|
+
|
48
|
+
# Ignore bad email addresses and do not raise email delivery errors.
|
49
|
+
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
|
50
|
+
# config.action_mailer.raise_delivery_errors = false
|
51
|
+
|
52
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
53
|
+
# the I18n.default_locale when a translation cannot be found).
|
54
|
+
config.i18n.fallbacks = true
|
55
|
+
|
56
|
+
# Send deprecation notices to registered listeners.
|
57
|
+
config.active_support.deprecation = :notify
|
58
|
+
|
59
|
+
# Disable automatic flushing of the log to improve performance.
|
60
|
+
# config.autoflush_log = false
|
61
|
+
|
62
|
+
# Use default logging formatter so that PID and timestamp are not suppressed.
|
63
|
+
config.log_formatter = ::Logger::Formatter.new
|
64
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# The test environment is used exclusively to run your application's
|
5
|
+
# test suite. You never need to work with it otherwise. Remember that
|
6
|
+
# your test database is "scratch space" for the test suite and is wiped
|
7
|
+
# and recreated between test runs. Don't rely on the data there!
|
8
|
+
config.cache_classes = true
|
9
|
+
|
10
|
+
# Do not eager load code on boot. This avoids loading your whole application
|
11
|
+
# just for the purpose of running a single test. If you are using a tool that
|
12
|
+
# preloads Rails for running tests, you may have to set it to true.
|
13
|
+
config.eager_load = false
|
14
|
+
|
15
|
+
# Configure static asset server for tests with Cache-Control for performance.
|
16
|
+
config.serve_static_assets = true
|
17
|
+
config.static_cache_control = 'public, max-age=3600'
|
18
|
+
|
19
|
+
# Show full error reports and disable caching.
|
20
|
+
config.consider_all_requests_local = true
|
21
|
+
config.action_controller.perform_caching = false
|
22
|
+
|
23
|
+
# Raise exceptions instead of rendering exception templates.
|
24
|
+
config.action_dispatch.show_exceptions = false
|
25
|
+
|
26
|
+
# Disable request forgery protection in test environment.
|
27
|
+
config.action_controller.allow_forgery_protection = true
|
28
|
+
|
29
|
+
# Tell Action Mailer not to deliver emails to the real world.
|
30
|
+
# The :test delivery method accumulates sent emails in the
|
31
|
+
# ActionMailer::Base.deliveries array.
|
32
|
+
config.action_mailer.delivery_method = :test
|
33
|
+
|
34
|
+
# Print deprecation notices to the stderr.
|
35
|
+
config.active_support.deprecation = :stderr
|
36
|
+
|
37
|
+
# Raises error for missing translations
|
38
|
+
# config.action_view.raise_on_missing_translations = true
|
39
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
AngularCsrf.setup
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Add new inflection rules using the following format. Inflections
|
4
|
+
# are locale specific, and you may define rules for as many different
|
5
|
+
# locales as you wish. All of these examples are active by default:
|
6
|
+
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
7
|
+
# inflect.plural /^(ox)$/i, '\1en'
|
8
|
+
# inflect.singular /^(ox)en/i, '\1'
|
9
|
+
# inflect.irregular 'person', 'people'
|
10
|
+
# inflect.uncountable %w( fish sheep )
|
11
|
+
# end
|
12
|
+
|
13
|
+
# These inflection rules are supported but not enabled by default:
|
14
|
+
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
15
|
+
# inflect.acronym 'RESTful'
|
16
|
+
# end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
+
# is enabled by default.
|
5
|
+
|
6
|
+
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
+
ActiveSupport.on_load(:action_controller) do
|
8
|
+
wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
|
9
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Files in the config/locales directory are used for internationalization
|
2
|
+
# and are automatically loaded by Rails. If you want to use locales other
|
3
|
+
# than English, add the necessary files in this directory.
|
4
|
+
#
|
5
|
+
# To use the locales, use `I18n.t`:
|
6
|
+
#
|
7
|
+
# I18n.t 'hello'
|
8
|
+
#
|
9
|
+
# In views, this is aliased to just `t`:
|
10
|
+
#
|
11
|
+
# <%= t('hello') %>
|
12
|
+
#
|
13
|
+
# To use a different locale, set it with `I18n.locale`:
|
14
|
+
#
|
15
|
+
# I18n.locale = :es
|
16
|
+
#
|
17
|
+
# This would use the information in config/locales/es.yml.
|
18
|
+
#
|
19
|
+
# To learn more, please read the Rails Internationalization guide
|
20
|
+
# available at http://guides.rubyonrails.org/i18n.html.
|
21
|
+
|
22
|
+
en:
|
23
|
+
hello: "Hello world"
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key is used for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
|
6
|
+
# Make sure the secret is at least 30 characters and all random,
|
7
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
8
|
+
# You can use `rake secret` to generate a secure secret key.
|
9
|
+
|
10
|
+
# Make sure the secrets in this file are kept private
|
11
|
+
# if you're sharing your code publicly.
|
12
|
+
|
13
|
+
development:
|
14
|
+
secret_key_base: 0dad1f487d3c644521a79bbaae278292e49d65d1eb3ea4661155babc2c7f39d4f2ddd66d8669e1bf4cef544f8d1c1093f07efcf9642cdbe0cca165918138bce6
|
15
|
+
|
16
|
+
test:
|
17
|
+
secret_key_base: be7a3f49499bd1e57a3936c6ae105d01737ac2b59790abea04514163c4e274dd29802a1be141fdf79b160b83dbea76ef37b7824668f4ad2d858fcdc2e1f5139a
|
18
|
+
|
19
|
+
# Do not keep production secrets in the repository,
|
20
|
+
# instead read values from the environment.
|
21
|
+
production:
|
22
|
+
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# This file should contain all the record creation needed to seed the database with its default values.
|
2
|
+
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
|
3
|
+
#
|
4
|
+
# Examples:
|
5
|
+
#
|
6
|
+
# cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
|
7
|
+
# Mayor.create(name: 'Emanuel', city: cities.first)
|