react_on_rails_pro 16.5.1 → 16.6.0.rc.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +1 -1
- data/Gemfile.lock +7 -7
- data/lib/react_on_rails_pro/configuration.rb +48 -0
- data/lib/react_on_rails_pro/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f373b7e8f1b22b6a346f76eee9e85bf438104439a5d6250ccd8be773cbbdf86d
|
|
4
|
+
data.tar.gz: a846f06b5f699c0bf61404237593be4d72e105cec55a152a77ecc80de549efd0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b97234a2ae969d0625912780700bffebe01268b7c183b70b56d1707dd6f0ce012f2b7b8d3ab71315d5667bacbb71188c67bad93715a3171cf063b7a0dbc2d340
|
|
7
|
+
data.tar.gz: 9433436cd0acf2c2c8a523972946010aa3dc5905d7efc980ce7586bb70bf77b5535deab295f9a5b2fe917c26eca13ce4367dd109184c9df2154c0fab6258c28a
|
data/CONTRIBUTING.md
CHANGED
|
@@ -46,7 +46,7 @@ From [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/
|
|
|
46
46
|
|
|
47
47
|
## Doc Changes
|
|
48
48
|
|
|
49
|
-
When making doc changes, we want the change to work on both [the React on Rails docs site](https://reactonrails.com/docs/pro) and when browsing the GitHub repo.
|
|
49
|
+
When making doc changes, we want the change to work on both [the React on Rails docs site](https://reactonrails.com/docs/pro/) and when browsing the GitHub repo.
|
|
50
50
|
For links from docs pages to non-doc files, use full GitHub URLs so links resolve correctly in both contexts.
|
|
51
51
|
|
|
52
52
|
### Links to other docs:
|
data/Gemfile.lock
CHANGED
|
@@ -9,7 +9,7 @@ GIT
|
|
|
9
9
|
PATH
|
|
10
10
|
remote: ..
|
|
11
11
|
specs:
|
|
12
|
-
react_on_rails (16.
|
|
12
|
+
react_on_rails (16.6.0.rc.0)
|
|
13
13
|
addressable
|
|
14
14
|
connection_pool
|
|
15
15
|
execjs (~> 2.5)
|
|
@@ -20,7 +20,7 @@ PATH
|
|
|
20
20
|
PATH
|
|
21
21
|
remote: .
|
|
22
22
|
specs:
|
|
23
|
-
react_on_rails_pro (16.
|
|
23
|
+
react_on_rails_pro (16.6.0.rc.0)
|
|
24
24
|
addressable
|
|
25
25
|
async (>= 2.29)
|
|
26
26
|
connection_pool
|
|
@@ -29,7 +29,7 @@ PATH
|
|
|
29
29
|
httpx (~> 1.5)
|
|
30
30
|
jwt (~> 2.7)
|
|
31
31
|
rainbow
|
|
32
|
-
react_on_rails (= 16.
|
|
32
|
+
react_on_rails (= 16.6.0.rc.0)
|
|
33
33
|
|
|
34
34
|
GEM
|
|
35
35
|
remote: https://rubygems.org/
|
|
@@ -217,7 +217,7 @@ GEM
|
|
|
217
217
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
|
218
218
|
rb-inotify (~> 0.9, >= 0.9.10)
|
|
219
219
|
logger (1.7.0)
|
|
220
|
-
loofah (2.25.
|
|
220
|
+
loofah (2.25.1)
|
|
221
221
|
crass (~> 1.0.2)
|
|
222
222
|
nokogiri (>= 1.12.0)
|
|
223
223
|
mail (2.9.0)
|
|
@@ -249,11 +249,11 @@ GEM
|
|
|
249
249
|
net-smtp (0.5.1)
|
|
250
250
|
net-protocol
|
|
251
251
|
nio4r (2.7.5)
|
|
252
|
-
nokogiri (1.19.
|
|
252
|
+
nokogiri (1.19.2-arm64-darwin)
|
|
253
253
|
racc (~> 1.4)
|
|
254
|
-
nokogiri (1.19.
|
|
254
|
+
nokogiri (1.19.2-x86_64-darwin)
|
|
255
255
|
racc (~> 1.4)
|
|
256
|
-
nokogiri (1.19.
|
|
256
|
+
nokogiri (1.19.2-x86_64-linux-gnu)
|
|
257
257
|
racc (~> 1.4)
|
|
258
258
|
package_json (0.2.0)
|
|
259
259
|
parallel (1.27.0)
|
|
@@ -229,10 +229,58 @@ module ReactOnRailsPro
|
|
|
229
229
|
end
|
|
230
230
|
|
|
231
231
|
def setup_renderer_password
|
|
232
|
+
# Explicit passwords, including values loaded from ENV in the initializer, skip URL extraction.
|
|
233
|
+
# Blank values fall through so URL extraction and production validation still catch misconfiguration.
|
|
232
234
|
return if renderer_password.present?
|
|
233
235
|
|
|
234
236
|
uri = URI(renderer_url)
|
|
235
237
|
self.renderer_password = uri.password
|
|
238
|
+
|
|
239
|
+
validate_renderer_password_for_production
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
def validate_renderer_password_for_production
|
|
243
|
+
# Defense-in-depth: skip validation when a password is already configured (e.g. extracted
|
|
244
|
+
# from the renderer URL by setup_renderer_password, or set directly in the initializer).
|
|
245
|
+
return if renderer_password.present?
|
|
246
|
+
return unless node_renderer?
|
|
247
|
+
|
|
248
|
+
# Fail closed: only skip validation when RAILS_ENV is explicitly set to development or test.
|
|
249
|
+
# Rails.env defaults to "development" when RAILS_ENV is unset, which would silently skip
|
|
250
|
+
# validation in misconfigured environments. Checking ENV["RAILS_ENV"] directly matches the
|
|
251
|
+
# Node-side behavior where an unset environment is treated as production-like.
|
|
252
|
+
rails_env = ENV["RAILS_ENV"]&.downcase
|
|
253
|
+
return if rails_env.present? && %w[development test].include?(rails_env)
|
|
254
|
+
|
|
255
|
+
raise ReactOnRailsPro::Error, <<~MSG
|
|
256
|
+
RENDERER_PASSWORD must be set in production-like environments (staging, production, etc.)
|
|
257
|
+
when using the NodeRenderer.
|
|
258
|
+
|
|
259
|
+
In development and test environments, the renderer password is optional and no authentication
|
|
260
|
+
is required. In all other environments, you must explicitly configure a password to secure
|
|
261
|
+
communication between Rails and the Node Renderer.
|
|
262
|
+
|
|
263
|
+
To fix this, set the RENDERER_PASSWORD environment variable and configure it in your initializer:
|
|
264
|
+
|
|
265
|
+
# config/initializers/react_on_rails_pro.rb
|
|
266
|
+
ReactOnRailsPro.configure do |config|
|
|
267
|
+
config.renderer_password = ENV.fetch("RENDERER_PASSWORD")
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
Then set the same password for the Node Renderer via the RENDERER_PASSWORD environment variable.
|
|
271
|
+
Note: setting ENV["RENDERER_PASSWORD"] alone is not enough on the Ruby side unless
|
|
272
|
+
config.renderer_password is explicitly assigned from ENV.
|
|
273
|
+
An empty-string assignment still counts as missing and will raise in production-like environments.
|
|
274
|
+
If Rails and the Node Renderer disagree about startup behavior, verify both RAILS_ENV and NODE_ENV.
|
|
275
|
+
|
|
276
|
+
Environment matrix:
|
|
277
|
+
development — password optional (no authentication)
|
|
278
|
+
test — password optional (no authentication)
|
|
279
|
+
(RAILS_ENV unset) — treated as production-like; RENDERER_PASSWORD required
|
|
280
|
+
staging — RENDERER_PASSWORD required
|
|
281
|
+
production — RENDERER_PASSWORD required
|
|
282
|
+
(any other) — RENDERER_PASSWORD required
|
|
283
|
+
MSG
|
|
236
284
|
end
|
|
237
285
|
end
|
|
238
286
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: react_on_rails_pro
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 16.
|
|
4
|
+
version: 16.6.0.rc.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Gordon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-
|
|
11
|
+
date: 2026-04-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: addressable
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 16.
|
|
131
|
+
version: 16.6.0.rc.0
|
|
132
132
|
type: :runtime
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 16.
|
|
138
|
+
version: 16.6.0.rc.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: bundler
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|