Martin
a4d6692bc6
accessibilite(pages-authentification): evolutions des pages de connexion/creation de compte pour respecter le DSFR et supporter une meilleure accessibilite
...
Update app/components/dsfr/input_component/input_component.html.haml
Co-authored-by: Colin Darie <colin@darie.eu>
2023-01-03 16:26:05 +01:00
Christophe Robillard
11a18516b2
remove feature flag zonage
2022-12-21 09:02:16 +01:00
Christophe Robillard
edffd0a7a8
extract ds_opendata_enabled
2022-12-20 12:52:56 +01:00
Martin
235da8b04a
amelioration(sanitize): assainie aussi les balises <img>
2022-12-01 17:42:24 +01:00
Colin Darie
0641069d0b
chore(bundle): update view_component, no need for use_global_output_buffer anymore
...
This fix contact form and captcha invisibility due to buffer issues.
Closes #7627
2022-08-03 11:57:26 +02:00
Kara Diaby
e98b2417cb
load jobs/concerns
2022-07-29 12:25:27 +02:00
Paul Chavard
2a187ca9a0
feat(autosave): reduce debounce delay
2022-05-24 15:05:14 +02:00
Paul Chavard
dca4dda228
chore(view_component): enable global_output_buffer
2022-05-17 16:08:47 +02:00
simon lehericey
faae2f55d8
Flipper: remove deprecated conf
...
https://github.com/jnunemaker/flipper/pull/523
2022-05-16 16:10:35 +02:00
Paul Chavard
86df16ebda
feat(view_components): add view_components
2022-04-26 14:54:58 +02:00
François Vantomme
d5cd0101c8
feat(footer): customize using custom views & locales
2022-03-10 17:31:20 +01:00
Jon
97feca6305
feat(ClamAV): add config to disable clamav usage
2022-02-15 09:15:47 +01:00
Pierre de La Morinerie
d524beee4e
app: remove :instructeur_bypass_email_login_token
from Flipper
2021-12-02 08:51:52 +01:00
Pierre de La Morinerie
99c77046d2
models: improve error message for invalid champs
...
Avoid prepending the message with 'Draft revision '
2021-11-30 13:34:41 +01:00
Pierre de La Morinerie
5b4f7f9ae9
app: restore the default cache settings
...
We initially did that to avoid a browser being restarted to display a
cached form with a stale CSRF token – thus provoking an
InvalidAuthenticityToken exception when the form is submitted.
But now that we use a long-lived CSRF token, we can submit forms with
a stale CSRF token successfully (because the long-lived CSRF cookie)
is still valid – so we no longer need to change the HTML cache behavior.
This fixes issues where the browser Back button wants to display a
previous POST document, but can't because of the 'no-store' setting. In
this case the browser either displays an error, or re-attempts the POST
request (without any cookies), which results in an
InvalidAuthenticityToken exception.
See `docs/adr-csrf-forgery.md` for more explanations.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
d93342e1d7
config: cleanup allowed tags after Rails 6.1 migration
2021-05-25 11:06:53 +02:00
simon lehericey
44f9ae3c65
only preload what is needed on most requests
2021-04-06 18:23:14 +02:00
Pierre de La Morinerie
42b3ba1e1b
config: migrate all config to Rails 6.1 defaults
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
b65de3e583
config: make the queue names explicit
...
With Rails 6.1, the default queue is now the global application queue.
We want to retain our custom queues in some cases, so configure them
epxlicitely.
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
5990439ab7
app: update code to Rails 6.1
2021-03-25 13:24:53 +01:00
Christophe Robillard
83cf0fa903
detect staging env
2021-03-24 15:30:12 +01:00
Pierre de La Morinerie
70104d7059
config: avoid blocking legitimate requests from mobile ISPs
2021-03-11 18:28:10 +01:00
Pierre de La Morinerie
fb305e31c4
config: move application_name to an initializer
...
It seems cleaner not to require a file before the Rails configuration
runs.
2021-02-24 15:06:55 +01:00
Pierre de La Morinerie
211ddeda45
config: enable zeitwerk
...
Check that everything works using
bin/rails zeitwerk:check
2021-02-11 12:30:43 +01:00
Fabrice Gangler
60d6b1909d
Fix for using APPLICATION_NAME in .env file
...
Refs: #5450
2020-08-28 03:46:19 +02:00
Judith
af25fdd77c
gem http_accept_language installed and (de)activable with feature flag
2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
d77efec7a0
config: enable active_record.belongs_to_required_by_default
2020-08-18 15:57:37 +02:00
Pierre de La Morinerie
ededf5c6c5
config: don't explicitely eager-load lib/
...
Rationale:
- `lib/` is supposed to contain code mostly independant from Rails;
- By default, Rails doesn't eager-load `lib/` anymore (this used to be
the case, but since a few releases).
If this commits triggers some errors, then these errors should be fixed
(rather that `lib/` being added again to the load path).
2020-08-18 11:02:09 +02:00
Pierre de La Morinerie
c514898b84
config: don't explicitely eager-load controllers/concerns
...
Per the documentation, Rails automatically loads `**/concerns` paths.
See https://guides.rubyonrails.org/autoloading_and_reloading_constants_classic_mode.html#autoload-paths-and-eager-load-paths
2020-08-18 11:02:09 +02:00
Pierre de La Morinerie
527a330c7a
config: use Rails 6.0 config defaults
...
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
bc0244456c
config: explicitely use the classic autoloader
...
I'm sure we can use zeitwerk in the future, but let's retain the classic
loader until the config issues are proved to be safe.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
a1be888f7c
config: use Rails 5.2 config defaults
2020-08-05 16:48:29 +02:00
Pierre de La Morinerie
0d55919fab
config: use Rails 5.1 defaults
...
New or changed defaults are:
- config.assets.unknown_asset_fallback: false
- config.action_view.form_with_generates_remote_forms: true
2020-08-05 13:02:56 +02:00
clemkeirua
3340a2b091
ajout du nom d'application tot au demarrage
...
The application name is used in the views, but also in the initializers and in the config/ directory
According to rails doc (https://guides.rubyonrails.org/v6.0/configuring.html#locations-for-initialization-code ),
if we want to do some things before the initializers and the environment, the only place to do so is in config/application.rb
2020-07-23 16:16:36 +02:00
Pierre de La Morinerie
b192b48fc7
config: use Rails 5.0 options
...
Stop overriding Rails 5.0 options, and use the framework defaults.
(Except for `active_record.belongs_to_required_by_default`, which is a
lot of work and will be fixed later.)
2020-07-20 15:54:48 +02:00
clemkeirua
68b37cf6aa
config: make default Rails 5 config explicit
2020-07-08 11:00:12 +02:00
Pierre de La Morinerie
e2b8545222
config: fix missing default list of allowed HTML tags
...
See https://github.com/rails/rails/issues/39586
2020-07-07 18:03:56 +02:00
Paul Chavard
6a24c3f812
Rails app:update
2020-07-07 18:03:56 +02:00
Pierre de La Morinerie
968e470684
config: never cache rails-generated pages
...
This instruct browsers to never cache content directly generated by the
controllers. This includes HTML pages, JSON responses, PDF files, etc.
This is because Some mobile browsers have a behaviour where, although
they will delete the session cookie when the browser shutdowns, they
will still serve a cached version of the page on relaunch.
The CSRF token in the HTML is then mismatched with the CSRF token in the
session cookie (because the session cookie has been cleared). This
causes form submissions to fail with an
"ActionController::InvalidAuthenticityToken" exception.
To prevent this, tell browsers to never cache the HTML of a page.
(This doesn’t affect assets files, which are still sent with the proper
cache headers).
See https://github.com/rails/rails/issues/21948
2020-04-14 18:29:17 +02:00
Paul Chavard
7478a51846
[GraphQL] use official skylight support
2020-01-28 15:39:37 +01:00
Pierre de La Morinerie
68f5aae99d
autosave: add feature test
2019-11-21 14:00:06 +01:00
Paul Chavard
65e227c44b
Migrate to flipper
2019-09-10 16:10:14 +02:00
pedong
fc8cebd78d
add Gem rack_attack for prevent attack brute-force
2019-08-20 13:29:29 +02:00
Paul Chavard
6cfad01d12
Stop using Flipflop as switch for weekly_overview
2019-07-31 15:15:09 +02:00
Paul Chavard
3cb39c2840
Refactor message attachements to use active_storage
2019-07-10 15:35:29 +02:00
Frederic Merizen
d54a0a4612
Fix link to procedure brouillon in manager
2019-03-04 15:03:30 +01:00
Frederic Merizen
31ca0552ab
[ #835 ] Extract avis creation into concern
2018-11-06 15:44:43 +01:00
Frederic Merizen
6a43be4f39
[ #835 ] Extra paths deserve eagler loading in production too
2018-11-06 15:44:43 +01:00
Frederic Merizen
02fa30c83b
[ #835 ] Remove redundant values from autoload_paths
...
(Level 1 subdirectories of app are already globbed by default rails config)
2018-11-06 15:44:43 +01:00
simon lehericey
5aee0e7d40
Config: setup Paris time_zone
2018-10-26 10:10:20 +00:00