Release 7.0.3 · rails/rails

Active Support

Some internal housekeeping on reloads could break custom respond_to?
methods in class objects that referenced reloadable constants. See
#44125 for details.

Xavier Noria
Fixed MariaDB default function support.

Defaults would be written wrong in "db/schema.rb" and not work correctly
if using db:schema:load. Further more the function name would be
added as string content when saving new records.

kaspernj
Fix remove_foreign_key with :if_exists option when foreign key actually exists.

fatkodima
Remove --no-comments flag in structure dumps for PostgreSQL

This broke some apps that used custom schema comments. If you don't want
comments in your structure dump, you can use:
```
ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']
```
Alex Ghiculescu
Use the model name as a prefix when filtering encrypted attributes from logs.

For example, when encrypting Person#name it will add person.name as a filter
parameter, instead of just name. This prevents unintended filtering of parameters
with a matching name in other models.

Jorge Manrubia
Fix quoting of ActiveSupport::Duration and Rational numbers in the MySQL adapter.

Kevin McPhillips
Fix change_column_comment to preserve column's AUTO_INCREMENT in the MySQL adapter

fatkodima

Allow relative redirects when raise_on_open_redirects is enabled.

Tom Hughes
Fix authenticate_with_http_basic to allow for missing password.

Before Rails 7.0 it was possible to handle basic authentication with only a username.
```
authenticate_with_http_basic do |token, _|
  ApiClient.authenticate(token)
end
```
This ability is restored.

Jean Boussier
Fix content_security_policy returning invalid directives.

Directives such as self, unsafe-eval and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
```
content_security_policy do |policy|
  policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
```
With this fix the policy generated from above will now be valid.

Edouard Chin
Fix skip_forgery_protection to run without raising an error if forgery
protection has not been enabled / verify_authenticity_token is not a
defined callback.

This fix prevents the Rails 7.0 Welcome Page (/) from raising an
ArgumentError if default_protect_from_forgery is false.

Brad Trick
Fix ActionController::Live to copy the IsolatedExecutionState in the ephemeral thread.

Since its inception ActionController::Live has been copying thread local variables
to keep things such as CurrentAttributes set from middlewares working in the controller action.

With the introduction of IsolatedExecutionState in 7.0, some of that global state was lost in
ActionController::Live controllers.

Jean Boussier

Fix setting trailing_slash: true in route definition.

get '/test' => "test#index", as: :test, trailing_slash: true

test_path() # => "/test/"

Jean Boussier

If reloading and eager loading are both enabled, after a reload Rails eager loads again the application code.

Xavier Noria
Use controller_class_path in Rails::Generators::NamedBase#route_url

The route_url method now returns the correct path when generating
a namespaced controller with a top-level model using --model-name.

Previously, when running this command:
```
bin/rails generate scaffold_controller Admin/Post --model-name Post
```
the comments above the controller action would look like:
```
# GET /posts
def index
  @posts = Post.all
end
```
afterwards, they now look like this:
```
# GET /admin/posts
def index
  @posts = Post.all
end
```
Fixes #44662.

Andrew White