2021-02-07 protect_from_forgery by default since Rails 5.2 / jQuery no longer a default dependency
Protect from forgery by default
ApplicationController
でよくみた protect_from_forgery
の記述、最近よく見ないなぁと思っていたら Rails 5.2 でデフォルトで有効化されていた。
- Protect from forgery by default
Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base depending on
config.action_controller.default_protect_from_forgery
. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
ref. Protect from forgery by default · rails/rails@ec4a836
jQuery no longer a default dependency
もう一つRails昔話。
jQuery は長らくデフォルト依存としてRailsに存在し続けていたが、Rails5.1からデフォルト依存からは外された。Webpacker時代の幕開けである。
jQuery was required by default in earlier versions of Rails to provide features like data-remote, data-confirm and other parts of Rails’ Unobtrusive JavaScript offerings. It is no longer required, as the UJS has been rewritten to use plain, vanilla JavaScript. This code now ships inside of Action View as rails-ujs.
PR: Drop jQuery as a dependency by guilleiguaran · Pull Request #27113 · rails/rails
Before
//= require jquery
//= require jquery_ujs
//= require turbolinks
//= require_tree .
After
//= require rails-ujs
//= require turbolinks
//= require_tree .