<p></p>
<p dir="auto">I've been doing some work today and came across a strange bug where the configuration in our initializers is not being properly applied. Specifically, we already set <code>action_controller.raise_on_open_redirects</code> to true <a href="https://github.com/openstreetmap/openstreetmap-website/blob/b01ffa427e6adc17f7aa4f0eb12043cf2c82dcec/config/initializers/new_framework_defaults_7_0.rb#L76">https://github.com/openstreetmap/openstreetmap-website/blob/b01ffa427e6adc17f7aa4f0eb12043cf2c82dcec/config/initializers/new_framework_defaults_7_0.rb#L76</a></p>
<p dir="auto">However, a simple patch shows that this not being transferred to the class properly:</p>
<div class="highlight highlight-source-diff"><pre><span class="pl-c1">diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb</span>
index 1d6865405..af3ba9a59 100644
<span class="pl-md">--- a/app/controllers/application_controller.rb</span>
<span class="pl-mi1">+++ b/app/controllers/application_controller.rb</span>
<span class="pl-mdr">@@ -75,6 +75,9 @@</span> class ApplicationController < ActionController::Base
     if request.cookies["_osm_session"].to_s == ""
       if params[:cookie_test].nil?
         session[:cookie_test] = true
<span class="pl-mi1"><span class="pl-mi1">+</span>        puts "# Raise on open redirects"</span>
<span class="pl-mi1"><span class="pl-mi1">+</span>        puts "Configuration: #{Rails.application.config.action_controller.raise_on_open_redirects}"</span>
<span class="pl-mi1"><span class="pl-mi1">+</span>        puts "Actual value:  #{ActionController::Base.raise_on_open_redirects}"</span>
         redirect_to params.to_unsafe_h.merge(:only_path => true, :cookie_test => "true")
         false
       else</pre></div>
<div class="highlight highlight-source-shell"><pre>$ bundle <span class="pl-c1">exec</span> rails <span class="pl-c1">test</span> test/controllers/sessions_controller_test.rb
...
<span class="pl-c"><span class="pl-c">#</span> Raise on open redirects</span>
Configuration: <span class="pl-c1">true</span>
Actual value:  <span class="pl-c1">false</span></pre></div>
<p dir="auto">If I change the application <code>load_defaults</code> to 7.0:</p>
<div class="highlight highlight-source-diff"><pre><span class="pl-c1">diff --git a/config/application.rb b/config/application.rb</span>
index 10a2372db..b51d8e213 100644
<span class="pl-md">--- a/config/application.rb</span>
<span class="pl-mi1">+++ b/config/application.rb</span>
<span class="pl-mdr">@@ -21,7 +21,7 @@</span> Bundler.require(*Rails.groups)
 module OpenStreetMap
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
<span class="pl-md"><span class="pl-md">-</span>    config.load_defaults 6.1</span>
<span class="pl-mi1"><span class="pl-mi1">+</span>    config.load_defaults 7.0</span>
 </pre></div>
<p dir="auto">Then I get the expected result:</p>
<div class="highlight highlight-source-shell"><pre>$ bundle <span class="pl-c1">exec</span> rails <span class="pl-c1">test</span> test/controllers/sessions_controller_test.rb
...
<span class="pl-c"><span class="pl-c">#</span> Raise on open redirects</span>
Configuration: <span class="pl-c1">true</span>
Actual value:  <span class="pl-c1">true</span></pre></div>
<p dir="auto">I'm not sure what's going on here, and I'm concerned that other settings in the <code>new_framework_defaults_7_0.rb</code> file, or other initializers, might also not be applied properly.</p>
<p dir="auto">(I'm aware that Tom has already got a patch into upstream rails relating to <code>only_path</code>, but this configuration mismatch is a separate problem).</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/3509">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLPGAIJJHAD7NREZMLTVBM7QBANCNFSM5ROO4UVA">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLN6OPRYQY7OCLQNMY3VBM7QBA5CNFSM5ROO4UVKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4RR4FAQA.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/3509</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/3509",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/3509",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>