[openstreetmap/openstreetmap-website] Mismatch between configuration and actual values for setting (Issue #3509)

[Andy Allan]

I've been doing some work today and came across a strange bug where the configuration in our initializers is not being properly applied. Specifically, we already set `action_controller.raise_on_open_redirects` to true https://github.com/openstreetmap/openstreetmap-website/blob/b01ffa427e6adc17f7aa4f0eb12043cf2c82dcec/config/initializers/new_framework_defaults_7_0.rb#L76

However, a simple patch shows that this not being transferred to the class properly:

```diff
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1d6865405..af3ba9a59 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -75,6 +75,9 @@ class ApplicationController < ActionController::Base
     if request.cookies["_osm_session"].to_s == ""
       if params[:cookie_test].nil?
         session[:cookie_test] = true
+        puts "# Raise on open redirects"
+        puts "Configuration: #{Rails.application.config.action_controller.raise_on_open_redirects}"
+        puts "Actual value:  #{ActionController::Base.raise_on_open_redirects}"
         redirect_to params.to_unsafe_h.merge(:only_path => true, :cookie_test => "true")
         false
       else
```

```bash
$ bundle exec rails test test/controllers/sessions_controller_test.rb
...
# Raise on open redirects
Configuration: true
Actual value:  false
```

If I change the application `load_defaults` to 7.0:

```diff
diff --git a/config/application.rb b/config/application.rb
index 10a2372db..b51d8e213 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -21,7 +21,7 @@ Bundler.require(*Rails.groups)
 module OpenStreetMap
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 6.1
+    config.load_defaults 7.0
 
```

Then I get the expected result:
```bash
$ bundle exec rails test test/controllers/sessions_controller_test.rb
...
# Raise on open redirects
Configuration: true
Actual value:  true
```

I'm not sure what's going on here, and I'm concerned that other settings in the `new_framework_defaults_7_0.rb` file, or other initializers, might also not be applied properly.

(I'm aware that Tom has already got a patch into upstream rails relating to `only_path`, but this configuration mismatch is a separate problem).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3509
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/3509 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220323/1c6b5fa2/attachment.htm>