I am already a bit late with this post but like one of my previous posts about enabling Rails 7 defaults, documenting the same procedure for 7_1 has been something on my todo list.
🚧
Since with 7_1 we have quite a few new framework defaults we need to go through and enable and since I want to keep all the information in one single post, I will be updating this blog post incrementally with information about more defaults periodically (weekly is the plan at least).
Disclaimer:
Before starting, I'd like to give a disclaimer, any change you make to your production application should always go through some pre prod screening/testing. I have tried to present some resources and information around the impact of these defaults, but there might be something I may have missed. If you find something, please do leave a comment so I can also update and learn. Thanks in advance for that and reading.
Rails.application.config.action_dispatch.default_headers
Purpose
The comment that comes with the new framework default files when upgrading to 7_1 also is self explanatory but to summarize again, enabling this would remove X-Download-Options default header which mostly serves only IE (seems like IE8 only). IE8 has not been supported for quite some time now as well.
Reference(s):
For further reading
Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality = false
Previous value: nil
New value: false
Purpose:
To understand the impact of enabling this particular flag I had to go through some PRs on rails official repo and came across the following PR. The description of which provides an important hint towards a bug that exists with the deprecated behavior of comparing AC::Parameters with a Hash
Reads of the key with fetch (also delete, values_at) lead to all subsequent read operations of the key to return an array of raw Hashes.
The pull request further refers to another one (#44812) which previously added deprecation warning around this behavior.
Tips
To detect any negative side effects of untoggling this one can rely on CI pipeline and of course, deploying it to some pre prod environment and monitor post prod roll out as well.
Reference(s):
rails/rails #44826
rails/rails #44812
Active Record Encryption now uses SHA-256 as its hash digest algorithm.
Purpose
This one is also explained pretty well in the new framework defaults file. TLDR: Based on your previous configuration set the appropriate value of AR encryption to either SHA1 or SHA256. If you have no data encrypted via AR, use the latest configurations under 7_1.
Reference(s)
This is pretty well explained in the comments right above this flag.
Rails.application.config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction
Purpose
The PR introducing this change itself explains it really well along with an example.
TLDR
Before: within a transaction updating multiple instances referencing to the same record in db would only fire after_commit upon first update.
After: trigger the callback when internal state of the record within the transaction is likely to match the database value
Reference(s)
PR introducing the change
Rails.application.config.active_record.sqlite3_adapter_strict_strings_by_default = true
Purpose
First of all this is not relevant if you are not using SQLite.
It seems historically SQLite accepted double quoted strings as identifiers like column names and single quoted strings as string literals. Later double quoted strings were also permitted to be accepted as literal strings if they didn't match an identifier (a column name for example). So to avoid this confusion or running into unexpected issues you can uncomment this flag, which will impose a stricter convention by default i.e. single quotes = literal string, double quotes = identifiers
Reference(s)
Explained here
Rails.application.config.active_record.allow_deprecated_singular_associations_name = false
Purpose
Given you have a model structure like
class Book < ApplicationRecord
belongs_to :author
end
You could do something like
Book.where(authors:....)
authors is pluralized in the above query but when looking from the perspective of model and relationship, a book can have a single author. There is more to this change, it comes with an underlying performance improvement as well. More details can be found on the provided references below. Uncommenting this flag, would now raise an error if you refer to a singular association in pluralized manner in your queries.
Tips
Once uncommented, if you have good test coverage, it will point out most of the areas where this change needs to be made, I'd do some manual scanning of codebase as well and of course some testing before merging this change.
References(s)
Rails.application.config.active_job.use_big_decimal_serializer = true
Purpose
Background job adapters often store the payload of a job like its name and arguments supplied to it after serializing it to JSON. This comes with a small inconsistency that during this process of serializing to JSON, BigDecimal type of data is serialized to String. This can lead to unintended behavior or bugs when the said background job expecting BigDecimal ends up with String values.
Uncommenting this flag ensures, the BigDecimal values are serialized and fetched as their original datatype.
⚠️ As advised in the new_framework_defaults_7_1.rb.tt file, you need to make sure, your application and all possible replicas which will be effected by this change have been successfully upgraded to Rails 7_1.
Tips
Along with CI to report any inconsistencies or errors, I'd also take a look on what arguments the background jobs within the project expect to be extra sure before flipping this flag.
References
Rails.application.config.active_support.raise_on_invalid_cache_expiration_time = true
Purpose
Uncommenting this flag will raise an error if a cache expiration time of past was provided when caching some data. PR linked in references introducing this change (#45842) gives a very good idea of what to expect with this change.
References
Rails.application.config.active_record.query_log_tags_format = :sqlcommenter
Purpose
This default can be given two values :legacy(existing behaviour) or :sqlcommenter. Providing it the latter, will add additional context to the SQL queries generated from ActiveRecord which can be used for better observability and monitoring sources that trigger slow SQL queries.
will also try and some examples of the new vs old versions of logs
References
Rails.application.config.active_support.message_serializer = :json_allow_marshal
Purpose
Prior to 7_1, Rails used :marshal as serializer when using MessageEncryptor or MessageVerifier, which (as mentioned) is vulnerable to deserialization attacks. The proposed new value :json_allow_marshal instead uses :json serializer going forward but also can deserialize content previously serialized using :marshal (backwards compatible).
Important
As pointed out in #48170, going forward it will be changed to json only serializer.
References
To be continued....
Top comments (0)