From f888a0eb2159ca19286138b654e8ac35ef3f8ec4 Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Mon, 30 Jan 2023 14:08:55 +1100 Subject: [PATCH 1/3] Remove unnecessary rack-ssl gem Rails comes with ActionDispatch::SSL which is enabled in staging and production. We don't need this ancient gem last updated in 2014. --- Gemfile | 1 - Gemfile.lock | 3 --- 2 files changed, 4 deletions(-) diff --git a/Gemfile b/Gemfile index 9cc2732a22..b4a4cfb590 100644 --- a/Gemfile +++ b/Gemfile @@ -92,7 +92,6 @@ gem 'gmaps4rails' gem 'mimemagic', '> 0.3.5' gem 'paper_trail', '~> 12.1.0' gem 'rack-rewrite' -gem 'rack-ssl', require: 'rack/ssl' gem 'roadie-rails' gem 'hiredis' diff --git a/Gemfile.lock b/Gemfile.lock index ba02fc4f55..db4d0c8719 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -495,8 +495,6 @@ GEM rack-proxy (0.7.0) rack rack-rewrite (1.5.1) - rack-ssl (1.4.1) - rack rack-test (2.0.2) rack (>= 1.3) rack-timeout (0.6.3) @@ -846,7 +844,6 @@ DEPENDENCIES puma rack-mini-profiler (< 3.0.0) rack-rewrite - rack-ssl rack-timeout rails (>= 6.1.4) rails-controller-testing From 0fc108a8e6dbfb65083af7277386420ce7422718 Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Mon, 30 Jan 2023 14:19:37 +1100 Subject: [PATCH 2/3] Remove useless option to allow SSL It's an outdated Spree setting. We always enforce SSL in production and staging while development and test environments are running without SSL. This setting didn't have any effect. --- .../spree/admin/general_settings_controller.rb | 1 - app/models/spree/app_configuration.rb | 2 -- app/views/spree/admin/general_settings/edit.html.haml | 8 -------- config/locales/en.yml | 3 --- 4 files changed, 14 deletions(-) diff --git a/app/controllers/spree/admin/general_settings_controller.rb b/app/controllers/spree/admin/general_settings_controller.rb index 3400686cf0..ffcc332cf1 100644 --- a/app/controllers/spree/admin/general_settings_controller.rb +++ b/app/controllers/spree/admin/general_settings_controller.rb @@ -6,7 +6,6 @@ module Spree def edit @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords, :default_meta_description, :site_url] - @preferences_security = [:allow_ssl_in_production, :allow_ssl_in_staging] @preferences_currency = [:display_currency, :hide_cents] end diff --git a/app/models/spree/app_configuration.rb b/app/models/spree/app_configuration.rb index 66d26c2553..c07c058f72 100644 --- a/app/models/spree/app_configuration.rb +++ b/app/models/spree/app_configuration.rb @@ -33,8 +33,6 @@ module Spree preference :allow_backorder_shipping, :boolean, default: false preference :allow_checkout_on_gateway_error, :boolean, default: false preference :allow_guest_checkout, :boolean, default: true - preference :allow_ssl_in_production, :boolean, default: true - preference :allow_ssl_in_staging, :boolean, default: true # Replace with the name of a zone if you would like to limit the countries preference :checkout_zone, :string, default: nil preference :currency, :string, default: "USD" diff --git a/app/views/spree/admin/general_settings/edit.html.haml b/app/views/spree/admin/general_settings/edit.html.haml index ae21b3939b..dcbabeba4e 100644 --- a/app/views/spree/admin/general_settings/edit.html.haml +++ b/app/views/spree/admin/general_settings/edit.html.haml @@ -17,14 +17,6 @@ .row .alpha.six.columns - %fieldset.security.no-border-bottom - %legend{:align => "center"}= Spree.t(:security_settings) - - @preferences_security.each do |key| - - type = Spree::Config.preference_type(key) - .field - = label_tag(key, Spree.t(key) + ': ') + tag(:br) if type != :boolean - = preference_field_tag(key, Spree::Config[key], :type => type) - = label_tag(key, Spree.t(key)) + tag(:br) if type == :boolean %fieldset.legal.no-border-bottom %legend{:align => "center"}= t('.legal_settings') .field diff --git a/config/locales/en.yml b/config/locales/en.yml index 07f819e1e9..39fa3b80c1 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3656,9 +3656,6 @@ See the %{link} to find out more about %{sitename}'s features and to start using default_seo_title: "Default Seo Title" default_meta_description: "Default Meta Description" default_meta_keywords: "Default Meta Keywords" - security_settings: "Security Settings" - allow_ssl_in_production: "Allow SSL to be used in production mode" - allow_ssl_in_staging: "Allow SSL to be used in staging mode" currency_decimal_mark: "Currency decimal mark" currency_settings: "Currency Settings" currency_symbol_position: Put "currency symbol before or after dollar amount?" From 8c458c2d488a761add7106673e613f477794b0fa Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Mon, 30 Jan 2023 14:32:31 +1100 Subject: [PATCH 3/3] Remove outdated SSL setting from database --- db/migrate/20230130032659_delete_ssl_preferences.rb | 13 +++++++++++++ db/schema.rb | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 db/migrate/20230130032659_delete_ssl_preferences.rb diff --git a/db/migrate/20230130032659_delete_ssl_preferences.rb b/db/migrate/20230130032659_delete_ssl_preferences.rb new file mode 100644 index 0000000000..efce72fe23 --- /dev/null +++ b/db/migrate/20230130032659_delete_ssl_preferences.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class DeleteSslPreferences < ActiveRecord::Migration[6.1] + def up + execute <<~SQL + DELETE FROM spree_preferences + WHERE key IN ( + '/spree/app_configuration/allow_ssl_in_production', + '/spree/app_configuration/allow_ssl_in_staging' + ) + SQL + end +end diff --git a/db/schema.rb b/db/schema.rb index c711e259f7..cabc6eef6e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2023_01_17_043628) do +ActiveRecord::Schema.define(version: 2023_01_30_032659) do # These are extensions that must be enabled in order to support this database enable_extension "pg_stat_statements"