An upgraded Rails gem does not upgrade your Rails configuration
Make sure you have
config.load_defaults 5.1 in your
config/application.rb if your Rails app was created before March 2017.
An unexpected Rails config
Whenever there is a new buzz about new Rails defaults, I try to use the new defaults as early as possible. But I wanted to wait with per-form-csrf tokens for some time, so I had this in an initializer:
# config/initializers/new_framework_defaults.rb Rails.application.config.action_controller.per_form_csrf_tokens = false
When I felt that it was time to try them out, I removed the initializer... only to find out that nothing changed. I read the whole config guide and there was no hint as to what could have gone wrong. Somehow, I was under the impression that new defaults kick in as soon as I upgrade my Rails version (after all, that's what the word "default" implies).
And it was like that, until this commit from March 2017 which dumped the idea of
config/initializers/new_framework_defaults.rb (even though it's still alive and kicking with a versioned suffix). New defaults don't become active unless you add this:
# config/application.rb module MyApp class Application < Rails::Application # Not your Rails gem determines your configuration defaults, # but this very method call: config.load_defaults 5.2
Hypothetically, if you'd like to match your configuration to your Rails gem version, I suppose you could even do the following
# YOLO config.load_defaults Rails::VERSION::STRING.to_f
I do recommend that you skim through these file templates for changes every now and then. These files won't upgrade themselves in your Rails app