Upgrade to rails 7.0

config/initializers/assets.rb

@@ -1,12 +1,10 @@
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.
-Rails.application.config.assets.version = '1.0'
+Rails.application.config.assets.version = "1.0"
 
 # Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
-# Add Yarn node_modules folder to the asset load path.
-Rails.application.config.assets.paths << Rails.root.join('node_modules')
 
 # Precompile additional assets.
 # application.js, application.css, and all non-JS/CSS in the app/assets

config/initializers/content_security_policy.rb

@@ -4,26 +4,24 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
-Rails.application.config.content_security_policy do |policy|
-  policy.default_src :none
-  policy.font_src    :self, 'https://cdnjs.cloudflare.com'
-  policy.img_src     :self, 'https://cdnjs.cloudflare.com', 'https://projecteuler.net'
-  policy.object_src  :none
-  policy.script_src  :self, 'https://cdnjs.cloudflare.com'
-  policy.style_src   :self, :unsafe_inline
-  policy.connect_src :self
+Rails.application.configure do
+  config.content_security_policy do |policy|
+    policy.default_src :none
+    policy.font_src    :self, "https://cdnjs.cloudflare.com"
+    policy.img_src     :self, "https://cdnjs.cloudflare.com", "https://projecteuler.net"
+    policy.object_src  :none
+    policy.script_src  :self, "https://cdnjs.cloudflare.com"
+    policy.style_src   :self, :unsafe_inline
+    policy.connect_src :self
+    # Specify URI for violation reports
+    # policy.report_uri "/csp-violation-report-endpoint"
+  end
 
-  # Specify URI for violation reports
-  # policy.report_uri "/csp-violation-report-endpoint"
+  # Generate session nonces for permitted importmap and inline scripts
+  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+  config.content_security_policy_nonce_directives = %w(script-src)
+
+  # Report CSP violations to a specified URI. See:
+  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+  # config.content_security_policy_report_only = true
 end
-
-# If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# Rails.application.config.content_security_policy_report_only = true

config/initializers/inflections.rb

@@ -4,13 +4,13 @@
 # are locale specific, and you may define rules for as many different
 # locales as you wish. All of these examples are active by default:
 # ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.plural /^(ox)$/i, '\1en'
-#   inflect.singular /^(ox)en/i, '\1'
-#   inflect.irregular 'person', 'people'
+#   inflect.plural /^(ox)$/i, "\\1en"
+#   inflect.singular /^(ox)en/i, "\\1"
+#   inflect.irregular "person", "people"
 #   inflect.uncountable %w( fish sheep )
 # end
 
 # These inflection rules are supported but not enabled by default:
 # ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.acronym 'RESTful'
+#   inflect.acronym "RESTful"
 # end