diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..ffc04b07d4557df29fa8c8b7250fb5f1c892ea0f
--- /dev/null
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,33 @@
+# Be sure to restart your server when you modify this file.
+
+# Define an application-wide content security policy
+# For further information see the following documentation
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+# Rails.application.config.content_security_policy do |policy|
+#   policy.default_src :self, :https
+#   policy.font_src    :self, :https, :data
+#   policy.img_src     :self, :https, :data
+#   policy.object_src  :none
+#   policy.script_src  :self, :https
+#   policy.style_src   :self, :https
+#   # If you are using webpack-dev-server then specify webpack-dev-server host
+#   policy.connect_src :self, :https, "http://localhost:3035",
+#   "ws://localhost:3035" if Rails.env.development?
+
+#   # Specify URI for violation reports
+#   # policy.report_uri "/csp-violation-report-endpoint"
+# end
+
+# If you are using UJS then enable automatic nonce generation
+# Rails.application.config.content_security_policy_nonce_generator = -> request
+# { SecureRandom.base64(16) }
+
+# Set the nonce only to specific directives
+# Rails.application.config.content_security_policy_nonce_directives =
+# %w(script-src)
+
+# Report CSP violations to a specified URI
+# For further information see the following documentation:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# Rails.application.config.content_security_policy_report_only = true
diff --git a/config/initializers/new_framework_defaults_6_0.rb b/config/initializers/new_framework_defaults_6_0.rb
new file mode 100644
index 0000000000000000000000000000000000000000..92b5b92a894425f3a7cc6ae0ee0157e0a48239ba
--- /dev/null
+++ b/config/initializers/new_framework_defaults_6_0.rb
@@ -0,0 +1,54 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 6.0 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# Don't force requests from old versions of IE to be UTF-8 encoded.
+# Rails.application.config.action_view.default_enforce_utf8 = false
+
+# Embed purpose and expiry metadata inside signed and encrypted
+# cookies for increased security.
+#
+# This option is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 6.0.
+# Rails.application.config.action_dispatch.use_cookies_with_metadata = true
+
+# Change the return value of `ActionDispatch::Response#content_type` to
+# Content-Type header without modification.
+# Rails.application.config.action_dispatch
+# .return_only_media_type_on_content_type = false
+
+# Return false instead of self when enqueuing is aborted from a callback.
+# Rails.application.config.active_job.return_false_on_aborted_enqueue = true
+
+# Send Active Storage analysis and purge jobs to dedicated queues.
+# Rails.application.config.active_storage.queues.analysis =
+# :active_storage_analysis
+# Rails.application.config.active_storage.queues.purge    =
+# :active_storage_purge
+
+# When assigning to a collection of attachments declared via
+# `has_many_attached`, replace existing attachments instead of appending. Use
+# #attach to add new attachments without replacing existing ones.
+# Rails.application.config.active_storage.replace_on_assign_to_many = true
+
+# Use ActionMailer::MailDeliveryJob for sending parameterized and normal mail.
+#
+# The default delivery jobs (ActionMailer::Parameterized::DeliveryJob,
+# ActionMailer::DeliveryJob), will be removed in Rails 6.1. This setting is not
+# backwards compatible with earlier Rails versions.
+# If you send mail in the background, job workers need to have a copy of
+# MailDeliveryJob to ensure all delivery jobs are processed properly.
+# Make sure your entire app is migrated and stable on 6.0 before using this
+# setting.
+# Rails.application.config.action_mailer.delivery_job =
+# "ActionMailer::MailDeliveryJob"
+
+# Enable the same cache key to be reused when the object being cached of type
+# `ActiveRecord::Relation` changes by moving the volatile information (max
+# updated at and count) of the relation's cache key into the cache version to
+# support recycling cache key.
+# Rails.application.config.active_record.collection_cache_versioning = true
diff --git a/config/storage.yml b/config/storage.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d32f76e8fbfebd47882dc3b350b092558b62dc08
--- /dev/null
+++ b/config/storage.yml
@@ -0,0 +1,34 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>
+
+# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
+# amazon:
+#   service: S3
+#   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+#   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+#   region: us-east-1
+#   bucket: your_own_bucket
+
+# Remember not to checkin your GCS keyfile to a repository
+# google:
+#   service: GCS
+#   project: your_project
+#   credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
+#   bucket: your_own_bucket
+
+# Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
+# microsoft:
+#   service: AzureStorage
+#   storage_account_name: your_account_name
+#   storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
+#   container: your_container_name
+
+# mirror:
+#   service: Mirror
+#   primary: local
+#   mirrors: [ amazon, google, microsoft ]
diff --git a/db/migrate/20191108220522_add_foreign_key_constraint_to_active_storage_attachments_for_blob_id.active_storage.rb b/db/migrate/20191108220522_add_foreign_key_constraint_to_active_storage_attachments_for_blob_id.active_storage.rb
new file mode 100644
index 0000000000000000000000000000000000000000..6db010df64b12c55fe05cfd2205325757484adc3
--- /dev/null
+++ b/db/migrate/20191108220522_add_foreign_key_constraint_to_active_storage_attachments_for_blob_id.active_storage.rb
@@ -0,0 +1,13 @@
+# This migration comes from active_storage (originally 20180723000244)
+class AddForeignKeyConstraintToActiveStorageAttachmentsForBlobId <
+  ActiveRecord::Migration[6.0]
+  def up
+    return if foreign_key_exists?(:active_storage_attachments, column: :blob_id)
+
+    return unless table_exists?(:active_storage_blobs)
+
+    add_foreign_key :active_storage_attachments,
+                    :active_storage_blobs,
+                    column: :blob_id
+  end
+end