Set default_url_options for entire Rails application
Instead of cobbling together default settings in several different places as the issues arise, you can define them application-wide.
Related cards:
Rails: Using database default values for boolean attributes
In the past we validate and set default values for boolean attributes in Rails and not the database itself.
Reasons for this:
- Older Rails didn't s...
Rails: Assigning associations via HTML forms
Let's say we have posts with an attribute title
that is mandatory.
Our example feature request is to tag these posts with a limited number of tags. The following chapters explain different approaches in Rails, how you can assign such a...
Guide to localizing a Rails application
Localizing a non-trivial application can be a huge undertaking. This card will give you an overview over the many components that are affected.
When you are asked to give an estimate for the effort involved, go through the list below and check wh...
Configuring ActionMailer host and protocol for URL generation
When you generate a URL in a mailer view, ActionMailer
will raise an error unless you previously configured it which hostname to use.
There are t...
Passenger ignores RailsEnv directive for Rails 3 applications
You might find that your Passenger ignores all RailsSomething
directives in the vhost for your new Rails 3 application. The culprit is a file config.ru
which makes Passenger consider your application a Rack (non-Rails) application.
To fix thi...
Rails 2: Refuse response formats application-wide
If you regularly get ActionView::MissingTemplate
exceptions, maybe some bot visits your site requesting silly formats like:
http://www.rails-app.com/makandra.html-username-2000 # => Rails tries to retrieve 'makandra' with format 'html-usern...
Terminator setup for Procfile-based applications for more comfortable debugging
We use foreman
to start all necessary processes for an application, which are declared in a Procfile
. This is very convenient, but the outputs of all processes get merged together. Especially while debugging you might not want other processes ...
A reasonable default CSP for Rails projects
Every modern Rails app should have a Content Security Policy enabled.
Very compatible default
The following "default" is a minimal policy that should
- "just work" for almost all applications
- give you most of the benefit...
Force absolute URLs for parts of a view or controller
You know that you can force absolute URLs throughout a response. Now you want to modify URLs similarly, but only in parts of a view (or controller) logic. H...
Do not pass params directly into url_for or URL helpers
Rails' url_for
is useful for generating routes from a Hash, but can lead to an [open redirect vulnerability](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Red...