Every modern Rails app should have a Content Security Policy enabled. Very compatible default The following "default" is a minimal policy that should "just work" for almost all applications
...you most of the benefits of a CSP In your config/initializers/content_security_policy.rb, set Rails.application.config.content_security_policy do |policy| policy.object_src :none policy.script_src :unsafe_eval, :strict_dynamic, :https # Browsers with support...
...projects, which is being actively maintained and has test coverage for all versions of Rails...
It might sometimes be useful to check whether your Rails application accesses the file system unnecessarily, for example if your file system access is slow because it goes over the...
...which logs all system calls performed by a process. To do this, start your rails server using something like DISABLE_SPRING=1 strace -e trace=file -f bin/rails s
Several Rails migration methods accept index: true as an option to create an index. In some cases (like #add_column), this option is silently discarded. Know what you are doing...
...positive" btree (positive) "index_examples_on_user_id" btree (user_id) So what happened? Rails created indexes for all fields that we added inside our create_table statement.
...apply a significant score penalty. Here is how to do that automatically. Add premailer-rails to your Gemfile and bundle. Done! premailer-rails will automatically generate a text part for...
Actually, you may want to configure premailer-rails, and maybe tweak your HTML e-mail views a bit. Here are some suggestions. Open Rails' ActionMailer Previews and you will...
...must be translated: Screens, mailer templates, PDF templates, helpers, sometimes models. Use the native Rails I18n API. Avoid Gettext if possible. Native I18n has good integration with Rails (you already...
...Rails framework can be overridden in locale dictionaries (e.g. config/locales/de.yml). There's an awesome gem rails-i18n that gives you default dictionaries for many languages. Note that even though all...
...our applications. Hunting it down, we found that the memory leak was located in Rails' #prepend_view_path. It occurs when the instance method prepend_view_path is called in...
...in your ApplicationController, you can just use #prepend_view_path as before. Note that Rails 7 version differs slightly. Known affected Rails versions (maybe more): Rails 4.0 - 7.0
...a few minor exceptions for our Austrian friends. Luckily, the I18n gem used by Rails has a fallback feature where you can make one locale file fall back to another...
... and another locale config/locales/de_AT.yml: de_AT: # only a handful exceptions here Now configure Rails to make de_AT fall back to de_DE: Rails.application.configure do config.i18n.fallbacks = { de_AT: :de...
...with resources as well, e.g. resources :examples, path: 'demonstration' Two macros for namespacing routes Rails offers two macros for namespacing routes. As its name suggests, namespace is the tool for...
To make sure that all developers use a compatible version of Node.js, your Rails project should declare the required Node.js in a file called .nvmrc. When a .nvmrc exists...
...asdf is sunsetting its support for LTS aliases. Testing compatibility In general, a recent Rails projects should use the currently active LTS version of LTS. If you are unsure about...
Rails credentials are a way to store secrets in an encrypted YAML file. Usage is simple: each key in the credentials file becomes a method on Rails.application.credentials, returning the corresponding...
# Credentials file file_storage_secret: superstrongsecret # Somewhere in the application FileStorage.secret = Rails.application.credentials.file_storage_secret Since credentials usually are different between environments, you can easily forget to define them for...
...html_safe and translate them with = t('.text_html'). When you're localizing a Rails application, sometimes there is this urge to include a little HTML. Be it some localized...
...to learn more about <em>the corporation</em>. Alright. Rails is being helpful here and saves you from accidentally injecting HTML into the page. But how...
...a has_many, has_one or belongs_to association, the :inverse_of option in Rails tells ActiveRecord that they're two sides of the same association. Example with a has...
...to :forum, inverse_of: :posts end Knowing the other side of the same association Rails can optimize object loading so forum and forum.posts[0].forum will reference the same object...
When your controller action raises an unhandled exception, Rails will look at the exception's class and choose an appropriate HTTP status code and error page for the response.
...instance, an ActiveRecord::RecordNotFound will cause Rails to render a red "The page you were looking for doesn't exist" with a status code of "404" (not found).
When Rails releases a new version of their gems, they also release a number of npm packages like @rails/activestorage or @rails/actioncable. Unfortunately Rails uses up to 4 digits for their...
...digits and a pre-release suffix. To map gem versions and npm versions, Rails is going to use a naming scheme like this: Gem version
...to summarize by example the different uses of heredoc. In Ruby << vs. <<- vs. <<~ In Rails strip_heredoc vs. squish strip_heredoc should be used for a text, where you want...
Using heredoc for prettier Ruby code How to: Ruby heredoc without interpolation Rails 3+ def foo bar = <<-TEXT.strip_heredoc line1 line2 line3 TEXT puts bar.inspect end
In Rails, the implicit_order_column (added in Rails 6) is a configuration option that helps you define the default sorting behavior of ActiveRecord queries when no explicit ORDER BY...
...clause is provided. This option allows you to specify a column that Rails will use to automatically sort records in a particular order when no specific ordering is given.
Ruby and Rails have several methods for creating a new object that looks like another: clone, dup, deep_dup. When using them you should be aware of their differences so...
...card describes different flavors for concatting HTML safe strings in a helper method in Rails. You might want to use the tag helper instead of the content_tag helper (the...
You can improve your LIKE / ILIKE search queries in PostgreSQL by adding a GIN index with an operate class ("opclass...
...check if your Postgres index can be used by a specific query in you Rails application. For more complex execution plans it might still be a good idea to use...
To add a few basic styles to the default error pages in Rails, just edit the default templates in public, e.g. public/404.html. A limitation to these default templates...
...is that they're just static files. You cannot use Haml, Rails helpers or your application layout here. If you need Rails to render your error pages, you need the...
...module structure. The typical example would be the concerns folder, which exists in new Rails applications by default and does not create a constant module Concerns. app ├── models ├── concerns ├── shareable.rb...
...following official api: app ├── models ├── shared ├── shareable.rb # Defines constant Shared::Shareable # e.g. in application.rb Rails.autoloaders.main.collapse("#{Rails.root}/app/models/shared") # with collapsed shared dir app ├── models ├── shared ├── shareable.rb # Defines constant Shareable
Rails partials have a lot of "hidden" features and this card describes some non-obvious usages of Rails Partials. Rendering a basic partial The most basic way to render a...