There is a practical short list for valid/invalid example email addresses - Thanks to Florian L.! The definition for valid emails (RFC 5322) can be unhandy for some reasons, though.
...provides a built-in email regex URI::MailTo::EMAIL_REGEXP. That's the best solution to work with. /\A[a-zA-Z0-9.!\#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0...
...value and produce a lost update. The Postgres-native fix is to compute the increment server-side inside an atomic INSERT...
...ON CONFLICT DO UPDATE statement and gate it by...
...billing_period_id: current_billing_period.id ) end end Why a unique index The unique index is a storage-level constraint: Postgres rejects duplicate keys at insert time, before commit. Two consequences:
By activating strict_loading you force developers to address n+1 queries by preloading all associations used in the index view. Using an association that is not preloaded will raise...
...an ActiveRecord::StrictLoadingViolationError. I think it's a good default to activate strict_loading in your controllers' #index actions. This way, when a change introduces an n+1 query, your...
RubyMine has a collaboration feature called "Code With Me". Using it, you can invite someone into your local editor to work together. This is nicer to the eyes and much...
...more powerful than sharing code through some video chat. How to Getting started is really simple: Click the "add person" icon in the top-right editor corner (or hit Ctrl...
When you load a with a nonce, that script can await import() additional sources from any hostname. The nonce is propagated automatically for the one purpose of importing more scripts. This is not related to strict-dynamic, which propagates nonces for any propose not limited to imports (e.g. inserting elements). Example We have a restrictive CSP that only allows nonces: Content-Security-Policy: default-src 'none'; script-src 'nonce-secret123' Our HTML loads script.js using that nonce: Our script.js imports other.js without a nonce: let other = await import('other.js') console.log("Look, script.js has imported %o", other) The import succeeds without a nonce, due to implicit nonce propagation. Why this is useful In modern build pipelines, code splitting (chunking) is implemented using dynamic imports. Nonce propagation allows us to use automatic chunking with restrictive, nonce-based CSPs without using strict-dynamic. E.g. esbuild automatically groups dynamically imported modules into chunks, and writes that chunk to disk. The compiled build has an await import('assets/chunk-NAXSMFJV.js'). There's no way to inject a nonce into that import(), but implicit nonce propagation still allows the request. Should I worry about this? It would require some truly strange code for user input to make it into an import() argument. I wouldn't lose sleep over this. Is this a browser bug? It is by design. Here are some sources: HTML Spec Section 8 (Web Application APIs) (search for "descendant script fetch options") Chromium test ensuring none propagation Firefox bug implementing nonce propagation CSP issue: Someone concerned about propagation being a vulnerability CSP issue: Proposal for import-src that went nowhere Are other CSP sources also propagated? No, only nonces. In particular host-based CSPs do not propagate trust. For example, you only allow scripts from our own host (no nonces): Content-Security-Policy: default-src 'none'; script-src 'self' Our HTML loads script.js from our own host: Our script.js imports other.js from a different host: let other = await import('https://other-host.com/other.js') This fails with a CSP violation: Executing inline script violates the following Content Security Policy directive 'script-src 'self''
options.add_option(:web_socket_url, true) options.add_option(:page_load_strategy, 'none') # required for selenium-webdriver 4.27+ end Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) In combination with...
...stay open until handled. Note Setting the unhandled prompt to a hash is supported since selenium-webdriver 4.36 Note that you also need to set the :page_load_strategy to...
...any of the gems that GEM depends on. For the example above you would say: bundle update cucumber-rails --conservative If Bundler cannot update due to transitive dependencies, check if...
...for old versions of bundler The options below might be relevant if you're stuck with Bundler < 1.14: Option 1 This will work if all dependencies for the update are...
Option 0: Download from the official page (preferred) Open https://googlechromelabs.github.io/chrome-for-testing/ In Section "Stable" > chromedriver / linux64 > Download ZIP from URL Take the chromedriver binary from the ZIP file and...
...your path like this: echo "export PATH=$PATH:$HOME/bin" >> $HOME/.bash_profile Option 2: Use apt source Warning Wo no longer recommend this option. After a chrome update, the chromedriver package sometimes...
...on a Rails record is converted to UTC using to_s(:db) to be stored, and converted back into the correct time zone when the record is loaded from the...
...This is now UTC Problem That will blow up in your face when you send times to attributes that expect dates, just because those times will also be converted using...
...index do |person, index| person.award_trophy(index + 1) end Ruby's map with index Similarly, you may need an index when using other methods, like map, flat_map, detect (when...
...you need the index for detection), or similar. Here is an example for map: people.map.with_index do |person, index| person.at_rank(index + 1)
...ZIP archive, you basically have two options: Write a ZIP file to disk and send it as a download to the user. Generate a ZIP archive on the fly while...
...streaming it in chunks to the user. This card is about option 2, and it is actually fairly easy to set up. We are using this to generate ZIP archives...
If you need a sample video with certain properties for a test you can create one using ffmpeg. You might want a very low bitrate file to speed up processing...
...ffmpeg -t 21 -s 10x10 -r 1 -f rawvideo -pix_fmt rgb24 -i /dev/zero sample_21_seconds.mp4 Option Explanation -t 21 set the length to 21s -s 10x10
We use foreman to start all necessary processes for an application, which are declared in a Procfile. This is very convenient, but the outputs of all processes get merged together...
...Especially while debugging you might not want other processes to flood your screen with their log messages. The following setup allows you to start Terminator in a split view with...
Ask the admins to turn on SSL (they will set an HSTS header for SSL-only sites) Make cookies secure and http_only Never hard-code the http protocol...
...into URLs that point to your application, which makes you vulnerable to SSL-stripping. When linking to internal resources, just use the path without protocol or URL When linking to...
When you have a Cucumber step like Then I should see "Did you see those \"quotation marks\" over there?" you'll run into trouble. Cucumber won't take your...
...escaped quotation marks. Workarounds One workaround is to write the step as regex (since there is a step taking a regex): Then I should see /Did you see those "quotation...
geordi cucumber path/to/features -r2 Background and how to rerun manually Cucumber will save a file tmp/parallel_cucumber_failures.log containing the filenames and line number of the failed scenarios after a...
...full test run. Normally you can say cucumber -p rerun (rerun is a profile defined by default in config/cucumber.yml) to rerun all failed scenarios. Here are a few alternative ways...
...will tell you if there are any and you should not commit when you see them. So go ahead and switch your editor/IDE to automatically remove them for you.
Note that except for RubyMine, the following changes will remove trailing white-space on all lines, not only those that you changed. While this should not be a...
Simplecov is a code coverage tool. This helps you to find out which parts of your application are not tested. Integrating this in a rails project with rspec, cucumber and...
Add it to your Gemfile and bundle group :test do gem 'simplecov', require: false end Add a .simplecov file in your project root: SimpleCov.start 'rails' do
# features/support/database_cleaner.rb DatabaseCleaner.clean_with(:deletion) # clean once, now DatabaseCleaner.strategy = :transaction Cucumber::Rails::Database.javascript_strategy = :deletion Cucumber & Rails 2 The latest available cucumber-rails for Rails 2 automatically uses database...
...off. To have database_cleaner work correctly: Add the attached database_cleaner.rb to features/support/ Make sure features/support/env.rb contains the following lines in this order: # features/support/env.rb require 'features/support/database_cleaner' require 'cucumber/rails/active_record' require 'cucumber/rails/world...
If your app does not need to support IE11, you can use most ES6 features without a build step. Just deliver your plain JavaScript without transpilation through Babel or TypeScript...
...and modern browsers will run them natively. Features supported by all modern browsers include: fat arrow functions (() => { expr }) let / const class async / await Promises Generators Symbols Rest arguments (...args)
...with VCR, the recorded cassettes will contain the full base64-encoded image payloads. A single image can easily be hundreds of kilobytes; a handful of recorded interactions will balloon your...
...repository size significantly. The VCR configuration below solves two problems: It scrubs base64 image data from cassettes before they are written to disk, replacing each image with a placeholder string...
Occasionally you need to do something directly on the server -- like having all records recalculate something that cannot be done in a migration because it takes a long time.
...s say you do something like this: Project.all.each(&:recalculate_statistics!) Even though you may have been successful with this on your development machine or the staging server, keep in mind...
When your site is on HTTPS and you are linking or redirecting to a HTTP site, the browser will not send a referrer. This means the target site will see...
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
The File System Access API is a new capability of modern browsers that allows us to iterate over selected folders and files on a user's machine. Browser support is...
...not great yet, but if the feature is only relevant for e.g. a single admin user it could still be worth using it prior to wider adaption instead of building...