We often have a separate production branch that lags a bit behind the more cutting edge main branch. Sometimes you want to move some, but not all commits from main...
When storing floating-point numbers such as prices or totals in an SQL database, always use a DECIMAL column. Never...
...only because your step definition requires that. Here's a typical step definitions that benefits from using find_by_anything: When /^I sign in as "([^\"]+)")$/ do |identifier| user = User.find_by...
Using git fixup helps you to speed up appending changes further back in the git history of your feature branch...
To avoid multiple versions of a package, you can manually maintain a resolutions section in your package.json. We recommend you...
If you have a fully functional CI pipeline but no CD, you might find yourself frequently waiting for CI (with...
Our development process makes us deploy very often. As the number of releases grows, junk clogs up the hard drive...
...e.g. wysiwyg text fields Consider to leave the paperclip columns (you can debug issues better) As many parts of file processing are not tested (resolution, fallback images and many more...
...exception notifier all failed jobs will trigger an email. Blocking the server: Mogrify (tool behind minimagic) sometimes freeze (for many thousand of jobs it will fail for sure). You need...
...cat tmp/parallel_cucumber_failures.log | xargs geordi cucumber # Running features > Only: features/authentication.feature:33 features/backend/pages.feature:5 features/backend/pages.feature:60 ... Beside the linked article you might also be interested in reading An Opinionated Guide to xargs...
...the resulting record will not have the attributes that defined that scope, and this behavior can be quite useful. Because you cannot have the best from both worlds you should...
...article and make informed choices about how to define your conditions. Also see the Best Practice section below. The problem in detail Consider this Rails class and the following articles...
We use Sentry to be informed about different kinds of issues. One of the key features is that you are...
All Rubyists should be familiar with the common definitions for include and extend. You include a module to add instance...
By default parallel_tests will spawn as many test processes as you have CPUs. If you have issues with flaky...
Given you have a strict CSP that only allows elements from your own domain: Content-Security-Policy: script-src 'self' This will block JavaScript handlers inlined as attribute into your HTML elements. Clicking on the following link will only log an error with a strict CSP: click me click me Solution 1: Move the handler into your JavaScript The recommended solution is to move the handler from the HTML to the allowed JavaScript file that we loaded via . In the example above we could invent a new [data-alert] attribute with the alert message: click me Then our JavaScript intercepts clicks on elements with that attribute: document.addEventListener('click', function(event) { let link = event.target.closest('[data-alert]') if (link) { let message = link.dataset.alert alert(message) event.preventDefault() } }) Solution 2: Allow that one handler in your CSP Some browsers allow the CSP directive script-src-attr. This lets you allow the hashes of actual JavaScript code. The SHA256 hash of alert('hello') is vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE= (in Base64). We can allow this one event handlers like this: Content-Security-Policy: script-src 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Note the sha256- prefix. This event handler now works when clicked: click me But any other script will still be blocked: click me Dealing with legacy browsers Currently (November 2023) about 75% of browsers support script-src-attr. Here is a forward-looking compromise that many users use with new CSP features: Have a liberal CSP with old directives supported by all browsers Make your CSP stricter with new, more specific directives for browsers that support it The CSP spec supports that approach in that using newer, more specific directives disable older, more general features. In our case this means: For old browsers, allow all inline scripts For new browsers, disallow inline scripts but allow inline handlers with given hashes Here is a CSP directive that works like this: Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Old browsers will only use script-src. New browsers will use script-src-elem (for tags) and script-src-attr (for inline event handlers), which override the more liberal rules from script-src.
Rails offers the fresh_when method to automatically compute an ETag from the given record, array of records or scope...
Array.wrap wraps argument in an array, unless it is array-like already. The behaviour is a bit saner than Array[...]. Array.wrap(nil) # => []
" foo bar \n \t boo".squish # => "foo bar boo" Time.current, Date.current, DateTime.current behaves like .now or .zone.now depending on whether a time zone is set
Enable local logging for Sentry when: Debugging Sentry event capture locally Testing error handling without polluting production metrics Developing background...
On Chrome, Firefox and modern Safari, document.scrollingElement will return the element. The behavior varies on legacy browsers that we no longer support: Old Safari versions, document.scrollingElement will return...
In development, we store files using ActiveStorage's disk service. This means that stored files are served by your Rails...
Short reference on how to quickly debug the vanilla Rails job adapters. Queue Adapters by Environment Environment Adapter
...other methods within the Method class are useful for advanced metaprogramming, though this is beyond the scope of this card. Also see Ruby: Finding where a method is defined
This card is mainly an explanation how variable fonts work in CSS, not necessarily a recommendation to actually use them...
When RubyMine reports Rubocop returning "exit code -1", upgrading Rubocop can be the fix: gem install rubocop "The logs" can...
There is no such thing as a "default order" of rows in database tables. For instance, when you paginate a...