...you thought it would be, you don't understand how XSS protection works in Rails. Calling html_safe on the joined array will incorrectly bless the complete string as safe...
...string].join(' ').html_safe # will incorrectly render as ' foo bar ' with unescaped tags Good Rails >=3 safe_join([unsafe_string, safe_string], ' ') # will correctly render as '<span>foo...
/^([\w!#$%&'*+-/=?^`{|}~]+.)*[\w!#$%&'*+-/=?^`{|}~]+@((((([a-z0-9]{1}[a-z0-9-]{0,62}[a-z0-9]{1})|[a-z]).)+[a-z]{2...
...for storing time of day in the format hh:mm:ss, neither Ruby nor Rails themselves offer an elegant way to deal with day times. Time and DateTime both handle...
When using Rails credentials, you will edit the encrypted credentials for staging or production environments from time to time. To do that you need the secret key which should only...
...to live in :shared_path/config/credentials/:stage.key. If you have a single master.key (e.g. on Rails < 7.2), edit the Capistrano task to find the key at :shared_path/config/master.key instead. Usage
$ ruby -e "RubyVM::YJIT.enable; puts RubyVM::YJIT.enabled?" true The last variant is what Rails 7.2+ is doing after the boot process with its new default configuration. So if you...
...are on a current Rails version and didn't explicitly turn off YJIT, you are probably already using it. Keep in mind that Rails turns on YJIT after the boot...
...field that is handled by Carrierwave uploaders (or maybe any other attachment solution for Rails) in tests allows different approaches. Here is a short summary of the most common methods...
...RSpec looks for fixture files: RSpec.configure do |config| config.file_fixture_path = "spec/custom_directory" end Alternatives: Rails.root.join('spec/fixtures/files/avatar.jpg').open('r') Rails.root.join('spec/fixtures/files/avatar.jpg').read File.open('spec/fixtures/files/avatar.jpg') (might only work if you run the...
...ordered by ID because they need to be able to iterate in batches. Modern Rails will raise an error if you try order yourself. If you are on Rails...
...aware that find calls inside the block are implicitly scoped. This is fixed in Rails...
...only list versions that are allowed by your Gemfile requirements (e.g. does not show rails update to 6 if your Gemfile has the line gem 'rails', '~>5.2'). I also experienced...
...note that some of the functions edge_rider provides have native implementations in newer rails versions. Useful in applications Relation#traverse_association(*names) Edge Rider gives your relations a method...
...These utilities are mostly useful in libraries that need to support multiple versions of Rails. They offer a unified interface across Rails versions. Relation#collect_ids You should not use...
Getting CSS (and JS) live reloading to work in a esbuild / Rails project is a bit of a hassle, but the following seems to work decently well. We assume that...
...you already use a standard "esbuild in Rails" setup, and have an esbuild watcher running that picks up your source code in app/assets and compiles to public/assets; if not change...
...Using unguessable URLs. This is fast (because Apache can deliver assets without going through Rails), but less secure. When going with the "unguessable URL" approach, it is possible to somewhat...
...with SecureRandom.hex(32), and also put it as url_signature_secret into your secrets.yml. Rails helper To generate an expiring URL, use the following helper: def sign_public_path(path...
...worldwide by developers looking for help and tips on web development with Ruby on Rails and DevOps. 15 years ago – in 2009 – we wrote our first card. Since then, over...
...in makandra cards We gain the most experience in web development and Ruby on Rails in our day-to-day work, as web development is our largest team and we...
...reuse your existing factories instead of using the UI or creating records in the Rails console. This approach saves time and gives you useful defaults and associations right out of...
You can use FactoryBot directly in the Rails console like this: require 'factory_bot_rails' # Not needed if the factory_bot_rails gem is in the :development group...
Rails offers several methods to manage three types of different cookies along with a session storage for cookies. These are normal, signed and encrypted cookies. By following the happy...
...sparse and only focuses on controller specs, which recommended usage have been limited since Rails 5+ (see "Rails: Support for Rails 5"), this card will summarize some guidance on how...
...groups are a useful RSpec feature. Unfortunately the default directory structure generated by rspec-rails has no obvious place to put them. I recommend storing them like this: spec/models/shared_examples/foo.rb spec/models/shared_examples/bar.rb...
...those shared examples available to all specs, put the following into your spec_helper.rb (for rails 4 in rails_helper.rb), above the RSpec.configure block: Dir[Rails.root.join("spec/models/shared_examples/**/*.rb")].each {|f| require f...
Background information about session storage in Rails Rails has a default mechanism to store the session in the CookieStore. This is a cookie which holds the entire user session hash...
...to add associations across those records, if they are related in some way. The Rails sandbox In development, Rails' sandbox mode might be useful. Testing and the migration codebase
When deploying a Rails application that is using Webpacker and Capistrano, there are a few configuration tweaks that optimize the experience. Using capistrano-rails capistrano-rails is a Gem that...
...adds Rails specifics to Capistrano, i.e. support for Bundler, assets, and migrations. While it is designed for Asset Pipeline (Sprockets) assets, it can easily be configured for Webpacker. This brings...
...changelog_path = File.expand_path('../CHANGELOG.md', __dir__) Ruby < 2.0 changelog_path = File.expand_path('../../CHANGELOG.md', __FILE__) Rails changelog_path = Rails.root.join('CHANGELOG.md...
...few examples, where you configure some library via a block. One example is the Rails configuration: Rails.application.configure do |config| config.enable_reloading = false end This card describes a simple example on...
...You can use ActiveSupport::Configurable instead of the Configuration class. When you are using Rails with Zeitwerk and the code for e.g. FooClient lives in a folder, that is loaded...
...you have a maintenance script where you want to iterate over all ActiveRecord models. Rails provides this out of the box: # script/maintenance_task.rb # Load all models eagerly, otherwise you might only...
Rails.application.eager_load! ApplicationRecord.descendants.select(&:table_exists?).each do |model| # ... end Caution If you iterate over individual records, please provide a progress indicator: See https://makandracards.com/makandra/625369-upload-run-scripts-production Caution
You don't want sensitive user data in your logs. Background Rails per default filters sensitive data like passwords and tokens and writes [FILTERED] to the logs. The...
...code which is responsible for enabling that usually lives in filter_parameter_logging.rb (Rails.application.config.filter_parameters). Here is an example of a filtered log entry: Unfiltered: `User Load (0.4ms) SELECT "users".* FROM...
...you UTC objects whose to_s(:db) may not convert properly. Legacy behavior in Rails 2.3 It's been briefly mentioned in the random list of ActiveSupport goodies, but please...
...remember to always use Time.current instead of Time.now, etc. Why? Because of the way Rails and MySQL deal with time zones you would need to take care to use Time.zone.now...
...up repetitive expectations in your specs. Unfortunately the default directory structure generated by rspec-rails has no obvious place to put custom matchers or other support code. I recommend storing...
...to all specs, put the following into your spec_helper.rb, above the RSpec.configure block: Dir[Rails.root.join("spec/support/**/*.rb")].sort.each {|f| require f} Also see where to put shared example groups...