Rails' url_for is useful for generating routes from a Hash, but can lead to an open redirect vulnerability.
Rails' Strong Parameters enable you to allow only specific values from request params to e.g. avoid mass assignment.
An introduction to mangling When you minify ("compress", "optimize") your JavaScript for production, the names of your functions and variables...
Rails offers several methods to manage three types of different cookies along with a session storage for cookies. These...
When you write your next CarrierWave uploader, consider processing your images with libvips instead of ImageMagick. Reasons for libvips
It most cases it's not necessary to add a version constraint next to your packages in the package.json. Since...
It most cases it's not necessary to add a version constraint next to your gems in the Gemfile. Since...
Debugging your integration tests, that run a headless Chrome inside a docker image, is tricky. In many cases you can...
When you allow file uploads in your app, a user might upload content that hurts other users. Our primary concern...
Rack::SteadyETag was a Rack middleware that generates the same default ETag for responses that only differ in XOR-masked...
Every Rails response has a default ETag header. In theory this would enable caching for multiple requests to the same...
If your irb or rails console keeps randomly crashing and you can't figure out why then you can try...
In Ruby on Rails ActiveRecord::Relation#merge overwrites existing conditions on the same column. This may cause the relation to...
If you're using a Redis cache in Rails (e.g. :redis_cache_store), it's possible to configure additional parameters...
Maintaining larger projects makes it more difficult to balance refactoring and upgrade tasks according to its actual value. Consider to...
Let's say we have posts with an attribute title that is mandatory. Our example feature request is to tag...
By default most exceptions in Rails will render a 500 error page and will create a new issue in your...
Rails Active Support provides some helpful methods for calculating times and dates, like Duration#ago or Duration#from...
Rails offers the fresh_when method to automatically compute an ETag from the given record, array of records or scope...
By activating strict_loading you force developers to address n+1 queries by preloading all associations used in the index...
Testing your responses in Rails allows to parse the body depending on the response MIME type with parsed_body.
We will achieve this by creating a block accepting method to optionally create and then lock a .lock File of...
The change_column method for rails migrations support casting with a custom SQL statement. This allows us to change a...
Rails partials have a lot of "hidden" features and this card describes some non-obvious usages of Rails Partials.