After starting the Rails server in a freshly generated Rails 3.1 project you could see an error message such as

/usr/lib/ruby/gems/1.8/gems/execjs-1.3.0/lib/execjs/runtimes.rb:50:in `autodetect': Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes. (ExecJS::RuntimeUnavailable)

Just add a JavaScript runtime to your Gemfile and the error vanishes.

Examples:

gem 'therubyracer'
gem 'extjs'

tl;dr

• Don't write resources :people, :concerns => :trashable

• Write

  resources :people do
    concerns :trashable
  end
  

Why

Writing a controller spec I encountered this error:

Failure/Error: get :index
ActionController::RoutingError:
  No route matches {:controller=>"people"}

caused by this route definition

resources :people, :concerns => :trashable

which renders strange routes:

      trash_person PUT    /people/:id/trash(.:format)             people#check {:concerns=>:trashable}
          ...

Put the following into config.ru in your Rails root folder:

# Require your environment file to bootstrap Rails
require ::File.dirname(__FILE__) + '/config/environment'

# Dispatch the request
run ActionController::Dispatcher.new

Otherwise, your Rails 2.3 project will not be considered by Passenger 5+ and you will probably see 403 errors returned by nginx or Apache.

In specs, the session never persists but is always a new object for each request. Data put into the session in a previous request is lost. Here is how to circumvent that.

What's going on?

You are making ActionController::TestRequests in your specs, and their #initialize method does this:

self.session = TestSession.new

This means that each time you say something like "get :index", the session in your controller will just be a new one, and you won't see ...

When using form_for you can give the form's target URL either as a string or an array:

form_for(admin_user_path(@user)) do ... end
# same as:
form_for([:admin, @user]) do ... end

Same for link_to:

link_to("Label", edit_admin_user_path(@user))
# same as
link_to("Label", [:edit, :admin, @user])

polymorphic_path and polymorphic_url

If you would like to generate a path or URL string from an array of route components just as form_for does, you can use polymorphic_path or polymorphic_url:

polymorphic...

PostgreSQL has partial indexes. With a partial index you tell Postgres to only index rows matching a given query.

Some uses cases for a partial index:

• You want a uniqueness index, but only under some conditions
• Your table is very large and indexing every row becomes expensive

The linked article shows how to create a partial index with Rails.

You might find that your Passenger ignores all RailsSomething directives in the vhost for your new Rails 3 application. The culprit is a file config.ru which makes Passenger consider your application a Rack (non-Rails) application.

To fix this you can either use RackEnv in lieu of RailsEnv (it works fine) or delete the config.ru. Unless you have a good reason to do so, go with RackEnv.

Rails 2.3.16+ on Ruby 1.9 causes warnings like this:

.../gems/activesupport-2.3.17/lib/active_support/core_ext/string/output_safety.rb:22: warning: regexp match /.../n against to UTF-8 string

Many thanks to grosser for supplying a monkey-patch for Rails 2.3 (Commit f93e3f0ec3 fixed it for Rails 3). Just put it into config/initializers/ to make those warnings go away.

Since we're using RSpec on mos...

Today I learned that Ruby on Rails has shipped with a built-in slug generator since Rails 2.2:

> "What Up Dog".parameterize
=> "what-up-dog" 

> "foo/bar".parameterize
=> "foo-bar" 

> "äöüß".parameterize
=> "aouss" 

Also see: Normalize characters in Ruby.

Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.

However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as w...

The Ruby on Rails security list archive can be found here: http://groups.google.com/group/rubyonrails-security

You can subscribe to this mailing list without a Google account by pasting this URL into your browser (after replacing the email address obviously).

http://groups.google.com/group/rubyonrails-security/boxsubscribe?email=your.name@example.com
                                                                       ^^^^^^^^^^^^^^^^^^^^^ <- Change this

Rails 4 introduced raising an error on pending migrations. This is most annoying when you are crafting a migration but need to play with your application to figure out how to do it.

To disable this behavior, just set the corresponding config option to false:

# in config/environments/development.rb

# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = false # was :page_load

After switching to Rails 3 you may get a LoadError with the following message when trying to use your application via passenger:
no such file to load -- dispatcher

Your Passenger version is most likely out of date.

Update the gem, then install the apache module again:
sudo gem install passenger
sudo passenger-install-apache2-module

Follow any instructions. Update your /etc/apache2/httpd.conf with the lines given at the end of the installation process to use the version you just installed.

If you are using RVM on a Mac and cannot enter 8+ bit characters on an IRB or Rails console, you are missing the readline package. You will need to re-install your Ruby to fix this:

rvm remove ree
rvm package install readline
rvm install ree --with-readline-dir=$rvm_path/usr
rvm default ree

Substitute ree with the name if your Ruby distribution.

This note was contributed by Matthias Marschall from the Agile Web Development & Operations blog.

January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of. Many startups use Ruby on Rails. Other startups don’t but, like the Rails community, may one day find themselves asking What Do We Do When Apocalyptically Bad Things Happen On Our Framework of Choice? I thought I’d explain that for the general c...

You can say this in helpers like link_to and content_tag:

= link_to 'Label', root_url, :data => { :foo => 'bar', :bam => 'baz' }

This will produce:

<a href="/" data-foo="bar" data-bam="baz">Label</a>

Only works in Rails 3. In Rails 2 you do

= link_to 'Label', root_url, 'data-foo' => 'bar', 'data-bam' => 'baz' }

We're adding a script console-for to open a remote Rails console with one command. Also have a look at shell-for, which this script is relying on.

Run it from any project directory like this, passing a Capistrano multistage deployment target:

console-for staging

This script is part of our geordi gem on github.

This card needs to be updated for Rails 3+.

Since there is no --debugger flag you need to run:

rdebug script/runner lib/scripts/something.rb

That will open an debugging IRB right away, like this:

require File.dirname(__FILE__) + '/../config/boot'
(rdb:1) _

Enter c to continue and reach your actual debugger call. Then, debug away.

If nothing happens for you: Make sure ruby-debug is available in the Gemfile and you require it.

Let's say you need to revert a migration that happened a while back. You'd create a new migration that removes what was added back then in the up path, while its down path restores the old functionality.

While you could just copy&paste the down and up parts of it to the inverse part of the new migration, you may not want to do that. Especially when the up/down paths already contained some logic (that executed update statements on the created column, for example), copying does not feel right.

Someone already added the logic how to...

Yesterday, there was a blog post entitled “What the Hell is Happening to Rails” that stayed at the number one spot on Hacker News for quite a while. The post and many (but not most) the comments on the post reflect deep-seated concern about the recent direction of Rails. Others have addressed the core question about change in the framework, but I’d like to address questions about specific changes that came up in the post and comments.

If you want to load an SQL dump from an ActiveRecord migration, you might find this to be harder than you thought. While you can call ActiveRecord::Base.connection.execute(sql) to execute arbitrary SQL commands, the MySQL connection is configured to only accept a single statement per query. If you try to feed it multiple statements, it will die with You have an error in your SQL syntax.

You can work around this by opening a second MySQL connection that does accept multiple statements per call.

Below is an example for a migration that l...

See this Railscast.

Basically you can simply write views like index.xlsx.erb:

<?xml version="1.0"?>
<Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet"
  xmlns:o="urn:schemas-microsoft-com:office:office"
  xmlns:x="urn:schemas-microsoft-com:office:excel"
  xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet"
  xmlns:html="http://www.w3.org/TR/REC-html40">
  <Worksheet ss:Name="Sheet1">
    <Table>
      <Row>
        <Cell><Data ss:Type="String">ID</Data></Ce...

At TaskRabbit, we have gone through a few iterations on how we make our app(s). In the beginning, there was the monolithic Rails app in the standard way with 100+ models and their many corresponding controllers and views. Then we moved to several apps with their own logic and often using the big one via API. Our newest project is a single “app” made up of several Rails engines. We have found that this strikes a great balance between the (initial) straightforwardness of the single Rails app and the modularity of the more service-oriented ar...