...has to decide whether and how to do authorization. The usual approaches are: Using send_file with a regular controller. This is secure, but potentially slow, especially for large collections...
...This is fast (because Apache can deliver assets without going through Rails), but less secure. When going with the "unguessable URL" approach, it is possible to somewhat increase security by...
This card is a general reminder to avoid the short version of a command option in shared code. It's much easier to understand a command and search for an...
...option when it's written out. You can still use the short version of the options in your own terminal or in code snippets that are more useful when they...
...or not to gem": Gem is really needed (prefer writing your own code for simple requirements without many edge cases) Gem is tested well (coverage and quality)
...the project requirement Try to avoid gems that do much more than your requirement scope needs Gem has a good maturity and maintenance Gem has a good / familiar DSL
...config={}). There also is a generate method which will run the generator in a subprocess. Call it with generate 'generator_name', 'command line args'. Expected (hard-coded) directory structure of...
... #{generator name, e.g. model}_generator.rb USAGE Templates If you want to use the supplied template, directory and other template methods, you must call source_root 'path/to/templates' inside your generator...
...This release has many minor changes and fixes to prepare your application for Rails 3. Step-by-step upgrade instructions: Upgrade rails gem Change your environment.rb so it says RAILS...
...for a detailed list of changes. 2.3.9 to 2.3.10 Fixes Vulnerability in Nested Attributes code. Step-by-step upgrade instructions: Upgrade rails gem Change your environment.rb so it says RAILS...
...this card, we describe a wrapper for it that humanizes a given number of seconds in the "next best" unit, like seconds, minutes, etc. Example usage >> new Duration(42).humanized...
>> new Duration(123456).humanized() => '1 Tag' >> new Duration(123456).humanized('es') => '1 día' Code Here is the code as an ECMAScript module. Note that we default to German in...
...are automagically available through accessors on the Active Record object. When you need to specialize this behavior, you may override the default accessors (using the same name as the attribute...
...and simply call the original implementation with a modified value. Example: class Poet < ApplicationRecord def name=(value) super(value.strip) end end Note that you can also avoid the original setter...
Goals Know how to use the native DOM API to do the following: Selecting all elements matching a given CSS selector Selecting all descendants of a given element matching...
...a given CSS selector Registering event listeners Changing an element's CSS classes Changing an element's attributes Making the same change to a list of elements, e.g. hiding them...
...Repeat Yourself (or DRY). In Ruby on Rails we keep our code DRY by sharing behavior by using inheritance, modules, traits or partials. When you reuse behavior you want to...
...writing integration tests with Cucumber, where you need to express yourself with Gherkin and step definitions instead of Ruby classes and methods. But don't dispair! Below you will find...
...s presentation about asynchronous Javascript (there's also a German video presentation in our shared folder) Read about Promises on MDN and this visualization Read about async / await.
Read about canceling promises Error handling in event listeners Tasks, microtasks, queues and schedules Picking the Right Tool for Maneuvering JavaScript's Event Loop Browse the internet to answer...
To get a good overview about load, cpu frequency, temperature sensors, etc. we found s-tui quite useful. It's included in Ubuntu's default repositories: $ sudo apt install...
$ s-tui While it's possible to run s-tui as root for even more information and optionally also make use of stress for benchmarking, those methods did...
Icon fonts like Font Awesome are infinitely scalable, look great on high-DPI displays and will give your app a modern look. However, icon fonts can be very awkward to...
...use compared to raster icons. Elements are given icons by giving them a special class like icon-plus or icon-home: Create The icon font's stylesheet will then recognize...
...latest commits are not ready for production? Then use git merge master~n to skip the n-last commits. Tip A big advantage of merging vs. cherry-picking is that...
...topic of this card. Read following chapters: (1) Security Principles (3.3) Sessions and Cookies (3.5) Same-Origin-Policy (4.2) Angriffsfläche / Attack Surface (4.3) Speicherung von Passwörtern (6) Kryptographische Grundlagen...
...Authentifikation (8) Authorization (9) Session Management Ohne (9.4) JSON Web Tokens (10) Federation / Single-Sign on (11) Serverseitige Angriffe (12) Clientseitige Angriffe (13) Clientseitige Schutzmaßnahmen Read through the most known...
Browsers come with a set of built-in elements like or . When we need a new component not covered by that, we often build it from and tags. An alternative...
...Custom elements will be ignored for the purposes HTML validation, but their children will still be validated. Styling new elements Browsers will give unknown elements a default style of display...
...least one external REST API, machine-to-machine communication via GraphQL is less commonly seen. In this card, I'd like to give a quick intro on how to query...
Interacting with GraphQL feels a bit like querying a local database. You are submitting queries to fetch data in a given structure (like SELECT in SQL) or mutations to...
...like json or yaml). When you use it, it has an opinion on every single whitespace and linebreak, as well as a few other things. You renamed a variable and...
...prettier will reformat your code. This might not work for you if you have strong opinions yourself. You cannot configure it to do exactly what you want, there a deliberately...
Phusion Passenger changed the way how it gets restarted several times. Through the project's history, these all were valid: touch tmp/restart.txt sudo passenger-config restart-app /path/to/app passenger-config...
gem 'capistrano-passenger', require: false Add to your Capfile: require 'capistrano/passenger' Declare which server role should be restarted (optional). Usually passenger tries to restart all servers with the app...
Add apt source: apt update -y && apt install -y gpg sudo wget curl sudo install -dm...
.../etc/apt/keyrings wget -qO - https://mise.jdx.dev/gpg-key.pub | gpg --dearmor | sudo tee /etc/apt/keyrings/mise-archive-keyring.gpg 1> /dev/null echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.gpg arch=amd64] https://mise.jdx.dev/deb stable main" | sudo tee /etc/apt/sources.list.d/mise.list
...exception, Rails will look at the exception's class and choose an appropriate HTTP status code and error page for the response. For instance, an ActiveRecord::RecordNotFound will cause Rails...
...render a red "The page you were looking for doesn't exist" with a status code of "404" (not found). The mapping from exception classes to error types is a...
...default to using the element as the main document viewport. In CSS, prefer to set overflow properties to html (or :root). Scrolling the main viewport with JavaScript
...main document viewport is also scrollable by default. The element that corresponds to the main viewport is either (document.documentElement) or (document.body). Which one depends on the browser.
Slow test suites are a major pain point in projects, often due to RSpec and FactoryBot. Although minitest and fixtures are sometimes viewed as outdated, they can greatly improve test...
We adopted a project using minitest and fixtures, and while it required some initial refactoring and establishing good practices, the faster test suite was well worth it! Stick with...
Why secure-only cookies used to be necessary Cookies have an optional secure flag. It tells the browser to not send the cookie for a non-https request.
...users from http:// to https://. The reason was that most users will only enter a scheme-less domain like makandra.de into their location bar, which will default to http://makandra.de...
SVG is an acronym for "scalable vector graphics". SVGs should be used whenever an image can be described with vector instructions like "draw a line there" or "fill that space...
...they're not suited for photographs and the like). Benefits are the MUCH smaller file size and the crisp and sharp rendering at any scale. It's a simple, old...