RubyMine has a collaboration feature called "Code With Me". Using it, you can invite someone into your local editor to work together. This is nicer to the eyes and much...
...more powerful than sharing code through some video chat. How to Getting started is really simple: Click the "add person" icon in the top-right editor corner (or hit Ctrl...
This note shows how to merge an ugly feature branch with multiple dirty WIP commits back into the master as one pretty commit. Squashing commits with git rebase
...here will destroy commit history and can go wrong. For this reason, do the squashing on a separate branch: git checkout -b squashed_feature This way, if you screw up...
...on a Rails record is converted to UTC using to_s(:db) to be stored, and converted back into the correct time zone when the record is loaded from the...
...This is now UTC Problem That will blow up in your face when you send times to attributes that expect dates, just because those times will also be converted using...
...create a Gemfile for installing all required gems. Gemfile # Gemfile gem 'docker-api' gem 'serverspec' Then we install them bundle install Preparation Create the directory where the Tests are going...
...to live. Add the folder to .dockerignore since we wo not want the test to be included within our final container image. mkdir spec echo spec >> .dockerignore spec/spec_helper.rb
Option 0: Download from the official page (preferred) Open https://googlechromelabs.github.io/chrome-for-testing/ In Section "Stable" > chromedriver / linux64 > Download ZIP from URL Take the chromedriver binary from the ZIP file and...
...your path like this: echo "export PATH=$PATH:$HOME/bin" >> $HOME/.bash_profile Option 2: Use apt source Warning Wo no longer recommend this option. After a chrome update, the chromedriver package sometimes...
Understand how nested attributes appear in the params. See how the Rails form helpers encode the names of nested inputs. Understand how the record and all of its nested...
...attributes are saved in a transaction. That means the entire structure is saved or not. Resources Rails Guide: Nested forms Nested Forms in Rails Popular mistakes when using nested forms...
...ZIP archive, you basically have two options: Write a ZIP file to disk and send it as a download to the user. Generate a ZIP archive on the fly while...
...streaming it in chunks to the user. This card is about option 2, and it is actually fairly easy to set up. We are using this to generate ZIP archives...
...index do |person, index| person.award_trophy(index + 1) end Ruby's map with index Similarly, you may need an index when using other methods, like map, flat_map, detect (when...
...you need the index for detection), or similar. Here is an example for map: people.map.with_index do |person, index| person.at_rank(index + 1)
We use foreman to start all necessary processes for an application, which are declared in a Procfile. This is very convenient, but the outputs of all processes get merged together...
...Especially while debugging you might not want other processes to flood your screen with their log messages. The following setup allows you to start Terminator in a split view with...
If you need a sample video with certain properties for a test you can create one using ffmpeg. You might want a very low bitrate file to speed up processing...
...ffmpeg -t 21 -s 10x10 -r 1 -f rawvideo -pix_fmt rgb24 -i /dev/zero sample_21_seconds.mp4 Option Explanation -t 21 set the length to 21s -s 10x10
Ask the admins to turn on SSL (they will set an HSTS header for SSL-only sites) Make cookies secure and http_only Never hard-code the http protocol...
...into URLs that point to your application, which makes you vulnerable to SSL-stripping. When linking to internal resources, just use the path without protocol or URL When linking to...
...how locales work. This is especially relevant when using PostgreSQL databases (of any version), since those depend on the locales functionality provided by glibc as well. It's recommended to...
...likely not affected. How to fix the problems Postgres documentation recommends to recreate indexes involving string-like data types: All indexes involving columns of type text, varchar, char, and citext...
When you load a with a nonce, that script can await import() additional sources from any hostname. The nonce is propagated automatically for the one purpose of importing more scripts. This is not related to strict-dynamic, which propagates nonces for any propose not limited to imports (e.g. inserting elements). Example We have a restrictive CSP that only allows nonces: Content-Security-Policy: default-src 'none'; script-src 'nonce-secret123' Our HTML loads script.js using that nonce: Our script.js imports other.js without a nonce: let other = await import('other.js') console.log("Look, script.js has imported %o", other) The import succeeds without a nonce, due to implicit nonce propagation. Why this is useful In modern build pipelines, code splitting (chunking) is implemented using dynamic imports. Nonce propagation allows us to use automatic chunking with restrictive, nonce-based CSPs without using strict-dynamic. E.g. esbuild automatically groups dynamically imported modules into chunks, and writes that chunk to disk. The compiled build has an await import('assets/chunk-NAXSMFJV.js'). There's no way to inject a nonce into that import(), but implicit nonce propagation still allows the request. Should I worry about this? It would require some truly strange code for user input to make it into an import() argument. I wouldn't lose sleep over this. Is this a browser bug? It is by design. Here are some sources: HTML Spec Section 8 (Web Application APIs) (search for "descendant script fetch options") Chromium test ensuring none propagation Firefox bug implementing nonce propagation CSP issue: Someone concerned about propagation being a vulnerability CSP issue: Proposal for import-src that went nowhere Are other CSP sources also propagated? No, only nonces. In particular host-based CSPs do not propagate trust. For example, you only allow scripts from our own host (no nonces): Content-Security-Policy: default-src 'none'; script-src 'self' Our HTML loads script.js from our own host: Our script.js imports other.js from a different host: let other = await import('https://other-host.com/other.js') This fails with a CSP violation: Executing inline script violates the following Content Security Policy directive 'script-src 'self''
options.add_option(:web_socket_url, true) options.add_option(:page_load_strategy, 'none') # required for selenium-webdriver 4.27+ end Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) In combination with...
...stay open until handled. Note Setting the unhandled prompt to a hash is supported since selenium-webdriver 4.36 Note that you also need to set the :page_load_strategy to...
Normally, Rails handles encryption and signing of cookies, and you don't have to deal with the matter. Should you need to decrypt a session cookie manually: here is how...
...Obviously, you can only decrypt a session cookie from within the corresponding Rails application. Only the Rails application that encrypted a cookie has the secrets to decrypt it.
When you have a Cucumber step like Then I should see "Did you see those \"quotation marks\" over there?" you'll run into trouble. Cucumber won't take your...
...escaped quotation marks. Workarounds One workaround is to write the step as regex (since there is a step taking a regex): Then I should see /Did you see those "quotation...
...any of the gems that GEM depends on. For the example above you would say: bundle update cucumber-rails --conservative If Bundler cannot update due to transitive dependencies, check if...
...for old versions of bundler The options below might be relevant if you're stuck with Bundler < 1.14: Option 1 This will work if all dependencies for the update are...
geordi cucumber path/to/features -r2 Background and how to rerun manually Cucumber will save a file tmp/parallel_cucumber_failures.log containing the filenames and line number of the failed scenarios after a...
...full test run. Normally you can say cucumber -p rerun (rerun is a profile defined by default in config/cucumber.yml) to rerun all failed scenarios. Here are a few alternative ways...
...text right next to the code: notes for other developers, and for your future self. You can imagine comments as post-its (or sometimes multi-sheet letters ...) on real-world...
...objects like cupboards, light switches etc. As always, with power comes responsibility. Code comments can go wrong in many ways: they may become outdated, silently move away from the code...
When your site is on HTTPS and you are linking or redirecting to a HTTP site, the browser will not send a referrer. This means the target site will see...
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
Occasionally you need to do something directly on the server -- like having all records recalculate something that cannot be done in a migration because it takes a long time.
...s say you do something like this: Project.all.each(&:recalculate_statistics!) Even though you may have been successful with this on your development machine or the staging server, keep in mind...
...progress for the Rails 7 version Documentation for rspec-core Using metadata attributes to write spec-type specific before blocks Shared examples and contexts in RSpec Testing shared traits or...
Sharing test setup can lead to DRY, but tightly coupled test code. Read Prefer self-contained examples for an argument for isolating tests instead, even if it means some...
Line-height and vertical-align are simple CSS properties. So simple that most of us are convinced to fully understand how they work and how to use them. But it...
...less-known feature of CSS: inline formatting context. For example, line-height can be set as a length or a unitless value 1, but the default is normal. OK, but...
expect(page).to have_field('Username') { |field| field[:class].blank? } Limitations Using execute_script, evaluate_script or evaluate_async_script within a filter block will crash with a timeout...
...Selenium::WebDriver::Error::ScriptTimeoutError Exception: script timeout This is due to Capybara using a zero timeout while calling the filter block. A workaround is to temporarily set a different timeout...