The same applies to files in Carrierwave. Variant: Deliver attachments through Rails The first way is to store Paperclip attachments not in the default public/system, but in...
...can be configured like this: class Note < ActiveRecord::Base has_attached_file :attachment, :path => ":rails_root/storage/:rails_env/attachments/:id/:style/:basename.:extension" end To link to the protecting controller actions...
content_type_1.match(/\Aimage\/(jpeg|png)\z/) # => nil content_type_2.match(/\Aimage\/(jpeg|png)\z/) # => Rails Newer Rails explicitly warns you, when you use ^ and $ in validations with a regular expression...
...model validation that restricts its length. There are two motivations for this: In modern Rails, database types :string and :text no longer have a relevant size limit. Without a validation...
...malicious user can quickly exhaust the hard drive of your database server. In legacy Rails (or database schemas migrated from legacy Rails), database types :string and :text had a database...
...load associated records if you know you need to access them later on. The Rails docs say: Eager loading is supported with polymorphic associations. This is true, but has some...
...and include their current versions' primary media... Page.includes(:current_version => :primary_medium).to_a ... Rails will produce 4 queries: Page Load (0.7ms) SELECT "pages".* FROM "pages" PageVersion Load...
Recent rails security updates have shown that people make incorrect assumptions about the possible contents of the params hash. Just don't make any! Treat it as what it is...
.../pages/edit?foo --> params == {:foo => nil} /pages/edit?foo[] --> params == {:foo => [nil]} # at least in older rails 3 and in rails 2.x Be especially wary about stuff like User.find_by_password...
...but give sub-classes a way to override values without affecting the parent class. Rails has many helpers for this such as class_attribute and class_inheritable_accessor. Unfortunately their...
...semantics are hard to understand, the helpers available differ for different versions of Rails and the behavior is subtly different. Make sure you read and understand the API before using...
...All you need is a pretty print-stylesheet. How to use it from your Rails application You can have PDFKit render a website by simply calling PDFKit.new('http://google.com').to...
...separately before calling to_file. Alternatively you can use PDFKit::Middleware and all your Rails routes automagically respond to the .pdf format. This is awesome to get started fast, but...
...up releases, not assets. In order to clean up assets, you can use capistrano-rails. Just require 'capistrano/rails' in Capfile and add the following config: # config/deploy.rb set :keep_assets...
...remove any older versions. If you are using Webpacker, you need to configure capistrano-rails. If you are on Rails 3, you cannot use this to clean up assets. :keep...
Note that when your app is a web app, the console running your rails server will pause the server and show the debugging console. Your browser will "hang" while...
If you need to debug code that is part of a gem like rails, just (temporarily) add a puts or debugger statement to its source files. Ruby is an...
...animation: none !important; } To only include these styles for tests, see Detect the current Rails environment from JavaScript or CSS. Disabling animations in Unpoly In Unpoly you can globally disable...
...argument('--disable-smooth-scrolling') Related cards Does or scroll the page? Detect the current Rails environment from JavaScript or CSS Disable concurrent AJAX requests in tests In applications that do...
simple_format ignores Rails' XSS protection. Even when called with an unsafe string, HTML characters will not be escaped or stripped! Instead simple_format calls sanitize on each of the...
...you need to escape yourself: simple_format(h(user_input)) If you're using Rails 7.1 you can also customize your sanitize opions that simple_format uses. E.g if you...
gem 'super_diff' Require it in your spec_helper.rb require 'super_diff/rspec' # For Rails applications you can replace this with 'super_diff/rspec-rails' Customize colors in spec/support/super_diff.rb SuperDiff.configure do |config...
...contain exactly "XXX" ActiveRecord::Base is monkey patched by super_diff/rspec-rails (includes rspec and rails) super_diff/rails (includes active_record and active_support) super_diff/active_record This means that you have...
...to be released when the block ends. Example: RSpec::Mocks.with_temporary_scope do allow(Rails).to receive(:env).and_return('production'.inquiry) puts Rails.env # prints "production" end puts Rails.env # prints...
...characters that have a particular meaning in URLs, like & or =. If you are using Rails URL helpers like movies_path(:query => ARBITRARY_STRING_HERE), Rails will take care of the...
/^([\w!#$%&'*+-/=?^`{|}~]+.)*[\w!#$%&'*+-/=?^`{|}~]+@((((([a-z0-9]{1}[a-z0-9-]{0,62}[a-z0-9]{1})|[a-z]).)+[a-z]{2...
...at the same time have a .where on an included table, two things happen: Rails tries to load all involved records in a huge single query spanning multiple database tables...
activity.users.ids # here happens the unexpected # => [4] Workarounds Preload separately In newer Rails versions you should prefer to use joins and then preload if necessary (which will trigger a...
...the behavior, not the implementation" means. Resources Chapter "The value of tests" from Growing Rails Applications in Practice (in our library) Everyday Rails Testing with RSpec (in our library)
...Movie.search() and the new UI. Follow the advice from the "Testing" chapter from Growing Rails Applications in Practice: RSpec feature tests for the most common "happy path" RSpec unit tests...
...you thought it would be, you don't understand how XSS protection works in Rails. Calling html_safe on the joined array will incorrectly bless the complete string as safe...
...string].join(' ').html_safe # will incorrectly render as ' foo bar ' with unescaped tags Good Rails >=3 safe_join([unsafe_string, safe_string], ' ') # will correctly render as '<span>foo...
...for storing time of day in the format hh:mm:ss, neither Ruby nor Rails themselves offer an elegant way to deal with day times. Time and DateTime both handle...
Getting CSS (and JS) live reloading to work in a esbuild / Rails project is a bit of a hassle, but the following seems to work decently well. We assume that...
...you already use a standard "esbuild in Rails" setup, and have an esbuild watcher running that picks up your source code in app/assets and compiles to public/assets; if not change...
$ ruby -e "RubyVM::YJIT.enable; puts RubyVM::YJIT.enabled?" true The last variant is what Rails 7.2+ is doing after the boot process with its new default configuration. So if you...
...are on a current Rails version and didn't explicitly turn off YJIT, you are probably already using it. Keep in mind that Rails turns on YJIT after the boot...
When using Rails credentials, you will edit the encrypted credentials for staging or production environments from time to time. To do that you need the secret key which should only...
...to live in :shared_path/config/credentials/:stage.key. If you have a single master.key (e.g. on Rails < 7.2), edit the Capistrano task to find the key at :shared_path/config/master.key instead. Usage
...field that is handled by Carrierwave uploaders (or maybe any other attachment solution for Rails) in tests allows different approaches. Here is a short summary of the most common methods...
...RSpec looks for fixture files: RSpec.configure do |config| config.file_fixture_path = "spec/custom_directory" end Alternatives: Rails.root.join('spec/fixtures/files/avatar.jpg').open('r') Rails.root.join('spec/fixtures/files/avatar.jpg').read File.open('spec/fixtures/files/avatar.jpg') (might only work if you run the...
...ordered by ID because they need to be able to iterate in batches. Modern Rails will raise an error if you try order yourself. If you are on Rails...
...aware that find calls inside the block are implicitly scoped. This is fixed in Rails...