...this.lockCounter = 0 this.boundLockTurboStreamRendering = this.lockTurboStreamRendering.bind(this) this.boundStartLock = this.startLock.bind(this) this.boundStopLock = this.stopLock.bind(this) // Stream rendering document.addEventListener("turbo:before-stream-render", this.boundLockTurboStreamRendering) // Form submission document.addEventListener("turbo:submit-start", this.boundStartLock) document.addEventListener("turbo:submit-end...
...this.boundStopLock) // Network activity document.addEventListener("turbo:before-fetch-request", this.boundStartLock) document.addEventListener("turbo:before-fetch-response", this.boundStopLock) document.addEventListener("turbo:fetch-request-error", this.boundStopLock) // Frame rendering document.addEventListener("turbo:before-frame-render", this.boundStartLock) document.addEventListener...
Fill in find field with e.g. url (? .*?) Hint: the "url" at the beginning of the string is just a text fragment; the (? .*?) is our named capture group.
...file. Note that this is # not guaranteed to be 100% accurate. It performs a "best guess" based # on a simple test of the first +File.blksize+ characters. # # Example: # # File.binary?('somefile.exe') # => true...
...live: true, host: '127.0.0.1' do watch(%r(^public/assets/esbuild_error_development\.txt$)) # Livereload + ESbuild is not the best combo # We want # - to reload CSS files without doing a full page reload
When RubyMine reports Rubocop returning "exit code -1", upgrading Rubocop can be the fix: gem install rubocop "The logs" can...
...boring style violations. When you demonstrate an appreciation for constructive criticism, your reviewer provides better feedback . Make others better: Your code review techniques set an example for your colleagues. Effective...
There is no such thing as a "default order" of rows in database tables. For instance, when you paginate a...
To avoid multiple versions of a package, you can manually maintain a resolutions section in your package.json. We recommend you...
If you expect method calls in RSpec 3, be aware that the argument matchers use very liberal equality rules (more...
A list of implementation details that make for a better / expected user experience. Have these in mind when implementing a web design. This document outlines a non-exhaustive list of...
The sidekiq-rate-limiter gem allows rate-limiting Sidekiq jobs and works like a charm. However, it needs to be...
While most Rails Apps are tied to at least one external REST API, machine-to-machine communication via GraphQL is...
Web technology is a broad field and you cannot be an expert in all aspects. However, it is useful to...
...Capybara see the print stylesheet Capybara always requests as the screen medium. The step belows reloads the current page with a query param we will use in our layout to...
Array.wrap wraps argument in an array, unless it is array-like already. The behaviour is a bit saner than Array[...]. Array.wrap(nil) # => []
" foo bar \n \t boo".squish # => "foo bar boo" Time.current, Date.current, DateTime.current behaves like .now or .zone.now depending on whether a time zone is set
In long diffs, it can become impossible to spot small changes in larger blocks of moved code. This may be either a method that was moved from the top to...
Given you have a strict CSP that only allows elements from your own domain: Content-Security-Policy: script-src 'self' This will block JavaScript handlers inlined as attribute into your HTML elements. Clicking on the following link will only log an error with a strict CSP: click me click me Solution 1: Move the handler into your JavaScript The recommended solution is to move the handler from the HTML to the allowed JavaScript file that we loaded via . In the example above we could invent a new [data-alert] attribute with the alert message: click me Then our JavaScript intercepts clicks on elements with that attribute: document.addEventListener('click', function(event) { let link = event.target.closest('[data-alert]') if (link) { let message = link.dataset.alert alert(message) event.preventDefault() } }) Solution 2: Allow that one handler in your CSP Some browsers allow the CSP directive script-src-attr. This lets you allow the hashes of actual JavaScript code. The SHA256 hash of alert('hello') is vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE= (in Base64). We can allow this one event handlers like this: Content-Security-Policy: script-src 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Note the sha256- prefix. This event handler now works when clicked: click me But any other script will still be blocked: click me Dealing with legacy browsers Currently (November 2023) about 75% of browsers support script-src-attr. Here is a forward-looking compromise that many users use with new CSP features: Have a liberal CSP with old directives supported by all browsers Make your CSP stricter with new, more specific directives for browsers that support it The CSP spec supports that approach in that using newer, more specific directives disable older, more general features. In our case this means: For old browsers, allow all inline scripts For new browsers, disallow inline scripts but allow inline handlers with given hashes Here is a CSP directive that works like this: Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'unsafe-hashes' 'sha256-vIsp2avtxDy0157AryO+jEJVpLdmka7PI7o7C4q5ABE=' Old browsers will only use script-src. New browsers will use script-src-elem (for tags) and script-src-attr (for inline event handlers), which override the more liberal rules from script-src.
You can hook into Slack when using Capistrano for deployment. The slackistrano gem does most of the heavy lifting for...
In development, we store files using ActiveStorage's disk service. This means that stored files are served by your Rails...
...update cucumber Make sure you have a recent version of geordi (it doesn't belong in your Gemfile!): gem install geordi Check if you're using Transforms Transform is no...
On Chrome, Firefox and modern Safari, document.scrollingElement will return the element. The behavior varies on legacy browsers that we no longer support: Old Safari versions, document.scrollingElement will return...
tl;dr The :is() pseudo selector - specificity of its most specific argument - matches against a comma-separated list of selectors...
tl;dr The :where() pseudo selector - zero specificity - matches against a comma-separated list of selectors. Example Compound selectors like...
Same requests are recorded only once in vcr. Replaying a test fails, if you trigger the same request multiple times...