...ein User ungefiltertes HTML in die Webseite einfügen kann. Danke für den interessanten Beitrag! alert('you have been hacked') Rails löst das Problem weitgehend, aber Programmierfehler weiter möglich manchmal Sicherheitslücken in Gems oder Rails
background-color: blue; } = javascript_tag nonce: true do :plain window.addEventListener('load', () => { ... }); CSP mit Rails Demo Konfiguration via config/initializer/content_security_policy.rb Überschreiben in einzelnen Controllern Nonce-Support für javascript_tag
Rails' Strong Parameters enable you to allow only specific values from request params to e.g. avoid mass assignment. Usually, you say something like params.permit(:email, :password) and any extra parameters...
There are multiple ways to redirect URLs to a different URL in Rails, and they differ in small but important nuances. Imagine you want to redirect the following url...
Quick reference for passing data from Rails to JavaScript via Unpoly compilers. Haml Attribute Syntax # Ising hash rockets and string symbols (method calls) = form.text_field :name, 'date-picker': true
...after_logout idp_sign_out] end Unsafe redirect when trying to log out Since Rails 7 you need to pass allow_other_host: true to redirect_to to allow a...
When deploying Rails applications you might have noticed that JS and CSS are not cached by all browsers. In order to force Apache to add expiry dates to its response...
...when I change a file? Changed stylesheets and javascripts will always be reloaded because Rails appends a screen.css?1234567 timestamp to the paths. Background images referred to from the CSS...
If you run a Rails app that is using Turbo, you might observe that your integration tests are unstable depending on the load of your machine. We have a card...
In Ruby on Rails ActiveRecord::Relation#merge overwrites existing conditions on the same column. This may cause the relation to select more records than expected: authorized_users = User.where(id...
...version "3.4.0" resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.4.0.tgz#8de513fa0fa4b2c7d2e48a530e26f0596936efdf" integrity sha512-ggRCXln9zEqv6OqAGXFEcshF5dSBvCkzj6Gm2gzuR5fWawaX8t7cxKVkkygKODrDAzKdoYw3l/e3pm3vlT4IbQ== package.json { "dependencies": { "@rails/webpacker": "4.x", "bootstrap-datepicker": "1.8.0", # the package says it needs "jquery": ">=1.7.1 <4.0.0" as a dependency
...node_modules/jquery node_modules/bootstrap-datepicker/node_modules/jquery Actual issue Within the Rails Webpacker config we now provide a jQuery object to boostrap-datepicker: config/webpack/environment.js environment.plugins.prepend( 'Provide', new webpack.ProvidePlugin({ $: 'jquery', jQuery: 'jquery', 'window.jQuery': 'jquery...
end But how to solve the uniqueness problem? Another day, another undocumented Rails feature! This time, it’s that ActiveRecord::Base.connection.add_index supports an undocumented option to pass...
(excerpt from: Fancy Postgres indexes with ActiveRecord) So regarding to the cited site Rails 5+ allows me to use an SQL statement in my index: t.index 'shop_id, lower...
...collectiveidea.com/blog/archives/2012/01/27/testing-file-downloads-with-capybara-and-chromedriver module DownloadHelpers TIMEOUT = 10 module_function def download_path download_path = Rails.root.join("tmp/test_downloads#{ENV['TEST_ENV_NUMBER']}") FileUtils.mkdir_p(download_path) download_path end def clear_downloads FileUtils.rm...
When your JavaScript bundle is so massive that you cannot load it all up front, I would recommend to load...
...when your application uses time zones. Background A time-zoned Time attribute on a Rails record is converted to UTC using to_s(:db) to be stored, and converted back...
...so that a tcp connection is used instead of a socket connection. Configure rails application to use the database development: adapter: mysql2 database: projectname_development encoding: utf8mb4 collation: utf8mb4_unicode...
...several gems that help to you do that, like Sidekiq or Resque. With newer Rails you can also use ActiveJob as interface for a background processing library. See here for...
end and a features/support/active_job.rb with: # Jobs should be worked off immediately in tests Rails.application.config.active_job.queue_adapter = :inline
...This could be your (very careless) controller method: def generated send_file File.join(Rails.root, 'shared', 'invoices', params[:number]) end This allows your users not only to access those files but...
...directory of the files as the first parameter, like so: send_file_inside File.join(Rails.root, 'shared', 'invoices'), params[:number] Do not use only Rails.root -- this would allow access to config/environment.rb...
...delay of ~1 minute. Note: This setup does not work, when you use the Rails driven_by method with a binary preloading for parallel tests. CI Optionally you can use...
When I sign in as "carcar79" Patch to make it work for Rails 2 For Rails 2, the last line of find_by_anything needs to be changed...
...bar']) => /tmp/foo20220912-14561-3g93n1bar You can choose a different base directory than Dir.tmpdir e.g. Dir.mktmpdir('foo', Rails.root.join('tmp')) => /home/user/rails_example/tmp/foo20220912-14561-pyr8qd. This might be necessary when your tests are running on CI. For this...
...something with a temporary directory' do # ... end Option 4: Without Dir.mktmpdir Use something like "#{Rails.env}#{ENV['TEST_ENV_NUMBER']}" in you directory path when using Dir.mkdir. Further reading:
...Ruby projects. These projects use a large number of different versions for Ruby, Rails and many gems. To be able to switch between projects easily, we must control every dependency...
Returning an empty scope can come in handy, e.g. as a default object. In Rails 4 you can achieve this by calling none on your ActiveRecord model. MyModel.none # returns an...
...empty ActiveRecord::Relation object For older Rails versions you can use the attached initializer to get a none scope...
...a month or a year. Next, start your application server for HTTPS. For a Rails application with Puma: bin/rails server -b 'ssl://0.0.0.0:3000?key=development.key&cert=development.crt'
...many more processes than just your tests while your test suite is running: The Rails server booted by each test process (in a separate process) The Chrome browser started by...
...is good programming practice to Don't Repeat Yourself (or DRY). In Ruby on Rails we keep our code DRY by sharing behavior by using inheritance, modules, traits or partials...