...you most likely want to use this in combination with the ActionDispatch::AssumeSSL middleware (Rails >= 7.1). This middleware makes your app assume that SSL terminates at the load balancer and...
...custom middleware to automatically flag all cookies as secure-only In a Ruby on Rails app you can add a middleware that automatically sets the Secure flag to all server...
...need to decide, which configuration between different environment works good for you. By default Rails uses these settings for your application: require(:user) raises in all environments ActionController::ParameterMissing if...
Git diffs show the surrounding contexts for diff hunks. It does so by applying regular expressions to find the beginning...
If you want someone to be able to access your rails console, but don't want them to be able to do changes you can use the rails console sandbox...
...invoking bin/rails console --sandbox. https://guides.rubyonrails.org/command_line.html#bin-rails-console To let one only access the sandbox rails console you can make use of the command option of OpenSSH: Specifies that the command...
Rails 5.2 soft-deprecated the storage of secrets in secrets.yml in favor of a new thing, credentials.yml.enc. Rails 7.1 deprecated secrets and Rails 7.2 finally removed it. In our permissions...
...for existing applications it may be appropriate to keep using secrets.yml. Restoring secrets in Rails 7.2+ Restoring Rails.application.secrets is really simple, thanks to config_for. Simply add this to config/application.rb...
Icon fonts like Font Awesome are infinitely scalable, look great on high-DPI displays and will give your app a...
...posts with a limited number of tags. The following chapters explain different approaches in Rails, how you can assign such an association via HTML forms. In most cases you want...
...with assignable values. The basic setup for all options looks like this: config/routes.rb Rails.application.routes.draw do root "posts#index" resources :posts, except: [:show, :destroy] end db/migrate/20230510093740_create_posts.rb class CreatePosts < ActiveRecord::Migration...
Since Rails 6.1, if we use where.not with multiple attributes, it applies logical NAND (NOT(A) OR NOT(B)) instead of NOR (NOT(A) AND NOT(B)). If you do...
...becomes "Don't send newsletters to trashed admins". User.where.not(role: 'admin', trashed: true) # Before Rails 6.1, with NOR => "SELECT "users".* FROM "users" WHERE "users"."role" != 'admin' AND "users"."trashed" != TRUE...
Rails slightly changed the fragment cache implementation from Rails 7.0 to Rails 7.1. Unfortunately, this is incompatible with how Haml 5 patches Action View buffers. I tried turning a String...
...an ActionView::OutputBuffer, but this brought up other issues. Conclusion While we have a Rails 7.2 application successfully running with Haml 5, Rails applications with fragment caching need to upgrade...
Greg Molnar has written a neat article about creating a single-file Rails app. This is not meant for production use but can be useful to try things out, e.g...
...when hunting down a bug or embedding a Rails app into the tests of a gem. What you do is basically: Put everything (gems, application config, database migrations, models, controllers...
From at least Rails 4, the ActionView tag helper turns Array values of HTML options into a single space-separated string. This means you can pass an array to :class...
Since Rails 7 you are able to encrypt database information with Active Record. Using Active Record Encryption will store an attribute as string in the database. And uses JSON for...
...need to configure your Active Record Encryption keys manually in the config/application.rb: config.active_record.encryption.primary_key = Rails.application.secrets.dig(:active_record_encryption, :primary_key) config.active_record.encryption.deterministic_key = Rails.application.secrets.dig(:active_record_encryption, :deterministic_key) config.active_record.encryption.key_derivation...
...scope :all_tags, -> (tags){ where('tags @> ARRAY[?]', tags) } end Document.create(title: "PostgreSQL", tags: ["pg","rails"]) Document.any_tags('pg') Document.all_tags(['pg', 'rails']) Migration: class CreateDocuments < ActiveRecord::Migration def change
When you want to group rails models of a logical context, namespaces are your friend. However, if you have a lot of classes in the same namespace it might be...
'accounting_' end end class Accounting::Invoice < ApplicationRecord ... end class Accounting::Payment < ApplicationRecord ... end Rails will be able to derive the table name accounting_invoices for Accounting::Invoice...
...do it, and it's great, especially in combination with Sprockets (or Propshaft on Rails 7). You might be missing some convenience features, though. Here we cover one specific issue...
...Once you have started your development Rails server and esbuild with the --watch option (if you used jsbundling-rails to set up, you probably use bin/dev), esbuild will recompile your...
This page lists many query methods and options in ActiveRecord which do not sanitize raw SQL arguments and are not...
Ever needed to use a global variable in Rails? Ugh, that's the worst. If you need global state, you've probably reached for Thread.current. When you're using Thread.current...
When internationalizing your Rails app, you'll be replacing strings like 'Please enter your name' with t('.name_prompt'). You will be adding keys to your config/locales/*.yml files over...
You can report CSP violations to Sentry. Within config/initializers/content_security_policy.rb: Rails.application.configure do config.content_security_policy do |policy| # Settings for the policy policy.report_uri 'https://ooo4444bbb.ingest.de.sentry.io/api/ooo4444bbb/security/?sentry_key=ooo4444bbb' end end Replace the actual...
In Rails 7.1 it has become possible to annotate partials with the locals they expect: # partial _user_name.erb <%# locals: (user:) %> <%= user.name %> # view <%= render 'user_name' %> <%# this raises an ArgumentError %> Unfortunately, when...
...remove the annotation to see the correct error. There is an open issue in rails...
Rails' fragment caching caches subtrees of an HTML document tree. While constructing that tree though, it can be really hard to keep track of whether some code is run in...
...a caching context. Fortunately, Rails 7 brings two helpers that simplify this. Note that these helpers are all about Rails' fragment caching and not about downstream caching (i.e. Cache-Control...
Authentication is a special part of web applications. On the one hand, it usually is a crucial security mechanism restrict...
In FactoryBot factories, Rails' file_fixture is not available by default. To enable it, include a support module from rspec-rails: FactoryBot::SyntaxRunner.include(RSpec::Rails::FileFixtureSupport) That includes ActiveSupport::Testing...
In the past we validate and set default values for boolean attributes in Rails and not the database itself. Reasons for this: Older Rails didn't support database defaults when...
An alternative approach, which currently reflects more the general opinion of the Rails upstream on constraints in the database, is adding default values in the schema of the...