...with HSTS. The HSTS part is important. Use a reliable authentication solution, e.g. Compose Rails authentication primitives, Clearance or Devise. Don't start from scratch (see bottom).
...root path: xsendfile: unable to find file: /tmp/foo20110721-28050-1h104da-0 The reason for this is that Rails 3 uses X-Sendfile for file downloads and Apache is only allowed to transfer files...
Rails 5.2 soft-deprecated the storage of secrets in secrets.yml in favor of a new thing, credentials.yml.enc. Rails 7.1 deprecated secrets and Rails 7.2 finally removed it. In our permissions...
...for existing applications it may be appropriate to keep using secrets.yml. Restoring secrets in Rails 7.2+ Restoring Rails.application.secrets is really simple, thanks to config_for. Simply add this to config/application.rb...
After an upgrade to rails 7 I noticed that async reindexing jobs of Searchkick were failing for Model.reindex(mode: :async, wait: true): /home/a_user/.rbenv/versions/3.3.0/lib/ruby/gems/3.3.0/gems/searchkick-5.3.1/lib/searchkick/relation_indexer.rb:142:in `block in batch_job': undefined...
You can report CSP violations to Sentry. Within config/initializers/content_security_policy.rb: Rails.application.configure do config.content_security_policy do |policy| # Settings for the policy policy.report_uri 'https://ooo4444bbb.ingest.de.sentry.io/api/ooo4444bbb/security/?sentry_key=ooo4444bbb' end end Replace the actual...
Rails slightly changed the fragment cache implementation from Rails 7.0 to Rails 7.1. Unfortunately, this is incompatible with how Haml 5 patches Action View buffers. I tried turning a String...
...an ActionView::OutputBuffer, but this brought up other issues. Conclusion While we have a Rails 7.2 application successfully running with Haml 5, Rails applications with fragment caching need to upgrade...
...you most likely want to use this in combination with the ActionDispatch::AssumeSSL middleware (Rails >= 7.1). This middleware makes your app assume that SSL terminates at the load balancer and...
...custom middleware to automatically flag all cookies as secure-only In a Ruby on Rails app you can add a middleware that automatically sets the Secure flag to all server...
As your Rails project grows, you will accumulate a number of small patches. These will usually fix a bug in a gem, or add a method to core classes.
...change_storage.rb fix_cache_ids.rb sanitize_filename_characters.rb ruby/ range/ covers_range.rb array/ dump_to_excel.rb xss_aware_join.rb enumerable/ collect_hash.rb natural_sort.rb string/ to_sort_atoms.rb rails/ find_by_anything.rb form_builder.rb form_for_with_development_errors.rb Note how all patches for standard library classes are in the ruby...
The :test adapter doesn't respect limits_concurrency configuration. Switch to :solid_queue adapter in your test to verify blocking...
If you want someone to be able to access your rails console, but don't want them to be able to do changes you can use the rails console sandbox...
...invoking bin/rails console --sandbox. https://guides.rubyonrails.org/command_line.html#bin-rails-console To let one only access the sandbox rails console you can make use of the command option of OpenSSH: Specifies that the command...
Icon fonts like Font Awesome are infinitely scalable, look great on high-DPI displays and will give your app a...
Ever needed to use a global variable in Rails? Ugh, that's the worst. If you need global state, you've probably reached for Thread.current. When you're using Thread.current...
...term, you can use PostgreSQL’s trigram similarity search. Writing a fuzzy query in Rails User.where("similarity(name, ?) > 0.3", "John") This finds all users where the name is similar to...
Greg Molnar has written a neat article about creating a single-file Rails app. This is not meant for production use but can be useful to try things out, e.g...
...when hunting down a bug or embedding a Rails app into the tests of a gem. What you do is basically: Put everything (gems, application config, database migrations, models, controllers...
When your Rails application is using Redis as its cache store, this is how you can list existing keys: Check: Rails.cache should return an ActiveSupport::Cache::RedisCacheStore. Rails.cache.redis.with(&:keys) lists...
When putting phone numbers into web pages, you should use tel: links so smartphone users can click those numbers to...
...posts with a limited number of tags. The following chapters explain different approaches in Rails, how you can assign such an association via HTML forms. In most cases you want...
...with assignable values. The basic setup for all options looks like this: config/routes.rb Rails.application.routes.draw do root "posts#index" resources :posts, except: [:show, :destroy] end db/migrate/20230510093740_create_posts.rb class CreatePosts < ActiveRecord::Migration...
Rails' fragment caching caches subtrees of an HTML document tree. While constructing that tree though, it can be really hard to keep track of whether some code is run in...
...a caching context. Fortunately, Rails 7 brings two helpers that simplify this. Note that these helpers are all about Rails' fragment caching and not about downstream caching (i.e. Cache-Control...
...scope :all_tags, -> (tags){ where('tags @> ARRAY[?]', tags) } end Document.create(title: "PostgreSQL", tags: ["pg","rails"]) Document.any_tags('pg') Document.all_tags(['pg', 'rails']) Migration: class CreateDocuments < ActiveRecord::Migration def change
From at least Rails 4, the ActionView tag helper turns Array values of HTML options into a single space-separated string. This means you can pass an array to :class...
This page lists many query methods and options in ActiveRecord which do not sanitize raw SQL arguments and are not...
Since Rails 7 you are able to encrypt database information with Active Record. Using Active Record Encryption will store an attribute as string in the database. And uses JSON for...
...need to configure your Active Record Encryption keys manually in the config/application.rb: config.active_record.encryption.primary_key = Rails.application.secrets.dig(:active_record_encryption, :primary_key) config.active_record.encryption.deterministic_key = Rails.application.secrets.dig(:active_record_encryption, :deterministic_key) config.active_record.encryption.key_derivation...
Note: Instead of using the method in this card, you probably want to use ActiveType's nested attributes which is...
...do it, and it's great, especially in combination with Sprockets (or Propshaft on Rails 7). You might be missing some convenience features, though. Here we cover one specific issue...
...Once you have started your development Rails server and esbuild with the --watch option (if you used jsbundling-rails to set up, you probably use bin/dev), esbuild will recompile your...