...security issues in web application, often known as "OWASP Top 10": https://owasp.org/www-project-top-ten/ Rails security Read the following sections from the Rails security guide. For each section you should...

...understand the security issue and what tools Rails gives you to address it. Cross-Site Request Forgery (CSRF) SQL Injection Cross-Site Scripting (XSS) Content Security Policy Also A reasonable...

if 'foo' =~ /foo/ puts $LAST_MATCH_INFO[1] # => foo end Require pitfall in Rails The English library is not loaded by default in Rails. So you or another library...

unpoly.com

Quick reference for passing data from Rails to JavaScript via Unpoly compilers. Haml Attribute Syntax # Ising hash rockets and string symbols (method calls) = form.text_field :name, 'date-picker': true

blog.saeloun.com

Rails' fragment caching caches subtrees of an HTML document tree. While constructing that tree though, it can be really hard to keep track of whether some code is run in...

...a caching context. Fortunately, Rails 7 brings two helpers that simplify this. Note that these helpers are all about Rails' fragment caching and not about downstream caching (i.e. Cache-Control...

...posts with a limited number of tags. The following chapters explain different approaches in Rails, how you can assign such an association via HTML forms. In most cases you want...

...with assignable values. The basic setup for all options looks like this: config/routes.rb Rails.application.routes.draw do root "posts#index" resources :posts, except: [:show, :destroy] end db/migrate/20230510093740_create_posts.rb class CreatePosts < ActiveRecord::Migration...

Resources Rails Guide: Internationalization API Guide to localizing a Rails application Locale-aware helpers in ActionView::Helpers::NumberHelper Accept-Language HTTP header. Can be parsed with a gem like...

Standard Rails translations The default strings used by Rails can be found in the rails-i18n repository. When we start a new project we often copy the German/English locale...

If you run a Rails app that is using Turbo, you might observe that your integration tests are unstable depending on the load of your machine. We have a card...

Rails' Strong Parameters enable you to allow only specific values from request params to e.g. avoid mass assignment. Usually, you say something like params.permit(:email, :password) and any extra parameters...

...scope :all_tags, -> (tags){ where('tags @> ARRAY[?]', tags) } end Document.create(title: "PostgreSQL", tags: ["pg","rails"]) Document.any_tags('pg') Document.all_tags(['pg', 'rails']) Migration: class CreateDocuments < ActiveRecord::Migration def change

...you have a maintenance script where you want to iterate over all ActiveRecord models. Rails provides this out of the box: # script/maintenance_task.rb # Load all models eagerly, otherwise you might only...

Rails.application.eager_load! ApplicationRecord.descendants.select(&:table_exists?).each do |model| # ... end Caution If you iterate over individual records, please provide a progress indicator: See https://makandracards.com/makandra/625369-upload-run-scripts-production Caution

Sometimes you need to remove high Unicode characters from a string, so all characters have a code point between 0...

There are multiple ways to redirect URLs to a different URL in Rails, and they differ in small but important nuances. Imagine you want to redirect the following url...

tl;dr Prefer request specs over end-to-end tests (Capybara) to joyfully test file downloads! Why? Testing file downloads

github.com

When internationalizing your Rails app, you'll be replacing strings like 'Please enter your name' with t('.name_prompt'). You will be adding keys to your config/locales/*.yml files over...

Concurrent counter increments are a race-condition trap. The Rails idiom (load the record, increment in Ruby, save) breaks under concurrent writes. Between the read and the write, another transaction...

makandra dev

...after_logout idp_sign_out] end Unsafe redirect when trying to log out Since Rails 7 you need to pass allow_other_host: true to redirect_to to allow a...

It is very common to parse dates from strings. It seems obvious to use Date.parse for this job. However this...

postgresql.org

...in any structure. While its flexibility is great, there is no syntactic sugar in Rails yet. Thus, you need to manually query the database. Demo # Given a Task model with...

...gem with strategy :transaction, after_commit callbacks will not be fired in your tests. Rails 5+ Rails 5 has a fix for this issue and no further action is needed...

...Rails 3, Rails 4 Add the gem test_after_commit to your test group in the Gemfile and you are done. You don't need to change the database strategy...

Running rails server will start a local server that you can access via http://localhost:3000. When you are working on multiple web apps, they will likely set cookies with...

...define it in a single place so switching it out will be easy. Modern rails versions will block hosts other than localhost by default. Therefore create an entry in config/environments/development.rb...

Since Rails 7 you are able to encrypt database information with Active Record. Using Active Record Encryption will store an attribute as string in the database. And uses JSON for...

...need to configure your Active Record Encryption keys manually in the config/application.rb: config.active_record.encryption.primary_key = Rails.application.secrets.dig(:active_record_encryption, :primary_key) config.active_record.encryption.deterministic_key = Rails.application.secrets.dig(:active_record_encryption, :deterministic_key) config.active_record.encryption.key_derivation...

So you want to organize your I18n using multiple .yml files but your Rails 4.1 application simply won't use any extra files in development? Spring is to blame.

api.rubyonrails.org

...is included in migrations by default (also see How to write complex migrations in Rails). Handy methods Note that both keys and values are always strings, i.e. you'll need...

makandra Curriculum

Basic validations Read the Rails Guide on ActiveRecord Validations. You should have an overview which kinds of validations are built into Rails. Also read Testing ActiveRecord validations with RSpec.

...colored red. In addition, an invalid field control should have a red border. Tip Rails adds an extra element around invalid inputs to help with styling. Inspect an invalid field...