245 Matching Annotations
  1. Mar 2025
  2. Oct 2024
  3. Aug 2024
  4. Jul 2024
    1. This is classic Rails Magic - a clever side effect that guarantees the token in the session cookie will always match the token on the page, because rendering the token to the page can't happen without inserting that same token into the cookie.
  5. May 2024
    1. The asset pipeline is a collection of components that work together. Here's a list of what they might be.Concatenation for merging together many files into one big file.Minification for compressing the contents of a file to make it smaller in size.Pre-compilation for using your language of choice to write CSS or Javascript.Fingerprinting to force reloading of asset changes (i.e., cache busing).
    1. Performing a redirect by constructing a URL based on user input is inherently risky, and is a well-documented security vulnerability. This is essentially what you are doing when you call redirect_to params.merge(...), because params can contain arbitrary data the user has appended to the URL.
  6. Mar 2024
  7. Feb 2024
  8. Jan 2024
  9. Dec 2023
  10. Nov 2023
  11. Oct 2023
  12. Sep 2023
  13. Aug 2023
    1. I assume that the ActiveStorage::Attachment class gets reloaded dynamically and that the extensions are lost as they are only added during initialization. You’re correct. Use Rails.configuration.to_prepare to mix your module in after application boot and every time code is reloaded: Rails.configuration.to_prepare do ActiveStorage::Attachment.send :include, ::ActiveStorageAttachmentExtension end
  14. May 2023
  15. Mar 2023
  16. Feb 2023
    1. As you can see from the example, the session cookie is updated on every request, regardless of if the session was modified or not. Depending on when the response gets back to the client last, thats the cookie that will be used in the next call. For example, if in our previous example, if get_current_result’s response was slower than get_quiz, then our cookie would have the correct data and the next call to update_response would of work fine! So sometimes it will work and sometimes not all depending on the internet gods. This type of race condition is no fun to deal with. The implications of this is that using cookie storage for sessions when you are doing multiple ajax call is just not safe.
    2. A better solution would be to use a server side session store like active record or memcache. Doing so prevents the session data from being reliant on client side cookies. Session data no longer has to be passed between the client and the server which means no more potential race conditions when two ajax are simultaneously made!
  17. Jan 2023
  18. Dec 2022
  19. Nov 2022
  20. Sep 2022
  21. Jul 2022
    1. it should be normal for production apps to add authentication and authorization to their ActiveStorage controllers. Unfortunately, there are 2 possible ways to achieve it currently: Not drawing ActiveStorage routes and do everything by yourself Override/monkey patch ActiveStorage controllers None of them is ideal because in the end you can't benefit from Rails upgrades (bug fixes, etc) so the intention of this PR is to let people define a parent controller (inspired by Devise, maybe @carlosantoniodasilva can tell us his experience on this feature) so that people can add authentication and authorization in a single place and still benefit from the default controllers.
  22. Apr 2022
  23. Mar 2022
  24. Feb 2022
  25. Jan 2022
  26. Dec 2021
    1. How to Create a Micro-Job Marketplace Like Fiverr: Features, Cost, TimelineTimurTech JournalistMarketplaceProduct GuideHomeBlogEntrepreneurshipHow to Create a Micro-Job Marketplace Like Fiverr: Features, Cost, TimelinePublishedNov 19, 2021UpdatedNov 19, 202120 min readIt’s no secret that the COVID-19 pandemic has led many people to reconsider their jobs. Now, freelance as an alternative career path steadily becomes a reality. 50.9% of the U.S. workforce will be freelancing by 2027, a Statista survey shows. Businesses like Fiverr and fellow gig-focused companies rode the wave. To be more precise, they adopted a model allowing the hire of independent contractors without any legwork. How do such tools set the new trend in powering freelancers? In this article, we share proven methods geared towards freelance website growth. Moreover, you will get a glimpse of how to create a micro-job marketplace like Fiverr of your own.

      It’s no secret that the COVID-19 pandemic has led many people to reconsider their jobs. Now, freelance as an alternative career path steadily becomes a reality. 50.9% of the U.S. workforce will be freelancing by 2027, a Statista survey shows.

      Businesses like Fiverr and fellow gig-focused companies rode the wave. To be more precise, they adopted a model allowing the hire of independent contractors without any legwork. How do such tools set the new trend in powering freelancers?

      In this article, we share proven methods geared towards freelance website growth. Moreover, you will get a glimpse of how to create a micro-job marketplace like Fiverr of your own.

  27. Nov 2021
    1. How to Choose a Reliable SaaS Application Development CompanyKateCloud & SaaS Product ResearcherDmitryCEOSaaSHomeBlogEntrepreneurshipHow to Choose a Reliable SaaS Application Development CompanyPublishedAug 5, 2020UpdatedAug 5, 202012 min readCurrently, SaaS is the largest segment of the global public cloud services market. The growing SaaS industry provides an equal-opportunity atmosphere for businesses. It concerns enterprises from startups to tech giants – and any size in between. It explains why traditional software companies, like Microsoft and Adobe, decided to look into that direction too. Indeed, the time is ripe for developing a SaaS application now. But however tempting it may be, do not dive in headfirst with launching a SaaS product, because sometimes, it can be very challenging. That is why we have prepared a guide on finding a SaaS application development company that will be your best bet.

      Looking to build a SaaS app? You will need help of a reliable development team. Check our advice on how to choose a SaaS development company.

    1. SaaS Product Development: Why Choose Ruby on Rails Framework?KateCloud & SaaS Product ResearcherRuby/RailsSaaSHomeBlogTechnologySaaS Product Development: Why Choose Ruby on Rails Framework?PublishedSep 10, 2020UpdatedSep 10, 202013 min readWhich technology to pick for your SaaS business to succeed? This question is not uncommon in our days. In fact, quite the opposite because the SaaS model has become a meaningful part of every business domain. And the demand for SaaS product development is higher than ever and still increasing. This article will discuss the essential factors you need to consider when selecting a framework for your SaaS project. Also, we will introduce the top 3 frameworks for building a SaaS product with their pros and cons. Read on to see the best examples of SaaS applications.

      Choosing the right tech stack can help you save costs and make your app stand out in the saturated market. Let’s discuss why Ruby on Rails can be your best choice.

    1. What Makes Ruby on Rails Perfect for Marketplace Development?AlinaE-Commerce & SaaS StrategistMarketplaceRuby/RailsHomeBlogEntrepreneurshipWhat Makes Ruby on Rails Perfect for Marketplace Development?PublishedJul 13, 2020UpdatedJul 13, 202012 min readThe last several years have been marked with the rise of different marketplaces. Airbnb, AliExpress, Etsy, Booking.com are on everyone’s lips. That's not surprising that the idea of launching a second Amazon or eBay seems so appealing. To win the e-commerce race, entrepreneurs focus on providing excellent customer experience and build fast-loading and scalable websites. Besides, business owners take various security measures to protect their customers’ sensitive information. This way, they can gain clients’ trust and boost sales. When building a custom marketplace, what technology stack is best to achieve all these goals? Our answer is simple: Ruby on Rails. In this article, we will fill you in on the Ruby on Rails marketplace development. At Codica, we are passionate fans of this framework and have built numerous e-commerce platforms with its help. Based on our experience, we will discuss the key reasons to choose RoR for building a successful marketplace.

      The last several years have been marked with the rise of different marketplaces. Airbnb, AliExpress, Etsy, Booking.com are on everyone’s lips. That's not surprising that the idea of launching a second Amazon or eBay seems so appealing.

      To win the e-commerce race, entrepreneurs focus on providing excellent customer experience and build fast-loading and scalable websites. Besides, business owners take various security measures to protect their customers’ sensitive information. This way, they can gain clients’ trust and boost sales.

      When building a custom marketplace, what technology stack is best to achieve all these goals? Our answer is simple: Ruby on Rails.

      In this article, we will fill you in on the Ruby on Rails marketplace development. At Codica, we are passionate fans of this framework and have built numerous e-commerce platforms with its help. Based on our experience, we will discuss the key reasons to choose RoR for building a successful marketplace.

    1. 1) Order the one for your particular vehicle if you can otherwise the curvature of the side rails may not be correct which will dent the metal once secured.2) Look/feel under the headliner if you can prior to drilling into the roof, you may hit a beam which will be troublesome running a screw through multiple pieces of metal. You can also cut the side rails if necessary.3) Use non-corrosive silicone (does not smell like vinegar which will eventually eat away at the paint and rust) to seal up the holes that you drill into the roof. End caps doesn't appear to make a tight seal.4) Screws are stainless which are typically soft. Be careful not to overnighten! I actually used a rivnut/blind nut tool instead of just screws (About 25 bucks here on Amazon).
  28. Sep 2021
  29. Jul 2021
  30. Jun 2021
  31. Apr 2021
    1. class AuthConstraint def initialize(&block) @block = block || ->(_) { true } end def matches?(req) user = current_user(req) user.present? && @block.call(user) end def current_user(req) User.find_by_id(session[:user_id]) end end This is a flexible approach to defining route access based on any desired variable (roles, auth, etc...)

      Good solution, and might be needed if you want to base routes on roles, etc. — but this one is even easier if all you need is for it to be conditional based on signed in or not (because devise provides authenticated helper):

      https://hyp.is/lRq8tpNXEeuNn_9NxqJvdA/stackoverflow.com/questions/32407598/rails-4-devise-set-default-root-route-for-authenticated-users

  32. Mar 2021
    1. Run the complete unit with a certain input set, and test the side-effects. This differs to the Rails Way™ testing style, where smaller units of code, such as a specific validation or a callback, are tested in complete isolation. While that might look tempting and clean, it will create a test environment that is not identical to what happens in production.
  33. Feb 2021
    1. While Trailblazer offers you abstraction layers for all aspects of Ruby On Rails, it does not missionize you. Wherever you want, you may fall back to the "Rails Way" with fat models, monolithic controllers, global helpers, etc. This is not a bad thing, but allows you to step-wise introduce Trailblazer's encapsulation in your app without having to rewrite it.
    1. ActiveInteraction type checks your inputs. Often you'll want more than that. For instance, you may want an input to be a string with at least one non-whitespace character. Instead of writing your own validation for that, you can use validations from ActiveModel. These validations aren't provided by ActiveInteraction. They're from ActiveModel. You can also use any custom validations you wrote yourself in your interactions.
    1. with ActiveForm-Rails, validations is the responsability of the form and not of the models. There is no need to synchronize errors from the form to the models and vice versa.

      But if you intend to save to a model after the form validates, then you can't escape the models' validations:

      either you check that the models pass their own validations ahead of time (like I want to do, and I think @mattheworiordan was wanting to do), or you have to accept that one of the following outcomes is possible/inevitable if the models' own validations fail:

      1. if you use object.save then it may silently fail to save
      2. if you use object.save then it will fail to save and raise an error

      Are either of those outcomes acceptable to you? To me, they seem not to be. Hence we must also check for / handle the models' validations. Hence we need a way to aggregate errors from both the form object (context-specific validations) and from the models (unconditional/invariant validations that should always be checked by the model), and present them to the user.

      What do you guys find to be the best way to accomplish that?

      I am interested to know what best practices you use / still use today after all these years. I keep finding myself running into this same problem/need, which is how I ended up looking for what the current options are for form objects today...

    1. Any attribute in the list will be allowed, and any defined as attr_{accessor,reader,writer} will not be populated when passed in as params. This means we no longer need to use strong_params in the controllers because the form has a clear definition of what it expects and protects us by design.

      strong params not needed since form object handles that responsibility.

      That's the same opinion Nick took in Reform...

    1. @conference_form.submit(conference_params)

      Surprised they called it submit, since that could imply that you're triggering an action called submit.

      They use other verbs to describe this:

      • sync
      • populate
      • write

      Analogous to Reform's sync / sync_models method.

      Actually, the name makes a lot of sense when you see it in context:

          @conference_form = ConferenceForm.new(conference)
          @conference_form.submit(conference_params)
      
          if @conference_form.save
      
    1. If you include ActiveModel::Validations you can write the same validators as you would with ActiveRecord. However, in this case, our form is just a collection of Contact objects, which are ActiveRecord and have their own validations. When I save the ContactListForm, it attempts to save all the contacts. In doing so, each contact has its error_messages available.
  34. Jan 2021
  35. Dec 2020
  36. Nov 2020
  37. Sep 2020
  38. Aug 2020
  39. Jul 2020
    1. Why did Rails team decide they need to implement their own "version" of Timecop?

      On the one hand, that's great to reduce dependencies, but on the other hand, small dependencies are great (and rails already has lots of them), it just bloats ActiveSupport more, and creates a needless "duplication" of an already popular de facto standard for this problem -- one which (unlike Timecop) can't be easily used outside of the Rails/ActiveSupport ecosystem. It doesn't seem different enough to warrant creating it...

      Timecop: Works with Rails and non-Rails

      ActiveSupport::Testing::TimeHelpers: for use outside rails, requires dependency on bigger gem, AS.

    1. Actually, thats the one thing I’ve always thought Middleman got better than Rails: instead of eg, calling ‘render :admin’ in the general layout, you would ‘wrap_layout :application’ inside the specific (admin) one. It’s much more ergonomic this way.
  40. Jun 2020
  41. May 2020
  42. Apr 2020
    1. As mentioned in StateMachines::Machine#state, you can define behaviors, like validations, that only execute for certain states. One important caveat here is that, due to a constraint in ActiveRecord's validation framework, custom validators will not work as expected when defined to run in multiple states.
    1. For Rails 5, note that protect_from_forgery is no longer prepended to the before_action chain, so if you have set authenticate_user before protect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use protect_from_forgery prepend: true.