Sunday, March 27, 2022
Security improvements, reducing bytes and more!
Posted by p8
Hi, this is Petrik, bringing you the latest news from the Rails world.
Reduce the output of Rails::Railtie#inspect to the classname
Anytime inspect was called on Rails::Application, it would output the very large application object. By reducing it to the classname, we also prevent leaking credentials.
Modern browsers don’t render the body content for redirects. The delivered bytes are therefore a small waste.
Saving attachments to a record with the attach method returns the blob or array of blobs that were attached to the record.
This allows a password challenge to be implemented with the same ease as a password confirmation, re-using the same error handling logic in the view, as well as the controller.
The content security policy DSL would not generate headers for non-HTML responses, even if a configuration is explicitly provided. However, for example, Mozilla Observatory recommends adding it for API responses as well.
Now it’s possible to write video_tag(user.video_file) instead of video_tag(polymorphic_path(user.video_file)).
This allows applications to specify the maximum number of records that will be destroyed in a single background job by the dependent: :destroy_async association option. If the number of dependent records is greater than this configuration, the records will be destroyed in multiple background jobs.
Auto-create user and grant privileges when creating mysql databases
Creating the database user and granting privileges every time you need to set up Rails locally on a new computer can be tedious. This change adds it to the MySQL build rake task, using the root user with no password.