Saturday, December 16, 2017

This Week in Rails: New security headers and many improvements

Posted by gregmolnar

Hello everyone! This is Kir and Greg bringing you the latest news from the Rails world.

This Week’s Contributors

57 people contributed to Rails the past 2 weeks! If you’d like to join them, why not check out the list of open issues?

New security headers added

X-Download-Options and X-Permitted-Cross-Domain-Policies are now in the default header list.

Fix an edge case in rails db:create

Previously, when the schema cache was present and the database was not created yet, rails db:create would get a connection failure.

StreamingTemplateRenderer failed to forward I18n.locale

This commit fixes an issue when you use render stream: true and your current locale is not forwarded to the renderer.

Quote colum_names when building select

This PR makes sure the column names are quoted to avoid SQL syntax errors when there is a from clause used, and there are ignored columns set.

Cleanup variants in Active Storage

Active Storage will now destroy variants together with main blob when it’s deleted.

Custom server in system tests

With this PR, Rails won’t override your custom capybara server configuration, so for example you can use Unicorn instead of Puma .

Provide instant feedback when booting

From now on when you call rails s or rails console there is an instant feedback in the console to show Rails is booting.

Optimizing information_schema query for foreign_keys

By using CONSTRAINT_SCHEMA key for information_schema.referential_constraints there are performance improvements for Active Record.

Initial support for running Rails on FIPS-certified systems

This PR enables to set the hash function used by Rails from MD5 to FIPS supported ones by changing the active_support.use_fips_approved_hash_function configuration.

Log the original call site for an Active Record query

This change allows you to enable the logging of what line of application code is triggering SQL queries.

That’s it for this week, as always, we couldn’t cover all of the changes, but feel free to check the commits. If you’d like to join them, check out the list of open issues. Until next week!