Monday, September 27, 2021

Autumn is here, and so is Rails 7 Alpha 2! 🍂

Posted by zzak

Hey! Zzak here with a JAM-PACKED edition of This Week In Rails. 🍇

Server Timing Middleware for Development

This PR started nearly 2 and a half years ago, finally made its way into Rails!

A really neat feature, uses the Server-Timing header to emit durations for all ActiveSupport::Notifications. You can then view these metrics in your browser’s Network Inspector. 

If your model defines #to_s, you can now take advantage of this feature without having to supply a second argument to link_to.

Adds support for deferrable foreign key constraints in PostgreSQL

By default, foreign key constraints in PostgreSQL are checked after each statement. This works for most use cases, but becomes a major limitation when creating related records before the parent record is inserted into the database. Check out the PR for some examples and more detail.

GitHub Codespaces configuration

This PR adds support for GitHub Codespaces, which allows contributors to easily boot a fully functional environment to create patches and test changes to Rails.

Close Rails Guides menu dropdown by pressing Escape

A welcome UX patch that lets you close the menu dropdown by pressing the Escape key.

Improve margin styles for Rails Guides

We always appreciate when folks help improve our documentation, especially the visual aspect to make reading on multiple devices a pleasure.

Fix the diff highlight background for Rails Guides dark mode

Another great UX patch for Rails Guides that is always appreciated.

Suggest a CSP that’s compatible with Turbo + import map

In order for CSP to work with Turbo and an import map, we need nonces to be generated. This PR changes the generated CSP initializer to use per-session nonces instead of per-request nonces which would have negative impact on caching.

Add Bootstrap and Bulma to the CSS processors’ list

As support for more CSS processors are added to cssbundling-rails, we’ve updated the rails new --help text to include currently available options.

Don’t overwrite default opts in rich_text_area_tag

This PR enables passing in a custom direct_upload_url or blob_url_template to rich_text_area_tag. In the case you want to use your own controller to authenticate requests or perform server-side validations.

Avoid comment statements in pg:dump

This PR adds the –no-comment flag to pg_dump to ensure COMMENT statements are omitted from the output when using PostgreSQL >= 11.

Require latest release candidate for selenium-webdriver in Rails new

Since the “rexml” gem was removed from Ruby version >= 3 the selenium-webdriver gem has been waiting for a release that includes their updated dependency on the standard library gem.

Support clearing acronyms from inflector

Previously attempting to clear acronyms in the Inflector breaks would result in a TypeError.

Allow permitting numeric params

ActionController::Parameters now lets you specify multiple parameters index by a number. This may be necessary if the parameters belong to a numeric key.

Check basic auth credentials before authenticate

This PR fixes a bug when sending invalid basic authorization header data when using http_basic_authentication_with.

Render host_authorization debug view only for local requests

This PR fixes a bug where debugging information was visible in production by restricting access to local requests only.

Add missing migrate command to Getting Started Rails Guide

This might seem like a minor patch, but contributions from folks learning Ruby on Rails for the first time is a healthy sign. Changes like these help ease the difficulty of learning and welcomes new contributors to the community.

Active Storage: deprecate invalid default content types

Blobs created with content_type image/jpg, image/pjpeg, image/bmp, text/javascript will now produce a deprecation warning, since these are not valid content types.

Allow configuring PostgreSQL connection password through socket URL

This PR allows you to specify your password using a socket URL, such as “postgres:///?user=user&password=secret&dbname=app”.

Add autocomplete=”off” to all generated hidden fields

Due to a longstanding Firefox bug, this PR ensures hidden fields such as CSRF token and HTTP method fields are not modified without the user’s knowledge.

Add beginning_of_week option to weekday_options_for_select

Now you can specify the beginning of the week to this select field without depending on Date.beginning_of_week.

Action Mailer email_address_with_name now returns the email if name is blank

When sending an email using Action Mailer the object referencing the person you want to send it to may not have a name associated with it. For example, in the case this field is optional for your User record. In this case Action Mailer will now use the target email address.

Add missing DOM ids to rails/mailers/email.html template

This PR will help folks testing their Mailer Preview actions by using unique identifiers to select the mail data from the DOM instantly.

35 people contributed (over 120 commits!) to Rails since last time. All the changes can be checked here. Until next week!