Sunday, March 27, 2022

Security improvements, reducing bytes and more!

Posted by p8

Hi, this is Petrik, bringing you the latest news from the Rails world.

Reduce the output of Rails::Railtie#inspect to the classname
Anytime inspect was called on Rails::Application, it would output the very large application object. By reducing it to the classname, we also prevent leaking credentials.

Remove body content from redirect responses

Modern browsers don’t render the body content for redirects. The delivered bytes are therefore a small waste.

Return the blob/blobs when #attach is able to save the record

Saving attachments to a record with the attach method returns the blob or array of blobs that were attached to the record.

Support password challenge via has_secure_password

This allows a password challenge to be implemented with the same ease as a password confirmation, re-using the same error handling logic in the view, as well as the controller.

Generate Content Security Policy headers for non-HTML responses

The content security policy DSL would not generate headers for non-HTML responses, even if a configuration is explicitly provided. However, for example, Mozilla Observatory recommends adding it for API responses as well.

Extend audio_tag and video_tag to accept Active Storage attachments

Now it’s possible to write video_tag(user.video_file) instead of video_tag(polymorphic_path(user.video_file)).

Add active_record.destroy_association_async_batch_size configuration

This allows applications to specify the maximum number of records that will be destroyed in a single background job by the dependent: :destroy_async association option. If the number of dependent records is greater than this configuration, the records will be destroyed in multiple background jobs.

Auto-create user and grant privileges when creating mysql databases
Creating the database user and granting privileges every time you need to set up Rails locally on a new computer can be tedious. This change adds it to the MySQL build rake task, using the root user with no password.

Since last time, 36 people contributed to Rails. As usual, there’s too much changes to cover them but you can check out all of these here. Until next time!