Hi, this is Petrik with more Rails updates.

Use the error_highlight gem to locate the columns where an error was raised Ruby 3.1 added the error_highlight  gem to display the fine-grained location of where an error occurred. Rails will now use error_highlight on error pages to show the column range of where an error occurred.

Extend bin/rails routes –grep to also filter routes by matching against a path When looking at a path like /users/orhantoy/settings it’s not always obvious which controller action corresponds to this route. bin/rails routes –grep will now also match on a path.

$ bin/rails routes --grep /cats/1
Prefix Verb URI Pattern Controller#Action
   cat GET /cats/:id(.:format) cats#show
       PATCH /cats/:id(.:format) cats#update
       PUT /cats/:id(.:format) cats#update
       DELETE /cats/:id(.:format) cats#destroy

Do not return CSP headers for 304 Not Modified responses

After the fix for CVE-2022-22577, Rails sends CSP headers for every response, even if the response contains no HTML. However, when we return a 304 Not Modified without any HTML, browsers will update the CSP header, but otherwise reuse the cached HTML. If that HTML contains a script tag with a nonce, this nonce may no longer match a new nonce from the CSP header. This has been fixed by not returning the CSP headers for 304s.

Normalize virtual attributes on ActiveRecord::Persistence#becomes

When source and target classes have different attributes, becomes will now adapt attributes such that the extra attributes from the target class are added.

We had 24 contributors since last week. 

That’s it for this week!