Friday, January 27, 2023

New AssumeSSL middleware, raise on missing translations everywhere, and more

Posted by morgoth85

Hi, it’s Wojtek. Let’s explore this week’s changes in the Rails codebase.

Rails 7.0.4.2 and 6.1.7.2 have been released
Released 7.0.4.2 and 6.1.7.2 versions addressing a compatibility issue with the 7.0.4.1 and 6.1.7.1 security releases from last week.

Allow use of SSL-terminating reserve proxy that doesn’t set headers
Add ActionDispatch::AssumeSSL middleware that can be turned on via config.assume_ssl. It makes the application believe that all requests are arriving over SSL. This is useful when proxying through a load balancer that terminates SSL, the forwarded request will appear as though it’s HTTP instead of HTTPS to the application. This makes redirects and cookie security target HTTP instead of HTTPS. This middleware makes the server assume that the proxy already terminated SSL, and that the request really is HTTPS.

Control log level with RAILS_LOG_LEVEL in production

Makes it easier to switch to debug mode when needed without changing the code.

Make raise_on_missing_translations raise on any missing translation

Previously it would only raise when called in a view or controller. Now it will raise anytime I18n.t is provided with an unrecognized key.

Active Record’s explain method now accepts options
For databases and adapters which support them (currently PostgreSQL and MySQL), options can be passed to explain to provide more a detailed query plan analysis.

Update Action Text’s Trix dependency
The bundled version of Trix was updated from version 1.3 to version 2.0.

You can view the whole list of changes here. We had 24 contributors to the Rails codebase this past week!
Until next time!

Subscribe to get these updates mailed to you.