Are you eager to elevate your security skills and safeguard your applications
against cyber threats? I created a Rails Security course is designed
specifically for developers like you who aim to build robust, secure Rails
applications!
Buy my course: Security for Rails Developers.
Rails 4.1 is coming out soon and I'd like to summarize which new features I like the most.
Buy my course: Security for Rails Developers.
Spring Application Preloader
Spring preloads your application which makes your test runs a lot faster. Rails 4.1 generates the binstubs with spring so when you call `rails` or `rake` spring will handle the call. If you want to run a command without spring you can do so by using `bundle rails` or `bundle rake`. Another change I'd like to mention here is two new rake task to run the tests:rake test:all
rake test:all:db
config/secrets.yml
You may have used [figaro](https://github.com/laserlemon/figaro) before to keep the sensitive data out of your repo but from now on Rails provides a built-in solution to this problem. Rails 4.1 generates a secret.yml in the config folder and you can store api keys, etc in it. The syntax as follows:development:
secret_key_base: 3b7cd727ee24e8444053437c36cc66c3
some_api_key: SOMEKEY
Action Pack Variants
Mobiles and Tablets are widely used these days and from Rails 4.1 we can easily separate the templates for the different clients. You need to set the variant in your controller:case request.user_agent
when /iPad/
request.variant = :tablet
when /iPhone|Android/ # far from complete. just for the sake of example
request.variant = :phone
end
respond_to do |format|
format.html do |html|
html.tablet # renders app/views/projects/show.html+tablet.erb
html.phone { extra_setup_if_needs; render ... }
end
end
Active Record enums
With this extension to ActiceRecord you can declare an enum field in your model and Rails will handle the mapping of integer values in the database column to human friendly values in your code.class Conversation < ActiveRecord::Base
enum status: [ :active, :archived ]
end
conversation.active? # to see if the record is active
conversation.active! # to set the record active
CSRF protection from remote `script` tags
I use RJS to update parts of the applications via ajax and as homakov pointed out in the past this was vulnerable to CSRF. To fix the security issue Rails will use CSRF protection if the request is not xhr.Added Numeric#in_milliseconds
In the past I always wrote `x * 1000` to convert timestamps I used on the client-side but now this is handled by this syntax sugar.
These are the changes I like the most but you can find an exhaustive list of changes in the changelog, thanks to Yves and Godfrey.Or follow me on Twitter
I run an indie startup providing vulnerability scanning for your Ruby on Rails app.
It is free to use at the moment, and I am grateful for any feedback about it.If you would like to give it a spin, you can do it here: Vulnerability Scanning for your Ruby on Rails app!