You can put Rails.application.config.action_cable.allowed_request_origins = [‘http://localhost:3001’] in your development.rb See https://github.com/rails/rails/tree/master/actioncable#allowed-request-origins for more informations
Use .to_h You can call .to_h to get a safe hash, according to a comment on the Rails PR. There are now three methods for converting parameters to a hash. .to_h means “if I haven’t called .permit, assume nothing is allowed.” .to_unsafe_h means “if I haven’t called .permit, assume everything is allowed.” .to_hash is now … Read more
There’s no need to monkeypatch ActionController/ActionDispatch, and force_ssl has side effects (e.g. when behind an ELB). The most straightforward way to achieve secure cookies is to modify config/initializers/session_store.rb: MyApp::Application.config.session_store( :cookie_store, key: ‘_my_app_session’, secure: Rails.env.production? )
My list of changes after moving to Rails 5: Place lib dir into app because all code inside app is autoloaded in dev and eager loaded in prod and most importantly is autoreloaded in development so you don’t have to restart server each time you make changes. Remove any require statements pointing to your own … Read more
There is a known issue about it on Github. According to this comment you might want to override the structurally_incompatible_values_for_or to overcome the issue: def structurally_incompatible_values_for_or(other) Relation::SINGLE_VALUE_METHODS.reject { |m| send(“#{m}_value”) == other.send(“#{m}_value”) } + (Relation::MULTI_VALUE_METHODS – [:eager_load, :references, :extending]).reject { |m| send(“#{m}_values”) == other.send(“#{m}_values”) } + (Relation::CLAUSE_METHODS – [:having, :where]).reject { |m| send(“#{m}_clause”) == other.send(“#{m}_clause”) … Read more
take a look to this. Very weird since ActionController::Parameters is a subclass of Hash, you can convert it directly to a hash using the to_h method on the params hash. However to_h only will work with whitelisted params, so you can do something like: permitted = params.require(:line_item).permit(: line_item_attributes_attributes) attributes = permitted.to_h || {} attributes.values But … Read more
You should set the environment variable RAILS_MASTER_KEY, either on your heroku web dashboard, or using console: $ heroku config:set RAILS_MASTER_KEY=<your-master-key> Example: $ heroku config:set RAILS_MASTER_KEY=123456789 (The < and > are placeholders) Rails will detect this variable and use it as your master key (instead of looking for it in master.key file).
Keep default the secrets.yml file # config/secrets.yml production: secret_key_base: <%= ENV[“SECRET_KEY_BASE”] %> aws_secret: abcde some_password: abcdex development: secret_key_base: static_secret_key aws_secret: abcde test: secret_key_base: static_test_secret_key #not_indented: key for all env in once secret_key_base: global_key_for_all_env RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c If using Rails 5.2.0, add to production env below, check this LINK config.require_master_key = true #config/environments/production.rb
ActionController::API does not include the ActionController::MimeResponds module. If you want to use respond_to you need to include MimeResponds. class ApplicationController < ActionController::API include ActionController::MimeResponds end module Api class MyController < ApplicationController def method1 # … respond_to do |format| format.xml { render(xml: “fdsfds”) } format.json { render(json: “fdsfdsfd” ) } end end end end Source: ActionController::API … Read more
The following was copied from here. It’s for Rails 4, but I believe the steps are the same. Remove the gem ‘turbolinks’ line from Gemfile. Remove the //= require turbolinks from app/assets/javascripts/application.js. Remove the two “data-turbolinks-track” => true hash key/value pairs from app/views/layouts/application.html.erb. Edit: As of at least Rails 5 the last step should refer … Read more