strip_attributes, Rails 3, shoulda 2.11 hack

I have never understood why Rails doesn't strip attributes by default. I know at least one person who tried committing it to core, only to have it rejected. I always end up installing the strip_attributes plugin. I'm ramping-up a new Rails 3 project, with Shoulda 2.11. I installed strip_attributes. It works, but the strip_attributes Shoulda macros don't … Continue reading strip_attributes, Rails 3, shoulda 2.11 hack

SSL in Ruby on Rails

Update The world has shifted since I wrote this solution and blog post. The popularization of Firesheep and concerted efforts in understanding and optimizing SSL performance has led to the wise trend of enforcing HTTPS everywhere. There are much better (and simpler) ways to secure Rails applications. The one aspect of my solution that I still recommend incorporating … Continue reading SSL in Ruby on Rails

Rails path and url helpers

Sometimes I forget the simple differences between Rail's helpers. This mini post is so I don't forget. *_path Generates relative URLs: /users Used in views by link_to, form_for, etc. (per DHH) The browser maps relative URLs to absolute URLs based on the current page's protocol and host (/users on the page translates to … Continue reading Rails path and url helpers