Rails 4 Notes: Difference between revisions

Transition to Production

Secret Key

Not needed for development, but needed for production.

• run rake secret to create a giant random number
• add this line to /etc/default/nginx:

export SECRET_KEY_BASE=bcd25705f5c39e...

• run "chmod 600 /etc/default/nginx" to keep the secret secret.

Compile Passenger Native Support

passenger-config build-native-support

Compile Assets

You will need to manually compile your assets before going into production:

rake assets:precompile

Lessons that I've learned before

• <%= form_for ... %> instead of <% form_for ... %>
• Chrome won't let you POST a form to local test instance, only GET. Firefox is OK.

New lessons

Routes

Routes need to be explicit (like a white list) to enhance security.

get 'tasks' => 'task#index'
get 'chart/:server/:type' => 'stat#chart'
get 'tasks/download_request' => 'task#download_request'
post 'tasks/download_request' => 'task#download_request'

Can also use resources.

Strong parameters

Makes Action Controller parameters forbidden to be used in Active Model mass assignment until they have been whitelisted. http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html

jQuery

rails generate jquery:install

asset pipeline

add this to get javascript:

<%= javascript_include_tag "application" %>

add this to get css:

<%= stylesheet_link_tag "application" %>

view helpers

View helper functions that return raw html need to add an html_safe to their output. For example:

def blank
    return " "
end

becomes

def blank
    return " ".html_safe
end