10,570 Experience
95 Lessons Completed
1 Question Solved


Could you explain this a bit more @chirs ?

"and I recommend using cookie auth for in-browser API authentication"

Isn't the video explaining how to use JWT Tokens for auth in-browser?

If accessing an API from an embedded app (eg a react widget) you can't use cookies any more because browsers are blocking 3rd party cookies by default now. What do you recommend in those circumstances?

Is there a pull request into rails for this we can see?

Posted in Embedable js app that talks to Rails

Hello, I wonder if anybody has some thoughts on how to do this.

I need to rewrite an iFrame app that runs embeded in various websites so that it runs as a js app in a div rather than an iFrame. This is because of the many problems with cookies and ITP.

The JS app will talk to our rails app to get data from an api and/or html.

What frameworks / methodoigies do people recommend?

Posted in Is there any Spree series anywhere?

This would be great. Same for Solidus or a recommendation on which to use.

  • 1 on a demo app for this video Chris?

Posted in Subscriptions with Stripe Discussion

Is this episode still up to date with how stripe works? It doesn't seem the same as the docs:

Hi Chris. CORS isn't enough in this case. I'm hitting quite a few issues with ITP (https://webkit.org/blog/9521/intelligent-tracking-prevention-2-3/) on safari, and that is soon going to be an issue on the other browsers. That is workaroundable with Storage Access API, however when users open sites within a facebook/instagram/whatever type app, the site is opened in a WKWebView which doesn't like cookies at all and I don't think can be worked around. Hence the thoughts around using tokens. My current plan is to use shortlived tokens that are added to all the site links. Which sounds very not secure.

I want to implement a cookieless sessions part of my site. It runs in an iframe and cookies are causing a lot of problems. Would JWT auth be good for this? The main stumbling block i think is secruity. Is it safe to write the token into the links on each page so that the token is passed on each request? It seems like that wouldn't be secure as hackers could grab it and use it to login.

Posted in File uploads in Rails with Shrine Discussion

Can Shrine make files secure? Ideally, selecting which file attachments are secure and which are public should be possible. Currently hard to do with ActiveStorage as you have to select it for all the attachments. Which is quite Basecamp centric in it's thinking.

Posted in Introduction to Stimulus Reflex Discussion

I like it!

notes on the new site design:

the completed tick needs to be heavier font, i can't really see if it's green.
set alt text on the buttons, i don't know what they all do. what does the text one do? alt text could also confirm completed status.

Posted in How to test ActionMailer in Rails Discussion

Cool, thanks. I've been using mailcatcher, which is great for developing but you have to reload! in the console to get changes in the templates to show up. Previews looks much better.

@chris That wiki is talking about scoping based on a string attribute on the user model, right?

So we would have to set up the system to user the account model reference, which isn't set on the user model here, because it is a has_one relationship.

Big piece of the puzzle missing here.

Posted in Multitenancy with the Apartment gem Discussion

that looks great. will you be using that with jumpstarts multitennancy features?

Posted in Notifications for ActionText User Mentions Discussion

Great tutorial as always chris.

In your repo, you have some code for a video embed custom Are you making a tutororial about that?

It would be great to figure out how to add things like a link dialog that retrives links from the site models, an image dialog that fetches from a media model etc so that ActionText could be used as a basis for things like CMS / eCommerce content editing rather than it's current focus, which seems to be comments systems.

I made a start with this, adding h2, h3 and underline elements. I don't know if this is the right way to do it but:


Is there a way to add / delete buttons from the tool bar for action_text? For eg, I'd like to add more semantic header levels (h2-h4).

Posted in Sortable Drag and Drop Discussion

Hay Jaymarc,

yarn add jquery-ui

then in your javascript/packs/application.js


$(document).on("turbolinks:load", () => {
    update: function(e, ui) {
        url: $(this).data("url"),
        type: "PATCH",
        data: $(this).sortable('serialize'),

... and the rest is the same as the tutorial, minus all ui gem. hth

Posted in Sortable Drag and Drop Discussion

plus 1 for this.

Posted in How to write System Tests in Rails Discussion

In the gem file you have included capybara, how much is that used here and how much is just minitest?


Before posting I did some looking : )

System tests allow you to test user interactions with your application, running tests in either a real or a headless browser. System tests use Capybara under the hood.

..and the default install of a new rails app comes with capybara etc set up in gemfile and application_system_test.rb etc.

Is there a good, focused cheatsheet / resource with all the main methods available when using capybara with minitest in rails?

logo Created with Sketch.

Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

© 2021 GoRails, LLC. All rights reserved.