computer_smile

Joined

960 Experience
8 Lessons Completed
0 Questions Solved

Activity

Posted in API HTTP Requests using Faraday Discussion

Do we need to treat the api_key attribute of the Vultr client we create with any sensitivity? We have encrypts :token for ActiveRecord attributes but these are PORBs.

Posted in First open source contribution to turbo-rails

Ahh thanks! That explains it 🙏

Posted in First open source contribution to turbo-rails

Thanks Chris. I actually see that this was referenced in https://github.com/hotwired/turbo/pull/501. If I view the code in https://github.com/hotwired/turbo/blob/daabebb0575fffbae1b2582dc458967cd638e899/src/core/drive/progress_bar.ts#L109 it looks like the solution is applied.

However, when I view turbo-rails https://github.com/hotwired/turbo-rails/blob/3355f2fae0a2bd3653ccccc62d9395b677c4ee1f/app/assets/javascripts/turbo.js#L1246 it does not have the solution applied.

Is that just because https://github.com/hotwired/turbo-rails is waiting on a https://github.com/hotwired/turbo release? Still wrapping my head around the ecosystem and how it fits together. How would I use this latest code from https://github.com/hotwired/turbo in my project?

Posted in First open source contribution to turbo-rails

Hello-

I'd like to take a crack at fixing https://github.com/hotwired/turbo-rails/issues/341 for turbo-rails. I'm having a little trouble navigating my local setup to verify the change is working as expected. Here's what I've tried.

  1. Fork the main repo https://github.com/hotwired/turbo-rails
  2. Create a sample app called blog
  3. Reference gem "turbo-rails", path: "../turbo-rails" in the local app
  4. Make the change to turbo-rails/app/assets/javascript/turbo.js

This is where I'm stuck. The change isn't reflected when I load the sample blog app. I'm fairly certain this is due to my lack of understanding in how gems and javascript builds for turbo-rails.

What file or how can I make a change to the main turbo.js code and test it out locally? Thanks in advance for taking a look.

Posted in Deploy Ubuntu 20.04 Focal Fossa Discussion

Great tutorial. Took some time to figure out deploy keys in github but here are the steps that worked for me. cap production deploy kept failing because a permission denied error from github. Here's what I did

Mostly posting for future me 😁

  1. go through the ssh key gen process for the deploy user (https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key)

  2. Add your key to the ssh agent on deploy https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent

  3. Add public key as a deploy key to the repository in github (https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys)

  4. Confirm this is working by ssh git@github.com from your deploy user.

  5. Try running cap production deploy from local machine

Some things to note:

  • This was on an ubuntu machine running nginx.
  • make sure the /home/deploy/.ssh directory is owned by the deploy user and not root. (this drove me nuts until I realized)
  • My deploy.rb has a repo_url like this set :repo_url, "git@github.com:YOUR_USER_NAME/REPOSITORY_NAME.git"

I can clean this up and get more detailed with commands if you're running into issues. Hope this helps!

Posted in Nested Comment Threads in Rails - Part 3 Discussion

Rails 5.2.1 comes with Content Security Policy DSL by default. Here we can specificy what is allowed to run. If we have something like 

Rails.application.config.content_security_policy do |policy|
  policy.default_src :self, :https
  policy.connect_src :self
  #...
  policy.script_src  :self
end

# If you are using UJS then enable automatic nonce generation
Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }

in our CSP file I think this would disallow everything in create.js.erb ? We could add unsafe_eval to the policy but I believe this negates the whole purpose.

What can we add to allow the create.js.erb to be allowed by the Content Security Policy? I tried adding the <%= csp_meta_tag %> as recommeded here https://edgeguides.rubyonrails.org/security.html#content-security-policy and mentioned here https://github.com/rails/rails/pull/32018. Am I understanding the architecture correctly?

Posted in create.js.erb with Content Security Policy

Hello, I'm researching best practices on implementing a Content Security Policy for my 5.2 rails app. I have a few remote: true forms that respond with *.js.erb. It's my understanding that these will be treated as inline scripts and disallowed unless I have a unsafe-inline tag in my policy ( which I want to avoid).

Wondering if anyone has experience converting remote: true forms that respond with a .js.erb file to something that is following best practices for a Content Security Policy. Or, if you can point me to some links where I can further my research.

Thanks!

Posted in Stimulus JS Twitter UI: Part 2 Discussion

Is there any reason we can't put the data action as a button click on the submit button instead of the ajax:beforeSend on the actual form? I can't seem to get the latter to correctly register.