computer_smile

Joined

880 Experience
8 Lessons Completed
0 Questions Solved

Activity

Posted in Deploy Ubuntu 20.04 Focal Fossa Discussion

Great tutorial. Took some time to figure out deploy keys in github but here are the steps that worked for me. cap production deploy kept failing because a permission denied error from github. Here's what I did

Mostly posting for future me 😁

  1. go through the ssh key gen process for the deploy user (https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key)

  2. Add your key to the ssh agent on deploy https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent

  3. Add public key as a deploy key to the repository in github (https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys)

  4. Confirm this is working by ssh git@github.com from your deploy user.

  5. Try running cap production deploy from local machine

Some things to note:

  • This was on an ubuntu machine running nginx.
  • make sure the /home/deploy/.ssh directory is owned by the deploy user and not root. (this drove me nuts until I realized)
  • My deploy.rb has a repo_url like this set :repo_url, "git@github.com:YOUR_USER_NAME/REPOSITORY_NAME.git"

I can clean this up and get more detailed with commands if you're running into issues. Hope this helps!

Posted in Nested Comment Threads in Rails - Part 3 Discussion

Rails 5.2.1 comes with Content Security Policy DSL by default. Here we can specificy what is allowed to run. If we have something like

Rails.application.config.content_security_policy do |policy|
  policy.default_src :self, :https
  policy.connect_src :self
  #...
  policy.script_src  :self
end

# If you are using UJS then enable automatic nonce generation
Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }

in our CSP file I think this would disallow everything in create.js.erb ? We could add unsafe_eval to the policy but I believe this negates the whole purpose.

What can we add to allow the create.js.erb to be allowed by the Content Security Policy? I tried adding the <%= csp_meta_tag %> as recommeded here https://edgeguides.rubyonrails.org/security.html#content-security-policy and mentioned here https://github.com/rails/rails/pull/32018. Am I understanding the architecture correctly?

Posted in create.js.erb with Content Security Policy

Hello, I'm researching best practices on implementing a Content Security Policy for my 5.2 rails app. I have a few remote: true forms that respond with *.js.erb. It's my understanding that these will be treated as inline scripts and disallowed unless I have a unsafe-inline tag in my policy ( which I want to avoid).

Wondering if anyone has experience converting remote: true forms that respond with a .js.erb file to something that is following best practices for a Content Security Policy. Or, if you can point me to some links where I can further my research.

Thanks!

Posted in Stimulus JS Twitter UI: Part 2 Discussion

Is there any reason we can't put the data action as a button click on the submit button instead of the ajax:beforeSend on the actual form? I can't seem to get the latter to correctly register. 
logo Created with Sketch.

Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

© 2022 GoRails, LLC. All rights reserved.