We already have a commit CSRF method exposed via the request object
since it's used by the implementation when committing the session, so
having a similar reset CSRF method exposed makes sense, and hides some
of the internal complexity of calling that method via the controller
instance.
It will also facilitate reaching out to the reset CSRF logic from other
libraries like Devise, to more easily integrate with this change.
This will ensure the guide is aligned with the doc on some things that I believe it's useful. Some folks do go for the guides more of than the api for a quick reference.
Order alphabetically
Co-authored-by: Jonathan Hefner <jonathan@hefner.pro>
Add change colum and table comment links for reference in guide
Update working so we know this list may keep changing
`Shellwords.escape` escapes unquoted spaces with a backslash, but
Windows does not treat backslash as an escape character. Escaping is
also a problem when paths are expressed in shortened 8.3 format (e.g.
`C:\Users\RubyOn~1\AppData\Local\Temp\...`) because a backslash will be
erroneously added before the `~`.
We can avoid the need to escape by using `system(command_name, *args)`
instead of `system(command_line)`, but we must still support
`ENV["EDITOR"]` values that embed command line arguments, such as
`subl -w`.
This commit changes to `system(command_name, *args)`, but uses
`Shellwords.split` to extract any embedded arguments from
`ENV["EDITOR"]`. This requires that Windows users put quotes around the
entire path of their editor if it contains spaces, such as:
```
SET EDITOR="C:\Program Files\Microsoft VS Code\Code.exe" -w
```
In other words, the following are **not** supported on Windows:
```
SET "EDITOR=C:\Program Files\Microsoft VS Code\Code.exe"
SET EDITOR=C:\Program Files\Microsoft VS Code\Code.exe
SET EDITOR=C:\"Program Files"\"Microsoft VS Code"\Code.exe -w
SET EDITOR=C:\Program^ Files\Microsoft^ VS^ Code\Code.exe -w
SET EDITOR=C:\Program` Files\Microsoft` VS` Code\Code.exe -w
```
Fixes#41617 (again).
Closes#44890.
If reloading is enabled, we need the interlock to synchronize reloads.
If reloading is disabled and so is eager loading, in the past you still needed
to synchronize autoloads because `classic` was not thread-safe. With Zeitwerk,
this is no longer needed.
Every time I write `config.cache_classes` I have to pause for a moment to make
sure I get it right. It makes you think.
On the other hand, if you read `config.enable_reloading = true`, does the
application reload? You do not need to spend 1 cycle of brain CPU to nod.
Followup: https://github.com/rails/rails/pull/41372
Something we knew we'd need when we implemented `Relation#load_async`
but that we chose to delay to have time to think about it.
Right now, Active Record async support is limited to "collection results",
but among the not so fast queries that would benefit from asynchronicity
you often find aggregates (e.g. `count`, `sum`, etc) as well as hand crafted
`find_by_sql` queries.
`load_async` was easy to add as an API, because `Relation` acts as a collection
so it was trivial to simply block whenever it was iterated while retaining total
API compatibility.
For aggregates and `find_by_sql`, we have no other choice but to return something
different in async mode, with its own API.
This proof of concept showcase what this API looks like for `Relation#count`:
```ruby
Post.where(published: true).count # => 2
promise = Post.where(published: true).count(async: true) # => #<ActiveRecord::Promise status=pending>
promise.value # => 2
```
This API should be applicable to all aggregate methods, as well as all methods
returning a single record, or anything other than a `Relation`.
Because the indented code block follows an indented list item, RDoc
interprets the examples as a continuation of the list item prose,
instead of code. To distinguish the two, this commit moves the examples
to their own subsection with an intervening subheading.
Additionally, this commit applies a few other formatting tweaks.
Because the indented code block follows an indented list item, RDoc
interprets the examples as a continuation of the list item prose,
instead of code. To distinguish the two, this commit moves the examples
to their own subsection with an intervening subheading.
Additionally, this commit applies a few other formatting tweaks.
Follow up to https://github.com/rails/rails/pull/43112 and https://github.com/rails/rails/pull/44100
- `data-remote` is deprecated on links and buttons. Turbo doesn't need it since that is the default behaviour. You use `data-turbo=false` on elements that opt out of that, but I don't think that's in scope for Rails.
- `data-method` is deprecated on links. Turbo expects [data-turbo-method](https://turbo.hotwired.dev/handbook/drive#performing-visits-with-a-different-method).
Update actionview/lib/action_view/helpers/url_helper.rb
Co-authored-by: Hartley McGuire <skipkayhil@gmail.com>
Update actionview/lib/action_view/helpers/url_helper.rb
Co-authored-by: Hartley McGuire <skipkayhil@gmail.com>
The Middleware `ActionDispatch::HostAuthorization` configuration documentation references `config.host_configuration`. Correct this to `config.host_authorization` to match the source code documentation in `action_dispatch/middleware/host_authorization.rb`.
`secrets.secret_key_base` can be one of the many different places where `secret_key_base` is set and therefore it might not work with your application.
Updating the docs to use `Rails.application.secret_key_base` fixes the issue.
Rails `secret_key_base` - [docs](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base)
Carlos Antonio da Silva