- Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. CSP 1.1 Specification
- HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS Specification
- X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. X-Frame-Options draft
- X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
- X-Content-Type-Options - Prevent content type sniffing
- X-Download-Options - Prevent file downloads opening
- X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to data
The guide will assume that we are dealing with a pre-existing application that has two models: Album and Artist. An album belongs to an artist and an artist has many albums.
This guide is for Rails 4.0.0+ only.
These gems can always be replaced with alternatives, but they will be good for demonstration. Add the following gems to your Gemfile:
reference: ruby-journal.com
Install useragent gem by appending to Gemfile:
gem 'useragent'
# With this declaration, Rails will keep the cache value up to date, and then return that value in response to the size method. | |
# without contuer_cache option | |
# asking for the value of @customer.orders.size requires making a call to the database to perform a COUNT(*) query | |
# To avoid this call, you can add a counter cache to the belonging model: | |
belongs_to :customer, counter_cache: true | |
# throught association | |
class Physician < ActiveRecord::Base | |
has_many :appointments |
# Association Callbacks | |
Normal callbacks hook into the life cycle of Active Record objects, allowing you to work with those objects at various points. For example, you can use a :before_save callback to cause something to happen just before an object is saved. | |
Association callbacks are similar to normal callbacks, but they are triggered by events in the life cycle of a collection. There are four available association callbacks: | |
## avaliable callbacks | |
- before_add | |
- after_add |
You're not limited to the functionality that Rails automatically builds into association proxy objects. You can also extend these objects through anonymous modules, adding new finders, creators, or other methods. For example:
class Customer < ActiveRecord::Base
has_many :orders do
def find_by_order_prefix(order_number)
find_by(region_id: order_number[0..2])
end
end
reference: tomafro.net
Sometimes you want to read just a single column from a collection of records, without the overhead of instantiating each and every one. You could just execute raw SQL, but it’s a shame to do away with the nice type conversion ActiveRecord provides. It’d also be a pity to get rid of find scoping, amongst other goodness.
module Tomafro::ColumnReader
def column_reader(column_name, options = {})
name = options.delete(:as) || column_name.to_s.pluralize
column = columns_hash[column_name.to_s]
reference: blog.thirst.co
In a nutshell, STI allows you to create subclasses of a particular database table. Using a single table, you can cast rows to specific objects that extend the base model.
Lets say we have a model Computer
reference:
Part1: astockwell.com
Part2: astockwell.com