Rails 8.2 adds support for combined credentials, a unified API that checks environment variables first, then falls back to encrypted credentials, with consistent behavior for nested keys, defaults, and error handling. It's also possible to use your own combined configuration.
Active Storage uses two main models: blobs and attachments. Blobs store the uploaded file's metadata and a link to the actual file, while attachments link those files to records. Understanding how they work together makes it easier to manage uploads, generate URLs, and process uploaded files.
Localhost is treated as a trustworthy origin even without TLS, so all apps on localhost run in a secure context. This allows secure features to work in development. You can also run multiple apps on localhost with subdomains + ports to separate them. When you do need local HTTPS, use Caddy server.
The new bearer_token method on the Request object is a nice addition to Rails. It removes boilerplate code and simplifies bearer token extraction. All Rails apps can now access bearer tokens the same way without having to write custom token extraction logic every time and worrying about edge cases.
In this post, we'll explore the internals of has_one_attached method in Active Storage. It covers two interesting patterns, i.e. proxy and change objects. We'll trace the control flow from the model DSL to persistence and uploads, and explain how files are created, detached, and purged.
A sitemap lists your site's pages, helping Google crawl it efficiently. It's especially useful for large sites or new sites with zero backlinks. This post shows how you can create one in your Rails site, how to add it to Google Search Console, and how to index new pages as soon as you publish them.
The Rails router's direct method lets you create custom url and path helpers, which is especially useful for polymorphic models and delegated types. This post shows how to use a single custom helper to generate URLs for different models, with a practical example from the open source Maybe project.
I started as a sceptic, but now I'm a convert and a heavy user of AI for everyday programming, and wanted to write down some common patterns and prompts for working with AI tools that I’ve found useful in my own development workflow as well as those I learned from other experienced developers.
This post shows how to inspect the sequence of before, after, and around callbacks in Rails controllers by adding a small initializer. Useful for understanding callback order in applications with complex controller hierarchies or shared concerns. I learned this trick while reading the Rails tests.
After three years of freelancing and over a year of running my own software studio, here're some scattered thoughts on freelancing as a software developer, especially around web development.
In this post, we’ll explore how redirects work in Rails: what they are, how to redirect manually, and how the redirect_to method simplifies things. We’ll cover common use cases, security considerations, and even dig into the Rails source to see how redirect_to works under the hood.
In this post, we'll learn how Rails' render method works and how to use it effectively. From rendering templates, partials, and inline content to JSON and custom status codes, this post explores the different ways to render views from your controllers.
Last week, I used AI to finally learn the basics of QuickBooks and handle my company’s bookkeeping. AI didn’t just help me finish a chore, it taught me a skill I’d been avoiding for years. When used with intent, the modern AI tools can accelerate your learning in surprising ways.
If your Rails app deals with large files, let a reverse proxy like Nginx or Thruster serve them. In this post, we'll learn how X-Accel-Redirect (or X-Sendfile) header hands off file delivery to Nginx. We'll also read Thruster’s source code to learn how this pattern is implemented at the proxy level.
In this post, we'll learn how to use a SQL subquery in a Rails app to eliminate N+1 queries and improve performance. We'll profile a real-world example, showing how to fetch a single record from associated has_many records efficiently without eager loading or excessive memory usage.
As your application grows, so do your database tables. If you keep fetching all columns, those extra fields, especially large text or JSON blobs can quietly eat up a lot of memory. This post shows how to reduce memory usage in your Rails apps by selecting only the columns you need from the database.
This post shows how you can get a better understanding of your Ruby on Rails application performance with the Rails Debugbar, a profiling tool inspired by Laravel Debugbar. It also covers how to spot N+1 queries, reduce object allocations, and optimize SQL queries to improve page load times.
In 2012, GitHub was compromised by Mass Assignment vulnerability. A GitHub user used mass assignment that gave him administrator privileges to none other than the Ruby on Rails project. In this post, I will explain this vulnerability and how you can use the Rails strong parameters API to address it.
In this post, we'll learn how to work with the response object in Rails controllers — from inspecting response bodies and headers to setting status codes and content types. This guide also covers key methods like body, status=, content_type, cookies, and more, with practical examples.
Every web application needs to process incoming HTTP requests. In this post, we’ll take a closer look at how Rails handles requests, how you can access the request object in the controller, and some of the most useful methods it provides to gather meaningful data from the request.
Rails parameters let you access data sent by the browser, both via the URL and forms. In this article, we'll cover the basics of parameters, including what they are, how they work, and why they're important. We'll also learn how you can pass parameters in different formats such as arrays and hashes.
This is the first post in a new series that explores the Rails controllers in detail. This post covers the basics, providing a brief overview of controllers, why we need a controller, and how to create one. We'll start exploring more advanced stuff about controllers starting from the next post.