Let’s look at the security implications of a Rails session :cookie_store with domain: :all. It is a convenient way to allow users to be authenticated across subdomains, however, any subdomains as CNAMEs which map third-party services will also receive those session cookies.
Hey, I'm Stephen
I'm a remote freelance Ruby developer, advising & helping bootstrap startups while tinkering on some projects of my own.
Blog articles
Latest posts
The z-index: of CSS can be very confusing… You set it and nothing happens or whatever value you choose the element wont appear on top.
“Why is it not working?” I hear you scream…
Don’t despair! This blog post is a short dive into how it works.
Some JavaScript engines represent all data types internally using just floating point values! But why? And how does it work? Let’s look at ‘NaN boxing’!
Rails has made it possible to enable browser built-in lazy-loading of images across your whole app.
Find out about the feature, how to enable it & what to consider before doing so.
Ruby Gems & Open Source
Libraries, tools, and more
vident: Create maintainable Stimulus-powered View Component libraries
Vident helps you create flexible & maintainable component libraries for your application. Vident makes using Stimulus with your ViewComponent or Phlex components easier.
encoded_id: A Ruby gem to encode and decode ids for use in URLs
EncodedId is a Ruby gem that provides a simple way to encode and decode ids for use in URLs and includes a suite of useful features. It can be used in any Ruby application but also has a counterpart gem for Rails.
yaml_csp_config: A Ruby gem that makes it easier to manage and maintain Content Security Policies (CSPs).
YamlCspConfig is a Ruby gem that makes it easier to manage and maintain Content Security Policies (CSPs) by allowing developers to define their CSP configuration in a YAML file and create environment-specific configurations.