Let’s look at the security implications of a Rails session :cookie_store
with domain: :all
. It is a convenient way to allow users to be authenticated across subdomains, however, any subdomains as CNAMEs which map third-party services will also receive those session cookies.
Hey, I'm Stephen
I'm a remote freelance Ruby developer, advising & helping bootstrap startups while tinkering on some projects of my own.

Blog articles
Latest posts
The z-index:
of CSS can be very confusing… You set it and nothing happens or whatever value you choose the element wont appear on top.
“Why is it not working?” I hear you scream…
Don’t despair! This blog post is a short dive into how it works.
Some JavaScript engines represent all data types internally using just floating point values! But why? And how does it work? Let’s look at ‘NaN boxing’!
Rails has made it possible to enable browser built-in lazy-loading of images across your whole app.
Find out about the feature, how to enable it & what to consider before doing so.
Ruby Gems & Open Source
Libraries, tools, and more
Vident helps you create flexible & maintainable component libraries for your application. Vident makes using Stimulus with your ViewComponent or Phlex components easier.
EncodedId is a Ruby gem that provides a simple way to encode and decode ids for use in URLs and includes a suite of useful features. It can be used in any Ruby application but also has a counterpart gem for Rails.

YamlCspConfig is a Ruby gem that makes it easier to manage and maintain Content Security Policies (CSPs) by allowing developers to define their CSP configuration in a YAML file and create environment-specific configurations.