惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
The Last Watchdog
The Last Watchdog
TaoSecurity Blog
TaoSecurity Blog
Schneier on Security
Schneier on Security
SecWiki News
SecWiki News
V
Vulnerabilities – Threatpost
Project Zero
Project Zero
O
OpenAI News
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
H
Hacker News: Front Page
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
Help Net Security
Help Net Security
P
Privacy & Cybersecurity Law Blog
K
Kaspersky official blog
S
Security @ Cisco Blogs
Latest news
Latest news
AWS News Blog
AWS News Blog
U
Unit 42
Martin Fowler
Martin Fowler
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
博客园 - 司徒正美
B
Blog RSS Feed
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
Docker
Google Online Security Blog
Google Online Security Blog
Jina AI
Jina AI
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Last Week in AI
Last Week in AI
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
SegmentFault 最新的问题
NISL@THU
NISL@THU
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
小众软件
小众软件

Ruby on Rails: Compress the complexity of modern web apps

Safer to_i coercion, custom to_fs formats, and more! This Week in Rails: May 16, 2026 This Week in Rails: May 8, 2026 This Week in Rails: May 1, 2026 Active Record gets better every week Great big Rails World 2026 update: CFP, Corporate Support tickets, workshops Query command for database queries and more Explicit query: and body: kwargs for integration tests and more! Speedup ActiveRecord::LogSubscriber#sql_color and more! This Week in Rails: March 27, 2026 Rails Versions 8.0.5 and 8.1.3 have been released! Rails Versions 7.2.3.1, 8.0.4.1, and 8.1.2.1 have been released! This Week in Rails: March 20, 2026 Validate URI scheme in Action Text and more This Week in Rails: March 6, 2026 Planning Center is the newest Rails Foundation Contributing member Action Text gets Markdown conversion, editor links in devcontainers, and more! BARRA seeks Rails developer Joe Agliozzo is looking for a Rails developer The rise of lighttpd as the alternative web server When longer is better and more is more Snowdevil: First e-tailer on Rails Natural selection for frameworks in Ruby vs Java Address book tutorial in Portuguese Becoming a better programmer with Rails 10 Things Every Java Programmer Should Know About Ruby Really Getting Started in Rails Off the Treadmill, Onto the Rails Rails 0.9.5: A world of fixes and tweaks Rich clients with Rails and XUL Pedrosa on Rails vs WebWork: 'Language DOES matter' 'Ruby on Rails is unbelievably good' Celebrating six months anniversary! Speeding up CGI access to Gem Rails CD Baby leaves PHP behind for Ruby on Rails "I think Ruby on Rails is way over hyped" Programmer needed for JSP to Rails conversion Beyond the 10,000th gem install of Rails 'That application is so stupid' Matz takes note of Ta-da and Rails Rails tutorial on O'Reilly's ONLamp Welcome Slashdotters! Ta-da goes international with UTF-8 Make your Ta-da list today Rails 0.9.4.1: Cleaning up the mess Rails 0.9.4: Caching, filters, SQLite3... An unusual high presence of Macs Having problems running tests under 1.8.2? It\'s all about the applications But what does Rails go web services with XML-RPC prototype Rails runs through XP Cincinnati RedHanded out-evangelizes the evangelizer Rails on Lighttpd with FastCGI Have a codefest and collect cash from RubyCentral Jamis Buck is working on Basecamp S5 Presents competes with SoapBX 3,000 people are doing 10,804 things... Using the Rails to impress potential employers Brian discovers the default logging goodness SoapBX: Presentations powered by S5, Textile, Rails Road Map: The rails leading to 1.0 Tracks: A Getting Things Done implementation Nicholas presents the Directors Rails 0.9.3: Optimistic locking, dynamic finders, 1.8.2 Ruby on the German Rails 43things in 5,204 lines of Ruby on Rails Watch for huge requests on default FCGI How the redesign of the website came to be Are you watching the health of your software? "Some amazing web apps appear on Ruby on Rails" Learning Ruby on Rails with 43things The Robot Co-op takes 43things.com live! Giving up on Java for lack of love Setting up EliteJournal on TextDrive without a vhost Celebrating 219 applied patches since 0.7 Escaping Java but not its thinking "Simple design that even my grandma can understand" Rails logo remixed by Olivier Hericord Rake 0.4.14 includes fix for Ruby 1.8.2 Splitting off the research patches Running rake tests with Ruby 1.8.2 Marten opens Epilog for Trac'ing Drew McLellan predicts Rails celebrates more than 10,000 downloads Variations on a railed theme Securing your Rails: Keep it secret, keep it safe Available for hire? Collaboa and EliteJournal joins the Trac Playing Active Records on MS SQLServer and DB2 Open sourcing the Rails logo Rails: Technology of the Year #1 Reacting to customer requests in real time Extracting missing content from wiki backups Ruby on Rails has its web presence overhauled 43 things makes The Seattle Times 5.gets David Heinemeier Hansson Ruby 1.8.2 finally sees the light of day Rails 0.9: Fast development, breakpoints, validations Rails 0.9.1: Small, but important bugfix for Action Pack
Rails Luminary, modern approach to CSRF and more
David Heinemeier Hansson · 2025-12-19 · via Ruby on Rails: Compress the complexity of modern web apps

Friday, December 19, 2025
Posted by Wojtek

Hi, Wojtek here. The Rails Community is not slowing down giving us another week of great news and features.

Ruby turns 30. Happy anniversary to the language that made Rails possible!

Marco Roth as 2025 Rails Luminary
If you attended any Ruby/Rails conference this year, there are high chances you met Marco in person sharing his passion and if you didn’t try his excellent herb gem yet, then install it and run in your Rails app: herb analyze app/views - for sure it will find a bunch of small HTML mistakes for you.

Congratulations Marco, well deserved!

Use a modern approach for cross-site request forgery protection
Modern browsers send the Sec-Fetch-Site header to indicate the relationship between request initiator and target origins. Rails now uses this header to verify same-origin requests without requiring authenticity tokens. Two verification strategies are available via protect_from_forgery using:

  • :header_only - Uses Sec-Fetch-Site header only. Rejects requests without a valid header. Default for new Rails 8.2 applications.
  • :header_or_legacy_token - Uses Sec-Fetch-Site header when present, falls back to authenticity token verification for older browsers.

Configure trusted origins for legitimate cross-site requests (OAuth callbacks, third-party embeds) with trusted_origins:

protect_from_forgery trusted_origins: %w[ https://accounts.google.com ]

Deprecate verify_authenticity_token
verify_authenticity_token was renamed to verify_request_for_forgery_protection, to more accurately reflect its purpose, now that an authenticity token is not necessarily verified.

Active Support notifications for CSRF warnings
Switches from direct logging to event-driven logging, allowing others to subscribe to and act on CSRF events.

New notification events:

  • csrf_token_fallback.action_controller
  • csrf_request_blocked.action_controller
  • csrf_javascript_blocked.action_controller

Add Rails.app alias for Rails.application
Particularly helpful when accessing nested accessors inside application code, like when using Rails.app.credentials.

Implement exclude keys for Action Controller Live execution sharing
Add config.action_controller.live.streaming_excluded_keys to control execution state sharing in ActionController::Live.

When using ActionController::Live, actions are executed in a separate thread that shares state from the parent thread. This new configuration allows applications to opt-out specific state keys that should not be shared. This is useful when streaming inside a connected_to block, where you may want the streaming thread to use its own database connection context.

# config/application.rb
config.action_controller.live.streaming_excluded_keys = [:active_record_connected_to_stack]

By default, all keys are shared.

Add controller action source location to routes inspector
The routes inspector now shows where controller actions are defined. In rails routes –expanded, a new “Action Location” field displays the file and line number of each action method.

On the routing error page, when RAILS_EDITOR or EDITOR is set, a clickable ✏️ icon appears next to each Controller#Action that opens the action directly in the editor.

Yield key to Parameters fetch method
The Hash#fetch method yields the key to the block, so this commit changes the ActionController::Parameters#fetch behavior to do the same.

Upgrade minitest to version 6
This bumps the dependency on minitest to 6.0+ and adds a minitest-mock dependency. Support for minitest 6 was added in this pull request.

Include Ruby prerelease string in generated .ruby-version file
When using Ruby prerelease like 4.0.0-preview2, rails new generated a .ruby-version file that only contained 4.0.0 without the -preview2 suffix. This made Ruby version managers like asdf or mise error out as there was no stable release yet.

Do not clean directories directly under the application root with backtrace cleaner
Improved Rails.backtrace_cleaner so that most paths located directly under the application’s root directory are no longer silenced.

Fix unique index generator for token migrations
Previously it was possible to generate it twice.

Fix the file input tag to include the accept option as an array
It now properly joins array values with “,” delimiter.

file_field("import", "file", { accept: ["image/*", "video/*"] })

Fix delegate and delegate_missing_to work in Basic Object subclasses
Previously it would raise a SystemStackError when attempting to raise a DelegationError from a BasicObject subclass, due to infinite recursion in method_missing.

Fix request load leak when building middleware stack
Fixes action_dispatch_request early load hook call when building Rails app middleware.

You can view the whole list of changes here.
We had 28 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.