-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
watch on iTunes
follow on Twitter
follow on Facebook
subscribe to RSS feed
My fault. Already added the gem to the gemfile months ago :)
The bundler hack does not work for me, I have to add the gems to the gemfile.
Great as always. Thanks.
For people who are using unicode characters, there is a gem called "hirb-unicode" which alignes the table contents correct.
Btw.: I don't have the bundler issues (rvm / hirb-unicode). Not that I want to complain ;)
touch ~/.irbrc
File does not exist, you have to create it ;)
Yeah, but what about Lion os, where I can found ~/.irbrc ???
Hey guys,
When I remotely load the new form and click on submit button; the javascript is simply ignored and the form is submitted to the controller. This leads to "Invalid token" error as no token was generated. But if I don't load the form via remotely, everything works fine. Any idea what am I doing wrong?
This is how I render the new form:
:)
I am using Apache.
I watched this screencast. Its explained in Nginx server.
In heroku want to do like below
cat WWW.EXAMPLE.COM.crt UTNAddTrustServer_CA.crt NetworkSolutions_CA.crt AddTrustExternalCARoot.crt >> combined.pem
then
heroku certs:add combined.pem ca.key
Here i didnt have .key file( i.e private key ).
I dont know, Is I want to generate private key or Network Solution want to give private.key?
Thanks
Such a great episode! Thanks!
Hi dear Ryan
thanks for the great episode,
Q: if i am using devise for authentication.. how can i set the secure cookie in a way that works with devise?
thanks again
Joe
Uh. I am embarrassed. School boy error. My problem was in how I had defined the provider in the omniauth.rb file.
I failed to spot an extra end statement in there.
Did you ever figure this out? I've got the same issue?
Yes, no example for Twitter is provided on the devise Wiki link and it takes a different approach than is provided in Ryan's earlier screencast with Devise and omniauth.
Hi jDeppen,
I moved
to /etc/nginx/nginx.conf (if your setup is similar to Ryan's)
# ... http { # ... rest of code removed .. server { listen 80 default deferred; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } }Good idea to backup nginx.conf before changing it. Run
I hope this helps.
*remember to remove the "listen 80" line in each nginx.conf file in each app.
me too xD
There are sometimes problems with some browsers and mixed-content warnings.
For instance, I just finished a site where the client wanted a Mailchimp signup form in the footer of their site. If the form was submitted as secure, it would not redirect to mailchimp correctly. I couldn't leave the form unencrypted because I would get a mixed-content warning from IE.
The Omniauth section of my routes.rb file looks like....
The strange thing is that there is no route listed for "auth/twitter" or "auth/facebook" - Ryan's notes say that Omniauth takes care of these. But in my case it seems that it's not taking care of the FB route.
Just got myself two certificates on GoDaddy for $12.99 each; just wherever you get yours, first search on sites like RetailMeNot.com for coupons and stuff. Those godaddy certs were a whopping $70 a year before the coupons.
Jasper, I might look at this the opposite way: hey, this site is doing something good!
Timothy -- not sure what you mean regarding caching. This SO thread suggests it's not an issue (http://stackoverflow.com/questions/174348/will-web-browsers-cache-content-over-https).
I am, however totally sure about your issue with satellite internet. It makes you pine for the days of 28.8 modems :-) To be sure, the additional negotiation costs of SSL would become more evident with a really slow connection.
For most users, however, I would bet that slowness is trivial compared to some of the sloppy sites, shared servers, and other bad programming and hosting practices that are so prevalent. Seems to me the Rails community should be leading the way in the good practice of good, strong security, even if there's a minor cost.
Awesome screencast, as always, and timely considering the recent LinkedIn and eHarmony hacks -- we should all use these instances as a reminder to get secure and locked down!
If you're using AWS (EC2) for hosting, there's a very interesting option using their elastic load balancer (ELB): install your certificate there and configure traffic on port 443 to be sent to an instance via port 80. This simplifies configuration in a lot of cases because you don't need to mess with Apache or Nginx or set up keys for each of your servers, and locally everything can run on simple HTTP.
There are a couple of cases where things can get tricky, but for our use-case, this method is working beautifully.
By the way, just because you have a load balancer doesn't mean you need to have more than one server, which is great for staging and other environments.
Well, there's caching considerations. With https, a user can't take advantage of any caching between the web server and client. There's also extra negotiation between the client and server to setup the connection. For those of us privileged enough to be on a satellite connection, it kills the speed. But even for those on a normal connection it can slow it down.
It depends on which web server you're using (Apache? Nginx?). You ask for "step by step" instructions, but did you watch the screencast at all? It does explain this stuff...
Anyway I think you should chain / bundle the certs in the following order in your case:
WWW.EXAMPLE.COM.crt
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt
AddTrustExternalCARoot.crt
Like
Then just follow the directions in the screencast.
+1 both Derby.js and Ember.js are heading towards a full-stack solution, but integrate well with other best of breed options such as jQuery, Rails, Racer, Node, etc.
Nice response!
+1 on a Rails + Ember.js example that includes basic authentication and authorization.
Except for performance changes, consider user experience. Say some users have no need to login to your site, they just want to see what's there. Putting these users on https might just scare them; why is the connection secure while the user isn't doing anything that should be secured? Depending on your audience, this might be scary.
Hi everyone
I buy ssl certificate from Network Solution. They gave four files
Can you guys please help me, how can i install or setup SSL to my rails app to run https://example.com by step-by-step. :)
Important: I am using heroku and i add the ssl endpoint add-on.
i am using ubuntu 11.04 OS.
Thanks
Thanks Ryan.
What are the benefits of keeping part of your site http, once you have gone through the trouble of setting up a ssl certificate? Is there really that significant of a performance hit in using https?
Great episode, as usual. This one and the previous are particularly useful as so many people just don't pay enough attention to these issues.
I usually prefer forcing https with nginx directly, though, rather than in the application; it's simpler, somewhat "lighter" and I don't need to have to worry about this being properly configured and tested in the app. It's more like set it and forget it.
E.g. I usually have two "server" blocks, one for http and the other with https enabled, and the http block only contains:
Besides, I don't think it's a good idea either to only force SSL for some sections of an application: cookies travel with all http requests, regardless of whether https is in use or not. In theory if there is even a single thing on a site that requires authentication, the whole app should run under https, not only some sections for this very reason. I blogged about this not long ago.
A couple tips:
there's a gem called powder that makes it easier/nicer to work with Pow.
I can't remember whether it was this episode or the previous one that suggested to hardcode 'https' in links and refs to images when needed. Something like:
image_tag "https://...."You can also just omit the protocol altogether - this will make sure that all the resources loaded / linked on the page "follow" the protocol used by the page itself, i.e.:
image_tag "//...."This way all images etc will use http or https depending on the protocol used by the page itself.
Why not use something like Powder to manage your Pow projects?
Did you remember to put :provider in your route for the auth?
Twitter just worked and is brilliant.
This spurred me on to attempt FB.
I've been trying to FB working for 2 days now but no joy. All I get is No route matches [GET] "/auth/facebook".
Has anyone else had issues attempting to authenticate via FB?
Wow Ryan! That was some fast turnaround! I only emailed you a couple of days back on this request.
Just adding a bit more.
I really wanted to keep my HTTP server block configuration DRY for nginx.
You can keep the HTTP and HTTPS server block in nginx configuration the same by simply adding a listen for port 80 and port 443 in the same block. Further you can add the ssl options in that same block as well. All you need to change is the X-Forwarded-Proto to be set to $scheme instead of http or https.
I've found a solution: http://stackoverflow.com/questions/10870306/how-should-i-use-draper-in-my-applicationcontroller
Hi All,
I had found solution for this issue.
Combine the following code with this tutorial of RailsCasts
def makerecurring(payment_notifications_url,current_user)
process :request_payment, ipn_url: "#{notifications_url}?custom=user_id#{current_user.id}"
process :create_recurring_profile, period: :daily, frequency: 1, start_at: Time.zone.now, ipn_url: notifications_url
end
Note:
1. ipn_url should be put within "request_payment" scope
2. Although I set up ipn_url for "create_recurring_profile" but it does not work.
If I have any more information, I will update.
I'm trying to add an image field to my survey. I can get the image to upload and to show on the Show page. But when I go back to the Edit view, there is no image and I still see the "No file chosen" text next to the Choose File button.
I have this line of code in my Show view:
<%= image_tag question.image_url(:thumb).to_s if question.image? %>but if I try to put that into the _form view then I get an unknown variable or method error.
I've tried a couple of if statements but haven't gotten it to work.
Thanks to anyone who can help.
I'm having problems with chosen.
jQuery ->$('#resource_tag_ids').chosen()
is returning
Uncaught TypeError: Object [object Object] has no method 'chosen'in Chrome.(Putting tags on a resource instead of authors on a book, but that shouldn't matter)
I can see that for some reason the chosen javascript file is being included twice, one with code, and the other is a blank 4 lines... which is really odd.
Thanks Ryan!
I'm new to rails so sorry if this is a dumb question, but working on an application similar to this except that every article will have a text document attached to it (pdf, doc, etc.) does a search enginer like ElasticSearch search the actual text of the files? if not, does anyone know of a tool that would help me?
Thanks!
One very good explanation why my approach does not work.
http://stackoverflow.com/questions/10930300/delayed-job-and-prawn-scripts
load "#{Rails.root}/jobs/#{prawn_script_name}.rb" DOES WORK.
BUT
I need to pass arguments e.g account_id to the Prawn scripts to scope the data for the pdfs.
runner allows ARG[]s to be passed but "load" does not!
Delayed_job has the arguments in its table but how do I make these accessible to the Prawn scripts?
This is my next hurdle to overcome.
Too bad I wasted so much time implementing your railscast solution in rails 3.2. I just found out that the 'nested_forms' gem is pretty straight forward.
FIW here are some changes I made to your helper methods to let them allow blocks, as the original link_to_function method does:
Where's the difference to the nested_forms gem? I can use the latter with one-to-many associations. Unsure about many-to-many, though I can't see why this wouldn't work, too.
Hi Ryan,
It seems this code is brittle. At the moment we have a method and an instance variable for accessing to current user data. Data associated with him/her can be corrupted in any other object methods. By the way, what if I assign some value to
@current_userbefore callingcurrent_usermethod? Right,@current_userwould never be filled with data from Data Base.I agree, caching could be very useful, but we should be as accurate as we can. Caching solution is a synchronization trouble, I guess. So what about to incapsulate data caching in data class?
Merely User class knows when its data was changed, so caching of some part of data is responsability of User class. One more argument for this solution is that, actually, User class is only point access to data, so we have to incapsulte logic like this in data classes, dont'we?
Is there a way to fetch all documents. I don't want pagination
Hi kmoczydlowski ,
During the last month, I've tested many scenario but ipn_url does not work. For briefly:
1. I've set the ipn_url within Profile section of PayPal Account of Shop Owner
2. I set ipn_url as reference here: https://github.com/fnando/paypal-recurring/issues/7
3. I set the frequency of payment to DAILY. All the transactions are OK within the Paypal History.
BUT, IPN_URL just does not work
Hi Ryan
I have been working through the relevant Railscasts, and just for sentimental reasons watched the first one. Thank you for creating such a wonderful resource. You distill such clear practical understanding in an entertaining way.
Chris
I am having trouble using auto-complete with multiple fields. The first one works but the second instance does not. Been working on trying to figure out how to make it work for close to a week now. Any help would be great!
Please note I do NOT want to tokenize. Do in face want to set other fields along side the auto-complete text field too.
Thanks!
I'm confused. Virtualbox already allows you to package up servers:
http://grok.lsu.edu/article.aspx?articleid=13838
And do port forwarding or even give the server it's own IP address:
http://www.virtualbox.org/manual/ch06.html
So the only thing I see Vagrant as providing is some very basic premade packages and a prettier command line interface to Virtualbox. Am I correct or is there something big I'm missing here??? Seriously want to know as I don't wish to miss something significantly better.
Side note: I wish it used Xen PV instead as that is actually difficult to configure, unlike VB.
I am having the same problem...tried all say...but no solution..plz post a solution if you come to know
Would also like to see how it all works with Devise. Devise now allows easily integration of OmniAuth but it's not clear the 30,000 feet view on this
The link to integration with Devise anyway is here:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I followed this tutorial but am getting JQuery not defined in firebug. I looked at the application.js file and saw that the function was generated correctly. My application layout has javascript_include_tag before anything else is yielded. The funny thing is I have another Jquery function specified for another controller that's working perfectly fine. What am I doing wrong here?
y u no use mixins?