New Features in Rails 5.2

New Features in Rails 5.2

An introduction to new features in Rails 5.2: ActiveStorage, Credentials, ActiveSupport::CurrentAttributes, Redis Cache Store, CSP DSL, HTTP/2 Early Hints, Bootsnap

B3881a28fe402dd2d1de44717486cae8?s=128

Michael Kohl

March 27, 2018
Tweet

Transcript

  1. New Features in Rails 5.2 Michael Kohl Ruby Tuesday Bangkok,

    March 2018
  2. • Michael Kohl (@citizen428) • CTO @ Lockstep Labs •

    Based in Bangkok, Thailand • Ruby developer since ~2004 • Full-time Rails since Rails 2 • Apparently still a teenager Ruby Tuesday March 2018 locksteplabs.com Yours truly
  3. Ruby Tuesday March 2018 locksteplabs.com Outline • ActiveStorage • Credentials

    • ActiveSupport::CurrentAttributes • Redis Cache Store • Content-Security-Policy DSL • HTTP/2 Early Hints • Bootsnap
  4. Ruby Tuesday March 2018 locksteplabs.com ActiveStorage • File upload solution

    like Paperclip • Supports S3, GCS, Azure • Separate attachment/blob models • Supports variants (MiniMagick) • Mirroring possible • Direct upload
  5. Ruby Tuesday March 2018 locksteplabs.com ActiveStorage Demo time!

  6. Ruby Tuesday March 2018 locksteplabs.com Credentials • Secrets (config/secrets.yml) •

    Encrypted secrets (config/secrets.yml.enc) • Credentials (config/credentials.yml.enc) • Only one key to share • Production: RAILS_MASTER_KEY
  7. Ruby Tuesday March 2018 locksteplabs.com Credentials Demo time!

  8. Ruby Tuesday March 2018 locksteplabs.com ActiveSupport::CurrentAttributes [A] thread-isolated attributes singleton,

    which resets automatically before and after each request. This allows you to keep all the per-request attributes easily available to the whole system.
  9. Ruby Tuesday March 2018 locksteplabs.com ActiveSupport::CurrentAttributes Demo time!

  10. Ruby Tuesday March 2018 locksteplabs.com Redis Cache Store

  11. Ruby Tuesday March 2018 locksteplabs.com Content-Security-Policy “Content Security Policy (CSP)

    is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.”
  12. Ruby Tuesday March 2018 locksteplabs.com Content-Security-Policy config/initializers/content_security_policy.rb

  13. Ruby Tuesday March 2018 locksteplabs.com HTTP/2 Early Hints • RFC

    8297 (draft status) • HTTP 103 Early Hints • HTTP/2 • bin/puma —early-hints • Not currently supported by Heroku • H2O
  14. Ruby Tuesday March 2018 locksteplabs.com HTTP/2 Early Hints

  15. Ruby Tuesday March 2018 locksteplabs.com Bootsnap • Developed by Shopify

    • Boot large Ruby/Rails apps faster • Apps start 2-4x faster • Path Pre-Scanning • Compilation Caching
  16. Ruby Tuesday March 2018 locksteplabs.com Resources • ActiveStorage • ActiveSupport::EncryptedConfiguration

    • ActiveSupport::CurrentAttributes • ActiveSupport::Cache::RedisCacheStore • Content-Security-Policy • Early Hints RFC • Bootsnap