Sometimes an AJAX request on a page you’re developing needs to hit a
server on a different domain. Web browsers’
means (among other things) that other domains called from AJAX need to
be whitelisted using the
can do, it’s annoying in development. You could whitelist your dev
box, 0.0.0.0, or 127.0.0.1 (depending on how you work), but that’s
Fortunately, there’s an easier way, temporarily disable same-origin
I’ve turned that development work into open source in the form of gem
providing Ruby bindings to the APIs.
I have only implemented a handful of endpoints, Luminate Online
doesn’t have any kind of test mode or sandbox, any testing has to be
done with live data. However, I’ve used a meta programming approach
making it easy to quickly add additional endpoints.
All of the endpoints I have implemented have been used in anger.
Yesterday, I was involved in a fire drill around the launch of a new
Rails site on a very tight time frame. The site worked fine in
development/staging, but the index was taking upwards of 10 seconds to
render in production.
Because it worked outside of production we leapt to the conclusion it
was related to the hosting infrastructure. We checked Apache, Passenger,
server load, network configuration, and so on. Nothing.
Finally, I thought to check log/production.log, and there is was:
Processing by BlahController#index as */*
Rendered blah/_carousel.html.erb (5795.2ms)
Rendered blah/index.html.erb within layouts/site (5801.5ms)
We quickly tracked it down some image processing that wasn’t being
cached. It didn’t show outside of production because the image assets
were different. I won’t bore you with the details.
However, I will bore enlighten you as to my point. When debugging
a problem, start with the simple things. The Rails logs aren’t very
detailed, but they provide more than enough information to quickly
drill down to problems in your code.
Previously, Strongbox, my gem for using Public Key Encryption with ActiveRecord, allowed only one key pair for encrypting all of the records for a given ActiveRecord model. I’ve had a number of requests to make it possible to dynamically choose the keys on a per record basic and version 0.6.0 adds this feature.
The values of :public_key, :private_key, and :key_pair can be in one of the following formats:
A string containing path to a file. This is the default interpretation of a string.
Using this, you can automatically create per record public keys:
require'openssl'# Assumes the migration contains:# t.string :description# t.binary :secret# that you are collecting a password to encrypt the private key,# and that the secret is smallclassUser<ActiveRecord::Baseattr_accessor:passwordencrypt_with_public_key:secret,:key_pair=>:key_pairdefafter_initializersa_key=OpenSSL::PKey::RSA.new(2048)cipher=OpenSSL::Cipher::Cipher.new('des3')key_pair=rsa_key.to_pem(cipher,self.password)+rsa_key.public_key.to_pemendend
Important Caveat -
Currently, Strongbox encrypts the attribute as soon as it’s assigned (this will change in version 1.0). The means that the public key must be available before the attribute is assigned, hence the use of after_initialize to generate the key pair. Even so, this will fail if you do something like:
because the attributes are set before after_initialize is called.
As always, I like building Emacs for my Mac from
source. It lets me live on the cutting edge and have tigher control
of the version I’m running. If building software from source isn’t
your thing then skip the rest of this article and consider installing
Emacs using Homebrew,
I’ve written about building Emacs in the past, but OS X Lion brings a few
complexities to the process.
After years of running on Wordpress, today I’m relaunching my blog using Octopress. Octopress is a blogging framework build on top of Jekyll which in turn is system designed for publishing static sites from source files, be they Markdown, HAML, SASS, etc. This style fits nicely in to my everyday workflow, so my hope is it will get me writing on a regular basis.
Wordpress is great if you want a WYSIWYG blog and I still recommend to my clients. But, if you spend your days in Emacs or Vim, running rake tasks and git commits, you might want to give Octopress a try.
However, there is a downside: Pow doesn’t play nicely with Apache (or any server listening on port 80). Life isn’t all greenfield, if in the course of the day you need to work on PHP or CGI legacy apps Pow is not so simple. Pow creates a firewall rule that redirects port 80 to its port; to access Apache you need to either toggle the firewall rule on and off or move Apache to a different port all together. And now you’re running two web servers. There has to be a better way.
And there is, make your legacy app a Rack App. Thanks to the rack-legacy gem, this is actually quite simple.
Rack::Legacy::Php runs any requested file with the extension .php. Rack::Legacy::Cgi runs any requested file that is set executable (which means you’ll need to make sure your .html files are not). Files that don’t end in .php and aren’t executable are served as static content by Rack::File.
The INDEXES array contains a list of files to check for if a directory is requested (just like Apache’s DirectoryIndex directive). You can change the order or use different names (default.htm anyone?).
rack-legacy uses the php-cgi command line program to run scripts and while PHP ships with current versions of OS X, php-cgi is not included. You’ll need to install PHP using MacPort/Homebrew/Fink/etc. That’s beyond the scope of this post but, if you’re doing this kind of development, it’s probably not beyond you.
This is probably not a fast as running PHP using the Apache module and it’s certainly not as fast as something like FastCGI. If you are primarily developing legacy apps you probably should stick to Apache. However, if you mostly work with Rack apps and just occasionally need legacy support, this is a great way to go.
There’s plenty of documentation on how to deploy “Classic” style Sintra applications with Phusion Passenger, but it’s not immediately obviously how to deploy the new “Modular” style app (created with Sinatra::Base). Fortunately, it’s simple, the resulting class can be passed to “run” inside you “config.ru” file, something like:
Instructions you find for “Classic” Sintra apps have you setting “:env” to the ENV[‘RACK_ENV’] before running the app. As of Sintra 1.0 it’s “:environment” and it’s automatically set to
ENV[‘RACK_ENV’] (or “:development” if RACK_ENV is not set). You’ll also see instructions for setting “:run” to false, this is not nessecary for “Modular” apps.
Instead of having a dedicated login page, some sites return a 403 Forbidden HTTP status code and include the login form in an HTML body of a custom 403 page. For example, Drupal admin pages work this way. While this may seem a little odd, it works; all modern browser will display the HTML and few, if any, will note the Forbidden status.
Mechanize on the other hand raise an exception when it receives a 403 status. Fortunately, it returns the page it received as part of that exception. Here’s how to handle it:
mechanize=Mechanize.newbeginlogin_page=mechanize.get("http://localhost/admin")rescueMechanize::ResponseCodeError=>exceptionifexception.response_code=='403'login_page=exception.pageelseraise# Some other error, re-raiseendendlogin=login_page.form_with(:action=>'/login')do|f|f.field_with(:name=>'user').value=userf.field_with(:name=>'password').value=passwordend.submitraise'Login Failed'iflogin.body!~/Logged in!/
This code also works in the case where you don’t get a forbidden status, so it can be used generically.
For bonus points you can use the same code in a Cucumber step by changing: