Bart de Water

icon company @thatch-health icon location Montréal, Canada icon location Software engineer @thatch-health

Results 66 comments of Bart de Water

Add top-level Rails.application.url for canonical reference

This could also make it more palatable to set `config.hosts` by default in production and harden Rails apps out of the box against host header attacks? There were concerns with...

Let ActiveStorage::Blob#open return a tempfile for manual unlinking

Unrelated test failures in `docs-preview` and `actionpack (3.3) [rack-head]` (3.2 passes entirely).

Tests failing when using OpenSSL library v3

This changed in OpenSSL 3.2, see https://github.com/openssl/openssl/pull/19271. I see two possible ways to fix this: - [manpage for `X509_sign`](https://www.openssl.org/docs/man3.2/man3/X509_sign.html) mentions "If the certificate information includes X.509 extensions, these two functions...

Set user_handle to nil for non-string data type

🤔 returning `{}` for userHandle does not conform to the specification, it should be an ArrayBuffer according to [AuthenticatorAssertionResponse interface](https://www.w3.org/TR/webauthn-2/#iface-authenticatorassertionresponse). I noticed in [the fix](https://github.com/elquimista/authenhub/commit/e1d0874e7aa22cd725884e2b74e7e10f96f686b3) you referenced that for other...

LSP hover on method shows wrong return types

Ran into a different example using `presence`, with the following signatures: ```rb class ActiveRecord::Base sig { returns(T.self_class) } def presence; end end class NilClass sig { returns(NilClass) } def presence;...

`csp_meta_tag` helper generates a meta tag w/o out making use of the nonce hiding which could lead to nonce value exfiltration of nonce data

> While I'm not too sure how this type of attack vector could be exploited, or used (have no working exploit) I think this is dependant on whether the nonce...

Errors are silently swallowed instead of being raised to the background processor

That's a pretty old version of Paperclip which is vulnerable to a DoS attack. I'm not seeing this with Paperclip 5.1.0, DelayedPaperclip 3.0.1 and Que 0.12 when raising from my...

Getting a callback when processing is done

I have a similar use case to yours. Both callbacks provided by Paperclip (`after_processing :enqueue_upload` and `after_foo_processing :enqueue_upload`) work for me to enqueue another job. This makes sense because `DelayedPaperclip::ProcessJob`...

How would you kill a specific job?

> If you have any ideas or suggestions, feel free to contribute them! 🙏 For gems like https://github.com/Shopify/job-iteration it is useful to have a way to know a graceful shutdown...

Add datalist_tag to create datalist form elements

+1 for making this a proper helper. The `tag.datalist` example works but isn't as nice as it could be. I'd like to add that [browser support for datalist](https://caniuse.com/datalist) in combination...