Schmijos' Blog

Cloudflare and document.write

Cloudflare’s Rocket Loader is being intercepted by the new Chrome (v54) and
Firefox rules regarding document.write (more here.

Because of that, pages where Cloudflare decided to inject the rocket loader (for
example not if you visit a page with Safari) doesn’t load any scripts sourced
with data-rocketsrc.

Change the Rocket Loader mode in Cloudflare to manual or wait for a

Misconfigured AR Database Environment Check

When you execute rails db:schema:load the following can happen:

rails aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive
action against your 'production' database.
If you are sure you want to continue, run the same command with the environment

This is a protection so that you don’t delete any production data by accident.
But what happened to me was that I somewhen reconfigured my local system
to be productive (probably to test something with real data).

It is possible to reconfigure the database environment in
ar_internal_metadata with the following command:

bin/rails db:environment:set RAILS_ENV=development

With that database rake tasks to not complain anymore if you mess with
databases locally.

Secure a Rails API with Authentication

If you have an API which you want to protect with an API key you can do
it the following way in Rails.

class ApplicationController < ActionController::API
  include ActionController::HttpAuthentication::Token::ControllerMethods

  before_action :restrict_access

  def restrict_access
    authenticate_or_request_with_http_token do |token, _options|
      ApiKey.exists?(access_token: token)

This internally executes authenticate_with_http_token for checking the
presence of a token in the HTTP header and then executes the block. If that
fails request_http_token_authentication answers the current request directly
with a 401 Unauthorized.