How to use rack-mini-profiler for ajax calls? - ruby-on-rails

I managed to get rack-mini-profiler gem to run fine on the full pages we serve in our app. What I didn't manage is, how to directly get the data also for one of the calls we serve via ajax to another page. I found, that if I do the ajax call and then call one of our full page requests, I see also the ajax timing, but this is kind of cumbersome to do.
Do you have any tips on how to see the small menu also directly on the page where the ajax call is done? Our ajax call is returning html and there would be enough space to show the menu.

My apologies for responding with an indirect answer to your question. But, I highly recommend the Chrome Extension (and associated gems) Rails Panel, particularly for investigating Ajax/Async calls with Rails.
I use it daily at work and find it to be a great tool.

Once you've added rack-miniprofiler to your bundle, then you need to set disable_caching = true. You can do this in an initializer:
# config/initializers/rack_profiler.rb
if Rails.env.development?
Rack::MiniProfiler.config.disable_caching = true
end

Related

Testing JavaScript create through AJAX in Rails App

I am developing an eCommerce gem with Rails. I am trying to keep as much of the code in the app as possible. I want to make updates to, say, the shopping cart through Ajax, and then return data and an event back to allow the view to be noted in the view.
I am looking for a way to determine what becomes available to my JavaScript when and Ajax call is returned. I want to track the event, and so forth.
I am looking more for advice here than an answer, but what kind of testing framework are developers generally using for this?
I use RSpec, Capybara, and FactoryGirl for unit, request, and controller testing currently.
This should be helpful: Setting up javascript testing on a rails app with konacha

Submitting dynamic forms on another website

I'm trying to submit input to the form, and parse the results in a RoR app. I've tried using mechanize, but it has some trouble with the way the page dynamically updates the results. It doesn't help that most fields are hidden.
Is there anyway to get mechanize to do what I'm looking for, or are there any alternatives to mechanize which I can use?
So whenever I want to do something like this, I go with the gem selenium-webdriver. It spawns a real browser (supports all major brands) and lets you control it with ruby code. You can do almost everything a real user could do. In addition, you have access to the (rendered) dom, so javascript generated content is not a problem.
Performance is much slower than with pure library clients, so its not a good fit for use in a web request cycle.
http://rubygems.org/gems/selenium-webdriver

Rails function that searches for my link

I'm making a tool for a website thats under contruction that makes linkbuilding easier. This site is written in Ruby On Rails. Now that i'm learning RoR, i don't know were to start to make a function that searches a external site, which URL has been saved, to check that my url exist on that particular site. If so => display, if not: set URL non-active
So my questions:
Can I search a site from my application?
What is the best way to do this?
How often would you make such a script run?
It sounds like you are trying to verify a URL is active.
Answers to your questions:
Yes you can make HTTP requests to another URL.
For making HTTP requests look at the Nestful gem or you can use Net::HTTP from the standard lib.
You don't give clear information about your requirements, so it is hard to say what is right, but you could run the check when the author submits the form. If you worry about slow responses use delayed_job to make the check asynchronous.

What are the disadvantages of AJAX on Rails?

what are the scenario's where Ajax could not be used in Rails Application.
Is there any disadvantages of AJAX (AJAX on RAILS) if yes please mention which are they?
The browser may not be able to interpret javascript, but rails can detect that and you can act accordingly
The user cannot back/forward or bookmark a particular state within the page, because it is dynamically generated
Search engines cannot index particular states within the page
There may be others that i can't think of right now.
I think the biggest disadvantage of AJAX in general is the desire to use is when it is not needed.

Is there any way for a malicious user to view the controller/model code in my Rails app while it is running?

This is probably a stupid question but I'll go ahead and humble myself.
The Ruby code in my controllers and models are interpreted so that a HTML result is sent to the browser. Ok, I get that part.
But is there any way for a mailicious user to somehow take a peek at the Ruby code in the controllers and models by bypassing the process that converts or interprets that code before it is sent to the browser?
The reason I'm concerned is I am planning on doing some order processing in my app and if a malicious user was able to do that, they might be able to figure out how to do all kinds of unpleasant things.
Side tip: make sure you use html_escape or h to escape user data and prevent someone from injecting code into your site. For example, use
<%= h(person.name) %> so that someone can't put javascript in the name field and have it run when people view that page.
Nope. Try and navigate to the file yourself in the browser, you won't be able to see it. Your biggest worry should be someone trying to fake out GETs and POSTs because they know how REST works.
Assuming you have things set up correctly, then the web server in front of Rails is pointed to the /public directory. So anything in that directory may be open to direct attack. However, the web server intercepts the HTTP call based on certain criteria and redirects it to Rails for processing.
The architecture of Rails makes it impossible for model and controller code to be exposed to the public. There is a possibility that view code is viewable, but ONLY if you seriously mess up the code (I think). I have never managed to expose code to the client by accident, and I have never deliberately attempted to do so.

Resources