Very quick question regarding the answers route. Why not adding shallow: true to it so that edit and delete can be performed by just knowing the answer id. After the answer is created, there is no need to carry the question id when it comes to edit or delete it, no?
What tools would you recommend to obfuscate sensitive data when dumping a database? I know there are some gems, but not sure how they would fit in this process.
It looks like a few things have changed over the last few months and `headers["X-Frame-Options"] = "allowall"` does not seem to be working anymore with recent browsers.
I found this Stackoverflow article about the topic https://stackoverflow.com/questions/67561924/ruby-on-rails-allow-embedding-of-your-website-in-other-sites-using-frame-ancesto and it appears that the "new" way of doing it is by overloading a Content Security Policy.
I ended up with the following content_security_policy.rb file
Rails.application.configure do config.content_security_policy do |policy| policy.default_src :self policy.frame_ancestors 'self', "*" end end
You can also decide to not override the property on a case by case (controller level).
I still have one issue: making it work with nested routes
resources :events do resources :questions, shallow: true end
the render template code in the example does not seem to be working as the URL is events/:event_id/questions :-( But I will get something working at some point. Cheers
I still have issues in my project getting the id properly working. We are using UUIDs and not integer increments in our Postgres database. Could that be the issue? I eventually have to create the id and pass it to the different models ... so not that convenient.