Active Support’s CurrentAttributes: a really useful but hated Rails feature?

Name: Active Support’s CurrentAttributes: a really useful but hated Rails feature? by Evil Martians
Start: 2023-10-27
End: 2023-10-28

At Kaigi on Rails 2023, October 27–28, 2023 in Tokyo, Japan

Topics

Share on

Sampo Kuokkanen
Head of Evil Martians Japan

Some people dislike ActiveSupport::CurrentAttributes, but it’s undeniably very convenient. It allows you to safely use the much-loved global variables within requests—a truly handy feature. I want to discuss why it might be disliked, touching on precautions and past security flaws, such as an instance where information leakage occurred with a Puma and Rails combination.

While I’m not insisting that everyone should use ActiveSupport::CurrentAttributes, I want to convey that it’s a viable option for those times when it’s really necessary!

Video

Slides

Explore more events

Visiting RubyKaigi
By Alexey Ivanov, Andrey Novikov and Sampo Kuokkanen
Visiting RubyKaigi
Sep 8, 2022RubyKaigi 2022
Evolution of real-time and AnyCable Pro
By Irina Nazarova
Evolution of real-time and AnyCable Pro
Dev Innovation SummitSanta Clara, California
November
6-
7
November
6-
7

Let's solve your hard problems

Martians at a glance

years in business

We're experts at helping developer products grow, with a proven track record in UI design, product iterations, cost-effective scaling, and much more. We'll lay out a strategy before our engineers and designers leap into action.