Cross-Origin Resource Sharing

Cross-Origin Resource Sharing, or CORS, defines a way to enable client-side cross-origin requests. So, if this API is used on http://siteA.org then a resource on http://siteB.org could opt in to this( e.g. by specifying Access-Control-Allow-Origin: http://siteA.org as a response header).

The problem it aims to solve is that AJAX calls that use XMLHttpRequest to do cross-domain requests (e.g. Site A wants to access a script on Site B) are forbidden by web browsers (see Same-origin policy: http://en.wikipedia.org/wiki/Same-origin_policy).

Note: WebSockets are not subject to the same-origin policy.

CORS is a W3 Recommendation released on 16th January 2014. See http://www.w3.org/TR/access-control/

Alternatives to CORS are:

  • setting the document.domain property
  • Cross-document messaging – e.g. calling the postMessage() method on a Window object
  • JSONP

http://en.wikipedia.org/wiki/Same-origin_policy#Relaxing_the_same-origin_policy

 

Browser support for CORS:

  • >= Firefox 3.5
  • >= Safari 4
  • >= Chrome 3
  • >= IE10 (IE8+ has partial support). i.e. IE9 in Compatibility View would not support CORS
  • >= Opera 12

What are all those gems that are installed/used by Rails

Wonder what all those gems are that you find being installed/used when you do:

rails new app

Here’s a breakdown (all gems can be found doing a search on http://rubygems.org/)

Using rake (10.0.4)

Ruby Make

http://rubygems.org/gems/rake

Using i18n (0.6.4)

Internationalization for Ruby

http://ruby-i18n.org

Installing minitest (4.7.4) 

minitest is a complete suite of testing facilities supporting TDD, BDD, mocking and benchmarking

http://rubygems.org/gems/minitest

Using multi_json (1.7.3) 

A gem to provide easy switching between different JSON backends, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, and OkJson.

http://rubygems.org/gems/multi_json

Using atomic (1.1.9) 

an Atomic class that guarantees atomic updates to its contained value

http://rubygems.org/gems/atomic

Using thread_safe (0.1.0) 

A collection of thread-safe versions of common core Ruby classes

http://rubydoc.info/gems/thread_safe/0.1.0/frames

Using tzinfo (0.3.37)

TZInfo is a Ruby library that uses the standard tz (Olson) database to provide daylight savings aware transformations between times in different time zones.

http://rubygems.org/gems/tzinfo

Using activesupport (4.0.0.rc1)

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

http://rubydoc.info/gems/activesupport/3.2.13/frames

Using builder (3.1.4) 

Builder provides a number of builder objects that make creating structured data simple to do. Currently the following builder objects are supported: * XML Markup * XML Events

http://rubygems.org/gems/builder

Using erubis (2.7.0) 

Erubis is an implementation of eRuby (Embedded Ruby), a templating system that embeds Ruby in a text document.

http://rubygems.org/gems/erubis

Using rack (1.5.2) 

Rack provides an interface for developing web applications.

http://rubygems.org/gems/rack

and

http://rack.rubyforge.org/doc/

Using rack-test (0.6.2) 

Tests

Using actionpack (4.0.0.rc1) 

Web apps on Rails

http://rubygems.org/gems/actionpack

Using mime-types (1.23) 

Mime-types

Using polyglot (0.3.3) 

Polyglot provides a registry of file types that can be loaded by calling its improved version of ‘require’. It also allows a Ruby module to register a loader for the file type associated with a filename extension. 

http://polyglot.rubyforge.org

Using treetop (1.4.12) 

A Ruby-based text parsing and interpretation DSL

Using mail (2.5.4) 

Ruby mail handler

Using actionmailer (4.0.0.rc1) 

Email on Rails

Using activemodel (4.0.0.rc1) 

Toolkit for building modelling frameworks like Active Record and Active Resource.

Using activerecord-deprecated_finders (1.0.2) 

Using arel (4.0.0) 

SQL AST (abstract syntax tree) manager for Ruby. It simplifies the generation of complex SQL queries.

Using activerecord (4.0.0.rc1) 

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes.

Using bundler (1.3.5) 

Manage gems.

Installing coffee-script-source (1.6.2) 

Installing execjs (1.4.0) 

Installing coffee-script (2.2.0) 

Language that compiles into JavaScript.

http://coffeescript.org

Using thor (0.18.1) 

A scripting framework that replaces rake, sake, rubigen.

Using railties (4.0.0.rc1) 

see earlier post

Installing coffee-rails (4.0.0) 

CoffeeScript adapter.

Using hike (1.2.2) 

Finding files in a set of paths.

Installing jbuilder (1.0.2) 

Create JSON structures via a Builder-style DSL.

Installing jquery-rails (2.2.1) 

jQuery for Rails.

Installing json (1.8.0) 

JSON

Using tilt (1.4.1) 

Generic interface to multiple Ruby template engines

Using sprockets (2.10.0) 

Using sprockets-rails (2.0.0.rc4) 

Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, etc.

Using rails (4.0.0.rc1) 

should be pretty straightforward…!

Installing rdoc (3.12.2) 

docs

Installing sass (3.2.9) 

Installing sass-rails (4.0.0.rc1) 

Extension to CSS3

Installing sdoc (0.3.20) 

rdoc generator

Installing sqlite3 (1.3.7) 

SQLite interface

Installing turbolinks (1.1.1) 

Turbolinks makes following links in your web application faster (use with Rails Asset Pipeline). Similar to pjax (pjax = pushState + ajax). Does not require jQuery but works great with jQuery.

Installing uglifier (2.1.1) 

Ruby wrapper for UglifyJS JavaScript compressor

Your bundle is complete!

And so is this whirlwind tour!

Letting Google host jQuery for you

Include this:

<script src=”//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js” ></script>

and implement like this:

<script>

  $(document).ready(function() {

     alert(“let’s go…”);

  });

</script>

For example:

$( “.replace_with_element_classname_clicked” ).on( “click”, function( event ) {

 $(“.replace_with_element_classname_to_show”).toggle([1000]);

});

Why?

  • You’re using the Google APIs CDN which means decreased latency 
  • Increased parallelism (your browser typically limits you to 2 connections per hostname)
  • Better caching (many users will already have cached this library) 

Wonder why the src is missing http:?

This is a handy trick to use a single reference for both http and https pages.

Automatic Post Tagger

Not quite as awesome as an automatic post categoriser but still pretty handy:

http://wordpress.org/extend/plugins/automatic-post-tagger/