This week, I want to cover a common compliance requirement. If you ever went through a PCI, ISO 2007, SOC2, or similar compliance questionnaire, you found the following question in one form or another:

This week I will show you another Rack Attack trick.

But before I get to that, I’d like to let you know that my book is finally done and if you want to learn about how to avoid security issues during code review, you should read it: Secure code review for Rails Developers .

This week I want to tell you about the form_with Rails helper. It was introduced in Rails 5.1, and the goal of this helper was to unify the form_for and the form_tag helpers. form_for requires a model instance or a scope and puts the attributes into a hash, so usually when you needed a form in the past where you didn’t want to put them scoped into a hash, you used form_tag.

Hello!

This week, I will show you how to rate-limit your authentication endpoints with Rack::Attack.

Rack::Attack is a middleware for blocking or throttling requests based on rules. It uses the configured cache store of Rails to store the necessary data, but a separate data store can be configured too.

This week I will show you how to make dependent dropdowns with Hotwire!
I will use a toy app as an example. This app will have a page where addresses can be created. The address will consist of a country, a state, a city, and a postcode. Except for the postcode, we will have a list of options coming from the database and when the user selects the country, we load the states for the selected option. When the user selects the state we will load the cities in that state. Let’s start by generating a Rails app, the necessary models and a scaffold for the address.