Ruby on Rails: Security Updates and Testing Improvements

Rails development focused on security enhancements and developer tooling today, with Action Cable origin checking improvements and new testing parameters for integration tests. The team also completed the removal of deprecated rails-ujs JavaScript files.

Duration: PT1M42S

Episode overview

This episode is a short developer briefing from Ruby on Rails.

It explains recent repository work in plain language.

  • Show: Ruby on Rails
  • Published: 2026-04-08T00:00:00Z
  • Audio duration: PT1M42S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning. This is your Ruby on Rails briefing for April 8th, 2026.

Jean Boussier merged an Action Cable security improvement that updates origin checking to properly respect X-Forwarded-Host headers. This fix ensures WebSocket connections are validated correctly when Rails applications run behind reverse proxies or load balancers.

Denis Savchuk addressed a significant testing pain point by adding explicit query and body keyword arguments to integration test helpers. Previously, the params parameter was ambiguous for GET requests with JSON format - developers couldn't specify whether parameters should go in the URL query string or request…

Jean Boussier completed the removal of rails-ujs by eliminating the JavaScript files and cleaning up remaining references in the ActionView gem specification. This continues Rails' modernization effort as the framework moves away from legacy JavaScript helpers.

The day's activity also included documentation fixes across Active Storage, Action View, Active Record, and the upgrading guide.

What's next: Watch for potential follow-up work on the integration testing improvements as developers provide feedback on the new API. The rails-ujs removal may…

Nearby episodes from Ruby on Rails

  1. PWA Enhancements and Bug Fixes
  2. Weekly Recap - Security & Developer Experience Improvements
  3. Active Storage Security Warning Enhancement
  4. Documentation Fixes and API Testing Improvements
  5. HTTP Request Safety Methods Added
  6. Weekly Recap - Composite Keys and Performance Optimization
  7. Composite Key Validation Fix
  8. Spring Cleaning and Clarity