What is Metaprogramming?

Have you ever wondered how Rails generates methods based on the models you’ve defined? This is done using Metaprogramming.

What a gem.

Metaprogramming is writing programs that write programs. For example, when a User model is defined in Rails with email as an attribute, a method called find_by_email will be generated.

You never have to create the find_by_email method. Instead behind the scenes Rails is generating a bunch of great methods on the fly for you as a developer to use.

We can use this built in feature of Ruby to generate methods at runtime or on the fly.

I have created a repo to demonstrate. https://github.com/arichards4814/metaprogramming_article

The send Method

Before diving into metaprogramming, it is first important to take a look at the send method.

In this situation, I want to insert this book info into a new instance of book. Without using the send method we can do this like so.

This will print the book with its new attributes.

But we can do this much easier (and with less code) by creating a method within the Book class that can take care of this for us.

This will produce the same result. Imagine if there were 10 or 20 values and how much time this would save.

So exactly what is going on here with the send method?

self.send("#{k}=", values[k])

As the we loop through each key value pair in book_info, we use “message passing” to “send” a method to “self”.

So in other words, we are the first argument in send as the method name we want to pass. And the second as the argument to that method.
1
Having spent the past few years not adding Google Analytics to Ruby on Rails websites it came as a shock to find such poor support for it “out of the box”. If you follow the Google Analytics setup and copy and paste their script into the head of your HTML you might run into a host of conflicts. Chief among them are Content Security Policy (CSP) and Turbolinks. Both of these are essential for a modern website that wants to be secure and fast.
2
​
3
In particular CSP protects you and your users from a range of cross site scripting (XSS) attacks. While it can be complicated and fussy you should be enabling it just as you are enforcing https with config.force_ssl = true.
4
​
5
So here are the key points in safely adding Google Analytics to your Rails website while retaining CSP and Turbolinks.
6
​
7
Firstly enable CSP in config/initializers/content_security_policy.rb. You’ll notice Rails defaults to policy.script_src :self, :https which allows your site’s scripts and any script from any https source. Bad guys use https too so this seems unwise. Rather specify the exact external sources you want to allow.
8
​
9

10 ​ 11 You need both Google domains because the script from the first domain interacts with the second domain. 12 ​ 13 If you omit the Google sources and keep `:self` then you are telling the browser you only want scripts on the same domain as your website to be allowed. If you are trying to load in Google Analytics then your browser will show errors like this. 14 ​ 15  16 ​ 17 Content Security Policy source errors in the browser 18 ​ 19 If you include the Google sources but put a script block into your `application.html.erb` as Google Analytics suggests then you will run into this CSP error. 20 ​ 21 

#turbolinks #content-security-policy #ruby-on-rails #google-analytics