Programmatically generating PDF documents is a common requirement in many of our client projects at bitcrowd. While in Ruby there is a multitude of battle-proven libraries to choose from, the PDF library landscape in the Elixir/Erlang ecosystem is just beginning to evolve. Today, we introduce ChromicPDF, a fast and convenient Chrome-based HTML-to-PDF converter, written in Elixir.
This blog post is the first in a series detailing our work on SSH support for Elixir and Erlang/OTP.
How to take back control over caching with Rails' Active Storage and Amazon S3.
Phoenix LiveView allows for JavaScript Hooks to extend live view pages with small powerful bits of JavaScript. This post showcases how one can test these hooks with the power of Jest.
Code reviews are essential for software development in teams. They’re useful to share domain knowledge and best practices within the team, ensure consistent code quality, and lower the number of defects in the software. Reviewing code is hard though.
How to get URLs valid inside and outside of a docker-compose network
In recent years, type systems in JavaScript have also reached the React community. So, with an exciting client on a new codebase and a limited scope, we took the plunge.
In frontend projects with a redux store, all requests need to be authenticated. But how do you put the token into the store, but still have it in the API module?
When debugging (or during security audits) it may be handy to know which data exactly is encoded in a session cookie. This is especially important because authentication frameworks like guardian store authentication secrets in sessions and we need to know they are stored securely. For the Phoenix web framework session cookies are encoded in a special format. In this post we follow Phoenix’ cookie storage implementation to find out how sessions are encoded.
Summary
On 2019-08-02 we at bitcrowd discovered a security vulnerability in simple_form. simple_form is one of the go-to ways to easily handle HTML forms in Ruby on Rails. The security issue allows arbitrary code execution in the worst case, but at least has potential for data corruption or DOS attacks. This security issue was responsibly disclosed by bitcrowd. Find details about the timeline of the events and a more detailed description below.
