The end of January saw a lot of security fixes in Rails. A good reminder to keep up with Rails security, for example by reading these articles:
Add 2FA via SMS to your Rails app.
There’s also a CSP header generator.
Great idea, when you complete the Google account security checkup, you’ll get an extra 2 GB for Google Drive.
- Output encode all application data on output with an appropriate codec
- Use your framework’s output encoding capability, if available
- Avoid nested rendering contexts as much as possible
- Store your data in raw form and encode at rendering time