Documentation enhancements

[ujifgc]

From @dariocravero on March 18, 2013 19:49

List of features to document

Components

• Explain .components.
• How to change ORM,
• How to change renderer,
• How to change styles processor,
• How to change scripts,
• How to change database adapter?

...

• Document invoke_hooks (#1098)
• Cleanup documentation for fields_for (#939)
• Gemified apps (added to generation docs)
  • Detailed explanation on how to handle gemified apps
• Performance tools guide
• Project modules (re 0.11 release)
• Document padrino-flash better. Particularly what the story is with now and next. Also, add some comments to the code from the original repo (https://github.com/Cirex/padrino-flash).
• Explain Padrino.dependency_paths.
• Document how to write rake tasks.
• Document CSRF, how it relates to post requests, how to disable it (app-wide or controller-level)
• Document (See #1475) how to access current request controller and action names
• Document app gemming and starting and the need of special placement for log, tmp, configs

Testing

• How to set the current account (or the session in general) while testing controllers#1198.

Let's build this list up! :)

Copied from original issue: padrino/padrino-framework#1137

[ujifgc]

From @nesquena on March 18, 2013 19:57

Awesome, thanks definitely want to help get those fleshed out soon.

[ujifgc]

From @dariocravero on March 18, 2013 19:58

And we will! 👯

[ujifgc]

From @Ortuna on March 18, 2013 20:4

Does this go in padrino-docs ?

[ujifgc]

From @dariocravero on March 18, 2013 20:12

It does for now @Ortuna. Until we decide whether we move it to the main repo or not.

[ujifgc]

From @skade on March 18, 2013 20:55

We should especially decide on what system to use. I like middleman alot and would like to get the idea of using something like qed for documentation testing further.

[ujifgc]

From @nesquena on April 9, 2013 7:44

Notes for CSRF section from @skade

CSRF attacks are a severe problem and the safety measures should never be turned off by default.

You need to pass a parameter called "authenticity_token" with the value "session[:csrf]" on every post request. If you work sessionless for parts of your app (e.g. for an API), you should add:

set :allow_disabled_csrf, true

And disable CSRF on a route-by-route basis:

get :foo, :csrf_protection => false do

end

Do only turn of CSRF protection completely if your app works completely sessionless. In that case, you should use another way of validating requests.

[ujifgc]

From @nesquena on January 17, 2016 17:30

@wikimatze This represents a list of some of the most obvious missing or incomplete documentation. Any help in augmenting the guides with these would be much appreciated.

[wikimatze]

Thanks for moving this around, it will take a while to document these and think we to put it, but I'm on my way.