Documentation enhancements

[ujifgc]

From @dariocravero on March 18, 2013 19:49

List of features to document

Components

• [ ] Explain .components.
• [ ] How to change ORM,
• [ ] How to change renderer,
• [ ] How to change styles processor,
• [ ] How to change scripts,
• [ ] How to change database adapter?

  ...

• [ ] Document invoke_hooks (#1098)
• [ ] Cleanup documentation for fields_for (#939)
• [ ] Gemified apps (added to generation docs)
  • [ ] Detailed explanation on how to handle gemified apps
• [ ] Performance tools guide
• [ ] Project modules (re 0.11 release)
• [ ] Document padrino-flash better. Particularly what the story is with now and next. Also, add some comments to the code from the original repo (https://github.com/Cirex/padrino-flash).
• [ ] Explain Padrino.dependency_paths.
• [ ] Document how to write rake tasks.
• [ ] Document CSRF, how it relates to post requests, how to disable it (app-wide or controller-level)
• [ ] Document (See #1475) how to access current request controller and action names
• [ ] Document app gemming and starting and the need of special placement for log, tmp, configs

  Testing

• [ ] How to set the current account (or the session in general) while testing controllers#1198.

Let's build this list up! :)

Copied from original issue: padrino/padrino-framework#1137

[ujifgc]

From @nesquena on March 18, 2013 19:57

Awesome, thanks definitely want to help get those fleshed out soon.

[ujifgc]

From @dariocravero on March 18, 2013 19:58

And we will! :dancers:

[ujifgc]

From @Ortuna on March 18, 2013 20:4

Does this go in padrino-docs ?

[ujifgc]

From @dariocravero on March 18, 2013 20:12

It does for now @Ortuna. Until we decide whether we move it to the main repo or not.

[ujifgc]

From @skade on March 18, 2013 20:55

We should especially decide on what system to use. I like middleman alot and would like to get the idea of using something like qed for documentation testing further.

[ujifgc]

From @nesquena on April 9, 2013 7:44

Notes for CSRF section from @skade

CSRF attacks are a severe problem and the safety measures should never be turned off by default.

You need to pass a parameter called "authenticity_token" with the value "session[:csrf]" on every post request. If you work sessionless for parts of your app (e.g. for an API), you should add:

set :allow_disabled_csrf, true

And disable CSRF on a route-by-route basis:

get :foo, :csrf_protection => false do

end

Do only turn of CSRF protection completely if your app works completely sessionless. In that case, you should use another way of validating requests.

[ujifgc]

From @nesquena on January 17, 2016 17:30

@wikimatze This represents a list of some of the most obvious missing or incomplete documentation. Any help in augmenting the guides with these would be much appreciated.

[wikimatze]

Thanks for moving this around, it will take a while to document these and think we to put it, but I'm on my way.