request.js VS Bitwarden

For some extra help with crsf tokens. I would recommend the request.js library in the rails GitHub. https://github.com/rails/request.js

We will now connect our toolbar's table button to the server-side controller action we have just written. To do this, we first need to bring Rails' request.js library into the project. This library will help us administer post requests from the client, including proper CSRF-tokens, etc.:

Then, you will need to use fetch or other libs like rails/request.js (https://github.com/rails/request.js) to send a patch request with formData to your model's update path (usually something like /fruits), this is to update your model data. If you are using scaffolded controller, you should have respond_to js configured for you by default. If not, remember to add respond_to :js to your controller, and list data attributes you wanted to return from the server.

Stimulus and request.js should get you about 90% of the way for your example

One way to work around this is described in Dale’s article. In it, a Stimulus controller and request.js are used to insert a Turbo Stream header into GET requests, getting Turbo to see the request as a Turbo Stream request despite not originating from a form submission.

The Rails.ajax function comes from the @rails/ujs package, which isn't Turbo-aware. You should be using @rails/request.js instead, which can execute Turbo Stream commands:

It's not part of Hotwire, but supplemental for when you want to make AJAX requests from Stimulus or whatever. https://github.com/rails/request.js

So with our applications we've started using request.js to make JS based requests to the applications, it's super handy and very easy to use.

request.js is a minimalistic JavaScript pacakge that is set to replace Rails UJS in the near future. We will be using it to fetch new pages from the server. Let's install the package

First, we will add the necessary NPM packages. We will use @github/webauthn-json as a nice wrapper for the WebAuthn API and @rails/request.js for easier requests to the backend (with built-in Turbo Stream support).

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

First it's good to use a password manager, however it's not a good idea to use the one built into your browser. I would suggest switching to BitWarden or similar (not LastPass).

I just noticed today when relogging in on Bitwarden (I couldn't sync my vault) that it said "Logged in as [email] on __$2__" instead of "Logged in as [email] on bitwarden.com". I don't know why or how that happened, and I have no idea what it means. Did I screw up somehow? Just to be clear, I did login and just after I logged in my brain realized that it said "__$2__" instead of what it should say.

bitwarden:~$ sudo ./bitwarden.sh updateself _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Updated self. bitwarden:~$ sudo ./bitwarden.sh update _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Update not needed bitwarden:~$

Bitwarden (version 8588): A secure and free password manager for all of your devices.

I would also recommend the use of a password manager such as Proton Pass, BitWarden or 1Password if your looking for a more premium solution.

Use a password manager if you do not already and have it generate unique passwords for every website. Bitwarden is one of the best. You should NEVER reuse passwords and should always use unique passwords. It may be inconvenient at first but a password manager like Bitwarden really does make it a whole lot more convenient. Your e-mail especially should have its own unique password. You should also use two-factor authentication on any website that offers it. If you do not have a good AV on your computers, Bitdefender and Kaspersky both offer free options. The website https://haveibeenpwned.com/ is a good place to check if your credentials have been in a data breach.