January 09, 2026

Transcript

Good morning, I'm your host with Rails Daily for January 13th, 2026.

Three pull requests were merged into Rails yesterday. Jean Boussier merged a security update removing the X-XSS-Protection header from default Rails headers. This deprecated security header no longer provides meaningful protection in modern browsers and has been removed starting with Rails 8.2.

Khasinski fixed a bug in ActiveModel's Errors#added? method that incorrectly returned false when querying errors with callback options like allow_nil or conditional validations. The issue was in the strict_match method which created an asymmetric comparison between stored errors and query parameters.

Shivabhusal enhanced the ActionView bug report template by adding clearer guidance for developers reporting view template rendering issues. The improved template includes structured examples to help contributors provide more reproducible code when filing bug reports.

Additional commits included Ryuta Kamizono removing unused uniqueness comparison code from ActiveRecord adapters, and Jean Boussier updating the Trix dependency in ActionText to resolve a compatibility issue.

What's next: Rails 8.2 continues removing legacy security headers as modern browsers handle XSS protection natively. ActiveModel error handling improvements should reduce debugging time for validation-heavy applications.

That's your Rails update for today. I'll be back tomorrow with more Rails core developments.