---
redirect_from: /docs/14-gotchas.html
---
#Gotchas

## Security

### Spreadsheet applications vulnerable to unescaped CSV data

If your CSV export includes untrusted data provided by your users, it's possible that they could include an executable formula that could call arbitrary commands on your computer. See [#4256](https://github.com/activeadmin/activeadmin/issues/4256) for more details.

## Session Commits & Asset Pipeline

When configuring the asset pipeline ensure that the asset prefix 
(`config.assets.prefix`) is not the same as the namespace of ActiveAdmin 
(default namespace is `/admin`). If they are the same Sprockets will prevent the 
session from being committed. Flash messages won't work and you will be unable to 
use the session for storing anything.

For more information see the following post: 
[http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session](http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session)

## Helpers

There are two known gotchas with helpers. This hopefully will help you to
find a solution.

### Helpers are not reloading in development

This is a known and still open [issue](https://github.com/activeadmin/activeadmin/issues/697)
the only way is to restart your server each time you change a helper.

### Helper maybe not included by default

If you use `config.action_controller.include_all_helpers = false` in your application config, 
you need to include it by hand.

#### Solutions

##### First use a monkey patch

This works for all ActiveAdmin resources at once.

```ruby
# config/initializers/active_admin_helpers.rb
ActiveAdmin::BaseController.class_eval do
  helper ApplicationHelper
end
```

##### Second use the `controller` method

This works only for one resource at a time.

```ruby
ActiveAdmin.register User do
  controller do
    helper UserHelper
  end
end
```

## CSS

In order to avoid the override of your application style with the Active Admin one, you can do one of these things:
* You can properly move the generated file `active_admin.scss` from `app/assets/stylesheets` to `vendor/assets/stylesheets`.
* You can remove all `require_tree` commands from your root level css files, where the `active_admin.scss` is in the tree.

## Conflicts

### With gems that provides a `search` class method on a model

If a gem defines a `search` class method on a model, this can result in conflicts 
with the same method provided by `ransack` (a dependency of ActiveAdmin).

Each of this conflicts need to solved is a different way. Some solutions are 
listed below.

#### `tire`, `retire` and `elasticsearch-rails`

This conflict can be solved, by using explicitly the `search` method of `tire`, 
`retire` or `elasticsearch-rails`:

##### For `tire` and `retire`

```ruby
YourModel.tire.search
```

##### For `elasticsearch-rails`

```ruby
YourModel.__elasticsearch__.search
```

### Sunspot Solr

```ruby
YourModel.solr_search
```

### Rails 5 scaffold generators

Active Admin requires the `inherited_resources` gem which may break scaffolding under Rails 5 as it replaces the default scaffold generator. The solution is to configure the default controller in `config/application.rb` as outlined in [josevalim/inherited_resources#195](https://github.com/josevalim/inherited_resources/issues/195)

```
module SampleApp
  class Application < Rails::Application
    ...
    config.app_generators.scaffold_controller = :scaffold_controller
    ...
  end
end
```


## Authentication & Application Controller

The `ActiveAdmin::BaseController` inherits from the `ApplicationController`. Any authentication method(s) specified in the `ApplicationController` callbacks will be called instead of the authentication method in the active admin config file. For example, if the ApplicationController has a callback `before_action :custom_authentication_method` and the config file's authentication method is `config.authentication_method = :authenticate_active_admin_user`, then `custom_authentication_method` will be called instead of `authenticate_active_admin_user`.