redirect_from: /docs/14-gotchas.html



Spreadsheet applications vulnerable to unescaped CSV data

If your CSV export includes untrusted data provided by your users, it's possible that they could include an executable formula that could call arbitrary commands on your computer. See #4256 for more details.

Session Commits & Asset Pipeline

When configuring the asset pipeline ensure that the asset prefix (config.assets.prefix) is not the same as the namespace of ActiveAdmin (default namespace is /admin). If they are the same Sprockets will prevent the session from being committed. Flash messages won't work and you will be unable to use the session for storing anything.

For more information see the following post.


There are two known gotchas with helpers. This hopefully will help you to find a solution.

Helpers are not reloading in development

This is a known and still open issue the only way is to restart your server each time you change a helper.

Helper maybe not included by default

If you use config.action_controller.include_all_helpers = false in your application config, you need to include it by hand.


First use a monkey patch

This works for all ActiveAdmin resources at once.

# config/initializers/active_admin_helpers.rb
ActiveAdmin::BaseController.class_eval do
  helper ApplicationHelper
Second use the controller method

This works only for one resource at a time.

ActiveAdmin.register User do
  controller do
    helper UserHelper


In order to avoid the override of your application style with the Active Admin one, you can do one of these things:

  • You can properly move the generated file active_admin.scss from app/assets/stylesheets to vendor/assets/stylesheets.
  • You can remove all require_tree commands from your root level css files, where the active_admin.scss is in the tree.


With gems that provides a search class method on a model

If a gem defines a search class method on a model, this can result in conflicts with the same method provided by ransack (a dependency of ActiveAdmin).

Each of this conflicts need to solved is a different way. Some solutions are listed below.

tire, retire and elasticsearch-rails

This conflict can be solved, by using explicitly the search method of tire, retire or elasticsearch-rails:

For tire and retire
For elasticsearch-rails

Sunspot Solr


Rails 5 scaffold generators

Active Admin requires the inherited_resources gem which may break scaffolding under Rails 5 as it replaces the default scaffold generator. The solution is to configure the default controller in config/application.rb as outlined in activeadmin/inherited_resources#195

module SampleApp
  class Application < Rails::Application
    config.app_generators.scaffold_controller = :scaffold_controller

Authentication & Application Controller

The ActiveAdmin::BaseController inherits from the ApplicationController. Any authentication method(s) specified in the ApplicationController callbacks will be called instead of the authentication method in the active admin config file. For example, if the ApplicationController has a callback before_action :custom_authentication_method and the config file's authentication method is config.authentication_method = :authenticate_active_admin_user, then custom_authentication_method will be called instead of authenticate_active_admin_user.