Why don't we validate controller parameters?
07-Mar-2019 1830
Strong parameters have their supporters and critics. Whether you use them or not, you still should remember about validating values. params.require(:user).permit(:first_name, :last_name) is usually not enough to make Ruby on Rails application secure enough.My reflections came from an issue that happened to me recently. I made a silly typo and it was enough to cause an avalanche of 500 errors which could have been easily avoided. A microservice I was working on made synchronous HTTP POST requests to Ruby on Rails application. One of the required parameters was class name. After receiving a request it was converted to a concrete instance of a class:.
Why don't we validate controller parameters? #ruby #rubydeveloper #rubyonrails #don't #validate #controller #parameters? #parameters? https://rubyonrails.ba/link/why-don-t-we-validate-controller-parameters