Raising errors for required and permitted attributes makes it easier to find errors in your application during development and in tests. Consider this approach if you want to strengthen the params handling in your application.
Example
config.action_controller.action_on_unpermitted_parameters = :raise
def user_params
params.require(:user).permit(:full_name)
end
Effects
-
This raises an error
ActionController::ParameterMissingif there is no required parameter:- In production users see a bad request error page.
- In production the error is ignored in Sentry Show archive.org snapshot by default.
-
This raises an error
ActionController::UnpermittedParametersif there is an unpermitted parameter:- You need to manually merge it to the rescue_responses in case users should see a bad request error page.
- You need to add it manually to sentry on the ignore list in case it should not be reported as exception.
Posted by Emanuel to makandra dev (2024-05-22 14:14)