CODEWITHSUNDEEP
ruby-on-railsstrong-parameters
Sig
Sig

Reputation: 5986

How to prevent Unpermitted parameters

On a Rails 7.1 app, I have the form below

<%= form_with model: @post do |form| %>
  <%= form.text_area :body %>
  <%= form.submit %>
<% end %>

And the related action.

def update
  @post = Post.find(params[:id])

  if @post.update(post_params)
    ...
  end
end

private

def post_params
  params.require(:post).permit(:body)
end

When I submit the form, the following parameters are sent to the controller.

Parameters: {"authenticity_token"=>"[FILTERED]", "post"=>{"body"=>""}, "commit"=>"Update Post", "id"=>"1"}

Is there a way to prevent Unpermitted parameter to be raised?

Unpermitted parameters: :_method, :authenticity_token, :button, :id. Context: { controller: PostsController, action: update, request: #ActionDispatch::Request:0x0000000110733988, params: {"_method"=>"patch", "authenticity_token"=>"[FILTERED]", "post"=>{"body"=>""}, "commit"=>"Update Post", "controller"=>"posts", "action"=>"update", "id"=>"1"} }

Am I missing something here?

Upvotes: 0

Views: 961

Answers (1)

mechnicov
mechnicov

Reputation: 15298

There is config for unpermitted parameters

# To take no action:
config.action_controller.action_on_unpermitted_parameters = false

# To emit an `ActiveSupport::Notifications.instrument` event
# on the `unpermitted_parameters.action_controller` topic
# and log at the DEBUG level:
config.action_controller.action_on_unpermitted_parameters = :log

# To raise a ActionController::UnpermittedParameters exception:
config.action_controller.action_on_unpermitted_parameters = :raise

You can choose needed

Upvotes: 0

Related Questions