I am currently trying to implement raising an error when unpermitted parameters are posted in my RoR back-end. I included
config.action_controller.action_on_unpermitted_parameters = :raise
in my development.rb configuration. Now, for example I have in one of my controllers:
def apiary_params
params.require(:apiary).permit(:name, :municipality, :prefecture, :latitude, :longitude, :numberofbeehives, :notes)
end
If I now try posting another parameter lets say "apiary[asdf]" then an internal server error is raised correctly. However if I try posting a random "asdf" param not in the apiary hash, then the request is handled without an error. Does that mean that the random "asdf" and whatever other parameter not in the apiary is permitted? How can I fix that?
Aucun commentaire:
Enregistrer un commentaire