Strong Parameters is a mechanism added from Rails 4 series to improve security. A security measure that prevents an attacker from executing unintended code by not receiving anything other than the specified value.
When submitting data from a form, there is a security issue called a "mass assignment vulnerability". Simply put, it is a vulnerability in which an unauthorized request changes an unexpected value when sending data. Rails provides a "Strong Parameters" mechanism to prevent this vulnerability.
It is like this. Be sure to write Strong parameters below private.
app/controller/user_controller.rb
class UsersController < ApplicationController
def create
user = User.new(user_params)
end
private
def user_params
params.require(:user).permit(:name, :email)
end
end
Simply put, even if the value (parameter) related to user is sent, only "name" and "email" are allowed.
Recommended Posts