I'm attempting to add strong parameters to a Rails 3 application, but it is still permitting all mass attribute assignment and doesn't raise an error for ForbiddenAttributesProtection.
I have created an initializer strong_parameters.rb that has the following
ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
Additionally I have commented out config.active_record.whitelist_attributes = true in my config/application.rb file and removed all instances of attr_accessible from my models.
I also added the following to my config/application.rb so that I would get an exception in all environments until I'm done testing out the cutover.
config.action_controller.action_on_unpermitted_parameters = :raise
Despite these changes I can submit any of my existing forms and updates are saved without any exceptions being raised.
Aucun commentaire:
Enregistrer un commentaire