aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
diff options
context:
space:
mode:
authorKevin Deisz <kevin.deisz@gmail.com>2018-08-27 09:30:05 -0400
committerKevin Deisz <kevin.deisz@gmail.com>2018-08-27 09:51:46 -0400
commit7c9751d7fe3aec1e67004d1bb5e4a1702fcacafb (patch)
treef67885f8ceeee2b867a451afcab6a145425dcadb /actionpack/lib/action_dispatch/http
parent0efecd913c07104e8fba82d5044c1ad824af68d5 (diff)
downloadrails-7c9751d7fe3aec1e67004d1bb5e4a1702fcacafb.tar.gz
rails-7c9751d7fe3aec1e67004d1bb5e4a1702fcacafb.tar.bz2
rails-7c9751d7fe3aec1e67004d1bb5e4a1702fcacafb.zip
Permit list usage cleanup and clearer documentation
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
-rw-r--r--actionpack/lib/action_dispatch/http/mime_negotiation.rb5
1 files changed, 1 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index 580f5fe41a..be129965d1 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -85,10 +85,7 @@ module ActionDispatch
if variant.all? { |v| v.is_a?(Symbol) }
@variant = ActiveSupport::ArrayInquirer.new(variant)
else
- raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols. " \
- "For security reasons, never directly set the variant to a user-provided value, " \
- "like params[:variant].to_sym. Check user-provided value against a permitted list first, " \
- "then set the variant: request.variant = :tablet if params[:variant] == 'tablet'"
+ raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols."
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-11 16:35:48 +0000