diff options
author | Yves Senn <yves.senn@gmail.com> | 2013-11-26 14:50:44 +0100 |
---|---|---|
committer | Yves Senn <yves.senn@gmail.com> | 2013-11-26 14:50:44 +0100 |
commit | 36053ce92c7077a8061d34f938bd82c478ee44a3 (patch) | |
tree | 23aaad50d776c2a67f97ef4d767d585807c43a10 /guides/source | |
parent | c7f1bcd23b9d0d7a0fc5d79856de699c99fd8354 (diff) | |
download | rails-36053ce92c7077a8061d34f938bd82c478ee44a3.tar.gz rails-36053ce92c7077a8061d34f938bd82c478ee44a3.tar.bz2 rails-36053ce92c7077a8061d34f938bd82c478ee44a3.zip |
sync example and documentation for strong_parameters hash whitelisting.
[ci skip]
This is a follow up to #12609 and integrates #12158.
Thanks @aspiers.
Closes #12158.
Diffstat (limited to 'guides/source')
-rw-r--r-- | guides/source/action_controller_overview.md | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index de9ead78a6..4252b5ee9a 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -321,10 +321,12 @@ in mind. It is not meant as a silver bullet to handle all your whitelisting problems. However you can easily mix the API with your own code to adapt to your situation. -Imagine a scenario where you want to whitelist an attribute -containing a hash with any keys. Using strong parameters you can't -allow a hash with any keys but you can use a simple assignment to get -the job done: +Imagine a scenario where you have parameters representing a product +name and a hash of arbitrary data associated with that product, and +you want to whitelist the product name attribute but also the whole +data hash. The strong parameters API doesn't let you directly +whitelist the whole of a nested hash with any keys, but you can use +the keys of your nested hash to declare what to whitelist: ```ruby def product_params @@ -988,7 +990,7 @@ you should also note the following things: * Failing to close the response stream will leave the corresponding socket open forever. Make sure to call `close` whenever you are using a response stream. * WEBrick servers buffer all responses, and so including `ActionController::Live` - will not work. You must use a web server which does not automatically buffer + will not work. You must use a web server which does not automatically buffer responses. Log Filtering |