diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG.md | 2 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 14 |
2 files changed, 9 insertions, 7 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index c5007828c2..197d673fa1 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -348,7 +348,7 @@ * Make current object and counter (when it applies) variables accessible when rendering templates with :object / :collection. *Carlos Antonio da Silva* -* JSONP now uses mimetype application/javascript instead of application/json. *omjokine* +* JSONP now uses mimetype text/javascript instead of application/json. *omjokine* * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki* diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 24768b23a8..55cc62a15e 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -271,9 +271,9 @@ module ActionController # == Strong Parameters # - # It provides an interface for proctecting attributes from end-user - # assignment. This makes Action Controller parameters are forbidden - # to be used in Active Model mass assignmets until they have been + # It provides an interface for protecting attributes from end-user + # assignment. This makes Action Controller parameters forbidden + # to be used in Active Model mass assignment until they have been # whitelisted. # # In addition, parameters can be marked as required and flow through a @@ -281,10 +281,12 @@ module ActionController # effort. # # class PeopleController < ActionController::Base - # # This will raise an ActiveModel::ForbiddenAttributes exception because - # # it's using mass assignment without an explicit permit step. + # # Using "Person.create(params[:person])" would raise an + # # ActiveModel::ForbiddenAttributes exception because it'd + # # be using mass assignment without an explicit permit step. + # # This is the recommended form: # def create - # Person.create(params[:person]) + # Person.create(person_params) # end # # # This will pass with flying colors as long as there's a person key in the |