Rails 7 provides context when logging unpermitted parameters
source link: https://blog.saeloun.com/2021/06/16/rails-7-provides-context-when-logging-unpermitted-parameters
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Rails 7 expands the payload of unpermitted_parameters.action_controller
to allow
developers to know which controller and action received the unpermitted parameters.
Before
In the earlier version of Rails, if unpermitted parameters are found in a request then the logs only provide information about the unpermitted keys and do not provide enough information for developers to understand which controller and action received the unpermitted parameters.
Consider the following code,
where we have a User
with the name
, email
, and role
attributes and,
we permit only name
and email
attributes.
request_params = { user: { name: "Francesco", email: "[email protected]", role: "admin" } }
params = ActionController::Parameters.new(request_params)
params.permit(user: [:name, :email])
# Unpermitted parameter: :role
We can see that the log only provided the information about the unpermitted key and not any information regarding the controller and action which received the unpermitted parameters.
After
Rails 7 allows callers to specify a context
with the controller
, action
, request
, and param
keys
and this context
is included in the logging payload.
It modifies the ActionController::Parameters
to accept context
as a parameter.
context = { controller: self.class.name, action: action_name }
request_params = { user: { name: "Francesco", email: "[email protected]", role: "admin" } }
params = ActionController::Parameters.new(request_params, context)
params.permit(user: [:name, :email])
# Unpermitted parameter: :role. Context: { controller: UsersController, action: create }
We can see that along with the unpermitted parameter,
context
is also logged containing the controller
and action keys.
In case of no context, an empty context will be included in
the payload.
request_params = { user: { name: "Francesco", email: "[email protected]", role: "admin" } }
params = ActionController::Parameters.new(request_params)
params.permit(user: [:name, :email])
# Unpermitted parameter: :role. Context: { }
Note: This change expects the caller to provide logging context.
To know more about this change, refer to this PR.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK