Disable strong options for a specific action

Question

Disable strong options for a specific action

I have a serious problem with strong parameters. It works very well in my 200 actions, but in one it’s not because I work very dynamically with the parameters, and I also can’t change it because of the design of the applications.

Therefore, I want to disable strong parameter checking only in this particular action. Is there any way to do this?

+12

ruby-on-rails ruby-on-rails-4.2 strong-parameters

davidb May 28 '15 at 14:36

source share

3 answers

Ritchie · Answer 1 · 2016-12-15T12:16:30+0000

Strong parameters override the params method in ActionController::Base . You can simply redefine it and return back to what you want.

So this is:

 class MyController < ApplicationController def params request.parameters end end

It will effectively turn off strong options for all actions in your controller. You only wanted to disable it for a specific action, although you could do it with:

 class MyController < ApplicationController before_action :use_unsafe_params, only: [:particular_action] def params @_dangerous_params || super end def particular_action # My params is unsafe end def normal_action # my params is safe end private def use_unsafe_params @_dangerous_params = request.parameters end end

max · Answer 2 · 2015-05-28T14:59:19+0000

You can use .permit! to whitelist any keys in the hash.

 params.require(:something).permit!

However, this should be seen as an extreme smell of code and a security risk.

Nested hashes can be whitelisted with this trick:

 params.require(:product).permit(:name, data: params[:product][:data].try(:keys))

Sajad torkamani · Answer 3 · 2019-07-25T09:03:45+0000

Not too sure if this is the best practice, but for Rails 5 I just use request.params instead of params when I want to skip strong params.

So instead of something like:

 post = Post.new(params[:post])

I use:

 post = Post.new(request.params[:post])

Disable strong options for a specific action

More articles: