-
-
Save marcusvmsa/1982639 to your computer and use it in GitHub Desktop.
How to protect against mass assignment attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Put this file on config/initializer | |
| # This will create an empty whitelist of attributes available for mass assignment for | |
| # all models in your app. As such, your models will need to explicitly whitelist | |
| # accessible parameters by using an attr_accessible declaration. This technique is best | |
| # applied at the start of a new project. However, for an existing project with a thorough | |
| # set of functional tests, it should be straightforward and relatively quick to insert this | |
| # initializer, run your tests, and expose each attribute (via attr_accessible) as dictated | |
| # by your failing tests. | |
| ActiveRecord::Base.send(:attr_accessible, nil) | |
| # Delayed Job needs those methods accessible | |
| # Delayed::Job.attr_accessible :priority, :payload_object, :run_at, :locked_at, :failed_at, :locked_by |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment