Rails 7 expands the payload of
unpermitted_parameters.action_controller to allow
developers to know which controller and action received the unpermitted parameters.
In the earlier version of Rails, if unpermitted parameters are found in a request then the logs only provide information about the unpermitted keys and do not provide enough information for developers to understand which controller and action received the unpermitted parameters.
Consider the following code,
where we have a
User with the
role attributes and,
we permit only
We can see that the log only provided the information about the unpermitted key and not any information regarding the controller and action which received the unpermitted parameters.
Rails 7 allows callers to specify a
context with the
context is included in the logging payload.
It modifies the
ActionController::Parameters to accept
context as a parameter.
We can see that along with the unpermitted parameter,
context is also logged containing the controller
and action keys.
In case of no context, an empty context will be included in
Note: This change expects the caller to provide logging context.
To know more about this change, refer to this PR.