Rails 7 provides context when logging unpermitted parameters

Jun 16, 2021
authorImg Apoorv Tiwari
authorImg Apoorv Tiwari

Apoorv is a Ruby on Rails and React Developer.

 1 minute read

Rails 7 expands the payload of unpermitted_parameters.action_controller to allow developers to know which controller and action received the unpermitted parameters.

Before

In the earlier version of Rails, if unpermitted parameters are found in a request then the logs only provide information about the unpermitted keys and do not provide enough information for developers to understand which controller and action received the unpermitted parameters.

Consider the following code, where we have a User with the name, email, and role attributes and, we permit only name and email attributes.

request_params = { user: { name: "Francesco", email: "fransceso@example.com", role: "admin" } }

params = ActionController::Parameters.new(request_params)
params.permit(user: [:name, :email])

# Unpermitted parameter: :role

We can see that the log only provided the information about the unpermitted key and not any information regarding the controller and action which received the unpermitted parameters.

After

Rails 7 allows callers to specify a context with the controller, action, request, and param keys and this context is included in the logging payload.

It modifies the ActionController::Parameters to accept context as a parameter.

context = { controller: self.class.name, action: action_name }
request_params = { user: { name: "Francesco", email: "fransceso@example.com", role: "admin" } }

params = ActionController::Parameters.new(request_params, context)
params.permit(user: [:name, :email])

# Unpermitted parameter: :role. Context: { controller: UsersController, action: create }

We can see that along with the unpermitted parameter, context is also logged containing the controller and action keys. In case of no context, an empty context will be included in the payload.

request_params = { user: { name: "Francesco", email: "fransceso@example.com", role: "admin" } }

params = ActionController::Parameters.new(request_params)
params.permit(user: [:name, :email])

# Unpermitted parameter: :role. Context: { }

Note: This change expects the caller to provide logging context.

To know more about this change, refer to this PR.

Need help on your Ruby on Rails or React project?

BOOK A CALL

If you enjoyed this post, you might also like:

Integrate OpenAI API in Ruby applications

May 22, 2023

Rails 6 - Action Mailbox tryout

November 11, 2019

Rails "ActionController::Parameters.to_h" can now receive a block

September 1, 2022

Join Our Newsletter