ActionController::Parameters
Action Controller Parameters Allows you to choose which attributes should be whitelisted for mass updating and thus prevent accidentally exposing that which shouldn't be exposed. Provides two methods for this purpose: require and permit. The former is used to mark parameters as required. The latter is used to set the parameter as permitted and limit which attributes should be allowed for mass upda
【Rails】パラメータからcreateするときにはまったところメモ - Qiita
class UserController < ApplicationController def new 省略 end def create user = User.create(params[:user]) end end なんとなく通りそうな気がしますが、実際はActiveModel::ForbiddenAttributesErrorというエラーが吐かれます。 このエラーはGoo●le先生などに聞くと簡単に教えてもらえるのですが、Rails4のコア機能であるStrong Parametersの仕様による「検証通ってないよー」というエラーだそうです。 詳しくはTECHSCORE BLOGのRails4 の Strong Parameters でリクエストパラメータを検証するなどを参照して下さい。 ということで、書き直したのがこちら。
ActionController::API (Ruby on Rails edge)
API Controller is a lightweight version of ActionController::Base, created for applications that don’t require all functionalities that a complete Rails controller provides, allowing you to create controllers with just the features that you need for API only applications. An API Controller is different from a normal controller in the sense that by default it doesn’t include a number of features th
Ruby on Rails 脆弱性解説 - CVE-2016-2098
はじめに 先日、HASHコンサルティング株式会社の徳丸浩氏のブログにて CVE-2016-2098 の解説記事が公開されました。 Ruby on Railsの潜在的なリモートスクリプトインジェクション脆弱性CVE-2016-2098 記事の元になったのは GitHub で公開された CVE-2016-2098 の PoC です。 GitHub - hderms/dh-CVE_2016_2098: Proof of concept showing how CVE-2016-2098 leads to remote code execution この PoC(dh-CVE_2016_2098) には不可解な点が見受けられました。(現在質問中、未回答) dh-CVE_2016_2098 と CVE-2016-2098 に関して調査を行い、以下の結論に至りました。 dh-CVE_2016_2098
Rails: Undefined method `flash' for ActionDispatch::Request
I'm trying to write an Ember application in Rails 4, and have decided to go with rails-api for the api controllers, while keeping the application controller intact for a few pages that aren't part of the single-page app. To put it in more concrete terms, here are my controllers: app/controllers/application_controller.rb: class ApplicationController < ActionController::Base protect_from_forgery end
Building a tested, documented and versioned JSON API using Rails 4 - Emil Soman's blog
Coder at Codemancers, Bangalore. GardenCityRubyConf organizer. Works with Ruby, JS, C++, AWS, Chef and Vim. Plays the guitar and sketches other times. Goals Use the leaner rails-api. This removes a lot of stuff Rails that you don't need for an API. This ensures that the API works for non-browser clients which do not support cookies. Also, there is no "View" layer that renders an HTML view for ever
ActionController::Redirecting
redirect_back(fallback_location:, allow_other_host: _allow_other_host, **args) Link Soft deprecated alias for redirect_back_or_to where the fallback_location location is supplied as a keyword argument instead of the first positional argument. # File actionpack/lib/action_controller/metal/redirecting.rb, line 121 def redirect_back(fallback_location:, allow_other_host: _allow_other_host, **args) red
ActionController::HttpAuthentication::Token
Ruby on Rails 7.1.3.4 Module ActionController::HttpAuthentication::Token actionpack/lib/action_controller/metal/http_authentication.rb HTTP Token authentication Simple Token example class PostsController < ApplicationController TOKEN = "secret" before_action :authenticate, except: [ :index ] def index render plain: "Everyone can see me!" end def edit render plain: "I'm only accessible if you know
ActionController::ConditionalGet
Sets the Cache-Control header, overwriting existing directives. This method will also ensure an HTTP Date header for client compatibility. Defaults to issuing the private directive, so that intermediate caches must not cache the response. Options :public If true, replaces the default private directive with the public directive. :must_revalidate If true, adds the must-revalidate directive. :stale_w
Action Controller Overview — Ruby on Rails Guides
In this guide, you will learn how controllers work and how they fit into the request cycle in your application. After reading this guide, you will know how to: Follow the flow of a request through a controller. Restrict parameters passed to your controller. Store data in the session or cookies, and why. Work with action callbacks to execute code during request processing. Use Action Controller's b
Tips For Writing Your Own Rails Engine
While converting Clearance to a Rails engine was easy, once we were there, we found it wasn’t Valhalla. We fixed the bugs while using the engine internally on a few apps. Here are the lessons we learned. Keep them in mind if you’re thinking of writing your own engine. Routes precedence As developers, we want routes in our app to take precedence over routes in the engine. That is not the default be
Railsのコントローラーの責務を意識する - ppworks.jp
「Railsのコントローラーの仕事は何か? - スモールスタート」という記事がRailsのコントローラーを設計する際のとても良い指針となっているので、ちょくちょく参考にさせて頂いております。ここからさらに考えたことをまとめてみます。 Railsのコントローラーの責務を意識することが大事です。あくまでもよいコントローラーとなっているかは、URLで表されるリソースに対して、コントローラーのアクションの責務が明確であるか です。 scaffoldで考える scaffoldを作ってみましょう。 rails g scaffold post title content:text 以下の様なコントローラーが出来上がります。 class PostsController < ApplicationController before_action :set_post, only: [:show, :edit,
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
ActionController::StatusCodes - APIdock
Automating a redirect_to / flash cleanup ·
Episode 36 - ActionController::Renderer | Drifting Ruby
undefined method `dig' for {}:ActionController::Parameters · Issue #23104 · rails/rails
Remove ActionController::TestCase from documentation · rails/rails@4414c5d
ITトレメ Rails 3 技術者認定ブロンズ試験 - @IT自分戦略研究所
ITトレメ Rails 3 技術者認定ブロンズ試験 - @IT自分戦略研究所
ITトレメ Rails 3 技術者認定ブロンズ試験 - @IT自分戦略研究所