Rails 4 Notes: Difference between revisions
Jump to navigation
Jump to search
| Line 17: | Line 17: | ||
=== Strong parameters === | === Strong parameters === | ||
Makes Action Controller parameters forbidden to be used in Active Model mass assignment until they have been whitelisted. | |||
http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html | http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html | ||
Revision as of 22:34, 23 July 2014
Lessons that I've learned before
<%= form_for ... %>instead of<% form_for ... %>- Chrome won't let you POST a form to local test instance, only GET. Firefox is OK.
New lessons
Routes
Routes need to be explicit (like a white list) to enhance security.
get 'tasks' => 'task#index' get 'publications' => 'root#publications' get 'tasks/download_request' => 'task#download_request' post 'tasks/download_request' => 'task#download_request'
Can also use resources.
Strong parameters
Makes Action Controller parameters forbidden to be used in Active Model mass assignment until they have been whitelisted. http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html
jQuery
rails generate jquery:install
asset pipeline
add this to get javascript:
<%= javascript_include_tag "application" %>