Strong parameters crash on string input - how do you handle that?

Everywhere we see the example of:

params.require(:user).permit!(:name, :email)

Now, this works great and if someone passes for instance

{ user: {} }

it will raise ActionController::ParameterMissing which is great! It’s even handled and returns 400 Bad Request to the user.

However, if one passes { user: "wat" } the app crashes with no method permit for string and a sad 500 error is returned to the user…which is a bit weird, since it’s really a Bad Request.

I found this GH issue that talks about this issue:

It seems like it’s not regarded an issue and should be handled in your app. Since this style is repeated everywhere in the docs I believe most Rails apps out there can be made to throw up 500 errors left and right - which is unfortunate!

Oh well! It is what it is… :slight_smile:

Now… how do all of you handle this issue?

  • Do you ignore it?
  • Do you check the return value of require(...) everywhere?
  • Monkey patch the String class to add permit(*) and raise appropriately? :smiley:
  • Monkey patch ActionController::Parameters?
  • Some other prettier solution?

There also is a newer issue: