Mark M.

Joined

60 Experience
0 Lessons Completed
0 Questions Solved

Activity

Posted in Go Rails' Stripe lesson and strong params

Thanks for such a detailed response, Chris!

Posted in Go Rails' Stripe lesson and strong params

Hello,

I recently watched the Go Rails Stripe tutorial. In it, Chris creates subscriptions like this:

def create_subscription
  customer = # set customer...
  subscription = # create subscription...

  # Set initial subscription information
  user.update(
    stripe_id:      customer.id,
    card_last4:     params[:last4],
    card_exp_month: params[:exp_month],
    card_exp_year:  params[:exp_year],
    card_brand:     params[:card_brand],
    # ...
  )
end

Is this a secure approach for Rails 5 since we're not using strong params? I'm initially thinking yes (since we're explicitly setting which params can be updated by user.update) but I wanted to double-check with all of you since I'm new to Rails.

Thanks!

logo Created with Sketch.

Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

© 2020 GoRails, LLC. All rights reserved.