Thanks for such a detailed response, Chris!
I recently watched the Go Rails Stripe tutorial. In it, Chris creates subscriptions like this:
def create_subscription customer = # set customer... subscription = # create subscription... # Set initial subscription information user.update( stripe_id: customer.id, card_last4: params[:last4], card_exp_month: params[:exp_month], card_exp_year: params[:exp_year], card_brand: params[:card_brand], # ... ) end
Is this a secure approach for Rails 5 since we're not using strong params? I'm initially thinking yes (since we're explicitly setting which params can be updated by
user.update) but I wanted to double-check with all of you since I'm new to Rails.