You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The section states that the controller knows too much about the model. I understand this as "it knows that the parameters include :title and :body". For this reason, we just copy the entire params hash into the @Article, without worrying about its content.
However, for security reasons, :title and :body must be permitted explicitly. In my eyes, the controller still knows about these parameters, even though permission is "hidden away" in a separate class. So, the controller remains fragile.
In short, I am unconvinced by the "fragile controllers" argument made in this section. Why don't we just copy :title and :body explicitly.
The text was updated successfully, but these errors were encountered:
The section states that the controller knows too much about the model. I understand this as "it knows that the parameters include :title and :body". For this reason, we just copy the entire params hash into the @Article, without worrying about its content.
However, for security reasons, :title and :body must be permitted explicitly. In my eyes, the controller still knows about these parameters, even though permission is "hidden away" in a separate class. So, the controller remains fragile.
In short, I am unconvinced by the "fragile controllers" argument made in this section. Why don't we just copy :title and :body explicitly.
The text was updated successfully, but these errors were encountered: