Mark M.

Joined

60 Experience
0 Lessons Completed
0 Questions Solved

Activity

Posted in Go Rails' Stripe lesson and strong params

Thanks for such a detailed response, Chris!

Posted in Go Rails' Stripe lesson and strong params

Hello,

I recently watched the Go Rails Stripe tutorial. In it, Chris creates subscriptions like this:

def create_subscription
  customer = # set customer...
  subscription = # create subscription...

  # Set initial subscription information
  user.update(
    stripe_id:      customer.id,
    card_last4:     params[:last4],
    card_exp_month: params[:exp_month],
    card_exp_year:  params[:exp_year],
    card_brand:     params[:card_brand],
    # ...
  )
end

Is this a secure approach for Rails 5 since we're not using strong params? I'm initially thinking yes (since we're explicitly setting which params can be updated by user.update) but I wanted to double-check with all of you since I'm new to Rails.

Thanks!