Trying to get a POST to return 400 bad request
I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error.
This is in Rails 4.0.2
controller methods:
def create
@cast_profile = current_user.build_cast_profile(cast_profile_params)
if @cast_profile.save
redirect_to cast_profile_path
else
render :edit
end
end
def cast_profile_params
params.require(:cast_profile).permit(:name, :email, :public)
end
If I pass the params its all fine but I'm trying to test the bad request scenario. Here's the error:
ActionController::ParameterMissing: param not found: cast_profile
I could rescue it explicitly but I thought strong parameters was supposed to do that automatically.
Answer
The behaviour is as follows:
Handling of Unpermitted Keys
By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.
Additionally, this behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised.
(source)
I would suggest rescuing from this exception with 400 status (Bad Request):
rescue_from ActionController::ParameterMissing do
render :nothing => true, :status => :bad_request
end