Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rails params.to_unsafe_h has side effects #799

Closed
rpechayr opened this issue Nov 27, 2017 · 6 comments
Closed

Rails params.to_unsafe_h has side effects #799

rpechayr opened this issue Nov 27, 2017 · 6 comments
Labels
documentation needs-repro wontfix
Projects
3.x

Comments

@rpechayr
Copy link

Hello, we recently migrated to sentry using this gem. We basically followed this guide here:

https://github.com/getsentry/raven-ruby/blob/master/docs/integrations/rails.rst

We then ran into a big issue when going to production. It turned out this was because calling params.to_unsafe_h actually mutates the params object, and we ended up having sub-params to be ActionController::Params instead of ActiveSupport::HashWithIndifferentAccess. This created a big bunch of ActiveModel::ForbiddenAttributesError in Sentry.

We'll probably use params.dup.to_unsafe_h instead.
@nateberkopec
Copy link
Contributor

@rpechayr Can you write out some code that shows the behavior you're describing? I'm not sure I understand your example, specifically this part:

we ended up having sub-params to be ActionController::Params instead of ActiveSupport::HashWithIndifferentAccess

Example:

foo = ActionController::Parameters.new("foo"=>{"bar"=>["baz"]})
foo["foo"].class # ActionController::Parameters
qux = foo.to_unsafe_h
foo.object_id # 70115534341460
qux.object_id # 70115528299700
foo.class # ActionController::Parameters
foo["foo"].class # ActionController::Parameters
qux.class # ActiveSupport::HashWithIndifferentAccess

@rpechayr
Copy link
Author

Sure @nateberkopec ! Here is some code :

foo = ActionController::Parameters.new({"param1"=>"", "elements"=>{"0"=>{"parent_id"=>"596dc5da45a800001e0012b4", "key"=>"0"}}})
foo[:elements].values.first.class #ActiveSupport::HashWithIndifferentAccess
foo.to_unsafe_h
foo[:elements].values.first.class # ActionController::Parameters

Of course this example is slightly different from yours ...

Honestly, I would say it's a bug in ActiveSupport itself, but I've never discovered such a thing myself :). What I am sure of is that I can see a way to tweak your documentation in order to work around this behaviour.

BTW, since I wrote the original issue, I shipped the params.dup.to_unsafe_h hack to production and so far so good.

@nateberkopec
Copy link
Contributor

What Rails version are you using? On Rails 5.1.4 I get ActiveSupport::HashWithIndifferentAccess:

irb(main):012:0> foo.to_unsafe_h
=> {"param1"=>"", "elements"=>{"0"=>{"parent_id"=>"596dc5da45a800001e0012b4", "key"=>"0"}}}
irb(main):013:0> foo[:elements].values.first.class
=> ActiveSupport::HashWithIndifferentAccess

@rpechayr
Copy link
Author

Oh ! I'm using rails 4.2.7.1

@kul1
Copy link

kul1 commented May 1, 2018

I have same issue using Rails 5.1.6

@st0012 st0012 added this to Needs triage in 3.x Aug 28, 2020
@st0012 st0012 added the wontfix label Mar 14, 2021
@st0012
Copy link
Collaborator

st0012 commented Apr 28, 2021

The new SDK's doc doesn't encourage such usage anymore, so closing now.

@st0012 st0012 closed this as completed Apr 28, 2021
3.x automation moved this from Needs triage to Closed Apr 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation needs-repro wontfix
Projects
3.x
  
Closed
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rpechayr @nateberkopec @kul1 @st0012