问题
We are upgrading from Rails 4.2.5 to 5.0.0.beta1
When testing we expected to see index views rendered with paginated links as before. But we now get an ArgumentError error page, for example:
ArgumentError in Transactions#index
/app/views/kaminari/_paginator.html.erb where line #10 raised:
<%= paginator.render do -%>
Generating an URL from non sanitized request parameters is insecure!
Application Trace | Framework Trace | Full Trace
app/views/kaminari/_paginator.html.erb:10:in block in _app_views_kaminari__paginator_html_erb___4026289994022119719_69904100316060' app/views/kaminari/_paginator.html.erb:9:in_app_views_kaminari__paginator_html_erb___4026289994022119719_69904100316060'
app/views/transactions/index.html.erb:2:in `_app_views_transactions_index_html_erb__422882858554400818_60602560'
An issue has been raised with kaminari
On further investigation here is the new Rails 5.0.0.beta1 code that now throws the error:
Adding this to config/application.rb 'fixes' it, but not a great idea:
config.action_controller.permit_all_parameters = true
Instead adding this does not fix the issue, not sure why:
config.action_controller.always_permitted_parameters = [:current_page, :page, :total_pages, :per_page, :remote, :paginator]
回答1:
This appears to be fixed in the github master branch, so for now in your gem file specify:
gem 'kaminari', :git => "git://github.com/amatsuda/kaminari.git", :branch => 'master'
来源:https://stackoverflow.com/questions/34413971/rails-5-0-0-beta1-generating-an-url-from-non-sanitized-request-parameters-is-i