Use the hashie-forbideen_attributes gem

This gem prevents Mash from responding to :permitted?, disabling mass assignment protection for the Grape API
author: andrew brown <aebrownz11@gmail.com> 2017-04-09 12:41:23 -0700
committer: andrew brown <aebrownz11@gmail.com> 2017-04-09 12:56:46 -0700
commit: 8559a900641806b54a78737679060099e34b2baa (patch)
tree: 30b72c6f46d5da8b58bab11930a8e125a468f4e8 /Gemfile
parent: 5e1a802b15af4ba991f9ed85a691f1a925cc0edf (diff)
download: gitlab-ce-8559a900641806b54a78737679060099e34b2baa.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/Gemfile b/Gemfile
index d4b2ade4243..ad8db206da6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -73,6 +73,9 @@ gem 'grape', '~> 0.19.0'
 gem 'grape-entity', '~> 0.6.0'
 gem 'rack-cors', '~> 0.4.0', require: 'rack/cors'
 
+# Disable strong_params so that Mash does not respond to :permitted?
+gem 'hashie-forbidden_attributes'
+
 # Pagination
 gem 'kaminari', '~> 0.17.0'
author	andrew brown <aebrownz11@gmail.com>	2017-04-09 12:41:23 -0700
committer	andrew brown <aebrownz11@gmail.com>	2017-04-09 12:56:46 -0700
commit	8559a900641806b54a78737679060099e34b2baa (patch)
tree	30b72c6f46d5da8b58bab11930a8e125a468f4e8 /Gemfile
parent	5e1a802b15af4ba991f9ed85a691f1a925cc0edf (diff)
download	gitlab-ce-8559a900641806b54a78737679060099e34b2baa.tar.gz