Complete the code to enable strong parameters in a Rails controller.
def user_params params.require(:user).[1](:name, :email, :password) end
fetch instead of permit causes errors.The permit method specifies which parameters are allowed for mass assignment, protecting against unwanted data changes.
Complete the code to protect against Cross-Site Request Forgery (CSRF) attacks in a Rails controller.
class ApplicationController < ActionController::Base [1] end
The protect_from_forgery with: :exception line enables CSRF protection by raising an exception on unverified requests.
Fix the error in the code to safely escape user input in a Rails view.
<%= [1] %>raw or html_safe can cause XSS vulnerabilities.The sanitize helper cleans user input to prevent injection of harmful HTML or scripts.
Fill both blanks to configure secure cookies in Rails.
Rails.application.config.session_store :cookie_store, key: '_app_session', secure: [1], httponly: [2]
secure or httponly to false weakens security.Setting secure: true ensures cookies are sent only over HTTPS. httponly: true prevents JavaScript access to cookies, improving security.
Fill all three blanks to implement Content Security Policy (CSP) headers in Rails.
Rails.application.config.content_security_policy do |policy| policy.default_src [1] policy.script_src [2] policy.style_src [3] end
['none'] blocks all content and breaks the app.'unsafe-inline' scripts is risky but sometimes needed for styles.The CSP configuration restricts sources for content. default_src ['self'] allows content only from the same origin. script_src ['https://trusted.cdn.com'] allows scripts from a trusted CDN. style_src ['unsafe-inline'] permits inline styles when necessary.