1. Authentication
Use Devise!
2. Strong Params
Use strong parameters everywhere!
3. Slug
Use slug instead of ID (FriendlyID)
4. User https
config.force_ssl = true
5. CSRF
protect_from_forgery with: :exception in application controller
6. Active Record Exceptions
module ExceptionHandler
extend ActiveSupport::Concern
included do
rescue_from ActiveRecord::RecordNotFound do |e|
render json: { message: e.message }, status: 404
end
rescue_from ActiveRecord::RecordInvalid do |e|
render json: { message: e.message }, status: 422
end
end
end
7.
Comments
Post a Comment