From 95e9de577752a71ed8804ecc5fcd314bca47adee Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 29 Apr 2024 11:45:58 +0200 Subject: [PATCH] Prevent accidental serialization of `Account` and `User` records (#30079) --- app/models/application_record.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 014a73997..299aad634 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -22,4 +22,10 @@ class ApplicationRecord < ActiveRecord::Base value end end + + # Prevent implicit serialization in ActiveModel::Serializer or other code paths. + # This is a hardening step to avoid accidental leaking of attributes. + def as_json + raise NotImplementedError + end end