Ignore internal parameters from Rails forms

[mwnciau]

Currently when using typed_params with the built in Rails form helpers, an error occurs because the helper implicitly adds an "authenticity_token" to the form.

I don't know if there's a way to handle this better, but my current workaround is to override the typed_params method and set strict to false, which isn't ideal.

[mwnciau]

This is a slightly less awful approach than just disabling strict mode. This is in my application controller:

  def self.typed_params(*)
    super

    typed_handlers.deferred.last.schema.param :authenticity_token, type: :string, optional: true
  end

[mwnciau]

Similar issue with the _method parameter that allows you to use non-HTML friendly HTTP verbs like PATCH

[ezekg]

Happy to accept a PR that either accomplishes this TODO, or adds a parameter filter config to globally filter params:

typed_params/lib/typed_params/controller.rb

Lines 28 to 31 in 3f7f501

	# TODO(ezekg) Add a config here that accepts a block, similar to a Rack app
	# so that users can define their own parameter source. E.g.
	# using and parsing request.body can allow array roots.
	params = paramz.call(value: request.request_parameters.deep_symbolize_keys)