[2.x] Feat: Add strict model serialization #630
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With Inertia it's rather common to make a response like the following:
However, without proper serialization guards this can be quite dangerous, since it's easy to send more data to the frontend than needed. Inertia has no safeguards against this and it would be impossible for Inertia prevent any secret data to be shared with the frontend. However, we can inspect the type of data that is sent to the frontend.
For this reason I propose a
Inertia::strictModels()
method, inspired by Laravel'sModel::shouldBeStrict()
(https://laravel.com/api/11.x/Illuminate/Database/Eloquent/Model.html#method_shouldBeStrict). This should be called in a service provider by the developer. Then when it is enabled a fairly basic check is performed;hidden
orvisible
property is filledI always use Eloquent's API resources or Spatie's Laravel Data for data that's sent to the frontend, with this it would be easier to enforce this in projects.