Rails 5.1 Routes: dynamic :action parameters

Question

Rails 5.0.0.beta4 introduced a deprecation warning on routes containing dynamic :action and :controller segments:

DEPRECATION WARNING: Using a dynamic :action segment in a route is deprecated and will be removed in Rails 5.1. 

The commit message from this PR states:

Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.

How would you go about "whitelisting" a set of action parameters? I have the following in my routes file, which are raising the deprecation warning:

namespace :integrations do
  get 'stripe(/:action)', controller: 'stripe', as: "stripe"
  post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end

Answer 1

Though it's a bit cumbersome, the best approach seems to be to explicitly define the routes:

namespace :integrations do
  namespace 'stripe' do
    %w(auth webhook activate).each do |action|
      get action, action: action
    end
  end
  post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end

Answer 2

Is not the same case as you, but I did this:

class PagesController < ApplicationController
  def index
    render params[:path]
  end
end

Routes:

get ':path', to: 'pages#index'

I suppose if I want a nested path I will use *:

get '*path', to: 'pages#index'