When enforcing canonical URLs, sometimes I find myself wanting to perform a redirect while retaining most of the params. It’s tempting to use params.merge to build the redirect in this case, but this is risky from a security standpoint. In this article I’ll explain how to perform redirects like these safely in Rails 7. https://mattbrictson.com/blog/safe-rails-redirects