Resource Loader gets ignored with Whitespace-Only ID in URL (e.g., "\n")

[Federico-G]

Steps to reproduce

When requesting a URL with all whitespaces as the ID (e.g., https://{site}/%A0), the method controller_resource_loader.rb#load_resource_instance fails to call find_resource because the id_param is nil. Consequently the 404 resource isn't invoked and the program continues with the @model set to nil

cancancan/lib/cancan/controller_resource_loader.rb

Lines 106 to 112 in a1e9a08

	def load_resource_instance
	if !parent? && new_actions.include?(@params[:action].to_sym)
	build_resource
	elsif id_param || @options[:singleton]
	find_resource
	end
	end

The reason for id_param being nil is that @params[id_param_key].present? evaluates to false when the string value consists only
of whitespaces ("\n" in this example)

cancancan/lib/cancan/controller_resource_finder.rb

Lines 30 to 32 in a1e9a08

	def id_param
	@params[id_param_key].to_s if @params[id_param_key].present?
	end

I believe a potential solution could involve modifying the id_param method to return nil only if @params[id_param_key] is empty:

@params[id_param_key].to_s unless @params[id_param_key].empty?

Expected behavior

Eventually, a 404 resource

Actual behavior

The program goes on with the model nil

System configuration

Rails version: 6.1.5

Ruby version: 3.1

CanCanCan version
3.3 but tested in 3.5 (latest)

[coorasse]

Sounds legit to me. Please open a PR 👍