diff --git a/app/controllers/follows_controller.rb b/app/controllers/follows_controller.rb
index 325b38fb3..1d5d3d331 100644
--- a/app/controllers/follows_controller.rb
+++ b/app/controllers/follows_controller.rb
@@ -3,7 +3,7 @@ class FollowsController < ApplicationController
   load_and_authorize_resource
 
   def create
-    @follow = Follow.create!(user: current_user, followable: find_followable)
+    @follow = current_user.follows.create!(follow_params)
     flash.now[:notice] = t("shared.followable.#{followable_translation_key(@follow.followable)}.create.notice")
     render :refresh_follow_button
   end
@@ -17,8 +17,8 @@ class FollowsController < ApplicationController
 
   private
 
-    def find_followable
-      params[:followable_type].constantize.find(params[:followable_id])
+    def follow_params
+      params.permit(:followable_type, :followable_id)
     end
 
     def followable_translation_key(followable)
diff --git a/app/models/follow.rb b/app/models/follow.rb
index 8062ffecc..f67adcefd 100644
--- a/app/models/follow.rb
+++ b/app/models/follow.rb
@@ -3,6 +3,5 @@ class Follow < ApplicationRecord
   belongs_to :followable, polymorphic: true
 
   validates :user_id, presence: true
-  validates :followable_id, presence: true
-  validates :followable_type, presence: true
+  validates :followable, presence: true
 end
diff --git a/spec/models/follow_spec.rb b/spec/models/follow_spec.rb
index 60dbfe288..feaa2e8cd 100644
--- a/spec/models/follow_spec.rb
+++ b/spec/models/follow_spec.rb
@@ -21,4 +21,16 @@ describe Follow do
     follow.followable_type = nil
     expect(follow).not_to be_valid
   end
+
+  it "is not valid with an invalid followable_type" do
+    follow.followable_type = "NotARealModel"
+
+    expect { follow.valid? }.to raise_exception "uninitialized constant NotARealModel"
+  end
+
+  it "is not valid with the ID of a non-existent record" do
+    follow.followable_id = Proposal.last.id + 1
+
+    expect(follow).not_to be_valid
+  end
 end