Neil Neil - 4 months ago 11x
Ruby Question

Why Strong Params contains permitted: false

I put in a

at the top of my controller's
action. Once at that break point, I put in
to examine the
hash. Here is what I get:

<ActionController::Parameters {"utf8"=>"✓", "_method"=>"patch", "authenticity_token"=>"123==", "foobar"=><ActionController::Parameters {"barbazz_attributes"=>{"start_date"=>"08/27/2016", "end_date"=>"08/29/2016", "id"=>"89"}, "bazz_id"=>"3", "abc_id"=>"330", "bazzbazz_attributes"=>{"0"=>{"_destroy"=>"1", "city_id"=>"1669", "id"=>"26"}, "1"=>{"city_id"=>"1681", "id"=>"27"}, "2"=>{"city_id"=>"1672"}}} permitted: false>, "cat_id"=>["1", "1", "1"], "commit"=>"Update FooBar", "controller"=>"foo_bars", "action"=>"update", "id"=>"52"} permitted: false>

I assumed
permitted: false
is there because I did not whitelist some attributes. I looked over the attributes and it appears to me that I did whitelist everything.

I am using Rails 5 if that happens to make any difference.

Question: What is an easy way to find out why the strong parameters are returning
params: false


Don't access params directly with params instead use the name you gave your permitted params, for example: foobar_params.

If foobar_params is defined:

def foobar_params
  params.require(:foobar).permit ...

The easiest way is to read the source code for ActionController::Parameter, permitted = false is the default unless you call permit! to allow all, but that defeats the purpose of strong parameters.