In Rails 4 disable Strong Parameters by default

ruby-on-rails ruby-on-rails-4 strong-parameters
Mike Silvis picture Mike Silvis · Aug 7, 2013 · Viewed 12.1k times · Source

Is there anyway to disable using strong params?

And I know it's a security vulnerability but I really don't need it / want it.

Answer

iain picture iain · Sep 11, 2013

Turning off attribute protection is almost always a bad idea.

With that obligatory note out of the way, here's how to turn it off:

config.action_controller.permit_all_parameters = true

Place this in config/application.rb

Related questions

Rails 4 - Strong Parameters - Nested Objects

I've got a pretty simple question. But haven't found a solution so far. So here's the JSON string I send to the server: { "name" : "abc", "groundtruth" : { "type" : "Point", "coordinates" : [ 2.4, 6 ] } } Using the new permit method, I've got: params.require(:measurement).permit(:…

Read More
Forbidden Attributes Error in Rails 4 when encountering a situation where one would have used attr_accessible in earlier versions of Rails

With the recent upgrade to Rails 4, updating attributes using code resembling the below does not work, I get a ActiveModel::ForbiddenAttributes error: @user.update_attributes(params[:user], :as => :admin) Where User has the following attr_accessible line in the …

Read More
Rails 4.0 Strong Parameters nested attributes with a key that points to a hash

I was playing around with Rails 4.x beta and trying to get nested attributes working with carrierwave. Not sure if what I'm doing is the right direction. After searching around, and then eventually looking at the rails source and strong …

Read More