2 files changed, 9 insertions, 0 deletions

diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb
index f4f2381286..a678377d4f 100644
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -112,6 +112,14 @@ module ActionController
               else
                 self.include = m.attribute_names
               end
+
+              if m.respond_to?(:nested_attributes_options) && m.nested_attributes_options.keys.any?
+                self.include += m.nested_attributes_options.keys.map do |key|
+                  key.to_s.concat("_attributes")
+                end
+              end
+
+              self.include
             end
           end
         end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index d6cd5fd9e0..bd133f24a1 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -248,6 +248,7 @@ module ActionController #:nodoc:
         "If you know what you're doing, go ahead and disable forgery " \
         "protection on this action to permit cross-origin JavaScript embedding."
       private_constant :CROSS_ORIGIN_JAVASCRIPT_WARNING
+      # :startdoc:
 
       # If `verify_authenticity_token` was run (indicating that we have
       # forgery protection enabled for this request) then also verify that