From 19eec522978348bcae8f733ee3dcdcffd5d4a2be Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Wed, 22 Jun 2016 14:34:30 -0400 Subject: `params.permitted?` is false by default In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+." --- actionpack/lib/action_controller/metal/strong_parameters.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionpack/lib/action_controller/metal/strong_parameters.rb') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 6b53f90c14..b326695ce2 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -106,6 +106,8 @@ module ActionController # params["key"] # => "value" class Parameters cattr_accessor :permit_all_parameters, instance_accessor: false + self.permit_all_parameters = false + cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, -- cgit v1.2.3