In Rails 4 disable Strong Parameters by default
Solution 1
If by "disable" you mean falling back to Rails 3-style attr_accessible
lines, then yes.
Just use the protected_attributes gem.
Solution 2
Turning off attribute protection is almost always a bad idea.
With that obligatory note out of the way, here's how to turn it off:
config.action_controller.permit_all_parameters = true
Place this in config/application.rb
Solution 3
I ran into this problem where I was trying to store all the params from a webhook from Stripe.
If you want to allow all parameters for a single instance, your can call #to_hash on your params object before passing it into your initialize method.
Ex:
@my_object = MyObject.new(params[:my_object].to_hash)
Solution 4
I don't think so.
DHH comments here on this pull request to add a disable switch to strong parameters
All this is a legacy concern anyway soon as Rails 4.0 will force strong parameters on everyone and you won't be able to turn it off.
Solution 5
to stop the forbidden attributes being checked for your applications you can patch out the check ..
for example put the following code in
config/initializers/disable_strong_parameters.rb
module ActiveModel
module ForbiddenAttributesProtection
protected
def sanitize_for_mass_assignment(attributes)
attributes
end
alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
end
end
Mike Silvis
Updated on June 19, 2022Comments
-
Mike Silvis almost 2 years
Is there anyway to disable using strong params?
And I know it's a security vulnerability but I really don't need it / want it.