strong parameters permit all attributes for nested attributes
The only situation I have encountered where permitting arbitrary keys in a nested params hash seems reasonable to me is when writing to a serialized column. I’ve managed to handle it like this: class Post serialize :options, JSON end class PostsController < ApplicationController … def post_params all_options = params.require(:post)[:options].try(:permit!) params.require(:post).permit(:title).merge(:options => all_options) end end try … Read more