Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Rails 3.2.8 Controller Only #67

ready4god2513 opened this Issue · 2 comments

3 participants


This video states that it is possible to protect the input coming in via the controller yet still be able to do mass assignment via models and specs. However, I have not seen this documented as a feature when using strong_parameters in 3.2.8.

I understand that I need to mix in ActiveModel::ForbiddenAttributesProtection into my models and set config.active_record.whitelist_attributes = false in config/application.rb. I have also pulled all of my attr_accessible calls from the model.

With or without the mixin I am getting mass assignment errors.

Can't mass-assign protected attributes: home_phone, cell_phone

Am I missing something?


Similar issue here, without attr_accessible in some of my models keep saying WARNING: Can't mass-assign protected attributes: account_id.

EDIT: Never mind, It was me, I had a pair of strays 'attr_accessible' that I forget to get rid of.


I have the same issue, using rails 3.2.12

I have set the config.active_record.whitelist_attributes = false in application.rb
but if i go into rails console and type MyApp::Application.config.active_record.whitelist_attributes it returns nil

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.