ruby-on-railsformscontrollerstrong-parameters

Unpermitted parameters for form_with(:url) in Rails 5


I have:

<%= form_with url: retrieve_videos_path, local: true do |form| %>
   # some form stuff
   <%= form.submit %>
<% end %>

And when I submit it, logs signal about unpermitted parameters: Unpermitted parameters: :utf8, :authenticity_token, :commit

I guess, in forms for models these parameters are permitted by the 'require' method like:

params.require(:model).permit(:params_stuff)

But how to make the same for urls?


Solution

  • When you use :url Rails doesn't have anything to nest the forms params inside. But we can provide that with the :scope option.

    <%= form_with url: retrieve_videos_path, scope: :videos, local: true do |form| %>
       # some form stuff
       <%= form.submit %>
    <% end %>
    

    Then in your controller:

    def video_params
      params.require(:videos).permit(:params_stuff)
    end
    

    This effectively makes it so this form's params are nested inside a videos key. Once they're nested you can use the usual require..permit flow you're used to. You can avoid the need to do this by not using :url (except for external forms) and instead using the :model option with a model instance. Either way should avoid the logged warning.