Rails 4 Devise nested form can't mass-assign protected attributes -

I have a device model that has a nested form (supp_form nested object) when signing up. When I submit a form I am getting the following error:

  Warning: Large scale assigns can not be protected Features for business: supp_form_attributes, terms_of_service Applications / Controller / Businesses / registrations_controller.rb: 11: I am using nested_form gem and it seems that field data passing through my form console is going to look like following my parameters:  

/ P>

  Parameter: {"Utf8" = & gt; "✓", "Authenticity_token" = & gt; "XXX", "business" = & gt; {"Type" = & gt; "business", "supp_form_attributes" => {"Title" = & gt; "Mr.", "First_name" = & gt; "Jane", "Last_name" = & gt; "Deer", "MOBILE_PHONE_NUMBER" = & gt; "94034903", "loan_agreement_authorization" = & gt; "1", "work_phone_number" = & gt; "49,034,903", "business_industry" = & gt; "Natural Resources and Mining", "legal_structure" = & gt; "Single Ownership", "employee_count" = & gt; "5 to 10", "years_in_business" = & gt; "5 + years", "business_address" = & gt; "72th Petland Way", "business_city" => "Waterdown", "business_postal_code" = & gt; "L0r2h5", "business_province" = & gt; "Current"}  

business.rb

class business & lt; User # Association has_on: supp_form has_many: loan_applications is_ many: accept transactions # nested attributes __ nested_attributes_for: supp_form,: loan_applications # after_save after saving the action: create_account # validates validates_acceptance_of: terms_of_service validate: terms_of_service, presence: true end

supp_form.rb

  Class SuppForm & lt; ActiveRecord :: Base # associations belongs_to: Business # validates_acceptance_of Verification confirms the case: business_id ,: first_name ,: last_name ,: work_phone_number ,: business_address ,: business_postal_code ,: business_city, appearance: true end  

registraionts_controller.rb

  Class Business: Registration Controller & lt; Wise: RegistrationsController before_filter: def new build_resource update_sanitized_params ({}) resource.build_supp_form response_with self.resource end-off super resource.update_attribute (: railsid, '% 010d'% rand (10 ** 10)) end personal def update_sanitized_params devise_parameter_sanitizer .for (: sign_up) {| U | U.permit (: email,: password: password_confirmation ,: type ,: confirmed_at,: BUSINESS_NAME ,: words ,: railsid, terms_of_service, supp_form_attributes: [: business_id, title: loan_agreement_authorization, first_name, last_name,: work_phone_number ,: business_address ,: business_postal_code ,: business_city ,: BUSINESS_NAME ,: years_in_business ,: legal_structure ,: business_industry ,: employee_count ,: MOBILE_PHONE_NUMBER ,: business_province])} (resource) business_root_path finally end after_sign_up_path_for end def  

supp_forms_controller.rb

Class SuppFormsController & lt; ApplicationController before_filter: authenticate_user! DEF new @suppform = SuppForm.new (supp_form_params) end def @suppform = SuppForm.create (supp_form_params) to end private def supp_form_params params.require (: supp_form) .permit (: business_id ,: title ,: loan_agreement_authorization ,: first_name, : last_name ,: work_phone_number ,: business_address ,: business_postal_code ,: business_city ,: BUSINESS_NAME ,: years_in_business ,: legal_structure ,: business_industry ,: employee_count ,: MOBILE_PHONE_NUMBER ,: business_province) end end

You are using Rail 4 with strong parameters. And you get an error triggered by Protected Objects Gem (or Default Rail 3Ap).

With strong permatteres you can remove the safety of the protected-protected gem. And remove the configuration you have it (config.active_record.whitelist_attributes).