6
deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)

I tried what the message says, adding gem 'strong_parameters' to my Gemfile.

But when I do rails s I get the error above.

Update

I tried:

config.active_record.whitelist_attributes = true

in confgi/application.rb, also with false, but actually I don't understand that option.

sites
  • 21,417
  • 17
  • 87
  • 146

2 Answers2

6

attr_accessible and attr_protected have been pulled out of Rails 4 and extracted into protected_attributes. Bundle that into your app and then you should be able to use them again.

That being said, it's recommended that you use strong_parameters instead of attr_accessible these days, so eventually you'll want to migrate to that.

Chris Schmitz
  • 8,097
  • 6
  • 31
  • 41
  • Thanks, How to bundle that into my app? I have protected_attributes in my Gemfile. – sites Jul 29 '13 at 14:58
  • Just run `bundle install` from the command line and you should be good to go! – Chris Schmitz Jul 29 '13 at 18:06
  • Did you remove `strong_parameters` and set `whitelist_attributes` to `true` again? You should just need to include it and if your app was working with Rails 3 you should have everything you need for mass assignment protection. – Chris Schmitz Jul 29 '13 at 21:33
  • I don't have strong parameters anywhere since I am in Rails 3, are they in some place in a Rails 3 app? I tried with `whitelist_attributes ` true and false, same problem. – sites Jul 29 '13 at 21:57
  • If you are still running Rails 3 you shouldn't need to add the protected attributes gem because that is part of Rails 3. You'll only need that gem if you are trying to migrate your app to Rails 4. Strong parameters is part of Rails 4 only, so you shouldn't have that in your app unless it's bundled in. – Chris Schmitz Jul 29 '13 at 22:10
  • I have `gem 'rails', '4.0.0'` bundled. – sites Jul 30 '13 at 03:07
4

In your Gemfile you will notice that gem 'protected_attributes' has been hashed out. Remove the hash. Run bundle install.

But since protected_attributes has been deprecated and may disappear in the future use strong_parameters as mentioned in the above post.

For more info on strong_parameters refer this link.

Shine Cardozo
  • 489
  • 5
  • 16