anti-destin
Reputation: 869
Ruby on Rails: found unpermitted parameters: _method, authenticity_token
I used this guide as a starting point for creating a messaging system from scratch.
Everything worked fine. But for some reason, whenever I now try to create a new conversation by clicking in my view the following link
<%= link_to 'Message me', conversations_path(sender_id: current_user.id, recipient_id: @user.id), class: 'btn btn-primary', method: :post %>
I encounter the error:
found unpermitted parameters: _method, authenticity_token
Here are the params:
{"_method"=>"post", "authenticity_token"=>"BL2XeA6BSjYliU2/rbdZiSnOj1N5/VMRhRIgN8LEXYPyWfxyiBM1SjYPofq7qO4+aqMhgojvnYyDyeLTcerrSQ==", "recipient_id"=>"1", "sender_id"=>"30", "controller"=>"conversations", "action"=>"create"}
I am directed to the params.permit line in my controller:
class ConversationsController < ApplicationController
before_action :authenticate_user!
# GET /conversations
# GET /conversations.json
def index
@users = User.all
# Restrict to conversations with at least one message and sort by last updated
@conversations = Conversation.joins(:messages).uniq.order('updated_at DESC')
end
# POST /conversations
# POST /conversations.json
def create
if Conversation.between(params[:sender_id], params[:recipient_id]).present?
@conversation = Conversation.between(params[:sender_id], params[:recipient_id]).first
else
@conversation = Conversation.create!(conversation_params)
end
redirect_to conversation_messages_path(@conversation)
end
private
# Use callbacks to share common setup or constraints between actions.
def conversation_params
params.permit(:sender_id, :recipient_id)
end
end
Strangely, I did not have this issue before, and I have not made any changes. What might the issue be?
Upvotes: 8
Views: 8759
Answers (1)
IngoAlbers
Reputation: 5802
Your params should probably be defined like this:
def conversation_params
params.require(:conversation).permit(:sender_id, :recipient_id)
end
This should make sure that the other hidden parameters that are generated by the form automatically are not being blocked.
Upvotes: 3
Related Questions
- verify_authenticity_token has not been defined
- Ruby 2.6.0 Invalid authenticity token
- Ruby Application Helper Invalid Authenticity Token
- found unpermitted parameters: utf8, authenticity_token only for update method
- authenticate_with_http_token method not found
- Unpermitted parameters: :utf8, :authenticity_token - Rails 5.2 form_with
- Rails POST Request Invalid Token Authority
- Invalid authenticity token in Rails
- Ruby on Rails config.secret_token error
- Why is Rails the authenticity token the only param that my app is passing?