Trying to get a POST to return 400 bad request

Question

I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error.

This is in Rails 4.0.2

controller methods:

  def create     @cast_profile = current_user.build_cast_profile(cast_profile_params)     if @cast_profile.save       redirect_to cast_profile_path     else       render :edit     end   end    def cast_profile_params     params.require(:cast_profile).permit(:name, :email, :public)   end 

If I pass the params its all fine but I'm trying to test the bad request scenario. Here's the error:

ActionController::ParameterMissing: param not found: cast_profile 

I could rescue it explicitly but I thought strong parameters was supposed to do that automatically.

Answer 1

The behaviour is as follows:

Handling of Unpermitted Keys

By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.

Additionally, this behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised.

(source)

I would suggest rescuing from this exception with 400 status (Bad Request):

rescue_from ActionController::ParameterMissing do   render :nothing => true, :status => :bad_request end