Unpermitted parameter: format

Question

I don't understand why I'm geting these Unpermitted parameter: format messages, I'm doing a JSON request: POST "/questions/add_options.json" with these parameters Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}} and this is what I get in the terminal...

Started POST "/questions/add_options.json" for 127.0.0.1 at 2016-08-16 23:12:27 -0300
Processing by QuestionsController#add_options as JSON
  Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}}
  User Load (0.4ms)  SELECT  "login_aexa".* FROM "login_aexa" WHERE "login_aexa"."usuaex_id" = $1  ORDER BY "login_aexa"."usuaex_id" ASC LIMIT 1  [["usuaex_id", 1]]
Unpermitted parameter: format
  Question Load (0.4ms)  SELECT  "questions".* FROM "questions" WHERE "questions"."id" = $1 LIMIT 1  [["id", 551]]
Unpermitted parameter: format
   (0.2ms)  BEGIN
   (0.4ms)  SELECT COUNT(*) FROM "options" WHERE "options"."question_id" = $1  [["question_id", 551]]

In the Rails controller I use params permit to reject parameters that are not allowed, like this:

def question_add_options_params
  params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {})
end

In my opinion the format should be fine, anyone know why I'm getting those Unpermitted parameter: format messages?

EDIT:

Here's the code of the controller

class QuestionsController < ApplicationController
  before_action :set_question, only: [:show, :edit, :update, :destroy]
  before_action :authenticate_user!

  # GET /questions
  # GET /questions.json
  def index
    @questions = Question.all
  end

  # GET /questions/1
  # GET /questions/1.json
  def show
  end

  # GET /questions/new
  def new
    @question = Question.new
  end

  # GET /questions/1/edit
  def edit
  end

  # POST /questions
  # POST /questions.json
  def create
    @question = Question.new(question_params)

    respond_to do |format|
      if @question.save
        format.html { redirect_to @question, notice: 'Question was successfully created.' }
        format.json { render :show, status: :created, location: @question }
      else
        format.html { render :new }
        format.json { render json: @question.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /questions/1
  # PATCH/PUT /questions/1.json
  def update
    respond_to do |format|
      if @question.update(question_params)
        format.html { redirect_to @question, notice: 'Question was successfully updated.' }
        format.json { render :show, status: :ok, location: @question }
      else
        format.html { render :edit }
        format.json { render json: @question.errors, status: :unprocessable_entity }
      end
    end
  end

  def add_options
    @question = Question.find(question_add_options_params[:id_question])

    question_add_options_params[:options].each do|q_aop|
      @question.options.create(q_aop)
    end

    @options = @question.options
  end

  # DELETE /questions/1
  # DELETE /questions/1.json
  def destroy
    @question.destroy
    respond_to do |format|
      format.html { redirect_to questions_url, notice: 'Question was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_question
      @question = Question.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def question_params
      params[:question]
    end

    def question_add_options_params
      params.permit(:id_question, options: [:position, :label, :value, :go_page])
    end
end

Answer 1

params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {})

This line is telling Rails that the only params that are permitted are in the list above. If you actually look at a real params-hash, it doesn't just contain the params passed in by the form, it also contains things like: :controller => :questions, :action => :create, :format => :json etc... which Rails always inserts based on the URL

Normally we namespace the form by using eg form_for @question which means the params come in like this:

{:controller => :questions, :action => :create,
 :format => :json,
 :question => {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}]}
}

then you can do this in your controller:

params.require(:question).permit(:id_question, options: [:position, :label, :value, :go_page])

which doesn't literally tell rails that you aren't allowed to have the controller/action/format params that are always passed in by rails...

Obviously you'll need to modify the names of these to suit your needs, but this is what you need to do to stop the error.