Rails error: Can't mass-assign protected attributes

There was an important security change rails 3.2.3 that requires you to allow mass assignment explicitly by setting config.active_record.whitelist_attributes to false

https://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/

http://www.h-online.com/security/news/item/Rails-3-2-3-makes-mass-assignment-change-1498547.html

alternatively (and better), instead of allowing mass assignment, you just have to set the attr_accessible for the attributes in your model that you want to be able to change, e.g.

attr_accessible :city_id, :name # list all fields that you want to be accessible here

Please check the rails security guide for more information about mass-assignment in rails.


or you can change

config.active_record.mass_assignment_sanitizer = :strict 

to

config.active_record.mass_assignment_sanitizer = :logger 

I don't know why had to changed to :logger but this is the solution for the error.


Just include the datafield in the model as:

attr_accessible :city_id