---
title: "ActionController::Parameters in Rails 5"
description:
  "ActionController::Parameters will throw deprecation warnings if we treat
  ActionController::Parameters as hash."
canonical_url: "https://www.bigbinary.com/blog/parameters-no-longer-inherit-from-hash-with-indifferent-access-in-rails-5"
markdown_url: "https://www.bigbinary.com/blog/parameters-no-longer-inherit-from-hash-with-indifferent-access-in-rails-5.md"
---

# ActionController::Parameters in Rails 5

ActionController::Parameters will throw deprecation warnings if we treat
ActionController::Parameters as hash.

- Author: Rohit Arolkar
- Published: July 25, 2016
- Categories: Rails 5, Rails

We are all guilty of treating `ActionController::Parameters` as a plain hash at
some point or the other. But with Rails 5, `ActionController::Parameters` will
no longer inherit from `HashWithIndifferentAccess`.

Inheriting from `HashWithIndifferentAccess` allowed programmers to call
enumerable methods over `ActionController::Parameters`, which caused
`ActionController::Parameters` to lose its `@permitted` state there by rendering
Strong Parameters as a barebone Hash. This
[change](https://github.com/rails/rails/pull/20868/commits/14a3bd520dd4bbf1247fd3e0071b59c02c115ce0)
would discourage such operations.

However since this change would have meant a major impact on all of the
upgrading applications as they would have crashed with a `NoMethodError`for all
of those undesired methods. Hence this feature would go through a deprecation
cycle, showing deprecation warnings for all of those `HashWithIndifferentAccess`
method usages.

```ruby
class Parameters

...

def method_missing(method_sym, *args, &block)
  if @parameters.respond_to?(method_sym)
    message = <<-DEPRECATE.squish
      Method #{method_sym} is deprecated and will be removed in Rails 5.1,
      as `ActionController::Parameters` no longer inherits from
      hash. Using this deprecated behavior exposes potential security
      problems. If you continue to use this method you may be creating
      a security vulnerability in your app that can be exploited. Instead,
      consider using one of these documented methods which are not
      deprecated: http://api.rubyonrails.org/v#{ActionPack.version}/classes/ActionController/Parameters.html
    DEPRECATE
    ActiveSupport::Deprecation.warn(message)
    @parameters.public_send(method_sym, *args, &block)
  else
    super
  end
end

...

end
```

If you need to convert `ActionController::Parameters` in a true hash then it
supports `to_h` method. Also `ActionController::Parameters` will continue to
have methods like `fetch, slice, slice!, except, except!, extract!, delete` etc.
You can take a detailed look at them
[here](https://github.com/rails/rails/blob/1a2f1c48bdeda5df88e8031fe51943527ebc381e/actionpack/lib/action_controller/metal/strong_parameters.rb).

## Links

- [Human page](https://www.bigbinary.com/blog/parameters-no-longer-inherit-from-hash-with-indifferent-access-in-rails-5)