ActionController::Parameters need to be symbolized when working with keyword arguments


you have a hard time working with ActionController::Parameters if you want to pass the parameter hash to a method that uses keyword arguments:

params = :bar)

#=> {“foo”=>:bar}

def something(foo:)


#=> :something


#=> ArgumentError: wrong number of arguments (1 for 0)

Reason for this is that HashWithIndefferentAccess defaults to strings for it’s keys, but Ruby requires the keys of a hash to be symbols if you want to pass it to the method as a parameter.

symbolized_params = params.symbolize_keys

#=> {:foo=>:bar}


#=> nil

I wonder if it’s possible to change the behavior so that it’s not longer necessary to explicitly symbolize the hash. Would you welcome a pull request that addresses this issue?

Looking forward to your feedback.



In earlier versions of ruby this would present a denial of service attack as a malicious user could quickly consume all available symbol space by generating large amounts of random param keys in the url. If I recall correctly this was the case with earlier versions of Rails and resulted in a security service pack to fix. I think newer or latest ruby no longer suffers from this limitation with symbols. You would want to verify that the minimum supported version of ruby indeed has this symbol memory/limitation issue resolved before make a change like you suggest.

Maybe this should be a feature strong parameters so that keys not explicitly allowed are stripped preventing such an attack.