I only just discovered
ActionController::Parameters.action_on_unpermitted_parameters because I was about to write a much more scathing critique of the feature. I think this should default to
:raise - I dunno about everyone else but I very rarely notice the log line.
We fixed a production bug the other day that boiled down to, we had forgotten to permit a param that was actually needed (and we had some fallback code that hid the bug in most cases). We had unit tests that were posting the ignored param, but nobody ever noticed the log line and the tests passed because of the fallback code.
So yeah, our tests could have been better written and better looked at, but it would be really good if Rails just blew up in test mode when we did something obviously wrong.