行为如下:

处理未经许可的密钥

默认情况下，未明确允许的参数键将是登录开发和测试环境.在其他环境中这些参数将被简单地过滤掉并忽略.

By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.

此外，可以通过更改config.action_controller.action_on_unpermitted_pa​​rameters 中的属性你的环境文件.如果设置为 :log，则不允许的属性将被记录，如果设置为 :raise 将引发异常.

Additionally, this behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised.

(来源)

我建议以 400 状态(错误请求)从这个异常中解救:

I would suggest rescuing from this exception with 400 status (Bad Request):

rescue_from ActionController::ParameterMissing do
  render :nothing => true, :status => :bad_request
end