During my upgrade to Rails 4, I decided to postpone the removal of attr_accessible and use this gem. Now, I would like to drop this in favor of strong_parameters. Since our application is fairly large, I would like to do this gradually.

I've been trying to follow the instructions here: https://github.com/rails/strong_parameters#migration-path-to-rails-4. However, when I set config.active_record.whitelist_attributes = false and include ActiveModel::ForbiddenAttributesProtection in one of my models, the following statement still proceeds to instantiate a user without any problems:

User.new(ActionController::Parameters.new(first_name: 'Ruben'))

According to my understanding of strong_parameters, this should throw a ActiveModel::ForbiddenAttributesError. Basically, strong_parameters does not seem to be working, or the protected_attributes is conflicting somehow.

Can anyone help me with this problem?

Apologies, I was using an older version of this gem. After upgrading to 1.1.3 it seems to be working correctly.