How-to whitelist nested attributes with no limit. In my use case, it was for tags (which are obviously not predefinable ). http://guides.rubyonrails.org/action_controller_overview.html#outside-the-scope-of-strong-parameters
def product_params
params.require(:product).permit(:name).tap do |whitelisted|
whitelisted[:tags] = params[:product][:tags]
end
end