whitelist table and section params on json call

app/controllers/suppliers/sections_controller.rb

@@ -162,7 +162,13 @@ module Suppliers
     private
 
     def section_params
-      params.require(:section).permit(:title, :path, :width, :height)
+      permitted_attributes = [:title, :path, :width, :height]
+      # do not raise in development and test for json communication
+      if request.format.json?
+        params.require(:section).slice(*permitted_attributes).permit!
+      else
+        params.require(:section).permit permitted_attributes
+      end
     end
   end
 end

app/controllers/suppliers/tables_controller.rb

@@ -96,7 +96,13 @@ module Suppliers
     private
 
     def table_params
-      params.require(:table).permit(:number, :section_id, :position_x, :position_y)
+      permitted_attributes = [:number, :section_id, :position_x, :position_y]
+      # do not raise in development and test for json communication
+      if request.format.json?
+        params.require(:table).slice(*permitted_attributes).permit!
+      else
+        params.require(:table).permit permitted_attributes
+      end
     end
   end
 end