diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f3453c04c83..58a0c90cd83 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -849,7 +849,7 @@ class UsersController < ApplicationController
     end
 
     def user_params
-      result = params.permit(
+      permitted = [
         :name,
         :email,
         :password,
@@ -858,11 +858,15 @@ class UsersController < ApplicationController
         :muted_usernames,
         :theme_key,
         :locale
-      ).reverse_merge(
-        ip_address: request.remote_ip,
-        registration_ip_address: request.remote_ip,
-        locale: user_locale
-      )
+      ] + UserUpdater::OPTION_ATTR
+
+      result = params
+        .permit(permitted)
+        .reverse_merge(
+          ip_address: request.remote_ip,
+          registration_ip_address: request.remote_ip,
+          locale: user_locale
+        )
 
       if !UsernameCheckerService.is_developer?(result['email']) &&
           is_api? &&
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index c2d62268057..dfd7b4c7ec9 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -1440,13 +1440,15 @@ describe UsersController do
           put :update, params: {
             username: user.username,
             muted_usernames: "",
-            theme_key: theme.key
+            theme_key: theme.key,
+            email_direct: false
           }, format: :json
 
           user.reload
 
           expect(user.muted_users.pluck(:username).sort).to be_empty
           expect(user.user_option.theme_key).to eq(theme.key)
+          expect(user.user_option.email_direct).to eq(false)
 
         end