Nick,

Here is a pretty good description of the issue:
http://ryandaigle.com/articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request-forging-prevention

This feature is relatively new in Rails -- quite possibly newer than the
the book you are working from.

The fix for me was fairly simple, but I
don't have the book/example you are working from.  You *might* even
find an updated version of the example on the book's site.

I'm sure you will get a better response on this list later on.

Good Luck,

Mike


On Sat, Nov 1, 2008 at 9:44 AM, Nick <[EMAIL PROTECTED]> wrote:

>
> I'm new to this ... trying to work through 'Ajax on Rails' book.
>
> I used this code:
>
> <script src="/javascripts/prototype.js" type="text/javascript">
> </script>
>
>
> <p><a href="#" onclick="updateElement()">Update Element </a></p>
> <p id="response"></p>
> <script type="text/javascript">
>        function updateElement() {
>                new Ajax.Request('/chapter2/myresponse', { onSuccess:
> function(request) {
>                        $('response').update(request.responseText);
>                }})
>        }
> </script>
>
> And it didn't work.  The shell window spit out a bunch of lines,
> starting with,
>
> ActionController::InvalidAuthenticityToken
> (ActionController::InvalidAuthenticityToken):
>    /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.1.2/lib/
> action_controller/request_forgery_protection.rb:86:in
> `verify_authenticity_token'
>
> Help?
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to