That seems like it breaks any kind of progressive AJAX enhancement, since a remote submit form, submitted normally, will now fail CSRF protection.
On Wednesday, 28 March 2012 04:25:14 UTC+1, bill walton wrote: > > Hi Santiago, > > On Tue, Mar 27, 2012 at 12:16 PM, Santiago Pastorino > <REMOVED> wrote: > > Rails 3.2.3.rc1 has been released. > <snip> > > *ActionPack* > > > > * Do not include the authenticity token in forms where remote: true > > as ajax forms use the meta-tag value *DHH* > > Could you please point me to more on this? > > Thanks, > Bill > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/L7iE5xkW0dMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
