> What does the below line says > > ActionController::InvalidAuthenticityToken > (ActionController::InvalidAuthenticityToken): > -e:2:in `load' > -e:2
Rails tries to protect against invalid form submission by setting an authenticity token. It does this automatically if you use the form helpers, but if you hard code a form or it's doing something odd (built with javascript, cached and displayed on multiple pages, etc..) the token won't get sent. Go look at a normal rails form and you'll see a hidden field in the form "authenticity_token". You can tell your controller to ignore it or you can add it yourself. http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 For example in one of my forms built from jss and using ajax I pass this along... submitdata: {<%= request_forgery_protection_token.to_s %>: '<%= form_authenticity_token.to_s %>'} In another form which doesn't use the Rails helpers so doesn't get the token set automatically I simply include this b/n my form tags: <%= token_tag %> Good luck! -philip --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
