On Mon, Aug 31, 2009 at 12:57 PM, Peter De Berdt <[email protected]>wrote:
> > On 28 Aug 2009, at 17:58, Philip Hallstrom wrote: > > What does the below line says > > > ActionController::InvalidAuthenticityToken > > (ActionController::InvalidAuthenticityToken): > > -e:2:in `load' > > -e:2 > > > Rails tries to protect against invalid form submission by setting an > authenticity token. It does this automatically if you use the form > helpers, but if you hard code a form or it's doing something odd > (built with javascript, cached and displayed on multiple pages, etc..) > the token won't get sent. > > Go look at a normal rails form and you'll see a hidden field in the > form "authenticity_token". > > You can tell your controller to ignore it or you can add it yourself. > > > http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 > > For example in one of my forms built from jss and using ajax I pass > this along... > > submitdata: {<%= request_forgery_protection_token.to_s %>: '<%= > form_authenticity_token.to_s %>'} > > In another form which doesn't use the Rails helpers so doesn't get the > token set automatically I simply include this b/n my form tags: > > <%= token_tag %> > > > You can easily handle this in a generic way for all custom javascript > (without having to add it manually every time): > > In your main layout html <head>, put: > > <script type="text/javascript" charset="utf-8"> > window._token = '<%= form_authenticity_token -%>'; > </script> > > Then in public/javascripts/application.js, add (assuming that you using > Prototype, similar options should exist for just about any javascript > framework out there): > > Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap( > function(p, options){ > p(options); > this.options.parameters = this.options.parameters || {}; > this.options.parameters.authenticity_token = window._token || ''; > } > ); > > Problem solved, no need to ever worry about it again. > > > Best regards > > > Peter De Berdt > > Hi Peter De Berdt Thank you -- Karthik.k Mobile - +91-9894991640 > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
