I'm trying to create a log in in index.html, but I keep getting an error about InvalidAuthenticityToken. I understand this is something that RoR puts in the forms, and it changes regularly. The problem is that the home page in the public folder is html, and therefore static. has anyone else put a log in on their home page?
on 2009-03-12 03:24
on 2009-03-12 04:56
Is it a form? Is the index.html in rails root or the webservers root? If its rails you can still use the form helpers or pull in a partial... On Mar 11, 6:24 pm, Paul R. <firstname.lastname@example.org>
on 2009-03-12 05:23
@Paul: You need to disable forgery protection on the login action in order to use a static home page. Assuming your login is processed by restful_authentication's sessions_controller.rb, add this to that class: protect_from_forgery, :except => [:create] That's it. If that's unacceptable to you, remove the login form from the homepage and replace it with a link to the login page. Hope that helps!
on 2009-03-12 05:54
Thanks for the replies. @Brian, that worked - thank you :)
on 2009-03-12 11:31
you also can set forgery protection to false In rails 2, it is true by default. Set in environment file config.action_controller.allow_forgery_protection = false On Mar 12, 8:54 am, Paul R. <email@example.com>
on 2009-03-12 15:08
@seja: Yeah but that's for the entire app, and it's not a good idea to disable it for the entire ap.