Forum: Ruby on Rails InvalidAuthenticityToken from home page

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Paul R. (Guest)
on 2009-03-12 03:24
I'm trying to create a log in in index.html, but I keep getting an error
about InvalidAuthenticityToken. I understand this is something that RoR
puts in the forms, and it changes regularly. The problem is that the
home page in the public folder is html, and therefore static. has anyone
else put a log in on their home page?
Freddy A. (Guest)
on 2009-03-12 04:56
(Received via mailing list)
Is it a form? Is the index.html in rails root or the webservers root?
If its rails you can still use the form helpers or pull in a

On Mar 11, 6:24 pm, Paul R. <removed_email_address@domain.invalid>
Brian H. (Guest)
on 2009-03-12 05:23
(Received via mailing list)

You need to disable forgery protection on the login action in order to
use a static home page.

Assuming your login is processed by restful_authentication's
sessions_controller.rb, add this to that class:

protect_from_forgery, :except => [:create]

That's it. If that's unacceptable to you, remove the login form from
the homepage and replace it with a link to the login page.

Hope that helps!
Paul R. (Guest)
on 2009-03-12 05:54
Thanks for the replies. @Brian, that worked - thank you :)
seja (Guest)
on 2009-03-12 11:31
(Received via mailing list)
you also can set forgery protection to false
In rails 2, it is true by default.

Set in environment file

config.action_controller.allow_forgery_protection  = false

On Mar 12, 8:54 am, Paul R. <removed_email_address@domain.invalid>
Brian H. (Guest)
on 2009-03-12 15:08
(Received via mailing list)

Yeah but that's for the entire app, and it's not a good idea to
disable it for the entire ap.
This topic is locked and can not be replied to.