Forum: Ruby on Rails protect_from_forgery issue

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Phil S. (Guest)
on 2009-05-24 11:23
(Received via mailing list)
Hi,
I just redeployed my app for a very minor source code change and now I
am getting these errors:
No :secret given to the #protect_from_forgery call

for a page that has a remote_form_for on it.

1) Why would this change? The offender seems to usually be Googlebot,
but not always. I've been always getting lots of google bot hits, so
what has changed now.
2) Why only on this one page? I actually include the partial that
contains the code it is complaining about on almost every page
3) What can I do to fix it?

For me the weird thing is that it is not giving me the error when
googlebot tries to call the remote form, but actually it seems to be
happening when it is trying to render it!

Should I be using a secret

I am running rails 2.1.2 (via ec2onrails).

Help! Our hoptoad is reporting 150 of these since yesterday!
This topic is locked and can not be replied to.