Forum: Ruby on Rails ActionController::InvalidAuthenticityToken & :before

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Mk 2. (Guest)
on 2009-06-04 19:44
I have a form that submits search criteria and while it is processing I
wanted to use a js function to indicate:

<% form_remote_tag :update => 'mainbody', :url => {:action => 'search'},
         :before => "wait_message('mainbody','S E A R C H I N G')" do%>


wait_message() executes but then when the data comes back, I get

ActionController::InvalidAuthenticityToken in DocdirController#search

Everything works fine without the :before => callback.  How should I do
this?
Mk 2. (Guest)
on 2009-06-04 20:43
Here are more details from that error:

Processing DocdirController#search (for 127.0.0.1 at 2009-06-04
11:34:39) [POST]

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
  <internal:prelude>:8:in `synchronize'
  /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service'
  /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run'
  /usr/local/lib/ruby/1.9.1/webrick/server.rb:183:in `block in
start_thread'
Mk 2. (Guest)
on 2009-06-05 00:14
I suppose it was not a good idea to replace the form with "removeChild"
:before the form is submitted...
Sandip R. (Guest)
on 2009-06-05 15:16
(Received via mailing list)
In your controller add
skip_before_filter :verify_authenticity_token

Hope this will help !

Sandip R~

--
Ruby on Rails Developer
http://sandip.sosblog.com
http://funonrails.wordpress.com
www.joshsoftware.com
Mk 2. (Guest)
on 2009-06-05 20:22
Sandip R. wrote:
> In your controller add
> skip_before_filter :verify_authenticity_token
>
> Hope this will help !

Thanks for that tidbit, but the problem was that the wait_message()
function destroyed the content of the div with the form in it and
replaced it with the message, S E A R C H I N G

Of course, the form is not yet submitted and it contained the auth token
in a hidden field!  So the more is:  don't destroy the form in your
:before callback.
This topic is locked and can not be replied to.