Forum: Ruby on Rails ActionController::InvalidAuthenticityToken & :before

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Mk 2. (Guest)
on 2009-06-04 19:44
I have a form that submits search criteria and while it is processing I
wanted to use a js function to indicate:

<% form_remote_tag :update => 'mainbody', :url => {:action => 'search'},
         :before => "wait_message('mainbody','S E A R C H I N G')" do%>

wait_message() executes but then when the data comes back, I get

ActionController::InvalidAuthenticityToken in DocdirController#search

Everything works fine without the :before => callback.  How should I do
Mk 2. (Guest)
on 2009-06-04 20:43
Here are more details from that error:

Processing DocdirController#search (for at 2009-06-04
11:34:39) [POST]

  <internal:prelude>:8:in `synchronize'
  /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service'
  /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run'
  /usr/local/lib/ruby/1.9.1/webrick/server.rb:183:in `block in
Mk 2. (Guest)
on 2009-06-05 00:14
I suppose it was not a good idea to replace the form with "removeChild"
:before the form is submitted...
Sandip R. (Guest)
on 2009-06-05 15:16
(Received via mailing list)
In your controller add
skip_before_filter :verify_authenticity_token

Hope this will help !

Sandip R~

Ruby on Rails Developer
Mk 2. (Guest)
on 2009-06-05 20:22
Sandip R. wrote:
> In your controller add
> skip_before_filter :verify_authenticity_token
> Hope this will help !

Thanks for that tidbit, but the problem was that the wait_message()
function destroyed the content of the div with the form in it and
replaced it with the message, S E A R C H I N G

Of course, the form is not yet submitted and it contained the auth token
in a hidden field!  So the more is:  don't destroy the form in your
:before callback.
This topic is locked and can not be replied to.