I was trying to do an ajax destroy in Rails 2.0 and whenever the call
is made I get this error: ActionController::InvalidAuthenticityToken.
Anyone have any ideas?
I fixed it by putting in a hidden field with the authenticity_token
How did you fix it?
I’d like to have the ‘destroy’ link in index.html.erb be a
link_to_remote, but I get the same CSRF error. There is no form to put
a hidden field in on that page. link_to_remote does have a tolken
generated, but it does not seem to work.
I got it working just fine but disabling the CSRF, but that’s not what
I would want in production.
Running Rails 2.0.2 / Ruby 1.8.6 on cygwin/windows.
On my side, i have created a helper to write security token on to the
page. So you have to change you xhr request to append the token.
def security_informations
return "
<script type='text/javascript'>
var Security = {
token_name: '%s',
token_value: '%s',
xhr_extra_params: {
%s: '%s'
}
}
</script>
" %
[request_forgery_protection_token,form_authenticity_token,
request_forgery_protection_token,
form_authenticity_token]
end
I am quite new in RoR, so maybe they is a better way to do so …
Thomas