Ajax and Rails 2.0

I was trying to do an ajax destroy in Rails 2.0 and whenever the call
is made I get this error: ActionController::InvalidAuthenticityToken.
Anyone have any ideas?

I fixed it by putting in a hidden field with the authenticity_token

How did you fix it?

I’d like to have the ‘destroy’ link in index.html.erb be a
link_to_remote, but I get the same CSRF error. There is no form to put
a hidden field in on that page. link_to_remote does have a tolken
generated, but it does not seem to work.

I got it working just fine but disabling the CSRF, but that’s not what
I would want in production.

Running Rails 2.0.2 / Ruby 1.8.6 on cygwin/windows.

On my side, i have created a helper to write security token on to the
page. So you have to change you xhr request to append the token.

   def security_informations
           return "
           <script type='text/javascript'>
           var Security = {
                   token_name: '%s',
                   token_value: '%s',
                   xhr_extra_params: {
                           %s: '%s'
           " % 


I am quite new in RoR, so maybe they is a better way to do so …