I’m using jrails and I found when I use the authenticity_token in
certain javascript calls, that the
url works differently in that the paramters in the :with clause get
dropped if they are in a json type syntax.
Below is an example of a remote_function() call from JS that used to
work fine without authenticity.
When I enabled authenticity it adds the authenticity token
automatically, but drops sending the
data in the :with part. I commented out this code as shown and
inserted an actual ajax call that does work fine, with authenticity,
but seems like not as much of the prefered approach. I’ve had similar
problems with field_observer() calls in some cases. I think if the
json syntax is not used when there is just one parameter, it does
work.
function update_server(info)
{
<%#= remote_function(:url => {:action => ‘resize_field’},
:with =>
‘{col:info.col,width:info.width}’) # auth-OK
%>
$.ajax({data:
{col:info.col,width:info.width,authenticity_token:FORM_AUTH_TOKEN},
dataType:‘script’, type:‘post’, url:’/shgrid/resize_field’})