How do I make forms work with no javascript enabled? (ActionController::InvalidAuthenticityToken)

Hi,

I’ve got some basic form:

<%= form_for(@task, remote: true, html: {'data-type' => 'html'}) do 

|f|
%>
<%= f.text_field :text %>
<%= f.submit %>
<% end %>

But when I submit it with no javascript enabled, I get:

Started POST "/tasks" for ::1 at 2015-02-02 23:38:27 +0200
Processing by TasksController#create as HTML
  Parameters: {"utf8"=>"✓", "task"=>{"text"=>"adsf"}, 

“commit”=>“Create
Task”}
Can’t verify CSRF token authenticity
Completed 422 Unprocessable Entity in 5ms

ActionController::InvalidAuthenticityToken

(ActionController::InvalidAuthenticityToken):
actionpack (4.2.0)
lib/action_controller/metal/request_forgery_protection.rb:181:in
`handle_unverified_request’
…

How do I remedy this?

Regards,
Yuri

Can you try like this <%= form_for(@task, remote: true,
authenticity_token:
true, html: {‘data-type’ => ‘html’}) do |f| %>

Thanks
Vishnu

Can you try like this <%= form_for(@task, remote: true,
authenticity_token: true, html: {‘data-type’ => ‘html’}) do |f| %>

Yep, that pretty much settles it.

Regards,
Yuri

You may want to review protect_from_forgery: <

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#method-i-protect_from_forgery

I bet you must be meaning form_for, not protect_from_forgery.

Regards,
Yuri

On Wed, Feb 4, 2015 at 5:49 AM, Yuri Kanivetsky
[email protected]
wrote:

You may want to review protect_from_forgery: <http://api.rubyonrails.org/

classes/ActionController/RequestForgeryProtection/
ClassMethods.html#method-i-protect_from_forgery>

I bet you must be meaning form_for, not protect_from_forgery.

Ah, well, think what you like.

Yuri,

You may want to review protect_from_forgery: <
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#method-i-protect_from_forgery

On Tue, Feb 3, 2015 at 7:19 AM, Yuri Kanivetsky
[email protected]