InvalidAuthenticityToken from home page


#1

I’m trying to create a log in in index.html, but I keep getting an error
about InvalidAuthenticityToken. I understand this is something that RoR
puts in the forms, and it changes regularly. The problem is that the
home page in the public folder is html, and therefore static. has anyone
else put a log in on their home page?


#2

Is it a form? Is the index.html in rails root or the webservers root?
If its rails you can still use the form helpers or pull in a
partial…

On Mar 11, 6:24 pm, Paul R. removed_email_address@domain.invalid


#3

@Paul:

You need to disable forgery protection on the login action in order to
use a static home page.

Assuming your login is processed by restful_authentication’s
sessions_controller.rb, add this to that class:

protect_from_forgery, :except => [:create]

That’s it. If that’s unacceptable to you, remove the login form from
the homepage and replace it with a link to the login page.

Hope that helps!


#4

Thanks for the replies. @Brian, that worked - thank you :slight_smile:


#5

you also can set forgery protection to false
In rails 2, it is true by default.

Set in environment file

config.action_controller.allow_forgery_protection = false

On Mar 12, 8:54 am, Paul R. removed_email_address@domain.invalid


#6

@seja:

Yeah but that’s for the entire app, and it’s not a good idea to
disable it for the entire ap.