InvalidAuthenticityToken

karthik · August 28, 2009, 1:02pm

Hi guys

What does the below line says

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
-e:2:in `load’
-e:2

Please guide me

–
Karthik.k
Mobile - +91-9894991640

karthik · August 28, 2009, 8:44pm

What does the below line says

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
-e:2:in `load’
-e:2

Rails tries to protect against invalid form submission by setting an
authenticity token. It does this automatically if you use the form
helpers, but if you hard code a form or it’s doing something odd
(built with javascript, cached and displayed on multiple pages, etc…)
the token won’t get sent.

Go look at a normal rails form and you’ll see a hidden field in the
form “authenticity_token”.

You can tell your controller to ignore it or you can add it yourself.

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512

For example in one of my forms built from jss and using ajax I pass
this along…

submitdata: {<%= request_forgery_protection_token.to_s %>: ‘<%=
form_authenticity_token.to_s %>’}

In another form which doesn’t use the Rails helpers so doesn’t get the
token set automatically I simply include this b/n my form tags:

<%= token_tag %>

Good luck!

-philip

karthik · August 29, 2009, 10:12am

On Fri, Aug 28, 2009 at 9:28 PM, Philip H. [email protected]
wrote:

helpers, but if you hard code a form or it’s doing something odd

Good luck!

-philip

Hi philip

Thank You

–
Karthik.k
Mobile - +91-9894991640

karthik · September 1, 2009, 7:36am

On Mon, Aug 31, 2009 at 12:57 PM, Peter De Berdt
[email protected]wrote:

-e:2:in `load’
Go look at a normal rails form and you’ll see a hidden field in the
submitdata: {<%= request_forgery_protection_token.to_s %>: '<%=

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
Best regards

Peter De Berdt

Hi Peter De Berdt

Thank you

–
Karthik.k
Mobile - +91-9894991640

karthik · August 31, 2009, 9:28am

On 28 Aug 2009, at 17:58, Philip H. wrote:

(built with javascript, cached and displayed on multiple pages, etc…)
this along…

submitdata: {<%= request_forgery_protection_token.to_s %>: ‘<%=
form_authenticity_token.to_s %>’}

In another form which doesn’t use the Rails helpers so doesn’t get the
token set automatically I simply include this b/n my form tags:

<%= token_tag %>

You can easily handle this in a generic way for all custom javascript
(without having to add it manually every time):

In your main layout html , put:

Then in public/javascripts/application.js, add (assuming that you
using Prototype, similar options should exist for just about any
javascript framework out there):

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
function(p, options){
p(options);
this.options.parameters = this.options.parameters || {};
this.options.parameters.authenticity_token = window._token || ‘’;
}
);

Problem solved, no need to ever worry about it again.

Best regards

Peter De Berdt