InvalidAuthenticityToken

Hi guys

What does the below line says

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
-e:2:in `load’
-e:2

Please guide me


Karthik.k
Mobile - +91-9894991640

What does the below line says

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
-e:2:in `load’
-e:2

Rails tries to protect against invalid form submission by setting an
authenticity token. It does this automatically if you use the form
helpers, but if you hard code a form or it’s doing something odd
(built with javascript, cached and displayed on multiple pages, etc…)
the token won’t get sent.

Go look at a normal rails form and you’ll see a hidden field in the
form “authenticity_token”.

You can tell your controller to ignore it or you can add it yourself.

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512

For example in one of my forms built from jss and using ajax I pass
this along…

submitdata: {<%= request_forgery_protection_token.to_s %>: ‘<%=
form_authenticity_token.to_s %>’}

In another form which doesn’t use the Rails helpers so doesn’t get the
token set automatically I simply include this b/n my form tags:

<%= token_tag %>

Good luck!

-philip

On Fri, Aug 28, 2009 at 9:28 PM, Philip H. [email protected]
wrote:

helpers, but if you hard code a form or it’s doing something odd

Good luck!

-philip

Hi philip

Thank You


Karthik.k
Mobile - +91-9894991640

On Mon, Aug 31, 2009 at 12:57 PM, Peter De Berdt
[email protected]wrote:

-e:2:in `load’
Go look at a normal rails form and you’ll see a hidden field in the
submitdata: {<%= request_forgery_protection_token.to_s %>: '<%=

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
Best regards

Peter De Berdt

Hi Peter De Berdt

Thank you


Karthik.k
Mobile - +91-9894991640

On 28 Aug 2009, at 17:58, Philip H. wrote:

(built with javascript, cached and displayed on multiple pages, etc…)
this along…

submitdata: {<%= request_forgery_protection_token.to_s %>: ‘<%=
form_authenticity_token.to_s %>’}

In another form which doesn’t use the Rails helpers so doesn’t get the
token set automatically I simply include this b/n my form tags:

<%= token_tag %>

You can easily handle this in a generic way for all custom javascript
(without having to add it manually every time):

In your main layout html , put:

Then in public/javascripts/application.js, add (assuming that you
using Prototype, similar options should exist for just about any
javascript framework out there):

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
function(p, options){
p(options);
this.options.parameters = this.options.parameters || {};
this.options.parameters.authenticity_token = window._token || ‘’;
}
);

Problem solved, no need to ever worry about it again.

Best regards

Peter De Berdt

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs