Token_tag not generated

I’m using Rails2.0.2 and I’d like to use against CSRF feature in my
form.
This form is generated from the controller using partial rendering.

def commentform destination=""
render :partial=>‘forms/commentform’, :locals =>
{ :url=>destination }
end

and commentform looks like this
<% form_tag(:controller=>‘comments’, :action=>‘create’) do %>

<%= token_tag %>
<label for="nucleus_cf_body"><%= text("_COMMENTFORM_COMMENT") %></

label>
<%= text_area :comment, :cbody, “cols” => 40, “rows” => 10 %>

<label for="nucleus_cf_name"><%= text("_COMMENTFORM_NAME") %></

label>
<%= text_field :comment, :cname, “size”=>40 %>

<label for="nucleus_cf_mail"><%= text("_COMMENTFORM_MAIL") %></

label>
<%= text_field :comment, :cmail, “size”=>40, “maxlength”=>80 %><br /

<label for="nucleus_cf_email"><%= text("_COMMENTFORM_EMAIL") %></

label>
<%= text_field :comment, :cemail, “size”=>40, “maxlength”=>60 %><br
/

<%= check_box_tag("remember", value = "1", checked = false) %>
<label for="nucleus_cf_remember"><%= text("_COMMENTFORM_REMEMBER")

%>

<%= submit_tag(text("_COMMENTFORM_SUBMIT")) %>
<% end %>

but token_tag doesn’t produce any tag, and I get
InvalidAuthenticityToken error.
I tried to debug and found that protect_against_forgery? returns
false.
I tested the method from the controller but at that time it returned
true.
What should I do to generate the token?

You can use @form_authenticity_token to get the value that should be
passed. You can either embed it in the url
(:authenticity_token=>@form_authenticity_token) or play around adding
it as a hidden_field. You might also investigate using form_for
instead of form_tag; I think it automatically includes the
authenticity token for you.

The different results from protect_against_forgery makes sense
depending on how you did your testing. It only requires the
authenticity token when it’s processing an html submitted form.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs