I’m using Rails2.0.2 and I’d like to use against CSRF feature in my
form.
This form is generated from the controller using partial rendering.
def commentform destination=""
render :partial=>‘forms/commentform’, :locals =>
{ :url=>destination }
end
and commentform looks like this
<% form_tag(:controller=>‘comments’, :action=>‘create’) do %>
<label for="nucleus_cf_body"><%= text("_COMMENTFORM_COMMENT") %></
label>
<%= text_area :comment, :cbody, “cols” => 40, “rows” => 10 %>
<label for="nucleus_cf_name"><%= text("_COMMENTFORM_NAME") %></
label>
<%= text_field :comment, :cname, “size”=>40 %>
<label for="nucleus_cf_mail"><%= text("_COMMENTFORM_MAIL") %></
label>
<%= text_field :comment, :cmail, “size”=>40, “maxlength”=>80 %><br /
<label for="nucleus_cf_email"><%= text("_COMMENTFORM_EMAIL") %></
label>
<%= text_field :comment, :cemail, “size”=>40, “maxlength”=>60 %><br
/
<%= check_box_tag("remember", value = "1", checked = false) %>
<label for="nucleus_cf_remember"><%= text("_COMMENTFORM_REMEMBER")
%>
<%= submit_tag(text("_COMMENTFORM_SUBMIT")) %>
but token_tag doesn’t produce any tag, and I get
InvalidAuthenticityToken error.
I tried to debug and found that protect_against_forgery? returns
false.
I tested the method from the controller but at that time it returned
true.
What should I do to generate the token?