Forum: Ruby on Rails InvalidAuthenticityToken error with remote_form_for

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
006a4831843b48f6102d5d3cf92ae283?d=identicon&s=25 Shilo Ayalon (gte351s)
on 2009-01-18 08:57
Hi All -

I have a form_for that I'm trying to convert to remote_form_for, and I
keep get this error:

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
    /usr/lib/ruby/gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in
`verify_authenticity_token'
    /usr/lib/ruby/gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in
`send'
    /usr/lib/ruby/gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in
`evaluate_method'
    /usr/lib/ruby/gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in
`call'
    /usr/lib/ruby/gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:225:in
`call'....

My form works fine without the ajax call:

<% form_for :vendor do |f| -%>
  <td><%= f.text_field :name, :size => 15 %></td>
  <td><%= f.text_field :location, :size => 15 %></td>
  <td><%= f.submit 'save' %></td>
<% end -%>

-- partial :

<% @vendor = vendor %>
<tr id="vendor_<%= vendor.id %>">
  <td><%= vendor.name %></td>
  <td><%= vendor.location %></td>
</tr>

-- controller :

def create
  @vendor = Vendor.new(params[:vendor])
  if @vendor.save
    respond_to do |format|
      flash[:notice] = "New vendor #{@vendor.name} was saved!"
      format.html { redirect_to vendors_path }
      format.js
    end
  end
end

-- rjs :

page.replace_html 'flasher', flash[:notice] unless flash[:notice].blank?
page.insert_html :after, 'vendors_title',
                 :partial => 'vendor',
                 :object => Vendor.find(:all, :order => 'name')

I tried adding sessions to my app with rake db:sessions:create and rake
db:migrate, and I also enabled the :secret in my application.rb...

Please help :)
006a4831843b48f6102d5d3cf92ae283?d=identicon&s=25 Shilo Ayalon (gte351s)
on 2009-01-19 07:56
I tried using submit_to_remote (or link_to_remote) to submit the
form_for and it worked:

<% form_for :vendor do |f| -%>
  <%= f.text_field :name, :size => 15 %>
  <%= f.text_field :location, :size => 15 %>
  <%# f.submit 'save' %>
  <%= link_to_remote 'save',
          :url => { :action => 'create', :id => @vendor } %>
<% end -%>

and in the controller:

def create
  @vendor = Vendor.new(params[:vendor])
  if @vendor.save
    respond_to do |format|
      format.html { redirect_to vendors_path }
      format.js
    end
  end
end

Of course, I have a create.js.rjs template to handle the ajax events on
the page.
Ef0db53920b243d6758c2f6b1306df0d?d=identicon&s=25 Steve Ross (cwd)
on 2009-01-20 07:34
(Received via mailing list)
If nobody answered this yet, the reason it's not working is that your
link doesn't serialize the authenticity_token field. Just put:

<%= link_to_remote 'save',
          :url => { :action => 'create', :id => @vendor }, :with =>
'authenticity_token' %>

and that should get you on the right path.

HTH
This topic is locked and can not be replied to.