Ajax and Rails 2.0

I was trying to do an ajax destroy in Rails 2.0 and whenever the call
is made I get this error: ActionController::InvalidAuthenticityToken.
Anyone have any ideas?

I fixed it by putting in a hidden field with the authenticity_token

How did you fix it?

I'd like to have the 'destroy' link in index.html.erb be a
link_to_remote, but I get the same CSRF error. There is no form to put
a hidden field in on that page. link_to_remote does have a tolken
generated, but it does not seem to work.

I got it working just fine but disabling the CSRF, but that's not what
I would want in production.

Running Rails 2.0.2 / Ruby 1.8.6 on cygwin/windows.

On my side, i have created a helper to write security token on to the
page. So you have to change you xhr request to append the token.

       def security_informations
               return "
               <script type='text/javascript'>
               var Security = {
                       token_name: '%s',
                       token_value: '%s',
                       xhr_extra_params: {
                               %s: '%s'
                       }
               }
               </script>
               " % [request_forgery_protection_token,form_authenticity_token,
                       request_forgery_protection_token,
form_authenticity_token]
       end

I am quite new in RoR, so maybe they is a better way to do so ...

Thomas