I was trying to do an ajax destroy in Rails 2.0 and whenever the call is made I get this error: ActionController::InvalidAuthenticityToken. Anyone have any ideas?
I fixed it by putting in a hidden field with the authenticity_token
How did you fix it?
I'd like to have the 'destroy' link in index.html.erb be a link_to_remote, but I get the same CSRF error. There is no form to put a hidden field in on that page. link_to_remote does have a tolken generated, but it does not seem to work.
I got it working just fine but disabling the CSRF, but that's not what I would want in production.
Running Rails 2.0.2 / Ruby 1.8.6 on cygwin/windows.
On my side, i have created a helper to write security token on to the page. So you have to change you xhr request to append the token.
def security_informations return " <script type='text/javascript'> var Security = { token_name: '%s', token_value: '%s', xhr_extra_params: { %s: '%s' } } </script> " % [request_forgery_protection_token,form_authenticity_token, request_forgery_protection_token, form_authenticity_token] end
I am quite new in RoR, so maybe they is a better way to do so ...
Thomas