How do I make forms work with no javascript enabled? (ActionController::InvalidAuthenticityToken)

Hi,

I’ve got some basic form:

<%= form_for(@task, remote: true, html: {‘data-type’ => ‘html’}) do |f| %>

<%= f.text_field :text %>

<%= f.submit %>

<% end %>

But when I submit it with no javascript enabled, I get:

Started POST “/tasks” for ::1 at 2015-02-02 23:38:27 +0200

Processing by TasksController#create as HTML

Parameters: {“utf8”=>“✓”, “task”=>{“text”=>“adsf”}, “commit”=>“Create Task”}

Can’t verify CSRF token authenticity

Completed 422 Unprocessable Entity in 5ms

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

actionpack (4.2.0) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request’

How do I remedy this?

Regards,

Yuri

Can you try like this <%= form_for(@task, remote: true, authenticity_token: true, html: {‘data-type’ => ‘html’}) do |f| %>

Thanks

Vishnu

Can you try like this <%= form_for(@task, remote: true, authenticity_token: true, html: {‘data-type’ => ‘html’}) do |f| %>

Yep, that pretty much settles it.

Regards,

Yuri

Yuri,

You may want to review protect_from_forgery: <http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#method-i-protect_from_forgery>

You may want to review protect_from_forgery: <http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#method-i-protect_from_forgery>

I bet you must be meaning form_for, not protect_from_forgery.

Regards,

Yuri

Ah, well, think what you like.