InvalidAuthenticityToken

Hi guys

What does the below line says

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
-e:2:in `load’
-e:2

Please guide me

What does the below line says

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
-e:2:in `load'
-e:2

Rails tries to protect against invalid form submission by setting an authenticity token. It does this automatically if you use the form helpers, but if you hard code a form or it's doing something odd (built with javascript, cached and displayed on multiple pages, etc..) the token won't get sent.

Go look at a normal rails form and you'll see a hidden field in the form "authenticity_token".

You can tell your controller to ignore it or you can add it yourself.

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512

For example in one of my forms built from jss and using ajax I pass this along...

  submitdata: {<%= request_forgery_protection_token.to_s %>: '<%= form_authenticity_token.to_s %>'}

In another form which doesn't use the Rails helpers so doesn't get the token set automatically I simply include this b/n my form tags:

<%= token_tag %>

Good luck!

-philip

Hi philip

Thank You

You can easily handle this in a generic way for all custom javascript (without having to add it manually every time):

In your main layout html , put:

Then in public/javascripts/application.js, add (assuming that you using Prototype, similar options should exist for just about any javascript framework out there):

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(

function(p, options){

p(options);

this.options.parameters = this.options.parameters || {};

this.options.parameters.authenticity_token = window._token || '';

}

);

Problem solved, no need to ever worry about it again.

Best regards

Peter De Berdt

Hi Peter De Berdt

Thank you