Hi guys
What does the below line says
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): -e:2:in `load’ -e:2
Please guide me
What does the below line says
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): -e:2:in `load' -e:2
Rails tries to protect against invalid form submission by setting an authenticity token. It does this automatically if you use the form helpers, but if you hard code a form or it's doing something odd (built with javascript, cached and displayed on multiple pages, etc..) the token won't get sent.
Go look at a normal rails form and you'll see a hidden field in the form "authenticity_token".
You can tell your controller to ignore it or you can add it yourself.
For example in one of my forms built from jss and using ajax I pass this along...
submitdata: {<%= request_forgery_protection_token.to_s %>: '<%= form_authenticity_token.to_s %>'}
In another form which doesn't use the Rails helpers so doesn't get the token set automatically I simply include this b/n my form tags:
<%= token_tag %>
Good luck!
-philip
Hi philip
Thank You
You can easily handle this in a generic way for all custom javascript (without having to add it manually every time):
In your main layout html , put:
Then in public/javascripts/application.js, add (assuming that you using Prototype, similar options should exist for just about any javascript framework out there):
Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
function(p, options){
p(options);
this.options.parameters = this.options.parameters || {};
this.options.parameters.authenticity_token = window._token || '';
}
);
Problem solved, no need to ever worry about it again.
Best regards
Peter De Berdt
Hi Peter De Berdt
Thank you