url (view > controller) error "Need controller and action!"

I thought I would set up a simple form for email noification to tinker
with and see how it worked However the simplicity part has so far
eluded me. Currently this particular page generates an error "Need
controller and action!" when to my eyes everything is in order.

Any suggestions as to what is going on. Thanks in advance.

ActionController::RoutingError in Emailer#send_mail

Showing emailer/display.html.erb where line #71 raised:

Need controller and action!

Extracted source (around line #71):
71: <% form_for(:emailer, :url => {:action => 'send_mail'}, :html =>
{:class => 'style1'}) do |f| %>

The clue should be in the message - you're not supplying a
controller :slight_smile:
Normally if you don't supply the :controller option then the current
one is implicit, but things are different when rendering an email.


Thank you, Fred. You were spot on. Explicitly designating the
controller resolved the error.

However that brought me to the next error/issue:

NoMethodError in Emailer#send_mail
Showing emailer/display.html.erb where line #71 raised:

undefined method `protect_against_forgery?' for #<ActionView::Base:

Extracted source (around line #71):
71: <% form_for(:emailer, :url => {:controller => 'emailer', :action
=> 'send_mail'}, :html => {:class => 'style1'}) do |f| %>

RAILS_ROOT: C:/RubyRails/rails_apps/rappEAHv2
Application Trace | Framework Trace | Full Trace

action_view/helpers/form_tag_helper.rb:404:in `extra_tags_for_form'
action_view/helpers/form_tag_helper.rb:412:in `form_tag_html'
action_view/helpers/form_tag_helper.rb:41:in `form_tag'
action_view/helpers/form_helper.rb:183:in `form_for'
app/controllers/emailer_controller.rb:8:in `send_mail'
-e:3:in `load'

Very short version: to protect against CSRF attacks, forms generated
by rails have a hidden input with a magic token. Together with the
session this helps verify that a request isn't been faked by a CSRF
attack. With the protect_against_forgery returning false thing you've
stopped your form trying to make such a token, but you still need to
make the other end not expect a token. One way is to make your form
use the GET method, another is to skip the verify_authenticity_token
filter in the appropriate controller.


Hello Fred,

With Ruby and Rails a whole new experience its sometimes difficult to
even frame a coherent question. So thank you your answers and for
going a step further and adding some very helpful explanation. It
clarified my thinking

Since I don't want to operate without protect_against_forgery and
implementing a workaround isn't where I need to be spending time now,
I searched about and came across some exmaples of a 'tableless'
arrangement that implemented well with some minor modification.

Thanks again.