Hi guys What does the below line says ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): -e:2:in `load'' -e:2 Please guide me -- Karthik.k Mobile - +91-9894991640
> What does the below line says > > ActionController::InvalidAuthenticityToken > (ActionController::InvalidAuthenticityToken): > -e:2:in `load'' > -e:2Rails tries to protect against invalid form submission by setting an authenticity token. It does this automatically if you use the form helpers, but if you hard code a form or it''s doing something odd (built with javascript, cached and displayed on multiple pages, etc..) the token won''t get sent. Go look at a normal rails form and you''ll see a hidden field in the form "authenticity_token". You can tell your controller to ignore it or you can add it yourself. http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 For example in one of my forms built from jss and using ajax I pass this along... submitdata: {<%= request_forgery_protection_token.to_s %>: ''<%= form_authenticity_token.to_s %>''} In another form which doesn''t use the Rails helpers so doesn''t get the token set automatically I simply include this b/n my form tags: <%= token_tag %> Good luck! -philip
On Fri, Aug 28, 2009 at 9:28 PM, Philip Hallstrom <philip-LSG90OXdqQE@public.gmane.org> wrote:> > > What does the below line says > > > > ActionController::InvalidAuthenticityToken > > (ActionController::InvalidAuthenticityToken): > > -e:2:in `load'' > > -e:2 > > Rails tries to protect against invalid form submission by setting an > authenticity token. It does this automatically if you use the form > helpers, but if you hard code a form or it''s doing something odd > (built with javascript, cached and displayed on multiple pages, etc..) > the token won''t get sent. > > Go look at a normal rails form and you''ll see a hidden field in the > form "authenticity_token". > > You can tell your controller to ignore it or you can add it yourself. > > > http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 > > For example in one of my forms built from jss and using ajax I pass > this along... > > submitdata: {<%= request_forgery_protection_token.to_s %>: ''<%> form_authenticity_token.to_s %>''} > > In another form which doesn''t use the Rails helpers so doesn''t get the > token set automatically I simply include this b/n my form tags: > > <%= token_tag %> > > Good luck! > > -philip >Hi philip Thank You -- Karthik.k Mobile - +91-9894991640> > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 28 Aug 2009, at 17:58, Philip Hallstrom wrote:>> What does the below line says >> >> ActionController::InvalidAuthenticityToken >> (ActionController::InvalidAuthenticityToken): >> -e:2:in `load'' >> -e:2 > > Rails tries to protect against invalid form submission by setting an > authenticity token. It does this automatically if you use the form > helpers, but if you hard code a form or it''s doing something odd > (built with javascript, cached and displayed on multiple pages, etc..) > the token won''t get sent. > > Go look at a normal rails form and you''ll see a hidden field in the > form "authenticity_token". > > You can tell your controller to ignore it or you can add it yourself. > > http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 > > For example in one of my forms built from jss and using ajax I pass > this along... > > submitdata: {<%= request_forgery_protection_token.to_s %>: ''<%> form_authenticity_token.to_s %>''} > > In another form which doesn''t use the Rails helpers so doesn''t get the > token set automatically I simply include this b/n my form tags: > > <%= token_tag %>You can easily handle this in a generic way for all custom javascript (without having to add it manually every time): In your main layout html <head>, put: <script type="text/javascript" charset="utf-8"> window._token = ''<%= form_authenticity_token -%>''; </script> Then in public/javascripts/application.js, add (assuming that you using Prototype, similar options should exist for just about any javascript framework out there): Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap( function(p, options){ p(options); this.options.parameters = this.options.parameters || {}; this.options.parameters.authenticity_token = window._token || ''''; } ); Problem solved, no need to ever worry about it again. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Aug 31, 2009 at 12:57 PM, Peter De Berdt <peter.de.berdt-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>wrote:> > On 28 Aug 2009, at 17:58, Philip Hallstrom wrote: > > What does the below line says > > > ActionController::InvalidAuthenticityToken > > (ActionController::InvalidAuthenticityToken): > > -e:2:in `load'' > > -e:2 > > > Rails tries to protect against invalid form submission by setting an > authenticity token. It does this automatically if you use the form > helpers, but if you hard code a form or it''s doing something odd > (built with javascript, cached and displayed on multiple pages, etc..) > the token won''t get sent. > > Go look at a normal rails form and you''ll see a hidden field in the > form "authenticity_token". > > You can tell your controller to ignore it or you can add it yourself. > > > http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#M000512 > > For example in one of my forms built from jss and using ajax I pass > this along... > > submitdata: {<%= request_forgery_protection_token.to_s %>: ''<%> form_authenticity_token.to_s %>''} > > In another form which doesn''t use the Rails helpers so doesn''t get the > token set automatically I simply include this b/n my form tags: > > <%= token_tag %> > > > You can easily handle this in a generic way for all custom javascript > (without having to add it manually every time): > > In your main layout html <head>, put: > > <script type="text/javascript" charset="utf-8"> > window._token = ''<%= form_authenticity_token -%>''; > </script> > > Then in public/javascripts/application.js, add (assuming that you using > Prototype, similar options should exist for just about any javascript > framework out there): > > Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap( > function(p, options){ > p(options); > this.options.parameters = this.options.parameters || {}; > this.options.parameters.authenticity_token = window._token || ''''; > } > ); > > Problem solved, no need to ever worry about it again. > > > Best regards > > > Peter De Berdt > >Hi Peter De Berdt Thank you -- Karthik.k Mobile - +91-9894991640> > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---