ActionController::InvalidAuthenticityToken exception in safari while using iframe
While I posted a form from iframe in safari, it gives开发者_StackOverflow中文版 Invalid Authenticity Token exception. If I try without iframe, then it works fine.
Why it is happening? How can I fix this?
The authenticity token is a mechanism that rails uses to protect users from CSRF attacks. Here is a good explanation, taken from Understanding the Rails Authenticity Token
When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.
So basically, for any action that would modify your model rails wants to verify that it is a change originated by you.
Rails does that (through the use of form_for
or form_tag
helpers) by adding that secret authenticity token to the form with a html tag like this: <input name="authenticity_token" type="hidden" value="Som3Thin10ngAndUGly">
Back to your problem: I've never worked with iframes so I'm not sure what's happening, but my guess is that your iframe form is not passing the authencity_token. If this is the case the solution is simple, just add a hidden input like the one above and use the form_authenticity_token
method to set its value.
精彩评论