What does this mean ? >> ActionController::InvalidAuthenticityToken

I was curious what that meant in general.

But here is the specifics..

I'm doing a sortable jquery project, that touches this rails action :

def update_order
  params[:media].each_with_index do |id, index|
    media = @organization.media.find(id)
    media.do_not_touch = true
    media.update_a开发者_运维知识库ttribute('position', index+1)
  end if params[:media]
  render :nothing => true
end

I'm just looking for a general reason why this error comes up.

Rails automatically checks for forged data when data is submitted. From the doc:

Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn‘t know) in all forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller

You can disable this for the given Ajax call, or you could also send along a parameter named "authenticity_token" with the value of <%= form_authenticity_token %>

To disable it (which I would NOT recommend), you can do one of the following:

class FooController < ApplicationController
  protect_from_forgery :except => :update_order

  # you can disable csrf protection on controller-by-controller basis:
  skip_before_filter :verify_authenticity_token
end

Normal Rails form helpers will inject a hidden authenticity token into the form. When you roll your own, such as what you're probably doing for this Ajax code, you probably haven't added the token.

This old post has some good tips that may help you, depending on if you really care about using that token, or just want to turn it off for that action.