开发者

how to generate AuthenticityToken on rails

I build the form tag by myself and when I post the form to server it give me a InvalidAuthenticityToken error, so I want to know how to add it in my own in current situation:

<form accept-charset="UTF-8" action="/crops/update" method="post">
  <input id="crop_x" name="crop_x" size="30" type="text" /><br />
    <input id="crop_y" name="crop_y" size="30" type="text" /><br />
  <input id="crop_w" name="crop_w" size="30" type="text" /><br />
   <input id="crop_h" name="crop_h" size="30" type="text" /><br />
  <input id="crop" n开发者_开发百科ame="crop" type="submit" value="Crop!" />
</form>

Response error is:

ActionController::InvalidAuthenticityToken in CropsController#update 
ActionController::InvalidAuthenticityToken
Rails.root: /home/mlzboy/my/crop2
Application Trace | Framework Trace | Full Trace


There is a view helper called form_authenticity_token that returns the current session's authenticity token.

In your view.html.erb:

 <form action="/blah" method="POST">
   <input name="authenticity_token" value="<%= form_authenticity_token %>" type="hidden">
   <input name="first_name" type="text">
 </form>


This answer is first for rails form token tag in Google so to keep it simpler for future googling generations: just use token_tag, it's a helper defined in ActionView::Helpers::UrlHelper that returns hidden input with form_authenticity_token as default value.


To generate the token you have to use the method: form_authenticity_token as it was correctly noted by @flitzwald. Since it is rediced in a active controller's concern, you must include the module into a controller expclicitly before using as follows:

include ActionController::RequestForgeryProtection

# use

def set_csrf_header
  response.headers['X-CSRF-Token'] = form_authenticity_token
end
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜