http://forums.pragprog.com/forums/50/topics/168 en-us 60 <p>Brandon,</p> <p>Yes, the example was updated in the second beta release of our &#8220;Rails for <span class="caps">PHP</span> Developers&#8221; book.</p> <p>On this website, visit &#8220;Your Account&#8221; and then select &#8220;Regenerate a <span class="caps">PDF</span>&#8221; from the sidebar. From there, you can select to generate the latest <span class="caps">PDF</span> for &#8220;Rails for <span class="caps">PHP</span> Developers&#8221; that includes this change and quite a few others.</p> <p>Regards,<br />Mike</p> Sun, 10 Feb 2008 03:16:50 -0000 forums.pragprog.com:50:168:2276 Mike Naberezny http://forums.pragprog.com/forums/50/topics/168 <p>Derek, are you talking about the Beta version of the Rails book? I can&#8217;t seem to find it in my account for download.</p> Sun, 10 Feb 2008 02:03:48 -0000 forums.pragprog.com:50:168:2275 brandon shi http://forums.pragprog.com/forums/50/topics/168 <p>Thanks Derek, got the updated pdf and tried out the new version of the example, nice! Up to chapter 3 and enjoying the book a lot!</p> Wed, 12 Dec 2007 12:50:17 -0000 forums.pragprog.com:50:168:2018 Donal Ellis http://forums.pragprog.com/forums/50/topics/168 <p>Donal,</p> <p>Thanks for pointing this out.</p> <p>As you found out, the error occurs because of the <span class="caps">CSRF</span> (Cross-Site Request Forgery) protection added to Rails 2.0. We missed updating this example to account for the <span class="caps">CSRF</span> feature when we released the initial beta.</p> <p>You were on the right track with the hidden &#8220;authenticity_token&#8221; field, but the preferred way is to use a form helper as you mention. The current beta version of the book (released just a couple days ago), updates the example to do just this. We&#8217;ve made this fix along with others, so now is a good time to get the newest version of the beta book in your pragprog account.</p> <p>Derek</p> Wed, 12 Dec 2007 07:15:01 -0000 forums.pragprog.com:50:168:2017 Derek DeVries http://forums.pragprog.com/forums/50/topics/168 <p>Hi</p> <p>Being a rails/ruby newbie, I spent a lot of time (but learned a lot) getting your simple app in chapter 1 to work. I worked out that because protect_from_forgery is turned on by default in application.rb, whenever i posted the form in the example, I got an ActionController::InvalidAuthenticityToken exception thrown. I could see I could comment out the call to protect_from_forgery and so avoid the problem, but I couldn&#8217;t work out why it wasn&#8217;t working&#8230;</p> <p>So finally I worked out I had to manually put the token (obtained with a call to form_authenticity_token) in a hidden field named &#8220;authenticity_token&#8221; in the form. This is done for you if you&#8217;re using a helper to create the form, but this is not the case in the example.</p> <p>You might want to work this in to your example somehow to avoid the problem&#8230;or I might be just missing something, so please let me know if I am.</p> <p>Otherwise, really enjoying the book, thanks.</p> <p>Donal</p> Wed, 12 Dec 2007 03:17:41 -0000 forums.pragprog.com:50:168:2016 Donal Ellis http://forums.pragprog.com/forums/50/topics/168