Dec 12, 2007
Generic-user-small Donal Ellis 2 posts

Topic: Rails for PHP Developers / protect_from_forgery problems with example app in chapter 1

Thanks Derek, got the updated pdf and tried out the new version of the example, nice! Up to chapter 3 and enjoying the book a lot!
 
Dec 12, 2007
Generic-user-small Donal Ellis 2 posts

Topic: Rails for PHP Developers / protect_from_forgery problems with example app in chapter 1

Hi

Being a rails/ruby newbie, I spent a lot of time (but learned a lot) getting your simple app in chapter 1 to work. I worked out that because protect_from_forgery is turned on by default in application.rb, whenever i posted the form in the example, I got an ActionController::InvalidAuthenticityToken exception thrown. I could see I could comment out the call to protect_from_forgery and so avoid the problem, but I couldn’t work out why it wasn’t working…

So finally I worked out I had to manually put the token (obtained with a call to form_authenticity_token) in a hidden field named “authenticity_token” in the form. This is done for you if you’re using a helper to create the form, but this is not the case in the example.

You might want to work this in to your example somehow to avoid the problem…or I might be just missing something, so please let me know if I am.

Otherwise, really enjoying the book, thanks.

Donal

2 posts