Being a rails/ruby newbie, I spent a lot of time (but learned a lot) getting your simple app in chapter 1 to work. I worked out that because protect_from_forgery is turned on by default in application.rb, whenever i posted the form in the example, I got an ActionController::InvalidAuthenticityToken exception thrown. I could see I could comment out the call to protect_from_forgery and so avoid the problem, but I couldn’t work out why it wasn’t working…
So finally I worked out I had to manually put the token (obtained with a call to form_authenticity_token) in a hidden field named “authenticity_token” in the form. This is done for you if you’re using a helper to create the form, but this is not the case in the example.
You might want to work this in to your example somehow to avoid the problem…or I might be just missing something, so please let me know if I am.
Otherwise, really enjoying the book, thanks.