small medium large xlarge

12 Dec 2007, 03:17
Donal Ellis (2 posts)


Being a rails/ruby newbie, I spent a lot of time (but learned a lot) getting your simple app in chapter 1 to work. I worked out that because protect_from_forgery is turned on by default in application.rb, whenever i posted the form in the example, I got an ActionController::InvalidAuthenticityToken exception thrown. I could see I could comment out the call to protect_from_forgery and so avoid the problem, but I couldn’t work out why it wasn’t working…

So finally I worked out I had to manually put the token (obtained with a call to form_authenticity_token) in a hidden field named “authenticity_token” in the form. This is done for you if you’re using a helper to create the form, but this is not the case in the example.

You might want to work this in to your example somehow to avoid the problem…or I might be just missing something, so please let me know if I am.

Otherwise, really enjoying the book, thanks.


12 Dec 2007, 07:15
Derek DeVries (18 posts)


Thanks for pointing this out.

As you found out, the error occurs because of the CSRF (Cross-Site Request Forgery) protection added to Rails 2.0. We missed updating this example to account for the CSRF feature when we released the initial beta.

You were on the right track with the hidden “authenticity_token” field, but the preferred way is to use a form helper as you mention. The current beta version of the book (released just a couple days ago), updates the example to do just this. We’ve made this fix along with others, so now is a good time to get the newest version of the beta book in your pragprog account.


12 Dec 2007, 12:50
Donal Ellis (2 posts)

Thanks Derek, got the updated pdf and tried out the new version of the example, nice! Up to chapter 3 and enjoying the book a lot!

10 Feb 2008, 02:03
brandon shi (1 post)

Derek, are you talking about the Beta version of the Rails book? I can’t seem to find it in my account for download.

10 Feb 2008, 03:16
Mike Naberezny (7 posts)


Yes, the example was updated in the second beta release of our “Rails for PHP Developers” book.

On this website, visit “Your Account” and then select “Regenerate a PDF” from the sidebar. From there, you can select to generate the latest PDF for “Rails for PHP Developers” that includes this change and quite a few others.

Regards, Mike