Always getting an invalid authenticity token error
Sat May 02 21:59:19 -0700 2009
I had a Ruby on Rails app giving a bunch of invalid authenticity token errors. I spent a while hunting down the solution until I found this write up. Very useful.
This write up was by Peter De Berdt on one of the Ruby mailing lists, I am putting it here more for my own future (maybe) reference as it is a very good solution for the situation I was running into. The entire thread is at the ruby forum site
If you have a situation where you are getting invalid authenticity tokens and are doing strange things with forms on your website with file uploads etc, and can’t for some reason just use the authenticity form helper, then this solution worked for me and should work for you too.
The solution is pretty simple to be honest:
In your view layout file, add this to the
1 2 3 |
<script type="text/javascript" charset="utf-8"> window._token = '<%= form_authenticity_token -%>'; </script> |
In application.js, add the following:
1 2 3 4 5 6 7 |
Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap( function(p, options){ p(options); this.options.parameters = this.options.parameters || {}; this.options.parameters.authenticity_token = window._token || ''; } ); |
It will automatically add the authenticity token to ALL ajax requests, even those you invoke from custom code (graceful degrading and/or even delegated events for example).
A similar solution for those swapping out Prototype with JQuery has been posted here
As for file uploaders, a normal field within a form (multipart=true) will be sent as part of the form (and isn’t an ajax request in the first place) and shouldn’t be a problem. If you are using ANY other “ajax” uploader, there’s more to it. I already posted several times on how to get SWFUpload to play nicely with Rails, an overview with links to the appropriate posts can be found here.
Leave a Reply
Latest posts
- rake RSpec & Cucumber uninitialized constant Rails::Boot::Bundler
- This Relationship is Worth Nothing
- Thank YOU...
- Inline Attachments for ActionMailer
- Upgrading RailsPlugins.org to Rails 3 - Part 1
- Stripping dollar signs and commas from a string
- Getting Rails 3 Edge with jQuery, RSpec and Cucumber using RVM
- Action Mailer, go Proc thyself
- The Real News Donation Drive
- ActionMailer ScreenCast and Article
- Installing RSpec for Rails 3
- I am speaking at RailsConf 2010
- Rails 3 Session Secret and Session Store
- If you're lazy and you know it write your specs!
- Bundler - uninitialized constant ActionController
- Bundle Me Some Sanity
- How to use Mail / ActionMailer 3 with GMail SMTP
- Put your mailer where the action is!
- Why Force a Choice?
- How to make an RSS feed in Rails
- Rails 3 Routing with Rack
- Bundle me some Rails
- Helping out in Haiti
- Watch your self
- Is Rails 3.0 a Game Changer?
- Where did the scripts go?
- validates :rails_3, :awesome => true
- New Rails Version 3.0 Guides Online
- New ActionMailer API in Rails 3.0
- Mail gem version 2 released
- How to rename a Rails 3 Application
- Rails 3.0 Examples
- DECCA Driving Day
- Mail now merged into ActionMailer
- Tip #29 - Stop a Mongrel (or any) Service in Windows
- Ruby on Rails Tips Page
- Monitoring a DAHDI or Zaptel Channel
- Mail gets some compliments!
- Rails Unit Tests: uninitialized constant error
- New Mail gem released
- Mail and Bounced Emails
- Mail, TMail, The Future of Ruby Email Handling
- Custom Music on Hold for Asterisk
- Windows ipconfig does not show anything
- FreeBSD rc scripts
- How to monitor a logged in professional
- TMail Moves to GIT
- Funny...
- How to reset a sequence with PostgreSQL
Latest comments
- Ian Alexander Wood
Just a quick update on this exc...
- Daze
The command is "rails new app_n...
- Michael T
Well done - this worked perfect...
- Kevin
I'm having the same issue as Ja...
- Linda K
Thank you! This really helped o...
Categories
Tag Cloud
AJAX ARGH! ActiveRecord Ajax Apache Apple Asterisk Australia Copy Database Development Feedburner Gem server Google Human Rights Javascript L. Ron Hubbard MS SQL Server MacOSX Mail Mephisto Not Programming OpenBSD Opensource Performance Personal Integrity PostgreSQL Programming Prototype Puzzle RDoc REST RESTful Rails RSPec RSpec Rails Rails Tips Rspec Ruby Ruby on Rails Ruby on Rails Tips Ruby on rails Tips SQL SQLServer SVN Scientologist Scientology Site Stats Soekris Soekris net5501 TMail Textmate Tips Windows World about mikel anti drug apache contributing daemon documentation drugs illustrator javascript lambda mail mephisto newspapers nitro open source opensource photoshop productivity programming railscasts rspec ruby ruby on rails rubyforge scientology seo sitemap sqlserver tips tmail tom cruise unix tricks vector graphicsArchives
- November 2009 (1)
- October 2009 (2)
- September 2009 (2)
- August 2009 (0)
- July 2009 (1)
- June 2009 (0)
- May 2009 (1)
- April 2009 (0)
- March 2009 (0)
- February 2009 (0)
- January 2009 (2)
- December 2008 (0)
- November 2008 (5)
- October 2008 (0)
- September 2008 (1)
- August 2008 (0)
- July 2008 (2)
- June 2008 (13)
- May 2008 (7)
- April 2008 (18)
- March 2008 (8)
- February 2008 (5)
- January 2008 (7)
- December 2007 (20)
- November 2007 (22)
Sun May 03 13:35:27 -0700 2009
This technique helped me with all my manually created ajax calls, but it seems to have broken the authenticity token sent with the rails helpers like link_to_remote…. I get the following error:
Processing Store::CartItemsController#create (for 127.0.0.1 at 2009-05-04 12:27:54) [POST] Parameters: {“product_id”=>”758”, “authenticity_token”=>””, ”_”=>”“} ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
Apparently token is parsed to nil?
Sun May 03 13:32:52 -0700 2009
To clarify my post above, it seems like the code snippet has trouble with the ajax calls generated by the rails helpers like link_to_remote, and the ajax request is never sent…