1

I have many small pages that do not correspond to standard resource-based forms in my Rails 3.2.13 project. I am using Ajax calls from these forms to do POSTs. I'm getting the error:

WARNING: Can't verify CSRF token authenticity

which is causing my session to be invalidated and I'm redirected to the login page.

How can I include the CSRF stuff without using form_for?

RubyRedGrapefruit
  • 12,066
  • 16
  • 92
  • 193
  • 2
    It may help: http://stackoverflow.com/questions/7203304/warning-cant-verify-csrf-token-authenticity-rails ; you can also get the CRSF value with `form_authenticity_token` – Baldrick Jun 17 '13 at 19:40

1 Answers1

2

To include the hidden input field with CSRF token in your view, use

<%= hidden_field_tag(request_forgery_protection_token.to_s, form_authenticity_token) %>

form_for uses the method FormTagHelper.token_tag, but it's a private method and can't be used directly.

Baldrick
  • 23,882
  • 6
  • 74
  • 79