Get an error like: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken) after switching to Rails 2.0.x?
This is due to the security token that is automatically generated by the new forgery_protection module and the seed key located in your Application controller (application.rb):
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery :secret => 'blah2343ddfdf987dfd9879blah'
To turn Forgery Protection off in Rails 2.0, borrow a setting from the test.rb environment file:
# Disable request forgery protection in test environment
config.action_controller.allow_forgery_protection = false
Slap that into your development.rb or production.rb file and InvalidAuthenticityToken error will no longer be raised when you're using hand built forms that contain the a valid authenticity token.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment