Chapter 5

davidtspf · April 13th, 2008, 06:35 PM

In the first example in Chapter 5, reading from a text box, everything works when my form action line reads like this:

<form action = "\look\at">

It also works like this:

<form action = "\look\at" method = "get">

But it does not work when I use "post", as suggested on p.127:

<form action = "\look\at" method = "post">

I get a very long error in my browser that begins like this:

ActionController::InvalidAuthenticityToken in LookController#

I am running on OS X Leopard, Ruby v.1.8.6, Rails v.2.0.2. It looks like "ruby server/script" runs Mongrel, not WEBrick.

Any idea why "post" won't work?

rgonnering · June 5th, 2008, 12:56 PM

I have the same problem running on linux, and using WEBrick.

mprogers · June 10th, 2008, 04:21 PM

The problem is that in Rails 2.0.2, there is some extra authentication taking place. If you use form_tag, it will automatically create this html control for you:

<input name="authenticity_token" type="hidden" value="84fc5f10d45977c87c3ac6b88aabc0e73925cad0" />

But if you just use <form> ... </form>, that will be lacking. Just paste the above in, somewhere in the form, and it should solve the problem. It worked for me, using Rails 2.0.2, Ruby 1.8.6, Safari 3.1.1, and Mac OS X 10.5.3.

Michael

rgonnering · June 12th, 2008, 05:37 PM

Hi all,

I was playing around with textfields2 (p. 137) and got it to work with the following input.rhtml:

<html>
  <head>
    <title>
     Using Text Fields (2)
    </title>
  </head>
  <body bgcolor="abcdef">
    <! Comment: Title>
    <h1>
     Using Text Fields (2) to read data from text fields.
    </h1>
    <br><br>
    <! Comment: Content>
    <% form_tag '/look/at' do -%>
      <div><%= submit_tag 'Save' %></div>
      Please enter your name,
      <br>
      <%= text_field_tag 'text1', "", :size => 30 %>
      <br><br>
      <input type="submit" />
    <% end -%>
  </body>

So post worked and replacing deprecated shortcuts worked. Hurray!

I then went back to text fields and using the same code for input.html worked. I then copied the source from the webpage and inserted it into input.html. It looks like this:

<html>
  <head>
    <title>
     Using Text Fields with Post
    </title>
  </head>

  <body bgcolor="ccddee">
    <! Comment: Title>
    <h1>
     Working with Text Fields using POST
    </h1>
    <br><br>
    <! Comment: Content>
    This Ruby on Rails application lets you read data from text fields using the POST method.
    <br>
    <form action="/look/at" method="post">
    <input name="authenticity_token" type="hidden" value="2f7c0cc1a11182f149e34c4f438f7eee94f0d6c7" />
      Please enter your name,
      <br>
      <input id="text1" name="text1" size="30" type="text" value="" />
      <br><br>
      <input type="submit" />
    </form>
  </body>
</html>

It does NOT work. ActionController::InvalidAuthenticityToken error

If you see something wrong, please let me know. Since shortcuts work, I don't really need this, but it might provide some insight.

Thanks.

lizzy · October 23rd, 2008, 09:43 PM

Turn off CSRF (Cross-Site Request Forgery), it's function for security in Rails2.0.

Insert into your controller this line.
skip_before_filter :verify_authenticity_token

for example,
class LookController < ApplicationController
     def at
           @data = params[:text1]
     end
     skip_before_filter :verify_authenticity_token
end

There's another solution.

It's that use the form helper method in Rails instead of <FORM> tag.