Authenticity_token is missing in custom action

Question

I have a controller where I have a custom action (not part of the RESTful set) to create an association object.

The authenticity_token is not added to the form, I assume this is because the action is not part of the RESTful set?

How would I add authenticity_token when it's not automatically added?

Max Williams · Accepted Answer · 2014-05-29T11:52:22.820

4

Add

<%= hidden_field_tag "authenticity_token", form_authenticity_token %>

to your form.

You could make a helper for this:

def authenticity_token_tag
  hidden_field_tag "authenticity_token", form_authenticity_token 
end

then in your form you can just say

<%= authenticity_token_tag %>

edited May 29 '14 at 11:52

answered May 29 '14 at 11:46

Max Williams

That only outputs the `authenticity_token` as text. – Fellow Stranger May 29 '14 at 11:49
Yes, just realised that and updated my answer - sorry :) – Max Williams May 29 '14 at 11:52

1 Answers1