Hello Fred, With Ruby and Rails a whole new experience its sometimes difficult to even frame a coherent question. So thank you your answers and for going a step further and adding some very helpful explanation. It clarified my thinking
Since I don't want to operate without protect_against_forgery and implementing a workaround isn't where I need to be spending time now, I searched about and came across some exmaples of a 'tableless' arrangement that implemented well with some minor modification. Thanks again. Bill On Apr 3, 5:43 pm, Frederick Cheung <frederick.che...@gmail.com> wrote: > On Apr 3, 10:13 pm, zambezi <b.but...@overhydration.org> wrote: > > > The punt didn't go far. This "fix" perhaps not unexpectedly resulted > > in the next error: "ActionController::InvalidAuthenticityToken". > > > Sooo, I'm at the deep end of the pool here. I really didn't want to > > learn all about authenticity tokens at this stage of my learning > > ruby. Any further suggestions will be much appreciated as to how to > > get past this error. > > Very short version: to protect against CSRF attacks, forms generated > by rails have a hidden input with a magic token. Together with the > session this helps verify that a request isn't been faked by a CSRF > attack. With the protect_against_forgery returning false thing you've > stopped your form trying to make such a token, but you still need to > make the other end not expect a token. One way is to make your form > use the GET method, another is to skip the verify_authenticity_token > filter in the appropriate controller. > > Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
