Go to Google Groups Home    Low Pro
Re: Adding a delete confirmation

Jarkko Laine <jar...@jlaine.net>

On 25.1.2008, at 8.05, KJoyner wrote:

> Jarkko is correct, I am trying to create both an accessible link (when
> Javascript is disabled) and an AJAX request when java is enabled.

> After reading your post, I just thought to check my log to see if it
> showed anything. It does route but shows an
> ActionController::InvalidAuthenticityToken during a call to
> request_forgery_protection.

This is the new csrf killer in action :-)

You must pass the authenticity token to the link somehow (see http://edgedocs.planetargon.org/classes/ActionController/RequestForge...)
. You could for example set a header for it in the controller and then  
set the form parameter in your behaviour according to that header.

See http://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper....
  (click "Source") for how the Rails JS helpers populate the token in  
link_to_remote.

--
Jarkko Laine
http://jlaine.net
http://dotherightthing.com
http://www.railsecommerce.com
http://odesign.fi