ActionController :: InvalidAuthenticityToken轨道5

Question

I'm using rails version - 5.0.0.1

I used form_for to create a form

<%= form_for :session,:action => '/login/authenicate/',:remote => true, :authenticity_token => true, :html => { :class => 'validate', :id => 'form_login' } do |s| %>

I am using ajax to send the request to the server.

This is the form that is displayed in the browser.

<form class="validate" id="form_login" action="/login" accept-charset="UTF-8" data-remote="true" method="post" novalidate="novalidate"><input name="utf8" type="hidden" value="✓"><input type="hidden" name="authenticity_token" value="i3GVfaN2PbZ80JvdSqO921GuNLaxxo9ctsTBE21aYJYo/XtBG7lyqU7xAzoFjClwOGWSCrC+6mf3no39ua+rDQ==">
            <div class="form-group">
                <div class="input-group">
                    <div class="input-group-addon">
                        <i class="fa fa-user" aria-hidden="true"></i>
                    </div>
                    <input class="form-control" id="username" placeholder="Email Id / Mobile No" type="text" name="session[username]">
                </div>
            </div>

            <div class="form-group">
                <div class="input-group">
                    <div class="input-group-addon">
                        <i class="fa fa-lock" aria-hidden="true"></i>
                    </div>
                    <input class="form-control" id="password" placeholder="Passowrd" type="password" name="session[password]">
                </div>
            </div>

            <div class="form-group">
                <button name="authenicatebtn" type="submit" class="btn btn-primary btn-block btn-login">Login</button>
            </div>

It is a ajax request to the server when i view in the networks tab its showing ActionController::InvalidAuthenticityToken error.

Answer 1

From the Rails doc:

:authenticity_token - Authenticity token to use in the form. Use only if you need to pass custom authenticity token string, or to not add authenticity_token field at all (by passing false).

... Remote forms get the authenticity token from the meta tag, so embedding is unnecessary unless you support browsers without JavaScript.

What are you trying to achieve by passing :authenticity_token => true in your form?