问题描述
我有一个简单的表单,如下所示:
I have a simple form like this:
<form name="serachForm" method="post" action="/home/search">
<input type="text" name="searchText" size="15" value="">
<input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29">
</form>
以及使用此方法的控制器:
And a controller with this method:
def busca
puts params[:searchText]
end
当我单击表单中的图像按钮时,我得到一个ActionController :: InvalidAuthenticityToken.这是完整的StackTrace:
When I do a click on the image button in the form I get a ActionController::InvalidAuthenticityToken. here's the full StackTrace:
发生了什么事?
推荐答案
默认情况下,所有非GET操作都要求将真实性令牌与请求一起传递. Rails使用真实性令牌来避免CSRF攻击.
By default, all non-GET actions requires the authenticity token to be passed along with the request. Rails uses the authenticity token to avoid CSRF attacks.
确保它始终存在的最简单方法是使用form_tag
帮助器,而不是手工编写HTML.
The easiest way to ensure that it is always in place, is to use the form_tag
helper instead of writing the HTML by hand.
<% form_tag "/home/search", :name => "searchForm" do %>
fields here
<% end %>
这篇关于Rails的简单形式给出了InvalidAuthenticityToken错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!