While I posted a form from iframe in safari, it gives Invalid Authenticity Token exception. If I try without iframe, then it works fine.
Why it is happening? How can I fix this?
Asked
Active
Viewed 1,210 times
1 Answers
0
The authenticity token is a mechanism that rails uses to protect users from CSRF attacks. Here is a good explanation, taken from Understanding the Rails Authenticity Token
When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.
So basically, for any action that would modify your model rails wants to verify that it is a change originated by you.
Rails does that (through the use of form_for or form_tag helpers) by adding that secret authenticity token to the form with a html tag like this: <input name="authenticity_token" type="hidden" value="Som3Thin10ngAndUGly">
Back to your problem: I've never worked with iframes so I'm not sure what's happening, but my guess is that your iframe form is not passing the authencity_token. If this is the case the solution is simple, just add a hidden input like the one above and use the form_authenticity_token method to set its value.
