Rails - How to add CSRF Protection to forms created in javascript?

CamelCamelCamel picture CamelCamelCamel · Dec 14, 2011 · Viewed 33.8k times · Source

I'm using backbone.js and it works great. but the forms I'm creating as a javascript template lacks the rails csrf protection token. How do I add it to templates I'm creating in javascript?

Answer

lucianosousa picture lucianosousa · Feb 13, 2014

Best way I solved this, inside the form:

<%= hidden_field_tag :authenticity_token, form_authenticity_token %>

Update:

It looks like the form_authenticity_token is private for controllers in the newer rails versions.

If that's the case for you, what I suggest is: declare a variable in a controller like: @form_token = form_authenticity_token and use it in the view you are looking for.