Rails - How to add CSRF Protection to forms created in javascript?

javascript ruby-on-rails ruby-on-rails-3 backbone.js csrf
CamelCamelCamel picture CamelCamelCamel · Dec 14, 2011 · Viewed 33.8k times · Source

I'm using backbone.js and it works great. but the forms I'm creating as a javascript template lacks the rails csrf protection token. How do I add it to templates I'm creating in javascript?

Answer

lucianosousa picture lucianosousa · Feb 13, 2014

Best way I solved this, inside the form:

<%= hidden_field_tag :authenticity_token, form_authenticity_token %>

Update:

It looks like the form_authenticity_token is private for controllers in the newer rails versions.

If that's the case for you, what I suggest is: declare a variable in a controller like: @form_token = form_authenticity_token and use it in the view you are looking for.

Related questions

Backbone model.destroy() invoking error callback function even when it works fine?

I have a Backbone.js model that I'm trying to destroy when the user clicks a link in the model's view. The view is something like this (pseudocode because it's implemented in CoffeeScript which can be found at the bottom …

Read More
Rails - Could not find a JavaScript runtime?

I created a new Rails project using rails 3.1.0.rc4 on my local machine but when I try to start the server I get: Could not find a JavaScript runtime. See here for a list of available runtimes. (ExecJS::RuntimeUnavailable) Note: …

Read More
Best way to add page specific JavaScript in a Rails 3 app?

Rails 3 has some unobtrusive JavaScript which is pretty cool. But I was wondering what the best way is to include additional JavaScript for a particular page. For example, where I might have previously done: <%= f.radio_button :rating, 'positive', :…

Read More