All threads / why there is no crsf token when i use remote true with data type as "script" ? How this is different from ajax?

Ask A Question

Notifications

You’re not receiving notifications from this thread.

why there is no crsf token when i use remote true with data type as "script" ? How this is different from ajax?

naveen kumar asked in Rails

<%= select_tag "event[#{inquiry.slug}]", options_for_select([ "PENDING", "CONFIRMED" ], inquiry.status), :data => {url: update_status_vendor_inquiry_path(inquiry),method: "put", type: "script", remote: true} %>

Hey Naveen,

In this case, it looks like you created a select without a matching form tag. The CSRF token actually gets generated by the form_tag and form_for helpers so if you just wrap your select with form_tag, you'll be fine. You can then move your URL, method, and remote options to the form_tag and have that all organized nicely and that should fix your issue.

The problem you saw was that, while you can try to put the remote: true options on a select tag directly, it isn't going to generate the CSRF token to send along with.

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 35,699+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.