why there is no crsf token when i use remote true with data type as "script" ? How this is different from ajax?

naveen kumar February 9, 2017 9:27am

<%= select_tag "event[#{inquiry.slug}]", options_for_select([ "PENDING", "CONFIRMED" ], inquiry.status), :data => {url: update_status_vendor_inquiry_path(inquiry),method: "put", type: "script", remote: true} %>

Chris Oliver February 9, 2017 4:00pm

Hey Naveen,

In this case, it looks like you created a select without a matching form tag. The CSRF token actually gets generated by the form_tag and form_for helpers so if you just wrap your select with form_tag, you'll be fine. You can then move your URL, method, and remote options to the form_tag and have that all organized nicely and that should fix your issue.

The problem you saw was that, while you can try to put the remote: true options on a select tag directly, it isn't going to generate the CSRF token to send along with.

Join the discussion

Create an account Log in

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Learn Hotwire

Install and Deploy Rails Guides

Hatchbox.io

Jumpstart Rails SaaS Template

Remote Ruby Podcast

GoRails Open Source

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Notifications

why there is no crsf token when i use remote true with data type as "script" ? How this is different from ajax?

Want to stay up-to-date with Ruby on Rails?